1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503215042150521506215072150821509215102151121512215132151421515215162151721518215192152021521215222152321524215252152621527215282152921530215312153221533215342153521536215372153821539215402154121542215432154421545215462154721548215492155021551215522155321554215552155621557215582155921560215612156221563215642156521566215672156821569215702157121572215732157421575215762157721578215792158021581215822158321584215852158621587215882158921590215912159221593215942159521596215972159821599216002160121602216032160421605216062160721608216092161021611216122161321614216152161621617216182161921620216212162221623216242162521626216272162821629216302163121632216332163421635216362163721638216392164021641216422164321644216452164621647216482164921650216512165221653216542165521656216572165821659216602166121662216632166421665216662166721668216692167021671216722167321674216752167621677216782167921680216812168221683216842168521686216872168821689216902169121692216932169421695216962169721698216992170021701217022170321704217052170621707217082170921710217112171221713217142171521716217172171821719217202172121722217232172421725217262172721728217292173021731217322173321734217352173621737217382173921740217412174221743217442174521746217472174821749217502175121752217532175421755217562175721758217592176021761217622176321764217652176621767217682176921770217712177221773217742177521776217772177821779217802178121782217832178421785217862178721788217892179021791217922179321794217952179621797217982179921800218012180221803218042180521806218072180821809218102181121812218132181421815218162181721818218192182021821218222182321824218252182621827218282182921830218312183221833218342183521836218372183821839218402184121842218432184421845218462184721848218492185021851218522185321854218552185621857218582185921860218612186221863218642186521866218672186821869218702187121872218732187421875218762187721878218792188021881218822188321884218852188621887218882188921890218912189221893218942189521896218972189821899219002190121902219032190421905219062190721908219092191021911219122191321914219152191621917219182191921920219212192221923219242192521926219272192821929219302193121932219332193421935219362193721938219392194021941219422194321944219452194621947219482194921950219512195221953219542195521956219572195821959219602196121962219632196421965219662196721968219692197021971219722197321974219752197621977219782197921980219812198221983219842198521986219872198821989219902199121992219932199421995219962199721998219992200022001220022200322004220052200622007220082200922010220112201222013220142201522016220172201822019220202202122022220232202422025220262202722028220292203022031220322203322034220352203622037220382203922040220412204222043220442204522046220472204822049220502205122052220532205422055220562205722058220592206022061220622206322064220652206622067220682206922070220712207222073220742207522076220772207822079220802208122082220832208422085220862208722088220892209022091220922209322094220952209622097220982209922100221012210222103221042210522106221072210822109221102211122112221132211422115221162211722118221192212022121221222212322124221252212622127221282212922130221312213222133221342213522136221372213822139221402214122142221432214422145221462214722148221492215022151221522215322154221552215622157221582215922160221612216222163221642216522166221672216822169221702217122172221732217422175221762217722178221792218022181221822218322184221852218622187221882218922190221912219222193221942219522196221972219822199222002220122202222032220422205222062220722208222092221022211222122221322214222152221622217222182221922220222212222222223222242222522226222272222822229222302223122232222332223422235222362223722238222392224022241222422224322244222452224622247222482224922250222512225222253222542225522256222572225822259222602226122262222632226422265222662226722268222692227022271222722227322274222752227622277222782227922280222812228222283222842228522286222872228822289222902229122292222932229422295222962229722298222992230022301223022230322304223052230622307223082230922310223112231222313223142231522316223172231822319223202232122322223232232422325223262232722328223292233022331223322233322334223352233622337223382233922340223412234222343223442234522346223472234822349223502235122352223532235422355223562235722358223592236022361223622236322364223652236622367223682236922370223712237222373223742237522376223772237822379223802238122382223832238422385223862238722388223892239022391223922239322394223952239622397223982239922400224012240222403224042240522406224072240822409224102241122412224132241422415224162241722418224192242022421224222242322424224252242622427224282242922430224312243222433224342243522436224372243822439224402244122442224432244422445224462244722448224492245022451224522245322454224552245622457224582245922460224612246222463224642246522466224672246822469224702247122472224732247422475224762247722478224792248022481224822248322484224852248622487224882248922490224912249222493224942249522496224972249822499225002250122502225032250422505225062250722508225092251022511225122251322514225152251622517225182251922520225212252222523225242252522526225272252822529225302253122532225332253422535225362253722538225392254022541225422254322544225452254622547225482254922550225512255222553225542255522556225572255822559225602256122562225632256422565225662256722568225692257022571225722257322574225752257622577225782257922580225812258222583225842258522586225872258822589225902259122592225932259422595225962259722598225992260022601226022260322604226052260622607226082260922610226112261222613226142261522616226172261822619226202262122622226232262422625226262262722628226292263022631226322263322634226352263622637226382263922640226412264222643226442264522646226472264822649226502265122652226532265422655226562265722658226592266022661226622266322664226652266622667226682266922670226712267222673226742267522676226772267822679226802268122682226832268422685226862268722688226892269022691226922269322694226952269622697226982269922700227012270222703227042270522706227072270822709227102271122712227132271422715227162271722718227192272022721227222272322724227252272622727227282272922730227312273222733227342273522736227372273822739227402274122742227432274422745227462274722748227492275022751227522275322754227552275622757227582275922760227612276222763227642276522766227672276822769227702277122772227732277422775227762277722778227792278022781227822278322784227852278622787227882278922790227912279222793227942279522796227972279822799228002280122802228032280422805228062280722808228092281022811228122281322814228152281622817228182281922820228212282222823228242282522826228272282822829228302283122832228332283422835228362283722838228392284022841228422284322844228452284622847228482284922850228512285222853228542285522856228572285822859228602286122862228632286422865228662286722868228692287022871228722287322874228752287622877228782287922880228812288222883228842288522886228872288822889228902289122892228932289422895228962289722898228992290022901229022290322904229052290622907229082290922910229112291222913229142291522916229172291822919229202292122922229232292422925229262292722928229292293022931229322293322934229352293622937229382293922940229412294222943229442294522946229472294822949229502295122952229532295422955229562295722958229592296022961229622296322964229652296622967229682296922970229712297222973229742297522976229772297822979229802298122982229832298422985229862298722988229892299022991229922299322994229952299622997229982299923000230012300223003230042300523006230072300823009230102301123012230132301423015230162301723018230192302023021230222302323024230252302623027230282302923030230312303223033230342303523036230372303823039230402304123042230432304423045230462304723048230492305023051230522305323054230552305623057230582305923060230612306223063230642306523066230672306823069230702307123072230732307423075230762307723078230792308023081230822308323084230852308623087230882308923090230912309223093230942309523096230972309823099231002310123102231032310423105231062310723108231092311023111231122311323114231152311623117231182311923120231212312223123231242312523126231272312823129231302313123132231332313423135231362313723138231392314023141231422314323144231452314623147231482314923150231512315223153231542315523156231572315823159231602316123162231632316423165231662316723168231692317023171231722317323174231752317623177231782317923180231812318223183231842318523186231872318823189231902319123192231932319423195231962319723198231992320023201232022320323204232052320623207232082320923210232112321223213232142321523216232172321823219232202322123222232232322423225232262322723228232292323023231232322323323234232352323623237232382323923240232412324223243232442324523246232472324823249232502325123252232532325423255232562325723258232592326023261232622326323264232652326623267232682326923270232712327223273232742327523276232772327823279232802328123282232832328423285232862328723288232892329023291232922329323294232952329623297232982329923300233012330223303233042330523306233072330823309233102331123312233132331423315233162331723318233192332023321233222332323324233252332623327233282332923330233312333223333233342333523336233372333823339233402334123342233432334423345233462334723348233492335023351233522335323354233552335623357233582335923360233612336223363233642336523366233672336823369233702337123372233732337423375233762337723378233792338023381233822338323384233852338623387233882338923390233912339223393233942339523396233972339823399234002340123402234032340423405234062340723408234092341023411234122341323414234152341623417234182341923420234212342223423234242342523426234272342823429234302343123432234332343423435234362343723438234392344023441234422344323444234452344623447234482344923450234512345223453234542345523456234572345823459234602346123462234632346423465234662346723468234692347023471234722347323474234752347623477234782347923480234812348223483234842348523486234872348823489234902349123492234932349423495234962349723498234992350023501235022350323504235052350623507235082350923510235112351223513235142351523516235172351823519235202352123522235232352423525235262352723528235292353023531235322353323534235352353623537235382353923540235412354223543235442354523546235472354823549235502355123552235532355423555235562355723558235592356023561235622356323564235652356623567235682356923570235712357223573235742357523576235772357823579235802358123582235832358423585235862358723588235892359023591235922359323594235952359623597235982359923600236012360223603236042360523606236072360823609236102361123612236132361423615236162361723618236192362023621236222362323624236252362623627236282362923630236312363223633236342363523636236372363823639236402364123642236432364423645236462364723648236492365023651236522365323654236552365623657236582365923660236612366223663236642366523666236672366823669236702367123672236732367423675236762367723678236792368023681236822368323684236852368623687236882368923690236912369223693236942369523696236972369823699237002370123702237032370423705237062370723708237092371023711237122371323714237152371623717237182371923720237212372223723237242372523726237272372823729237302373123732237332373423735237362373723738237392374023741237422374323744237452374623747237482374923750237512375223753237542375523756237572375823759237602376123762237632376423765237662376723768237692377023771237722377323774237752377623777237782377923780237812378223783237842378523786237872378823789237902379123792237932379423795237962379723798237992380023801238022380323804238052380623807238082380923810238112381223813238142381523816238172381823819238202382123822238232382423825238262382723828238292383023831238322383323834238352383623837238382383923840238412384223843238442384523846238472384823849238502385123852238532385423855238562385723858238592386023861238622386323864238652386623867238682386923870238712387223873238742387523876238772387823879238802388123882238832388423885238862388723888238892389023891238922389323894238952389623897238982389923900239012390223903239042390523906239072390823909239102391123912239132391423915239162391723918239192392023921239222392323924239252392623927239282392923930239312393223933239342393523936239372393823939239402394123942239432394423945239462394723948239492395023951239522395323954239552395623957239582395923960239612396223963239642396523966239672396823969239702397123972239732397423975239762397723978239792398023981239822398323984239852398623987239882398923990239912399223993239942399523996239972399823999240002400124002240032400424005240062400724008240092401024011240122401324014240152401624017240182401924020240212402224023240242402524026240272402824029240302403124032240332403424035240362403724038240392404024041240422404324044240452404624047240482404924050240512405224053240542405524056240572405824059240602406124062240632406424065240662406724068240692407024071240722407324074240752407624077240782407924080240812408224083240842408524086240872408824089240902409124092240932409424095240962409724098240992410024101241022410324104241052410624107241082410924110241112411224113241142411524116241172411824119241202412124122241232412424125241262412724128241292413024131241322413324134241352413624137241382413924140241412414224143241442414524146241472414824149241502415124152241532415424155241562415724158241592416024161241622416324164241652416624167241682416924170241712417224173241742417524176241772417824179241802418124182241832418424185241862418724188241892419024191241922419324194241952419624197241982419924200242012420224203242042420524206242072420824209242102421124212242132421424215242162421724218242192422024221242222422324224242252422624227242282422924230242312423224233242342423524236242372423824239242402424124242242432424424245242462424724248242492425024251242522425324254242552425624257242582425924260242612426224263242642426524266242672426824269242702427124272242732427424275242762427724278242792428024281242822428324284242852428624287242882428924290242912429224293242942429524296242972429824299243002430124302243032430424305243062430724308243092431024311243122431324314243152431624317243182431924320243212432224323243242432524326243272432824329243302433124332243332433424335243362433724338243392434024341243422434324344243452434624347243482434924350243512435224353243542435524356243572435824359243602436124362243632436424365243662436724368243692437024371243722437324374243752437624377243782437924380243812438224383243842438524386243872438824389243902439124392243932439424395243962439724398243992440024401244022440324404244052440624407244082440924410244112441224413244142441524416244172441824419244202442124422244232442424425244262442724428244292443024431244322443324434244352443624437244382443924440244412444224443244442444524446244472444824449244502445124452244532445424455244562445724458244592446024461244622446324464244652446624467244682446924470244712447224473244742447524476244772447824479244802448124482244832448424485244862448724488244892449024491244922449324494244952449624497244982449924500245012450224503245042450524506245072450824509245102451124512245132451424515245162451724518245192452024521245222452324524245252452624527245282452924530245312453224533245342453524536245372453824539245402454124542245432454424545245462454724548245492455024551245522455324554245552455624557245582455924560245612456224563245642456524566245672456824569245702457124572245732457424575245762457724578245792458024581245822458324584245852458624587245882458924590245912459224593245942459524596245972459824599246002460124602246032460424605246062460724608246092461024611246122461324614246152461624617246182461924620246212462224623246242462524626246272462824629246302463124632246332463424635246362463724638246392464024641246422464324644246452464624647246482464924650246512465224653246542465524656246572465824659246602466124662246632466424665246662466724668246692467024671246722467324674246752467624677246782467924680246812468224683246842468524686246872468824689246902469124692246932469424695246962469724698246992470024701247022470324704247052470624707247082470924710247112471224713247142471524716247172471824719247202472124722247232472424725247262472724728247292473024731247322473324734247352473624737247382473924740247412474224743247442474524746247472474824749247502475124752247532475424755247562475724758247592476024761247622476324764247652476624767247682476924770247712477224773247742477524776247772477824779247802478124782247832478424785247862478724788247892479024791247922479324794247952479624797247982479924800248012480224803248042480524806248072480824809248102481124812248132481424815248162481724818248192482024821248222482324824248252482624827248282482924830248312483224833248342483524836248372483824839248402484124842248432484424845248462484724848248492485024851248522485324854248552485624857248582485924860248612486224863248642486524866248672486824869248702487124872248732487424875248762487724878248792488024881248822488324884248852488624887248882488924890248912489224893248942489524896248972489824899249002490124902249032490424905249062490724908249092491024911249122491324914249152491624917249182491924920249212492224923249242492524926249272492824929249302493124932249332493424935249362493724938249392494024941249422494324944249452494624947249482494924950249512495224953249542495524956249572495824959249602496124962249632496424965249662496724968249692497024971249722497324974249752497624977249782497924980249812498224983249842498524986249872498824989249902499124992249932499424995249962499724998249992500025001250022500325004250052500625007250082500925010250112501225013250142501525016250172501825019250202502125022250232502425025250262502725028250292503025031250322503325034250352503625037250382503925040250412504225043250442504525046250472504825049250502505125052250532505425055250562505725058250592506025061250622506325064250652506625067250682506925070250712507225073250742507525076250772507825079250802508125082250832508425085250862508725088250892509025091250922509325094250952509625097250982509925100251012510225103251042510525106251072510825109251102511125112251132511425115251162511725118251192512025121251222512325124251252512625127251282512925130251312513225133251342513525136251372513825139251402514125142251432514425145251462514725148251492515025151251522515325154251552515625157251582515925160251612516225163251642516525166251672516825169251702517125172251732517425175251762517725178251792518025181251822518325184251852518625187251882518925190251912519225193251942519525196251972519825199252002520125202252032520425205252062520725208252092521025211252122521325214252152521625217252182521925220252212522225223252242522525226252272522825229252302523125232252332523425235252362523725238252392524025241252422524325244252452524625247252482524925250252512525225253252542525525256252572525825259252602526125262252632526425265252662526725268252692527025271252722527325274252752527625277252782527925280252812528225283252842528525286252872528825289252902529125292252932529425295252962529725298252992530025301253022530325304253052530625307253082530925310253112531225313253142531525316253172531825319253202532125322253232532425325253262532725328253292533025331253322533325334253352533625337253382533925340253412534225343253442534525346253472534825349253502535125352253532535425355253562535725358253592536025361253622536325364253652536625367253682536925370253712537225373253742537525376253772537825379253802538125382253832538425385253862538725388253892539025391253922539325394253952539625397253982539925400254012540225403254042540525406254072540825409254102541125412254132541425415254162541725418254192542025421254222542325424254252542625427254282542925430254312543225433254342543525436254372543825439254402544125442254432544425445254462544725448254492545025451254522545325454254552545625457254582545925460254612546225463254642546525466254672546825469254702547125472254732547425475254762547725478254792548025481254822548325484254852548625487254882548925490254912549225493254942549525496254972549825499255002550125502255032550425505255062550725508255092551025511255122551325514255152551625517255182551925520255212552225523255242552525526255272552825529255302553125532255332553425535255362553725538255392554025541255422554325544255452554625547255482554925550255512555225553255542555525556255572555825559255602556125562255632556425565255662556725568255692557025571255722557325574255752557625577255782557925580255812558225583255842558525586255872558825589255902559125592255932559425595255962559725598255992560025601256022560325604256052560625607256082560925610256112561225613256142561525616256172561825619256202562125622256232562425625256262562725628256292563025631256322563325634256352563625637256382563925640256412564225643256442564525646256472564825649256502565125652256532565425655256562565725658256592566025661256622566325664256652566625667256682566925670256712567225673256742567525676256772567825679256802568125682256832568425685256862568725688256892569025691256922569325694256952569625697256982569925700257012570225703257042570525706257072570825709257102571125712257132571425715257162571725718257192572025721257222572325724257252572625727257282572925730257312573225733257342573525736257372573825739257402574125742257432574425745257462574725748257492575025751257522575325754257552575625757257582575925760257612576225763257642576525766257672576825769257702577125772257732577425775257762577725778257792578025781257822578325784257852578625787257882578925790257912579225793257942579525796257972579825799258002580125802258032580425805258062580725808258092581025811258122581325814258152581625817258182581925820258212582225823258242582525826258272582825829258302583125832258332583425835258362583725838258392584025841258422584325844258452584625847258482584925850258512585225853258542585525856258572585825859258602586125862258632586425865258662586725868258692587025871258722587325874258752587625877258782587925880258812588225883258842588525886258872588825889258902589125892258932589425895258962589725898258992590025901259022590325904259052590625907259082590925910259112591225913259142591525916259172591825919259202592125922259232592425925259262592725928259292593025931259322593325934259352593625937259382593925940259412594225943259442594525946259472594825949259502595125952259532595425955259562595725958259592596025961259622596325964259652596625967259682596925970259712597225973259742597525976259772597825979259802598125982259832598425985259862598725988259892599025991259922599325994259952599625997259982599926000260012600226003260042600526006260072600826009260102601126012260132601426015260162601726018260192602026021260222602326024260252602626027260282602926030260312603226033260342603526036260372603826039260402604126042260432604426045260462604726048260492605026051260522605326054260552605626057260582605926060260612606226063260642606526066260672606826069260702607126072260732607426075260762607726078260792608026081260822608326084260852608626087260882608926090260912609226093260942609526096260972609826099261002610126102261032610426105261062610726108261092611026111261122611326114261152611626117261182611926120261212612226123261242612526126261272612826129261302613126132261332613426135261362613726138261392614026141261422614326144261452614626147261482614926150261512615226153261542615526156261572615826159261602616126162261632616426165261662616726168261692617026171261722617326174261752617626177261782617926180261812618226183261842618526186261872618826189261902619126192261932619426195261962619726198261992620026201262022620326204262052620626207262082620926210262112621226213262142621526216262172621826219262202622126222262232622426225262262622726228262292623026231262322623326234262352623626237262382623926240262412624226243262442624526246262472624826249262502625126252262532625426255262562625726258262592626026261262622626326264262652626626267262682626926270262712627226273262742627526276262772627826279262802628126282262832628426285262862628726288262892629026291262922629326294262952629626297262982629926300263012630226303263042630526306263072630826309263102631126312263132631426315263162631726318263192632026321263222632326324263252632626327263282632926330263312633226333263342633526336263372633826339263402634126342263432634426345263462634726348263492635026351263522635326354263552635626357263582635926360263612636226363263642636526366263672636826369263702637126372263732637426375263762637726378263792638026381263822638326384263852638626387263882638926390263912639226393263942639526396263972639826399264002640126402264032640426405264062640726408264092641026411264122641326414264152641626417264182641926420264212642226423264242642526426264272642826429264302643126432264332643426435264362643726438264392644026441264422644326444264452644626447264482644926450264512645226453264542645526456264572645826459264602646126462264632646426465264662646726468264692647026471264722647326474264752647626477264782647926480264812648226483264842648526486264872648826489264902649126492264932649426495264962649726498264992650026501265022650326504265052650626507265082650926510265112651226513265142651526516265172651826519265202652126522265232652426525265262652726528265292653026531265322653326534265352653626537265382653926540265412654226543265442654526546265472654826549265502655126552265532655426555265562655726558265592656026561265622656326564265652656626567265682656926570265712657226573265742657526576265772657826579265802658126582265832658426585265862658726588265892659026591265922659326594265952659626597265982659926600266012660226603266042660526606266072660826609266102661126612266132661426615266162661726618266192662026621266222662326624266252662626627266282662926630266312663226633266342663526636266372663826639266402664126642266432664426645266462664726648266492665026651266522665326654266552665626657266582665926660266612666226663266642666526666266672666826669266702667126672266732667426675266762667726678266792668026681266822668326684266852668626687266882668926690266912669226693266942669526696266972669826699267002670126702267032670426705267062670726708267092671026711267122671326714267152671626717267182671926720267212672226723267242672526726267272672826729267302673126732267332673426735267362673726738267392674026741267422674326744267452674626747267482674926750267512675226753267542675526756267572675826759267602676126762267632676426765267662676726768267692677026771267722677326774267752677626777267782677926780267812678226783267842678526786267872678826789267902679126792267932679426795267962679726798267992680026801268022680326804268052680626807268082680926810268112681226813268142681526816268172681826819268202682126822268232682426825268262682726828268292683026831268322683326834268352683626837268382683926840268412684226843268442684526846268472684826849268502685126852268532685426855268562685726858268592686026861268622686326864268652686626867268682686926870268712687226873268742687526876268772687826879268802688126882268832688426885268862688726888268892689026891268922689326894268952689626897268982689926900269012690226903269042690526906269072690826909269102691126912269132691426915269162691726918269192692026921269222692326924269252692626927269282692926930269312693226933269342693526936269372693826939269402694126942269432694426945269462694726948269492695026951269522695326954269552695626957269582695926960269612696226963269642696526966269672696826969269702697126972269732697426975269762697726978269792698026981269822698326984269852698626987269882698926990269912699226993269942699526996269972699826999270002700127002270032700427005270062700727008270092701027011270122701327014270152701627017270182701927020270212702227023270242702527026270272702827029270302703127032270332703427035270362703727038270392704027041270422704327044270452704627047270482704927050270512705227053270542705527056270572705827059270602706127062270632706427065270662706727068270692707027071270722707327074270752707627077270782707927080270812708227083270842708527086270872708827089270902709127092270932709427095270962709727098270992710027101271022710327104271052710627107271082710927110271112711227113271142711527116271172711827119271202712127122271232712427125271262712727128271292713027131271322713327134271352713627137271382713927140271412714227143271442714527146271472714827149271502715127152271532715427155271562715727158271592716027161271622716327164271652716627167271682716927170271712717227173271742717527176271772717827179271802718127182271832718427185271862718727188271892719027191271922719327194271952719627197271982719927200272012720227203272042720527206272072720827209272102721127212272132721427215272162721727218272192722027221272222722327224272252722627227272282722927230272312723227233272342723527236272372723827239272402724127242272432724427245272462724727248272492725027251272522725327254272552725627257272582725927260272612726227263272642726527266272672726827269272702727127272272732727427275272762727727278272792728027281272822728327284272852728627287272882728927290272912729227293272942729527296272972729827299273002730127302273032730427305273062730727308273092731027311273122731327314273152731627317273182731927320273212732227323273242732527326273272732827329273302733127332273332733427335273362733727338273392734027341273422734327344273452734627347273482734927350273512735227353273542735527356273572735827359273602736127362273632736427365273662736727368273692737027371273722737327374273752737627377273782737927380273812738227383273842738527386273872738827389273902739127392273932739427395273962739727398273992740027401274022740327404274052740627407274082740927410274112741227413274142741527416274172741827419274202742127422274232742427425274262742727428274292743027431274322743327434274352743627437274382743927440274412744227443274442744527446274472744827449274502745127452274532745427455274562745727458274592746027461274622746327464274652746627467274682746927470274712747227473274742747527476274772747827479274802748127482274832748427485274862748727488274892749027491274922749327494274952749627497274982749927500275012750227503275042750527506275072750827509275102751127512275132751427515275162751727518275192752027521275222752327524275252752627527275282752927530275312753227533275342753527536275372753827539275402754127542275432754427545275462754727548275492755027551275522755327554275552755627557275582755927560275612756227563275642756527566275672756827569275702757127572275732757427575275762757727578275792758027581275822758327584275852758627587275882758927590275912759227593275942759527596275972759827599276002760127602276032760427605276062760727608276092761027611276122761327614276152761627617276182761927620276212762227623276242762527626276272762827629276302763127632276332763427635276362763727638276392764027641276422764327644276452764627647276482764927650276512765227653276542765527656276572765827659276602766127662276632766427665276662766727668276692767027671276722767327674276752767627677276782767927680276812768227683276842768527686276872768827689276902769127692276932769427695276962769727698276992770027701277022770327704277052770627707277082770927710277112771227713277142771527716277172771827719277202772127722277232772427725277262772727728277292773027731277322773327734277352773627737277382773927740277412774227743277442774527746277472774827749277502775127752277532775427755277562775727758277592776027761277622776327764277652776627767277682776927770277712777227773277742777527776277772777827779277802778127782277832778427785277862778727788277892779027791277922779327794277952779627797277982779927800278012780227803278042780527806278072780827809278102781127812278132781427815278162781727818278192782027821278222782327824278252782627827278282782927830278312783227833278342783527836278372783827839278402784127842278432784427845278462784727848278492785027851278522785327854278552785627857278582785927860278612786227863278642786527866278672786827869278702787127872278732787427875278762787727878278792788027881278822788327884278852788627887278882788927890278912789227893278942789527896278972789827899279002790127902279032790427905279062790727908279092791027911279122791327914279152791627917279182791927920279212792227923279242792527926279272792827929279302793127932279332793427935279362793727938279392794027941279422794327944279452794627947279482794927950279512795227953279542795527956279572795827959279602796127962279632796427965279662796727968279692797027971279722797327974279752797627977279782797927980279812798227983279842798527986279872798827989279902799127992279932799427995279962799727998279992800028001280022800328004280052800628007280082800928010280112801228013280142801528016280172801828019280202802128022280232802428025280262802728028280292803028031280322803328034280352803628037280382803928040280412804228043280442804528046280472804828049280502805128052280532805428055280562805728058280592806028061280622806328064280652806628067280682806928070280712807228073280742807528076280772807828079280802808128082280832808428085280862808728088280892809028091280922809328094280952809628097280982809928100281012810228103281042810528106281072810828109281102811128112281132811428115281162811728118281192812028121281222812328124281252812628127281282812928130281312813228133281342813528136281372813828139281402814128142281432814428145281462814728148281492815028151281522815328154281552815628157281582815928160281612816228163281642816528166281672816828169281702817128172281732817428175281762817728178281792818028181281822818328184281852818628187281882818928190281912819228193281942819528196281972819828199282002820128202282032820428205282062820728208282092821028211282122821328214282152821628217282182821928220282212822228223282242822528226282272822828229282302823128232282332823428235282362823728238282392824028241282422824328244282452824628247282482824928250282512825228253282542825528256282572825828259282602826128262282632826428265282662826728268282692827028271282722827328274282752827628277282782827928280282812828228283282842828528286282872828828289282902829128292282932829428295282962829728298282992830028301283022830328304283052830628307283082830928310283112831228313283142831528316283172831828319283202832128322283232832428325283262832728328283292833028331283322833328334283352833628337283382833928340283412834228343283442834528346283472834828349283502835128352283532835428355283562835728358283592836028361283622836328364283652836628367283682836928370283712837228373283742837528376283772837828379283802838128382283832838428385283862838728388283892839028391283922839328394283952839628397283982839928400284012840228403284042840528406284072840828409284102841128412284132841428415284162841728418284192842028421284222842328424284252842628427284282842928430284312843228433284342843528436284372843828439284402844128442284432844428445284462844728448284492845028451284522845328454284552845628457284582845928460284612846228463284642846528466284672846828469284702847128472284732847428475284762847728478284792848028481284822848328484284852848628487284882848928490284912849228493284942849528496284972849828499285002850128502285032850428505285062850728508285092851028511285122851328514285152851628517285182851928520285212852228523285242852528526285272852828529285302853128532285332853428535285362853728538285392854028541285422854328544285452854628547285482854928550285512855228553285542855528556285572855828559285602856128562285632856428565285662856728568285692857028571285722857328574285752857628577285782857928580285812858228583285842858528586285872858828589285902859128592285932859428595285962859728598285992860028601286022860328604286052860628607286082860928610286112861228613286142861528616286172861828619286202862128622286232862428625286262862728628286292863028631286322863328634286352863628637286382863928640286412864228643286442864528646286472864828649286502865128652286532865428655286562865728658286592866028661286622866328664286652866628667286682866928670286712867228673286742867528676286772867828679286802868128682286832868428685286862868728688286892869028691286922869328694286952869628697286982869928700287012870228703287042870528706287072870828709287102871128712287132871428715287162871728718287192872028721287222872328724287252872628727287282872928730287312873228733287342873528736287372873828739287402874128742287432874428745287462874728748287492875028751287522875328754287552875628757287582875928760287612876228763287642876528766287672876828769287702877128772287732877428775287762877728778287792878028781287822878328784287852878628787287882878928790287912879228793287942879528796287972879828799288002880128802288032880428805288062880728808288092881028811288122881328814288152881628817288182881928820288212882228823288242882528826288272882828829288302883128832288332883428835288362883728838288392884028841288422884328844288452884628847288482884928850288512885228853288542885528856288572885828859288602886128862288632886428865288662886728868288692887028871288722887328874288752887628877288782887928880288812888228883288842888528886288872888828889288902889128892288932889428895288962889728898288992890028901289022890328904289052890628907289082890928910289112891228913289142891528916289172891828919289202892128922289232892428925289262892728928289292893028931289322893328934289352893628937289382893928940289412894228943289442894528946289472894828949289502895128952289532895428955289562895728958289592896028961289622896328964289652896628967289682896928970289712897228973289742897528976289772897828979289802898128982289832898428985289862898728988289892899028991289922899328994289952899628997289982899929000290012900229003290042900529006290072900829009290102901129012290132901429015290162901729018290192902029021290222902329024290252902629027290282902929030290312903229033290342903529036290372903829039290402904129042290432904429045290462904729048290492905029051290522905329054290552905629057290582905929060290612906229063290642906529066290672906829069290702907129072290732907429075290762907729078290792908029081290822908329084290852908629087290882908929090290912909229093290942909529096290972909829099291002910129102291032910429105291062910729108291092911029111291122911329114291152911629117291182911929120291212912229123291242912529126291272912829129291302913129132291332913429135291362913729138291392914029141291422914329144291452914629147291482914929150291512915229153291542915529156291572915829159291602916129162291632916429165291662916729168291692917029171291722917329174291752917629177291782917929180291812918229183291842918529186291872918829189291902919129192291932919429195291962919729198291992920029201292022920329204292052920629207292082920929210292112921229213292142921529216292172921829219292202922129222292232922429225292262922729228292292923029231292322923329234292352923629237292382923929240292412924229243292442924529246292472924829249292502925129252292532925429255292562925729258292592926029261292622926329264292652926629267292682926929270292712927229273292742927529276292772927829279292802928129282292832928429285292862928729288292892929029291292922929329294292952929629297292982929929300293012930229303293042930529306293072930829309293102931129312293132931429315293162931729318293192932029321293222932329324293252932629327293282932929330293312933229333293342933529336293372933829339293402934129342293432934429345293462934729348293492935029351293522935329354293552935629357293582935929360293612936229363293642936529366293672936829369293702937129372293732937429375293762937729378293792938029381293822938329384293852938629387293882938929390293912939229393293942939529396293972939829399294002940129402294032940429405294062940729408294092941029411294122941329414294152941629417294182941929420294212942229423294242942529426294272942829429294302943129432294332943429435294362943729438294392944029441294422944329444294452944629447294482944929450294512945229453294542945529456294572945829459294602946129462294632946429465294662946729468294692947029471294722947329474294752947629477294782947929480294812948229483294842948529486294872948829489294902949129492294932949429495294962949729498294992950029501295022950329504295052950629507295082950929510295112951229513295142951529516295172951829519295202952129522295232952429525295262952729528295292953029531295322953329534295352953629537295382953929540295412954229543295442954529546295472954829549295502955129552295532955429555295562955729558295592956029561295622956329564295652956629567295682956929570295712957229573295742957529576295772957829579295802958129582295832958429585295862958729588295892959029591295922959329594295952959629597295982959929600296012960229603296042960529606296072960829609296102961129612296132961429615296162961729618296192962029621296222962329624296252962629627296282962929630296312963229633296342963529636296372963829639296402964129642296432964429645296462964729648296492965029651296522965329654296552965629657296582965929660296612966229663296642966529666296672966829669296702967129672296732967429675296762967729678296792968029681296822968329684296852968629687296882968929690296912969229693296942969529696296972969829699297002970129702297032970429705297062970729708297092971029711297122971329714297152971629717297182971929720297212972229723297242972529726297272972829729297302973129732297332973429735297362973729738297392974029741297422974329744297452974629747297482974929750297512975229753297542975529756297572975829759297602976129762297632976429765297662976729768297692977029771297722977329774297752977629777297782977929780297812978229783297842978529786297872978829789297902979129792297932979429795297962979729798297992980029801298022980329804298052980629807298082980929810298112981229813298142981529816298172981829819298202982129822298232982429825298262982729828298292983029831298322983329834298352983629837298382983929840298412984229843298442984529846298472984829849298502985129852298532985429855298562985729858298592986029861298622986329864298652986629867298682986929870298712987229873298742987529876298772987829879298802988129882298832988429885298862988729888298892989029891298922989329894298952989629897298982989929900299012990229903299042990529906299072990829909299102991129912299132991429915299162991729918299192992029921299222992329924299252992629927299282992929930299312993229933299342993529936299372993829939299402994129942299432994429945299462994729948299492995029951299522995329954299552995629957299582995929960299612996229963299642996529966299672996829969299702997129972299732997429975299762997729978299792998029981299822998329984299852998629987299882998929990299912999229993299942999529996299972999829999300003000130002300033000430005300063000730008300093001030011300123001330014300153001630017300183001930020300213002230023300243002530026300273002830029300303003130032300333003430035300363003730038300393004030041300423004330044300453004630047300483004930050300513005230053300543005530056300573005830059300603006130062300633006430065300663006730068300693007030071300723007330074300753007630077300783007930080300813008230083300843008530086300873008830089300903009130092300933009430095300963009730098300993010030101301023010330104301053010630107301083010930110301113011230113301143011530116301173011830119301203012130122301233012430125301263012730128301293013030131301323013330134301353013630137301383013930140301413014230143301443014530146301473014830149301503015130152301533015430155301563015730158301593016030161301623016330164301653016630167301683016930170301713017230173301743017530176301773017830179301803018130182301833018430185301863018730188301893019030191301923019330194301953019630197301983019930200302013020230203302043020530206302073020830209302103021130212302133021430215302163021730218302193022030221302223022330224302253022630227302283022930230302313023230233302343023530236302373023830239302403024130242302433024430245302463024730248302493025030251302523025330254302553025630257302583025930260302613026230263302643026530266302673026830269302703027130272302733027430275302763027730278302793028030281302823028330284302853028630287302883028930290302913029230293302943029530296302973029830299303003030130302303033030430305303063030730308303093031030311303123031330314303153031630317303183031930320303213032230323303243032530326303273032830329303303033130332303333033430335303363033730338303393034030341303423034330344303453034630347303483034930350303513035230353303543035530356303573035830359303603036130362303633036430365303663036730368303693037030371303723037330374303753037630377303783037930380303813038230383303843038530386303873038830389303903039130392303933039430395303963039730398303993040030401304023040330404304053040630407304083040930410304113041230413304143041530416304173041830419304203042130422304233042430425304263042730428304293043030431304323043330434304353043630437304383043930440304413044230443304443044530446304473044830449304503045130452304533045430455304563045730458304593046030461304623046330464304653046630467304683046930470304713047230473304743047530476304773047830479304803048130482304833048430485304863048730488304893049030491304923049330494304953049630497304983049930500305013050230503305043050530506305073050830509305103051130512305133051430515305163051730518305193052030521305223052330524305253052630527305283052930530305313053230533305343053530536305373053830539305403054130542305433054430545305463054730548305493055030551305523055330554305553055630557305583055930560305613056230563305643056530566305673056830569305703057130572305733057430575305763057730578305793058030581305823058330584305853058630587305883058930590305913059230593305943059530596305973059830599306003060130602306033060430605306063060730608306093061030611306123061330614306153061630617306183061930620306213062230623306243062530626306273062830629306303063130632306333063430635306363063730638306393064030641306423064330644306453064630647306483064930650306513065230653306543065530656306573065830659306603066130662306633066430665306663066730668306693067030671306723067330674306753067630677306783067930680306813068230683306843068530686306873068830689306903069130692306933069430695306963069730698306993070030701307023070330704307053070630707307083070930710307113071230713307143071530716307173071830719307203072130722307233072430725307263072730728307293073030731307323073330734307353073630737307383073930740307413074230743307443074530746307473074830749307503075130752307533075430755307563075730758307593076030761307623076330764307653076630767307683076930770307713077230773307743077530776307773077830779307803078130782307833078430785307863078730788307893079030791307923079330794307953079630797307983079930800308013080230803308043080530806308073080830809308103081130812308133081430815308163081730818308193082030821308223082330824308253082630827308283082930830308313083230833308343083530836308373083830839308403084130842308433084430845308463084730848308493085030851308523085330854308553085630857308583085930860308613086230863308643086530866308673086830869308703087130872308733087430875308763087730878308793088030881308823088330884308853088630887308883088930890308913089230893308943089530896308973089830899309003090130902309033090430905309063090730908309093091030911309123091330914309153091630917309183091930920309213092230923309243092530926309273092830929309303093130932309333093430935309363093730938309393094030941309423094330944309453094630947309483094930950309513095230953309543095530956309573095830959309603096130962309633096430965309663096730968309693097030971309723097330974309753097630977309783097930980309813098230983309843098530986309873098830989309903099130992309933099430995309963099730998309993100031001310023100331004310053100631007310083100931010310113101231013310143101531016310173101831019310203102131022310233102431025310263102731028310293103031031310323103331034310353103631037310383103931040310413104231043310443104531046310473104831049310503105131052310533105431055310563105731058310593106031061310623106331064310653106631067310683106931070310713107231073310743107531076310773107831079310803108131082310833108431085310863108731088310893109031091310923109331094310953109631097310983109931100311013110231103311043110531106311073110831109311103111131112311133111431115311163111731118311193112031121311223112331124311253112631127311283112931130311313113231133311343113531136311373113831139311403114131142311433114431145311463114731148311493115031151311523115331154311553115631157311583115931160311613116231163311643116531166311673116831169311703117131172311733117431175311763117731178311793118031181311823118331184311853118631187311883118931190311913119231193311943119531196311973119831199312003120131202312033120431205312063120731208312093121031211312123121331214312153121631217312183121931220312213122231223312243122531226312273122831229312303123131232312333123431235312363123731238312393124031241312423124331244312453124631247312483124931250312513125231253312543125531256312573125831259312603126131262312633126431265312663126731268312693127031271312723127331274312753127631277312783127931280312813128231283312843128531286312873128831289312903129131292312933129431295312963129731298312993130031301313023130331304313053130631307313083130931310313113131231313313143131531316313173131831319313203132131322313233132431325313263132731328313293133031331313323133331334313353133631337313383133931340313413134231343313443134531346313473134831349313503135131352313533135431355313563135731358313593136031361313623136331364313653136631367313683136931370313713137231373313743137531376313773137831379313803138131382313833138431385313863138731388313893139031391313923139331394313953139631397313983139931400314013140231403314043140531406314073140831409314103141131412314133141431415314163141731418314193142031421314223142331424314253142631427314283142931430314313143231433314343143531436314373143831439314403144131442314433144431445314463144731448314493145031451314523145331454314553145631457314583145931460314613146231463314643146531466314673146831469314703147131472314733147431475314763147731478314793148031481314823148331484314853148631487314883148931490314913149231493314943149531496314973149831499315003150131502315033150431505315063150731508315093151031511315123151331514315153151631517315183151931520315213152231523315243152531526315273152831529315303153131532315333153431535315363153731538315393154031541315423154331544315453154631547315483154931550315513155231553315543155531556315573155831559315603156131562315633156431565315663156731568315693157031571315723157331574315753157631577315783157931580315813158231583315843158531586315873158831589315903159131592315933159431595315963159731598315993160031601316023160331604316053160631607316083160931610316113161231613316143161531616316173161831619316203162131622316233162431625316263162731628316293163031631316323163331634316353163631637316383163931640316413164231643316443164531646316473164831649316503165131652316533165431655316563165731658316593166031661316623166331664316653166631667316683166931670316713167231673316743167531676316773167831679316803168131682316833168431685316863168731688316893169031691316923169331694316953169631697316983169931700317013170231703317043170531706317073170831709317103171131712317133171431715317163171731718317193172031721317223172331724317253172631727317283172931730317313173231733317343173531736317373173831739317403174131742317433174431745317463174731748317493175031751317523175331754317553175631757317583175931760317613176231763317643176531766317673176831769317703177131772317733177431775317763177731778317793178031781317823178331784317853178631787317883178931790317913179231793317943179531796317973179831799318003180131802318033180431805318063180731808318093181031811318123181331814318153181631817318183181931820318213182231823318243182531826318273182831829318303183131832318333183431835318363183731838318393184031841318423184331844318453184631847318483184931850318513185231853318543185531856318573185831859318603186131862318633186431865318663186731868318693187031871318723187331874318753187631877318783187931880318813188231883318843188531886318873188831889318903189131892318933189431895318963189731898318993190031901319023190331904319053190631907319083190931910319113191231913319143191531916319173191831919319203192131922319233192431925319263192731928319293193031931319323193331934319353193631937319383193931940319413194231943319443194531946319473194831949319503195131952319533195431955319563195731958319593196031961319623196331964319653196631967319683196931970319713197231973319743197531976319773197831979319803198131982319833198431985319863198731988319893199031991319923199331994319953199631997319983199932000320013200232003320043200532006320073200832009320103201132012320133201432015320163201732018320193202032021320223202332024320253202632027320283202932030320313203232033320343203532036320373203832039320403204132042320433204432045320463204732048320493205032051320523205332054320553205632057320583205932060320613206232063320643206532066320673206832069320703207132072320733207432075320763207732078320793208032081320823208332084320853208632087320883208932090320913209232093320943209532096320973209832099321003210132102321033210432105321063210732108321093211032111321123211332114321153211632117321183211932120321213212232123321243212532126321273212832129321303213132132321333213432135321363213732138321393214032141321423214332144321453214632147321483214932150321513215232153321543215532156321573215832159321603216132162321633216432165321663216732168321693217032171321723217332174321753217632177321783217932180321813218232183321843218532186321873218832189321903219132192321933219432195321963219732198321993220032201322023220332204322053220632207322083220932210322113221232213322143221532216322173221832219322203222132222322233222432225322263222732228322293223032231322323223332234322353223632237322383223932240322413224232243322443224532246322473224832249322503225132252322533225432255322563225732258322593226032261322623226332264322653226632267322683226932270322713227232273322743227532276322773227832279322803228132282322833228432285322863228732288322893229032291322923229332294322953229632297322983229932300323013230232303323043230532306323073230832309323103231132312323133231432315323163231732318323193232032321323223232332324323253232632327323283232932330323313233232333323343233532336323373233832339323403234132342323433234432345323463234732348323493235032351323523235332354323553235632357323583235932360323613236232363323643236532366323673236832369323703237132372323733237432375323763237732378323793238032381323823238332384323853238632387323883238932390323913239232393323943239532396323973239832399324003240132402324033240432405324063240732408324093241032411324123241332414324153241632417324183241932420324213242232423324243242532426324273242832429324303243132432324333243432435324363243732438324393244032441324423244332444324453244632447324483244932450324513245232453324543245532456324573245832459324603246132462324633246432465324663246732468324693247032471324723247332474324753247632477324783247932480324813248232483324843248532486324873248832489324903249132492324933249432495324963249732498324993250032501325023250332504325053250632507325083250932510325113251232513325143251532516325173251832519325203252132522325233252432525325263252732528325293253032531325323253332534325353253632537325383253932540325413254232543325443254532546325473254832549325503255132552325533255432555325563255732558325593256032561325623256332564325653256632567325683256932570325713257232573325743257532576325773257832579325803258132582325833258432585325863258732588325893259032591325923259332594325953259632597325983259932600326013260232603326043260532606326073260832609326103261132612326133261432615326163261732618326193262032621326223262332624326253262632627326283262932630326313263232633326343263532636326373263832639326403264132642326433264432645326463264732648326493265032651326523265332654326553265632657326583265932660326613266232663326643266532666326673266832669326703267132672326733267432675326763267732678326793268032681326823268332684326853268632687326883268932690326913269232693326943269532696326973269832699327003270132702327033270432705327063270732708327093271032711327123271332714327153271632717327183271932720327213272232723327243272532726327273272832729327303273132732327333273432735327363273732738327393274032741327423274332744327453274632747327483274932750327513275232753327543275532756327573275832759327603276132762327633276432765327663276732768327693277032771327723277332774327753277632777327783277932780327813278232783327843278532786327873278832789327903279132792327933279432795327963279732798327993280032801328023280332804328053280632807328083280932810328113281232813328143281532816328173281832819328203282132822328233282432825328263282732828328293283032831328323283332834328353283632837328383283932840328413284232843328443284532846328473284832849328503285132852328533285432855328563285732858328593286032861328623286332864328653286632867328683286932870328713287232873328743287532876328773287832879328803288132882328833288432885328863288732888328893289032891328923289332894328953289632897328983289932900329013290232903329043290532906329073290832909329103291132912329133291432915329163291732918329193292032921329223292332924329253292632927329283292932930329313293232933329343293532936329373293832939329403294132942329433294432945329463294732948329493295032951329523295332954329553295632957329583295932960329613296232963329643296532966329673296832969329703297132972329733297432975329763297732978329793298032981329823298332984329853298632987329883298932990329913299232993329943299532996329973299832999330003300133002330033300433005330063300733008330093301033011330123301333014330153301633017330183301933020330213302233023330243302533026330273302833029330303303133032330333303433035330363303733038330393304033041330423304333044330453304633047330483304933050330513305233053330543305533056330573305833059330603306133062330633306433065330663306733068330693307033071330723307333074330753307633077330783307933080330813308233083330843308533086330873308833089330903309133092330933309433095330963309733098330993310033101331023310333104331053310633107331083310933110331113311233113331143311533116331173311833119331203312133122331233312433125331263312733128331293313033131331323313333134331353313633137331383313933140331413314233143331443314533146331473314833149331503315133152331533315433155331563315733158331593316033161331623316333164331653316633167331683316933170331713317233173331743317533176331773317833179331803318133182331833318433185331863318733188331893319033191331923319333194331953319633197331983319933200332013320233203332043320533206332073320833209332103321133212332133321433215332163321733218332193322033221332223322333224332253322633227332283322933230332313323233233332343323533236332373323833239332403324133242332433324433245332463324733248332493325033251332523325333254332553325633257332583325933260332613326233263332643326533266332673326833269332703327133272332733327433275332763327733278332793328033281332823328333284332853328633287332883328933290332913329233293332943329533296332973329833299333003330133302333033330433305333063330733308333093331033311333123331333314333153331633317333183331933320333213332233323333243332533326333273332833329333303333133332333333333433335333363333733338333393334033341333423334333344333453334633347333483334933350333513335233353333543335533356333573335833359333603336133362333633336433365333663336733368333693337033371333723337333374333753337633377333783337933380333813338233383333843338533386333873338833389333903339133392333933339433395333963339733398333993340033401334023340333404334053340633407334083340933410334113341233413334143341533416334173341833419334203342133422334233342433425334263342733428334293343033431334323343333434334353343633437334383343933440334413344233443334443344533446334473344833449334503345133452334533345433455334563345733458334593346033461334623346333464334653346633467334683346933470334713347233473334743347533476334773347833479334803348133482334833348433485334863348733488334893349033491334923349333494334953349633497334983349933500335013350233503335043350533506335073350833509335103351133512335133351433515335163351733518335193352033521335223352333524335253352633527335283352933530335313353233533335343353533536335373353833539335403354133542335433354433545335463354733548335493355033551335523355333554335553355633557335583355933560335613356233563335643356533566335673356833569335703357133572335733357433575335763357733578335793358033581335823358333584335853358633587335883358933590335913359233593335943359533596335973359833599336003360133602336033360433605336063360733608336093361033611336123361333614336153361633617336183361933620336213362233623336243362533626336273362833629336303363133632336333363433635336363363733638336393364033641336423364333644336453364633647336483364933650336513365233653336543365533656336573365833659336603366133662336633366433665336663366733668336693367033671336723367333674336753367633677336783367933680336813368233683336843368533686336873368833689336903369133692336933369433695336963369733698336993370033701337023370333704337053370633707337083370933710337113371233713337143371533716337173371833719337203372133722337233372433725337263372733728337293373033731337323373333734337353373633737337383373933740337413374233743337443374533746337473374833749337503375133752337533375433755337563375733758337593376033761337623376333764337653376633767337683376933770337713377233773337743377533776337773377833779337803378133782337833378433785337863378733788337893379033791337923379333794337953379633797337983379933800338013380233803338043380533806338073380833809338103381133812338133381433815338163381733818338193382033821338223382333824338253382633827338283382933830338313383233833338343383533836338373383833839338403384133842338433384433845338463384733848338493385033851338523385333854338553385633857338583385933860338613386233863338643386533866338673386833869338703387133872338733387433875338763387733878338793388033881338823388333884338853388633887338883388933890338913389233893338943389533896338973389833899339003390133902339033390433905339063390733908339093391033911339123391333914339153391633917339183391933920339213392233923339243392533926339273392833929339303393133932339333393433935339363393733938339393394033941339423394333944339453394633947339483394933950339513395233953339543395533956339573395833959339603396133962339633396433965339663396733968339693397033971339723397333974339753397633977339783397933980339813398233983339843398533986339873398833989339903399133992339933399433995339963399733998339993400034001340023400334004340053400634007340083400934010340113401234013340143401534016340173401834019340203402134022340233402434025340263402734028340293403034031340323403334034340353403634037340383403934040340413404234043340443404534046340473404834049340503405134052340533405434055340563405734058340593406034061340623406334064340653406634067340683406934070340713407234073340743407534076340773407834079340803408134082340833408434085340863408734088340893409034091340923409334094340953409634097340983409934100341013410234103341043410534106341073410834109341103411134112341133411434115341163411734118341193412034121341223412334124341253412634127341283412934130341313413234133341343413534136341373413834139341403414134142341433414434145341463414734148341493415034151341523415334154341553415634157341583415934160341613416234163341643416534166341673416834169341703417134172341733417434175341763417734178341793418034181341823418334184341853418634187341883418934190341913419234193341943419534196341973419834199342003420134202342033420434205342063420734208342093421034211342123421334214342153421634217342183421934220342213422234223342243422534226342273422834229342303423134232342333423434235342363423734238342393424034241342423424334244342453424634247342483424934250342513425234253342543425534256342573425834259342603426134262342633426434265342663426734268342693427034271342723427334274342753427634277342783427934280342813428234283342843428534286342873428834289342903429134292342933429434295342963429734298342993430034301343023430334304343053430634307343083430934310343113431234313343143431534316343173431834319343203432134322343233432434325343263432734328343293433034331343323433334334343353433634337343383433934340343413434234343343443434534346343473434834349343503435134352343533435434355343563435734358343593436034361343623436334364343653436634367343683436934370343713437234373343743437534376343773437834379343803438134382343833438434385343863438734388343893439034391343923439334394343953439634397343983439934400344013440234403344043440534406344073440834409344103441134412344133441434415344163441734418344193442034421344223442334424344253442634427344283442934430344313443234433344343443534436344373443834439344403444134442344433444434445344463444734448344493445034451344523445334454344553445634457344583445934460344613446234463344643446534466344673446834469344703447134472344733447434475344763447734478344793448034481344823448334484344853448634487344883448934490344913449234493344943449534496344973449834499345003450134502345033450434505345063450734508345093451034511345123451334514345153451634517345183451934520345213452234523345243452534526345273452834529345303453134532345333453434535345363453734538345393454034541345423454334544345453454634547345483454934550345513455234553345543455534556345573455834559345603456134562345633456434565345663456734568345693457034571345723457334574345753457634577345783457934580345813458234583345843458534586345873458834589345903459134592345933459434595345963459734598345993460034601346023460334604346053460634607346083460934610346113461234613346143461534616346173461834619346203462134622346233462434625346263462734628346293463034631346323463334634346353463634637346383463934640346413464234643346443464534646346473464834649346503465134652346533465434655346563465734658346593466034661346623466334664346653466634667346683466934670346713467234673346743467534676346773467834679346803468134682346833468434685346863468734688346893469034691346923469334694346953469634697346983469934700347013470234703347043470534706347073470834709347103471134712347133471434715347163471734718347193472034721347223472334724347253472634727347283472934730347313473234733347343473534736347373473834739347403474134742347433474434745347463474734748347493475034751347523475334754347553475634757347583475934760347613476234763347643476534766347673476834769347703477134772347733477434775347763477734778347793478034781347823478334784347853478634787347883478934790347913479234793347943479534796347973479834799348003480134802348033480434805348063480734808348093481034811348123481334814348153481634817348183481934820348213482234823348243482534826348273482834829348303483134832348333483434835348363483734838348393484034841348423484334844348453484634847348483484934850348513485234853348543485534856348573485834859348603486134862348633486434865348663486734868348693487034871348723487334874348753487634877348783487934880348813488234883348843488534886348873488834889348903489134892348933489434895348963489734898348993490034901349023490334904349053490634907349083490934910349113491234913349143491534916349173491834919349203492134922349233492434925349263492734928349293493034931349323493334934349353493634937349383493934940349413494234943349443494534946349473494834949349503495134952349533495434955349563495734958349593496034961349623496334964349653496634967349683496934970349713497234973349743497534976349773497834979349803498134982349833498434985349863498734988349893499034991349923499334994349953499634997349983499935000350013500235003350043500535006350073500835009350103501135012350133501435015350163501735018350193502035021350223502335024350253502635027350283502935030350313503235033350343503535036350373503835039350403504135042350433504435045350463504735048350493505035051350523505335054350553505635057350583505935060350613506235063350643506535066350673506835069350703507135072350733507435075350763507735078350793508035081350823508335084350853508635087350883508935090350913509235093350943509535096350973509835099351003510135102351033510435105351063510735108351093511035111351123511335114351153511635117351183511935120351213512235123351243512535126351273512835129351303513135132351333513435135351363513735138351393514035141351423514335144351453514635147351483514935150351513515235153351543515535156351573515835159351603516135162351633516435165351663516735168351693517035171351723517335174351753517635177351783517935180351813518235183351843518535186351873518835189351903519135192351933519435195351963519735198351993520035201352023520335204352053520635207352083520935210352113521235213352143521535216352173521835219352203522135222352233522435225352263522735228352293523035231352323523335234352353523635237352383523935240352413524235243352443524535246352473524835249352503525135252352533525435255352563525735258352593526035261352623526335264352653526635267352683526935270352713527235273352743527535276352773527835279352803528135282352833528435285352863528735288352893529035291352923529335294352953529635297352983529935300353013530235303353043530535306353073530835309353103531135312353133531435315353163531735318353193532035321353223532335324353253532635327353283532935330353313533235333353343533535336353373533835339353403534135342353433534435345353463534735348353493535035351353523535335354353553535635357353583535935360353613536235363353643536535366353673536835369353703537135372353733537435375353763537735378353793538035381353823538335384353853538635387353883538935390353913539235393353943539535396353973539835399354003540135402354033540435405354063540735408354093541035411354123541335414354153541635417354183541935420354213542235423354243542535426354273542835429354303543135432354333543435435354363543735438354393544035441354423544335444354453544635447354483544935450354513545235453354543545535456354573545835459354603546135462354633546435465354663546735468354693547035471354723547335474354753547635477354783547935480354813548235483354843548535486354873548835489354903549135492354933549435495354963549735498354993550035501355023550335504355053550635507355083550935510355113551235513355143551535516355173551835519355203552135522355233552435525355263552735528355293553035531355323553335534355353553635537355383553935540355413554235543355443554535546355473554835549355503555135552355533555435555355563555735558355593556035561355623556335564355653556635567355683556935570355713557235573355743557535576355773557835579355803558135582355833558435585355863558735588355893559035591355923559335594355953559635597355983559935600356013560235603356043560535606356073560835609356103561135612356133561435615356163561735618356193562035621356223562335624356253562635627356283562935630356313563235633356343563535636356373563835639356403564135642356433564435645356463564735648356493565035651356523565335654356553565635657356583565935660356613566235663356643566535666356673566835669356703567135672356733567435675356763567735678356793568035681356823568335684356853568635687356883568935690356913569235693356943569535696356973569835699357003570135702357033570435705357063570735708357093571035711357123571335714357153571635717357183571935720357213572235723357243572535726357273572835729357303573135732357333573435735357363573735738357393574035741357423574335744357453574635747357483574935750357513575235753357543575535756357573575835759357603576135762357633576435765357663576735768357693577035771357723577335774357753577635777357783577935780357813578235783357843578535786357873578835789357903579135792357933579435795357963579735798357993580035801358023580335804358053580635807358083580935810358113581235813358143581535816358173581835819358203582135822358233582435825358263582735828358293583035831358323583335834358353583635837358383583935840358413584235843358443584535846358473584835849358503585135852358533585435855358563585735858358593586035861358623586335864358653586635867358683586935870358713587235873358743587535876358773587835879358803588135882358833588435885358863588735888358893589035891358923589335894358953589635897358983589935900359013590235903359043590535906359073590835909359103591135912359133591435915359163591735918359193592035921359223592335924359253592635927359283592935930359313593235933359343593535936359373593835939359403594135942359433594435945359463594735948359493595035951359523595335954359553595635957359583595935960359613596235963359643596535966359673596835969359703597135972359733597435975359763597735978359793598035981359823598335984359853598635987359883598935990359913599235993359943599535996359973599835999360003600136002360033600436005360063600736008360093601036011360123601336014360153601636017360183601936020360213602236023360243602536026360273602836029360303603136032360333603436035360363603736038360393604036041360423604336044360453604636047360483604936050360513605236053360543605536056360573605836059360603606136062360633606436065360663606736068360693607036071360723607336074360753607636077360783607936080360813608236083360843608536086360873608836089360903609136092360933609436095360963609736098360993610036101361023610336104361053610636107361083610936110361113611236113361143611536116361173611836119361203612136122361233612436125361263612736128361293613036131361323613336134361353613636137361383613936140361413614236143361443614536146361473614836149361503615136152361533615436155361563615736158361593616036161361623616336164361653616636167361683616936170361713617236173361743617536176361773617836179361803618136182361833618436185361863618736188361893619036191361923619336194361953619636197361983619936200362013620236203362043620536206362073620836209362103621136212362133621436215362163621736218362193622036221362223622336224362253622636227362283622936230362313623236233362343623536236362373623836239362403624136242362433624436245362463624736248362493625036251362523625336254362553625636257362583625936260362613626236263362643626536266362673626836269362703627136272362733627436275362763627736278362793628036281362823628336284362853628636287362883628936290362913629236293362943629536296362973629836299363003630136302363033630436305363063630736308363093631036311363123631336314363153631636317363183631936320363213632236323363243632536326363273632836329363303633136332363333633436335363363633736338363393634036341363423634336344363453634636347363483634936350363513635236353363543635536356363573635836359363603636136362363633636436365363663636736368363693637036371363723637336374363753637636377363783637936380363813638236383363843638536386363873638836389363903639136392363933639436395363963639736398363993640036401364023640336404364053640636407364083640936410364113641236413364143641536416364173641836419364203642136422364233642436425364263642736428364293643036431364323643336434364353643636437364383643936440364413644236443364443644536446364473644836449364503645136452364533645436455364563645736458364593646036461364623646336464364653646636467364683646936470364713647236473364743647536476364773647836479364803648136482364833648436485364863648736488364893649036491364923649336494364953649636497364983649936500365013650236503365043650536506365073650836509365103651136512365133651436515365163651736518365193652036521365223652336524365253652636527365283652936530365313653236533365343653536536365373653836539365403654136542365433654436545365463654736548365493655036551365523655336554365553655636557365583655936560365613656236563365643656536566365673656836569365703657136572365733657436575365763657736578365793658036581365823658336584365853658636587365883658936590365913659236593365943659536596365973659836599366003660136602366033660436605366063660736608366093661036611366123661336614366153661636617366183661936620366213662236623366243662536626366273662836629366303663136632366333663436635366363663736638366393664036641366423664336644366453664636647366483664936650366513665236653366543665536656366573665836659366603666136662366633666436665366663666736668366693667036671366723667336674366753667636677366783667936680366813668236683366843668536686366873668836689366903669136692366933669436695366963669736698366993670036701367023670336704367053670636707367083670936710367113671236713367143671536716367173671836719367203672136722367233672436725367263672736728367293673036731367323673336734367353673636737367383673936740367413674236743367443674536746367473674836749367503675136752367533675436755367563675736758367593676036761367623676336764367653676636767367683676936770367713677236773367743677536776367773677836779367803678136782367833678436785367863678736788367893679036791367923679336794367953679636797367983679936800368013680236803368043680536806368073680836809368103681136812368133681436815368163681736818368193682036821368223682336824368253682636827368283682936830368313683236833368343683536836368373683836839368403684136842368433684436845368463684736848368493685036851368523685336854368553685636857368583685936860368613686236863368643686536866368673686836869368703687136872368733687436875368763687736878368793688036881368823688336884368853688636887368883688936890368913689236893368943689536896368973689836899369003690136902369033690436905369063690736908369093691036911369123691336914369153691636917369183691936920369213692236923369243692536926369273692836929369303693136932369333693436935369363693736938369393694036941369423694336944369453694636947369483694936950369513695236953369543695536956369573695836959369603696136962369633696436965369663696736968369693697036971369723697336974369753697636977369783697936980369813698236983369843698536986369873698836989369903699136992369933699436995369963699736998369993700037001370023700337004370053700637007370083700937010370113701237013370143701537016370173701837019370203702137022370233702437025370263702737028370293703037031370323703337034370353703637037370383703937040370413704237043370443704537046370473704837049370503705137052370533705437055370563705737058370593706037061370623706337064370653706637067370683706937070370713707237073370743707537076370773707837079370803708137082370833708437085370863708737088370893709037091370923709337094370953709637097370983709937100371013710237103371043710537106371073710837109371103711137112371133711437115371163711737118371193712037121371223712337124371253712637127371283712937130371313713237133371343713537136371373713837139371403714137142371433714437145371463714737148371493715037151371523715337154371553715637157371583715937160371613716237163371643716537166371673716837169371703717137172371733717437175371763717737178371793718037181371823718337184371853718637187371883718937190371913719237193371943719537196371973719837199372003720137202372033720437205372063720737208372093721037211372123721337214372153721637217372183721937220372213722237223372243722537226372273722837229372303723137232372333723437235372363723737238372393724037241372423724337244372453724637247372483724937250372513725237253372543725537256372573725837259372603726137262372633726437265372663726737268372693727037271372723727337274372753727637277372783727937280372813728237283372843728537286372873728837289372903729137292372933729437295372963729737298372993730037301373023730337304373053730637307373083730937310373113731237313373143731537316373173731837319373203732137322373233732437325373263732737328373293733037331373323733337334373353733637337373383733937340373413734237343373443734537346373473734837349373503735137352373533735437355373563735737358373593736037361373623736337364373653736637367373683736937370373713737237373373743737537376373773737837379373803738137382373833738437385373863738737388373893739037391373923739337394373953739637397373983739937400374013740237403374043740537406374073740837409374103741137412374133741437415374163741737418374193742037421374223742337424374253742637427374283742937430374313743237433374343743537436374373743837439374403744137442374433744437445374463744737448374493745037451374523745337454374553745637457374583745937460374613746237463374643746537466374673746837469374703747137472374733747437475374763747737478374793748037481374823748337484374853748637487374883748937490374913749237493374943749537496374973749837499375003750137502375033750437505375063750737508375093751037511375123751337514375153751637517375183751937520375213752237523375243752537526375273752837529375303753137532375333753437535375363753737538375393754037541375423754337544375453754637547375483754937550375513755237553375543755537556375573755837559375603756137562375633756437565375663756737568375693757037571375723757337574375753757637577375783757937580375813758237583375843758537586375873758837589375903759137592375933759437595375963759737598375993760037601376023760337604376053760637607376083760937610376113761237613376143761537616376173761837619376203762137622376233762437625376263762737628376293763037631376323763337634376353763637637376383763937640376413764237643376443764537646376473764837649376503765137652376533765437655376563765737658376593766037661376623766337664376653766637667376683766937670376713767237673376743767537676376773767837679376803768137682376833768437685376863768737688376893769037691376923769337694376953769637697376983769937700377013770237703377043770537706377073770837709377103771137712377133771437715377163771737718377193772037721377223772337724377253772637727377283772937730377313773237733377343773537736377373773837739377403774137742377433774437745377463774737748377493775037751377523775337754377553775637757377583775937760377613776237763377643776537766377673776837769377703777137772377733777437775377763777737778377793778037781377823778337784377853778637787377883778937790377913779237793377943779537796377973779837799378003780137802378033780437805378063780737808378093781037811378123781337814378153781637817378183781937820378213782237823378243782537826378273782837829378303783137832378333783437835378363783737838378393784037841378423784337844378453784637847378483784937850378513785237853378543785537856378573785837859378603786137862378633786437865378663786737868378693787037871378723787337874378753787637877378783787937880378813788237883378843788537886378873788837889378903789137892378933789437895378963789737898378993790037901379023790337904379053790637907379083790937910379113791237913379143791537916379173791837919379203792137922379233792437925379263792737928379293793037931379323793337934379353793637937379383793937940379413794237943379443794537946379473794837949379503795137952379533795437955379563795737958379593796037961379623796337964379653796637967379683796937970379713797237973379743797537976379773797837979379803798137982379833798437985379863798737988379893799037991379923799337994379953799637997379983799938000380013800238003380043800538006380073800838009380103801138012380133801438015380163801738018380193802038021380223802338024380253802638027380283802938030380313803238033380343803538036380373803838039380403804138042380433804438045380463804738048380493805038051380523805338054380553805638057380583805938060380613806238063380643806538066380673806838069380703807138072380733807438075380763807738078380793808038081380823808338084380853808638087380883808938090380913809238093380943809538096380973809838099381003810138102381033810438105381063810738108381093811038111381123811338114381153811638117381183811938120381213812238123381243812538126381273812838129381303813138132381333813438135381363813738138381393814038141381423814338144381453814638147381483814938150381513815238153381543815538156381573815838159381603816138162381633816438165381663816738168381693817038171381723817338174381753817638177381783817938180381813818238183381843818538186381873818838189381903819138192381933819438195381963819738198381993820038201382023820338204382053820638207382083820938210382113821238213382143821538216382173821838219382203822138222382233822438225382263822738228382293823038231382323823338234382353823638237382383823938240382413824238243382443824538246382473824838249382503825138252382533825438255382563825738258382593826038261382623826338264382653826638267382683826938270382713827238273382743827538276382773827838279382803828138282382833828438285382863828738288382893829038291382923829338294382953829638297382983829938300383013830238303383043830538306383073830838309383103831138312383133831438315383163831738318383193832038321383223832338324383253832638327383283832938330383313833238333383343833538336383373833838339383403834138342383433834438345383463834738348383493835038351383523835338354383553835638357383583835938360383613836238363383643836538366383673836838369383703837138372383733837438375383763837738378383793838038381383823838338384383853838638387383883838938390383913839238393383943839538396383973839838399384003840138402384033840438405384063840738408384093841038411384123841338414384153841638417384183841938420384213842238423384243842538426384273842838429384303843138432384333843438435384363843738438384393844038441384423844338444384453844638447384483844938450384513845238453384543845538456384573845838459384603846138462384633846438465384663846738468384693847038471384723847338474384753847638477384783847938480384813848238483384843848538486384873848838489384903849138492384933849438495384963849738498384993850038501385023850338504385053850638507385083850938510385113851238513385143851538516385173851838519385203852138522385233852438525385263852738528385293853038531385323853338534385353853638537385383853938540385413854238543385443854538546385473854838549385503855138552385533855438555385563855738558385593856038561385623856338564385653856638567385683856938570385713857238573385743857538576385773857838579385803858138582385833858438585385863858738588385893859038591385923859338594385953859638597385983859938600386013860238603386043860538606386073860838609386103861138612386133861438615386163861738618386193862038621386223862338624386253862638627386283862938630386313863238633386343863538636386373863838639386403864138642386433864438645386463864738648386493865038651386523865338654386553865638657386583865938660386613866238663386643866538666386673866838669386703867138672386733867438675386763867738678386793868038681386823868338684386853868638687386883868938690386913869238693386943869538696386973869838699387003870138702387033870438705387063870738708387093871038711387123871338714387153871638717387183871938720387213872238723387243872538726387273872838729387303873138732387333873438735387363873738738387393874038741387423874338744387453874638747387483874938750387513875238753387543875538756387573875838759387603876138762387633876438765387663876738768387693877038771387723877338774387753877638777387783877938780387813878238783387843878538786387873878838789387903879138792387933879438795387963879738798387993880038801388023880338804388053880638807388083880938810388113881238813388143881538816388173881838819388203882138822388233882438825388263882738828388293883038831388323883338834388353883638837388383883938840388413884238843388443884538846388473884838849388503885138852388533885438855388563885738858388593886038861388623886338864388653886638867388683886938870388713887238873388743887538876388773887838879388803888138882388833888438885388863888738888388893889038891388923889338894388953889638897388983889938900389013890238903389043890538906389073890838909389103891138912389133891438915389163891738918389193892038921389223892338924389253892638927389283892938930389313893238933389343893538936389373893838939389403894138942389433894438945389463894738948389493895038951389523895338954389553895638957389583895938960389613896238963389643896538966389673896838969389703897138972389733897438975389763897738978389793898038981389823898338984389853898638987389883898938990389913899238993389943899538996389973899838999390003900139002390033900439005390063900739008390093901039011390123901339014390153901639017390183901939020390213902239023390243902539026390273902839029390303903139032390333903439035390363903739038390393904039041390423904339044390453904639047390483904939050390513905239053390543905539056390573905839059390603906139062390633906439065390663906739068390693907039071390723907339074390753907639077390783907939080390813908239083390843908539086390873908839089390903909139092390933909439095390963909739098390993910039101391023910339104391053910639107391083910939110391113911239113391143911539116391173911839119391203912139122391233912439125391263912739128391293913039131391323913339134391353913639137391383913939140391413914239143391443914539146391473914839149391503915139152391533915439155391563915739158391593916039161391623916339164391653916639167391683916939170391713917239173391743917539176391773917839179391803918139182391833918439185391863918739188391893919039191391923919339194391953919639197391983919939200392013920239203392043920539206392073920839209392103921139212392133921439215392163921739218392193922039221392223922339224392253922639227392283922939230392313923239233392343923539236392373923839239392403924139242392433924439245392463924739248392493925039251392523925339254392553925639257392583925939260392613926239263392643926539266392673926839269392703927139272392733927439275392763927739278392793928039281392823928339284392853928639287392883928939290392913929239293392943929539296392973929839299393003930139302393033930439305393063930739308393093931039311393123931339314393153931639317393183931939320393213932239323393243932539326393273932839329393303933139332393333933439335393363933739338393393934039341393423934339344393453934639347393483934939350393513935239353393543935539356393573935839359393603936139362393633936439365393663936739368393693937039371393723937339374393753937639377393783937939380393813938239383393843938539386393873938839389393903939139392393933939439395393963939739398393993940039401394023940339404394053940639407394083940939410394113941239413394143941539416394173941839419394203942139422394233942439425394263942739428394293943039431394323943339434394353943639437394383943939440394413944239443394443944539446394473944839449394503945139452394533945439455394563945739458394593946039461394623946339464394653946639467394683946939470394713947239473394743947539476394773947839479394803948139482394833948439485394863948739488394893949039491394923949339494394953949639497394983949939500395013950239503395043950539506395073950839509395103951139512395133951439515395163951739518395193952039521395223952339524395253952639527395283952939530395313953239533395343953539536395373953839539395403954139542395433954439545395463954739548395493955039551395523955339554395553955639557395583955939560395613956239563395643956539566395673956839569395703957139572395733957439575395763957739578395793958039581395823958339584395853958639587395883958939590395913959239593395943959539596395973959839599396003960139602396033960439605396063960739608396093961039611396123961339614396153961639617396183961939620396213962239623396243962539626396273962839629396303963139632396333963439635396363963739638396393964039641396423964339644396453964639647396483964939650396513965239653396543965539656396573965839659396603966139662396633966439665396663966739668396693967039671396723967339674396753967639677396783967939680396813968239683396843968539686396873968839689396903969139692396933969439695396963969739698396993970039701397023970339704397053970639707397083970939710397113971239713397143971539716397173971839719397203972139722397233972439725397263972739728397293973039731397323973339734397353973639737397383973939740397413974239743397443974539746397473974839749397503975139752397533975439755397563975739758397593976039761397623976339764397653976639767397683976939770397713977239773397743977539776397773977839779397803978139782397833978439785397863978739788397893979039791397923979339794397953979639797397983979939800398013980239803398043980539806398073980839809398103981139812398133981439815398163981739818398193982039821398223982339824398253982639827398283982939830398313983239833398343983539836398373983839839398403984139842398433984439845398463984739848398493985039851398523985339854398553985639857398583985939860398613986239863398643986539866398673986839869398703987139872398733987439875398763987739878398793988039881398823988339884398853988639887398883988939890398913989239893398943989539896398973989839899399003990139902399033990439905399063990739908399093991039911399123991339914399153991639917399183991939920399213992239923399243992539926399273992839929399303993139932399333993439935399363993739938399393994039941399423994339944399453994639947399483994939950399513995239953399543995539956399573995839959399603996139962399633996439965399663996739968399693997039971399723997339974399753997639977399783997939980399813998239983399843998539986399873998839989399903999139992399933999439995399963999739998399994000040001400024000340004400054000640007400084000940010400114001240013400144001540016400174001840019400204002140022400234002440025400264002740028400294003040031400324003340034400354003640037400384003940040400414004240043400444004540046400474004840049400504005140052400534005440055400564005740058400594006040061400624006340064400654006640067400684006940070400714007240073400744007540076400774007840079400804008140082400834008440085400864008740088400894009040091400924009340094400954009640097400984009940100401014010240103401044010540106401074010840109401104011140112401134011440115401164011740118401194012040121401224012340124401254012640127401284012940130401314013240133401344013540136401374013840139401404014140142401434014440145401464014740148401494015040151401524015340154401554015640157401584015940160401614016240163401644016540166401674016840169401704017140172401734017440175401764017740178401794018040181401824018340184401854018640187401884018940190401914019240193401944019540196401974019840199402004020140202402034020440205402064020740208402094021040211402124021340214402154021640217402184021940220402214022240223402244022540226402274022840229402304023140232402334023440235402364023740238402394024040241402424024340244402454024640247402484024940250402514025240253402544025540256402574025840259402604026140262402634026440265402664026740268402694027040271402724027340274402754027640277402784027940280402814028240283402844028540286402874028840289402904029140292402934029440295402964029740298402994030040301403024030340304403054030640307403084030940310403114031240313403144031540316403174031840319403204032140322403234032440325403264032740328403294033040331403324033340334403354033640337403384033940340403414034240343403444034540346403474034840349403504035140352403534035440355403564035740358403594036040361403624036340364403654036640367403684036940370403714037240373403744037540376403774037840379403804038140382403834038440385403864038740388403894039040391403924039340394403954039640397403984039940400404014040240403404044040540406404074040840409404104041140412404134041440415404164041740418404194042040421404224042340424404254042640427404284042940430404314043240433404344043540436404374043840439404404044140442404434044440445404464044740448404494045040451404524045340454404554045640457404584045940460404614046240463404644046540466404674046840469404704047140472404734047440475404764047740478404794048040481404824048340484404854048640487404884048940490404914049240493404944049540496404974049840499405004050140502405034050440505405064050740508405094051040511405124051340514405154051640517405184051940520405214052240523405244052540526405274052840529405304053140532405334053440535405364053740538405394054040541405424054340544405454054640547405484054940550405514055240553405544055540556405574055840559405604056140562405634056440565405664056740568405694057040571405724057340574405754057640577405784057940580405814058240583405844058540586405874058840589405904059140592405934059440595405964059740598405994060040601406024060340604406054060640607406084060940610406114061240613406144061540616406174061840619406204062140622406234062440625406264062740628406294063040631406324063340634406354063640637406384063940640406414064240643406444064540646406474064840649406504065140652406534065440655406564065740658406594066040661406624066340664406654066640667406684066940670406714067240673406744067540676406774067840679406804068140682406834068440685406864068740688406894069040691406924069340694406954069640697406984069940700407014070240703407044070540706407074070840709407104071140712407134071440715407164071740718407194072040721407224072340724407254072640727407284072940730407314073240733407344073540736407374073840739407404074140742407434074440745407464074740748407494075040751407524075340754407554075640757407584075940760407614076240763407644076540766407674076840769407704077140772407734077440775407764077740778407794078040781407824078340784407854078640787407884078940790407914079240793407944079540796407974079840799408004080140802408034080440805408064080740808408094081040811408124081340814408154081640817408184081940820408214082240823408244082540826408274082840829408304083140832408334083440835408364083740838408394084040841408424084340844408454084640847408484084940850408514085240853408544085540856408574085840859408604086140862408634086440865408664086740868408694087040871408724087340874408754087640877408784087940880408814088240883408844088540886408874088840889408904089140892408934089440895408964089740898408994090040901409024090340904409054090640907409084090940910409114091240913409144091540916409174091840919409204092140922409234092440925409264092740928409294093040931409324093340934409354093640937409384093940940409414094240943409444094540946409474094840949409504095140952409534095440955409564095740958409594096040961409624096340964409654096640967409684096940970409714097240973409744097540976409774097840979409804098140982409834098440985409864098740988409894099040991409924099340994409954099640997409984099941000410014100241003410044100541006410074100841009410104101141012410134101441015410164101741018410194102041021410224102341024410254102641027410284102941030410314103241033410344103541036410374103841039410404104141042410434104441045410464104741048410494105041051410524105341054410554105641057410584105941060410614106241063410644106541066410674106841069410704107141072410734107441075410764107741078410794108041081410824108341084410854108641087410884108941090410914109241093410944109541096410974109841099411004110141102411034110441105411064110741108411094111041111411124111341114411154111641117411184111941120411214112241123411244112541126411274112841129411304113141132411334113441135411364113741138411394114041141411424114341144411454114641147411484114941150411514115241153411544115541156411574115841159411604116141162411634116441165411664116741168411694117041171411724117341174411754117641177411784117941180411814118241183411844118541186411874118841189411904119141192411934119441195411964119741198411994120041201412024120341204412054120641207412084120941210412114121241213412144121541216412174121841219412204122141222412234122441225412264122741228412294123041231412324123341234412354123641237412384123941240412414124241243412444124541246412474124841249412504125141252412534125441255412564125741258412594126041261412624126341264412654126641267412684126941270412714127241273412744127541276412774127841279412804128141282412834128441285412864128741288412894129041291412924129341294412954129641297412984129941300413014130241303413044130541306413074130841309413104131141312413134131441315413164131741318413194132041321413224132341324413254132641327413284132941330413314133241333413344133541336413374133841339413404134141342413434134441345413464134741348413494135041351413524135341354413554135641357413584135941360413614136241363413644136541366413674136841369413704137141372413734137441375413764137741378413794138041381413824138341384413854138641387413884138941390413914139241393413944139541396413974139841399414004140141402414034140441405414064140741408414094141041411414124141341414414154141641417414184141941420414214142241423414244142541426414274142841429414304143141432414334143441435414364143741438414394144041441414424144341444414454144641447414484144941450414514145241453414544145541456414574145841459414604146141462414634146441465414664146741468414694147041471414724147341474414754147641477414784147941480414814148241483414844148541486414874148841489414904149141492414934149441495414964149741498414994150041501415024150341504415054150641507415084150941510415114151241513415144151541516415174151841519415204152141522415234152441525415264152741528415294153041531415324153341534415354153641537415384153941540415414154241543415444154541546415474154841549415504155141552415534155441555415564155741558415594156041561415624156341564415654156641567415684156941570415714157241573415744157541576415774157841579415804158141582415834158441585415864158741588415894159041591415924159341594415954159641597415984159941600416014160241603416044160541606416074160841609416104161141612416134161441615416164161741618416194162041621416224162341624416254162641627416284162941630416314163241633416344163541636416374163841639416404164141642416434164441645416464164741648416494165041651416524165341654416554165641657416584165941660416614166241663416644166541666416674166841669416704167141672416734167441675416764167741678416794168041681416824168341684416854168641687416884168941690416914169241693416944169541696416974169841699417004170141702417034170441705417064170741708417094171041711417124171341714417154171641717417184171941720417214172241723417244172541726417274172841729417304173141732417334173441735417364173741738417394174041741417424174341744417454174641747417484174941750417514175241753417544175541756417574175841759417604176141762417634176441765417664176741768417694177041771417724177341774417754177641777417784177941780417814178241783417844178541786417874178841789417904179141792417934179441795417964179741798417994180041801418024180341804418054180641807418084180941810418114181241813418144181541816418174181841819418204182141822418234182441825418264182741828418294183041831418324183341834418354183641837418384183941840418414184241843418444184541846418474184841849418504185141852418534185441855418564185741858418594186041861418624186341864418654186641867418684186941870418714187241873418744187541876418774187841879418804188141882418834188441885418864188741888418894189041891418924189341894418954189641897418984189941900419014190241903419044190541906419074190841909419104191141912419134191441915419164191741918419194192041921419224192341924419254192641927419284192941930419314193241933419344193541936419374193841939419404194141942419434194441945419464194741948419494195041951419524195341954419554195641957419584195941960419614196241963419644196541966419674196841969419704197141972419734197441975419764197741978419794198041981419824198341984419854198641987419884198941990419914199241993419944199541996419974199841999420004200142002420034200442005420064200742008420094201042011420124201342014420154201642017420184201942020420214202242023420244202542026420274202842029420304203142032420334203442035420364203742038420394204042041420424204342044420454204642047420484204942050420514205242053420544205542056420574205842059420604206142062420634206442065420664206742068420694207042071420724207342074420754207642077420784207942080420814208242083420844208542086420874208842089420904209142092420934209442095420964209742098420994210042101421024210342104421054210642107421084210942110421114211242113421144211542116421174211842119421204212142122421234212442125421264212742128421294213042131421324213342134421354213642137421384213942140421414214242143421444214542146421474214842149421504215142152421534215442155421564215742158421594216042161421624216342164421654216642167421684216942170421714217242173421744217542176421774217842179421804218142182421834218442185421864218742188421894219042191421924219342194421954219642197421984219942200422014220242203422044220542206422074220842209422104221142212422134221442215422164221742218422194222042221422224222342224422254222642227422284222942230422314223242233422344223542236422374223842239422404224142242422434224442245422464224742248422494225042251422524225342254422554225642257422584225942260422614226242263422644226542266422674226842269422704227142272422734227442275422764227742278422794228042281422824228342284422854228642287422884228942290422914229242293422944229542296422974229842299423004230142302423034230442305423064230742308423094231042311423124231342314423154231642317423184231942320423214232242323423244232542326423274232842329423304233142332423334233442335423364233742338423394234042341423424234342344423454234642347423484234942350423514235242353423544235542356423574235842359423604236142362423634236442365423664236742368423694237042371423724237342374423754237642377423784237942380423814238242383423844238542386423874238842389423904239142392423934239442395423964239742398423994240042401424024240342404424054240642407424084240942410424114241242413424144241542416424174241842419424204242142422424234242442425424264242742428424294243042431424324243342434424354243642437424384243942440424414244242443424444244542446424474244842449424504245142452424534245442455424564245742458424594246042461424624246342464424654246642467424684246942470424714247242473424744247542476424774247842479424804248142482424834248442485424864248742488424894249042491424924249342494424954249642497424984249942500425014250242503425044250542506425074250842509425104251142512425134251442515425164251742518425194252042521425224252342524425254252642527425284252942530425314253242533425344253542536425374253842539425404254142542425434254442545425464254742548425494255042551425524255342554425554255642557425584255942560425614256242563425644256542566425674256842569425704257142572425734257442575425764257742578425794258042581425824258342584425854258642587425884258942590425914259242593425944259542596425974259842599426004260142602426034260442605426064260742608426094261042611426124261342614426154261642617426184261942620426214262242623426244262542626426274262842629426304263142632426334263442635426364263742638426394264042641426424264342644426454264642647426484264942650426514265242653426544265542656426574265842659426604266142662426634266442665426664266742668426694267042671426724267342674426754267642677426784267942680426814268242683426844268542686426874268842689426904269142692426934269442695426964269742698426994270042701427024270342704427054270642707427084270942710427114271242713427144271542716427174271842719427204272142722427234272442725427264272742728427294273042731427324273342734427354273642737427384273942740427414274242743427444274542746427474274842749427504275142752427534275442755427564275742758427594276042761427624276342764427654276642767427684276942770427714277242773427744277542776427774277842779427804278142782427834278442785427864278742788427894279042791427924279342794427954279642797427984279942800428014280242803428044280542806428074280842809428104281142812428134281442815428164281742818428194282042821428224282342824428254282642827428284282942830428314283242833428344283542836428374283842839428404284142842428434284442845428464284742848428494285042851428524285342854428554285642857428584285942860428614286242863428644286542866428674286842869428704287142872428734287442875428764287742878428794288042881428824288342884428854288642887428884288942890428914289242893428944289542896428974289842899429004290142902429034290442905429064290742908429094291042911429124291342914429154291642917429184291942920429214292242923429244292542926429274292842929429304293142932429334293442935429364293742938429394294042941429424294342944429454294642947429484294942950429514295242953429544295542956429574295842959429604296142962429634296442965429664296742968429694297042971429724297342974429754297642977429784297942980429814298242983429844298542986429874298842989429904299142992429934299442995429964299742998429994300043001430024300343004430054300643007430084300943010430114301243013430144301543016430174301843019430204302143022430234302443025430264302743028430294303043031430324303343034430354303643037430384303943040430414304243043430444304543046430474304843049430504305143052430534305443055430564305743058430594306043061430624306343064430654306643067430684306943070430714307243073430744307543076430774307843079430804308143082430834308443085430864308743088430894309043091430924309343094430954309643097430984309943100431014310243103431044310543106431074310843109431104311143112431134311443115431164311743118431194312043121431224312343124431254312643127431284312943130431314313243133431344313543136431374313843139431404314143142431434314443145431464314743148431494315043151431524315343154431554315643157431584315943160431614316243163431644316543166431674316843169431704317143172431734317443175431764317743178431794318043181431824318343184431854318643187431884318943190431914319243193431944319543196431974319843199432004320143202432034320443205432064320743208432094321043211432124321343214432154321643217432184321943220432214322243223432244322543226432274322843229432304323143232432334323443235432364323743238432394324043241432424324343244432454324643247432484324943250432514325243253432544325543256432574325843259432604326143262432634326443265432664326743268432694327043271432724327343274432754327643277432784327943280432814328243283432844328543286432874328843289432904329143292432934329443295432964329743298432994330043301433024330343304433054330643307433084330943310433114331243313433144331543316433174331843319433204332143322433234332443325433264332743328433294333043331433324333343334433354333643337433384333943340433414334243343433444334543346433474334843349433504335143352433534335443355433564335743358433594336043361433624336343364433654336643367433684336943370433714337243373433744337543376433774337843379433804338143382433834338443385433864338743388433894339043391433924339343394433954339643397433984339943400434014340243403434044340543406434074340843409434104341143412434134341443415434164341743418434194342043421434224342343424434254342643427434284342943430434314343243433434344343543436434374343843439434404344143442434434344443445434464344743448434494345043451434524345343454434554345643457434584345943460434614346243463434644346543466434674346843469434704347143472434734347443475434764347743478434794348043481434824348343484434854348643487434884348943490434914349243493434944349543496434974349843499435004350143502435034350443505435064350743508435094351043511435124351343514435154351643517435184351943520435214352243523435244352543526435274352843529435304353143532435334353443535435364353743538435394354043541435424354343544435454354643547435484354943550435514355243553435544355543556435574355843559435604356143562435634356443565435664356743568435694357043571435724357343574435754357643577435784357943580435814358243583435844358543586435874358843589435904359143592435934359443595435964359743598435994360043601436024360343604436054360643607436084360943610436114361243613436144361543616436174361843619436204362143622436234362443625436264362743628436294363043631436324363343634436354363643637436384363943640436414364243643436444364543646436474364843649436504365143652436534365443655436564365743658436594366043661436624366343664436654366643667436684366943670436714367243673436744367543676436774367843679436804368143682436834368443685436864368743688436894369043691436924369343694436954369643697436984369943700437014370243703437044370543706437074370843709437104371143712437134371443715437164371743718437194372043721437224372343724437254372643727437284372943730437314373243733437344373543736437374373843739437404374143742437434374443745437464374743748437494375043751437524375343754437554375643757437584375943760437614376243763437644376543766437674376843769437704377143772437734377443775437764377743778437794378043781437824378343784437854378643787437884378943790437914379243793437944379543796437974379843799438004380143802438034380443805438064380743808438094381043811438124381343814438154381643817438184381943820438214382243823438244382543826438274382843829438304383143832438334383443835438364383743838438394384043841438424384343844438454384643847438484384943850438514385243853438544385543856438574385843859438604386143862438634386443865438664386743868438694387043871438724387343874438754387643877438784387943880438814388243883438844388543886438874388843889438904389143892438934389443895438964389743898438994390043901439024390343904439054390643907439084390943910439114391243913439144391543916439174391843919439204392143922439234392443925439264392743928439294393043931439324393343934439354393643937439384393943940439414394243943439444394543946439474394843949439504395143952439534395443955439564395743958439594396043961439624396343964439654396643967439684396943970439714397243973439744397543976439774397843979439804398143982439834398443985439864398743988439894399043991439924399343994439954399643997439984399944000440014400244003440044400544006440074400844009440104401144012440134401444015440164401744018440194402044021440224402344024440254402644027440284402944030440314403244033440344403544036440374403844039440404404144042440434404444045440464404744048440494405044051440524405344054440554405644057440584405944060440614406244063440644406544066440674406844069440704407144072440734407444075440764407744078440794408044081440824408344084440854408644087440884408944090440914409244093440944409544096440974409844099441004410144102441034410444105441064410744108441094411044111441124411344114441154411644117441184411944120441214412244123441244412544126441274412844129441304413144132441334413444135441364413744138441394414044141441424414344144441454414644147441484414944150441514415244153441544415544156441574415844159441604416144162441634416444165441664416744168441694417044171441724417344174441754417644177441784417944180441814418244183441844418544186441874418844189441904419144192441934419444195441964419744198441994420044201442024420344204442054420644207442084420944210442114421244213442144421544216442174421844219442204422144222442234422444225442264422744228442294423044231442324423344234442354423644237442384423944240442414424244243442444424544246442474424844249442504425144252442534425444255442564425744258442594426044261442624426344264442654426644267442684426944270442714427244273442744427544276442774427844279442804428144282442834428444285442864428744288442894429044291442924429344294442954429644297442984429944300443014430244303443044430544306443074430844309443104431144312443134431444315443164431744318443194432044321443224432344324443254432644327443284432944330443314433244333443344433544336443374433844339443404434144342443434434444345443464434744348443494435044351443524435344354443554435644357443584435944360443614436244363443644436544366443674436844369443704437144372443734437444375443764437744378443794438044381443824438344384443854438644387443884438944390443914439244393443944439544396443974439844399444004440144402444034440444405444064440744408444094441044411444124441344414444154441644417444184441944420444214442244423444244442544426444274442844429444304443144432444334443444435444364443744438444394444044441444424444344444444454444644447444484444944450444514445244453444544445544456444574445844459444604446144462444634446444465444664446744468444694447044471444724447344474444754447644477444784447944480444814448244483444844448544486444874448844489444904449144492444934449444495444964449744498444994450044501445024450344504445054450644507445084450944510445114451244513445144451544516445174451844519445204452144522445234452444525445264452744528445294453044531445324453344534445354453644537445384453944540445414454244543445444454544546445474454844549445504455144552445534455444555445564455744558445594456044561445624456344564445654456644567445684456944570445714457244573445744457544576445774457844579445804458144582445834458444585445864458744588445894459044591445924459344594445954459644597445984459944600446014460244603446044460544606446074460844609446104461144612446134461444615446164461744618446194462044621446224462344624446254462644627446284462944630446314463244633446344463544636446374463844639446404464144642446434464444645446464464744648446494465044651446524465344654446554465644657446584465944660446614466244663446644466544666446674466844669446704467144672446734467444675446764467744678446794468044681446824468344684446854468644687446884468944690446914469244693446944469544696446974469844699447004470144702447034470444705447064470744708447094471044711447124471344714447154471644717447184471944720447214472244723447244472544726447274472844729447304473144732447334473444735447364473744738447394474044741447424474344744447454474644747447484474944750447514475244753447544475544756447574475844759447604476144762447634476444765447664476744768447694477044771447724477344774447754477644777447784477944780447814478244783447844478544786447874478844789447904479144792447934479444795447964479744798447994480044801448024480344804448054480644807448084480944810448114481244813448144481544816448174481844819448204482144822448234482444825448264482744828448294483044831448324483344834448354483644837448384483944840448414484244843448444484544846448474484844849448504485144852448534485444855448564485744858448594486044861448624486344864448654486644867448684486944870448714487244873448744487544876448774487844879448804488144882448834488444885448864488744888448894489044891448924489344894448954489644897448984489944900449014490244903449044490544906449074490844909449104491144912449134491444915449164491744918449194492044921449224492344924449254492644927449284492944930449314493244933449344493544936449374493844939449404494144942449434494444945449464494744948449494495044951449524495344954449554495644957449584495944960449614496244963449644496544966449674496844969449704497144972449734497444975449764497744978449794498044981449824498344984449854498644987449884498944990449914499244993449944499544996449974499844999450004500145002450034500445005450064500745008450094501045011450124501345014450154501645017450184501945020450214502245023450244502545026450274502845029450304503145032450334503445035450364503745038450394504045041450424504345044450454504645047450484504945050450514505245053450544505545056450574505845059450604506145062450634506445065450664506745068450694507045071450724507345074450754507645077450784507945080450814508245083450844508545086450874508845089450904509145092450934509445095450964509745098450994510045101451024510345104451054510645107451084510945110451114511245113451144511545116451174511845119451204512145122451234512445125451264512745128451294513045131451324513345134451354513645137451384513945140451414514245143451444514545146451474514845149451504515145152451534515445155451564515745158451594516045161451624516345164451654516645167451684516945170451714517245173451744517545176451774517845179451804518145182451834518445185451864518745188451894519045191451924519345194451954519645197451984519945200452014520245203452044520545206452074520845209452104521145212452134521445215452164521745218452194522045221452224522345224452254522645227452284522945230452314523245233452344523545236452374523845239452404524145242452434524445245452464524745248452494525045251452524525345254452554525645257452584525945260452614526245263452644526545266452674526845269452704527145272452734527445275452764527745278452794528045281452824528345284452854528645287452884528945290452914529245293452944529545296452974529845299453004530145302453034530445305453064530745308453094531045311453124531345314453154531645317453184531945320453214532245323453244532545326453274532845329453304533145332453334533445335453364533745338453394534045341453424534345344453454534645347453484534945350453514535245353453544535545356453574535845359453604536145362453634536445365453664536745368453694537045371453724537345374453754537645377453784537945380453814538245383453844538545386453874538845389453904539145392453934539445395453964539745398453994540045401454024540345404454054540645407454084540945410454114541245413454144541545416454174541845419454204542145422454234542445425454264542745428454294543045431454324543345434454354543645437454384543945440454414544245443454444544545446454474544845449454504545145452454534545445455454564545745458454594546045461454624546345464454654546645467454684546945470454714547245473454744547545476454774547845479454804548145482454834548445485454864548745488454894549045491454924549345494454954549645497454984549945500455014550245503455044550545506455074550845509455104551145512455134551445515455164551745518455194552045521455224552345524455254552645527455284552945530455314553245533455344553545536455374553845539455404554145542455434554445545455464554745548455494555045551455524555345554455554555645557455584555945560455614556245563455644556545566455674556845569455704557145572455734557445575455764557745578455794558045581455824558345584455854558645587455884558945590455914559245593455944559545596455974559845599456004560145602456034560445605456064560745608456094561045611456124561345614456154561645617456184561945620456214562245623456244562545626456274562845629456304563145632456334563445635456364563745638456394564045641456424564345644456454564645647456484564945650456514565245653456544565545656456574565845659456604566145662456634566445665456664566745668456694567045671456724567345674456754567645677456784567945680456814568245683456844568545686456874568845689456904569145692456934569445695456964569745698456994570045701457024570345704457054570645707457084570945710457114571245713457144571545716457174571845719457204572145722457234572445725457264572745728457294573045731457324573345734457354573645737457384573945740457414574245743457444574545746457474574845749457504575145752457534575445755457564575745758457594576045761457624576345764457654576645767457684576945770457714577245773457744577545776457774577845779457804578145782457834578445785457864578745788457894579045791457924579345794457954579645797457984579945800458014580245803458044580545806458074580845809458104581145812458134581445815458164581745818458194582045821458224582345824458254582645827458284582945830458314583245833458344583545836458374583845839458404584145842458434584445845458464584745848458494585045851458524585345854458554585645857458584585945860458614586245863458644586545866458674586845869458704587145872458734587445875458764587745878458794588045881458824588345884458854588645887458884588945890458914589245893458944589545896458974589845899459004590145902459034590445905459064590745908459094591045911459124591345914459154591645917459184591945920459214592245923459244592545926459274592845929459304593145932459334593445935459364593745938459394594045941459424594345944459454594645947459484594945950459514595245953459544595545956459574595845959459604596145962459634596445965459664596745968459694597045971459724597345974459754597645977459784597945980459814598245983459844598545986459874598845989459904599145992459934599445995459964599745998459994600046001460024600346004460054600646007460084600946010460114601246013460144601546016460174601846019460204602146022460234602446025460264602746028460294603046031460324603346034460354603646037460384603946040460414604246043460444604546046460474604846049460504605146052460534605446055460564605746058460594606046061460624606346064460654606646067460684606946070460714607246073460744607546076460774607846079460804608146082460834608446085460864608746088460894609046091460924609346094460954609646097460984609946100461014610246103461044610546106461074610846109461104611146112461134611446115461164611746118461194612046121461224612346124461254612646127461284612946130461314613246133461344613546136461374613846139461404614146142461434614446145461464614746148461494615046151461524615346154461554615646157461584615946160461614616246163461644616546166461674616846169461704617146172461734617446175461764617746178461794618046181461824618346184461854618646187461884618946190461914619246193461944619546196461974619846199462004620146202462034620446205462064620746208462094621046211462124621346214462154621646217462184621946220462214622246223462244622546226462274622846229462304623146232462334623446235462364623746238462394624046241462424624346244462454624646247462484624946250462514625246253462544625546256462574625846259462604626146262462634626446265462664626746268462694627046271462724627346274462754627646277462784627946280462814628246283462844628546286462874628846289462904629146292462934629446295462964629746298462994630046301463024630346304463054630646307463084630946310463114631246313463144631546316463174631846319463204632146322463234632446325463264632746328463294633046331463324633346334463354633646337463384633946340463414634246343463444634546346463474634846349463504635146352463534635446355463564635746358463594636046361463624636346364463654636646367463684636946370463714637246373463744637546376463774637846379463804638146382463834638446385463864638746388463894639046391463924639346394463954639646397463984639946400464014640246403464044640546406464074640846409464104641146412464134641446415464164641746418464194642046421464224642346424464254642646427464284642946430464314643246433464344643546436464374643846439464404644146442464434644446445464464644746448464494645046451464524645346454464554645646457464584645946460464614646246463464644646546466464674646846469464704647146472464734647446475464764647746478464794648046481464824648346484464854648646487464884648946490464914649246493464944649546496464974649846499465004650146502465034650446505465064650746508465094651046511465124651346514465154651646517465184651946520465214652246523465244652546526465274652846529465304653146532465334653446535465364653746538465394654046541465424654346544465454654646547465484654946550465514655246553465544655546556465574655846559465604656146562465634656446565465664656746568465694657046571465724657346574465754657646577465784657946580465814658246583465844658546586465874658846589465904659146592465934659446595465964659746598465994660046601466024660346604466054660646607466084660946610466114661246613466144661546616466174661846619466204662146622466234662446625466264662746628466294663046631466324663346634466354663646637466384663946640466414664246643466444664546646466474664846649466504665146652466534665446655466564665746658466594666046661466624666346664466654666646667466684666946670466714667246673466744667546676466774667846679466804668146682466834668446685466864668746688466894669046691466924669346694466954669646697466984669946700467014670246703467044670546706467074670846709467104671146712467134671446715467164671746718467194672046721467224672346724467254672646727467284672946730467314673246733467344673546736467374673846739467404674146742467434674446745467464674746748467494675046751467524675346754467554675646757467584675946760467614676246763467644676546766467674676846769467704677146772467734677446775467764677746778467794678046781467824678346784467854678646787467884678946790467914679246793467944679546796467974679846799468004680146802468034680446805468064680746808468094681046811468124681346814468154681646817468184681946820468214682246823468244682546826468274682846829468304683146832468334683446835468364683746838468394684046841468424684346844468454684646847468484684946850468514685246853468544685546856468574685846859468604686146862468634686446865468664686746868468694687046871468724687346874468754687646877468784687946880468814688246883468844688546886468874688846889468904689146892468934689446895468964689746898468994690046901469024690346904469054690646907469084690946910469114691246913469144691546916469174691846919469204692146922469234692446925469264692746928469294693046931469324693346934469354693646937469384693946940469414694246943469444694546946469474694846949469504695146952469534695446955469564695746958469594696046961469624696346964469654696646967469684696946970469714697246973469744697546976469774697846979469804698146982469834698446985469864698746988469894699046991469924699346994469954699646997469984699947000470014700247003470044700547006470074700847009470104701147012470134701447015470164701747018470194702047021470224702347024470254702647027470284702947030470314703247033470344703547036470374703847039470404704147042470434704447045470464704747048470494705047051470524705347054470554705647057470584705947060470614706247063470644706547066470674706847069470704707147072470734707447075470764707747078470794708047081470824708347084470854708647087470884708947090470914709247093470944709547096470974709847099471004710147102471034710447105471064710747108471094711047111471124711347114471154711647117471184711947120471214712247123471244712547126471274712847129471304713147132471334713447135471364713747138471394714047141471424714347144471454714647147471484714947150471514715247153471544715547156471574715847159471604716147162471634716447165471664716747168471694717047171471724717347174471754717647177471784717947180471814718247183471844718547186471874718847189471904719147192471934719447195471964719747198471994720047201472024720347204472054720647207472084720947210472114721247213472144721547216472174721847219472204722147222472234722447225472264722747228472294723047231472324723347234472354723647237472384723947240472414724247243472444724547246472474724847249472504725147252472534725447255472564725747258472594726047261472624726347264472654726647267472684726947270472714727247273472744727547276472774727847279472804728147282472834728447285472864728747288472894729047291472924729347294472954729647297472984729947300473014730247303473044730547306473074730847309473104731147312473134731447315473164731747318473194732047321473224732347324473254732647327473284732947330473314733247333473344733547336473374733847339473404734147342473434734447345473464734747348473494735047351473524735347354473554735647357473584735947360473614736247363473644736547366473674736847369473704737147372473734737447375473764737747378473794738047381473824738347384473854738647387473884738947390473914739247393473944739547396473974739847399474004740147402474034740447405474064740747408474094741047411474124741347414474154741647417474184741947420474214742247423474244742547426474274742847429474304743147432474334743447435474364743747438474394744047441474424744347444474454744647447474484744947450474514745247453474544745547456474574745847459474604746147462474634746447465474664746747468474694747047471474724747347474474754747647477474784747947480474814748247483474844748547486474874748847489474904749147492474934749447495474964749747498474994750047501475024750347504475054750647507475084750947510475114751247513475144751547516475174751847519475204752147522475234752447525475264752747528475294753047531475324753347534475354753647537475384753947540475414754247543475444754547546475474754847549475504755147552475534755447555475564755747558475594756047561475624756347564475654756647567475684756947570475714757247573475744757547576475774757847579475804758147582475834758447585475864758747588475894759047591475924759347594475954759647597475984759947600476014760247603476044760547606476074760847609476104761147612476134761447615476164761747618476194762047621476224762347624476254762647627476284762947630476314763247633476344763547636476374763847639476404764147642476434764447645476464764747648476494765047651476524765347654476554765647657476584765947660476614766247663476644766547666476674766847669476704767147672476734767447675476764767747678476794768047681476824768347684476854768647687476884768947690476914769247693476944769547696476974769847699477004770147702477034770447705477064770747708477094771047711477124771347714477154771647717477184771947720477214772247723477244772547726477274772847729477304773147732477334773447735477364773747738477394774047741477424774347744477454774647747477484774947750477514775247753477544775547756477574775847759477604776147762477634776447765477664776747768477694777047771477724777347774477754777647777477784777947780477814778247783477844778547786477874778847789477904779147792477934779447795477964779747798477994780047801478024780347804478054780647807478084780947810478114781247813478144781547816478174781847819478204782147822478234782447825478264782747828478294783047831478324783347834478354783647837478384783947840478414784247843478444784547846478474784847849478504785147852478534785447855478564785747858478594786047861478624786347864478654786647867478684786947870478714787247873478744787547876478774787847879478804788147882478834788447885478864788747888478894789047891478924789347894478954789647897478984789947900479014790247903479044790547906479074790847909479104791147912479134791447915479164791747918479194792047921479224792347924479254792647927479284792947930479314793247933479344793547936479374793847939479404794147942479434794447945479464794747948479494795047951479524795347954479554795647957479584795947960479614796247963479644796547966479674796847969479704797147972479734797447975479764797747978479794798047981479824798347984479854798647987479884798947990479914799247993479944799547996479974799847999480004800148002480034800448005480064800748008480094801048011480124801348014480154801648017480184801948020480214802248023480244802548026480274802848029480304803148032480334803448035480364803748038480394804048041480424804348044480454804648047480484804948050480514805248053480544805548056480574805848059480604806148062480634806448065480664806748068480694807048071480724807348074480754807648077480784807948080480814808248083480844808548086480874808848089480904809148092480934809448095480964809748098480994810048101481024810348104481054810648107481084810948110481114811248113481144811548116481174811848119481204812148122481234812448125481264812748128481294813048131481324813348134481354813648137481384813948140481414814248143481444814548146481474814848149481504815148152481534815448155481564815748158481594816048161481624816348164481654816648167481684816948170481714817248173481744817548176481774817848179481804818148182481834818448185481864818748188481894819048191481924819348194481954819648197481984819948200482014820248203482044820548206482074820848209482104821148212482134821448215482164821748218482194822048221482224822348224482254822648227482284822948230482314823248233482344823548236482374823848239482404824148242482434824448245482464824748248482494825048251482524825348254482554825648257482584825948260482614826248263482644826548266482674826848269482704827148272482734827448275482764827748278482794828048281482824828348284482854828648287482884828948290482914829248293482944829548296482974829848299483004830148302483034830448305483064830748308483094831048311483124831348314483154831648317483184831948320483214832248323483244832548326483274832848329483304833148332483334833448335483364833748338483394834048341483424834348344483454834648347483484834948350483514835248353483544835548356483574835848359483604836148362483634836448365483664836748368483694837048371483724837348374483754837648377483784837948380483814838248383483844838548386483874838848389483904839148392483934839448395483964839748398483994840048401484024840348404484054840648407484084840948410484114841248413484144841548416484174841848419484204842148422484234842448425484264842748428484294843048431484324843348434484354843648437484384843948440484414844248443484444844548446484474844848449484504845148452484534845448455484564845748458484594846048461484624846348464484654846648467484684846948470484714847248473484744847548476484774847848479484804848148482484834848448485484864848748488484894849048491484924849348494484954849648497484984849948500485014850248503485044850548506485074850848509485104851148512485134851448515485164851748518485194852048521485224852348524485254852648527485284852948530485314853248533485344853548536485374853848539485404854148542485434854448545485464854748548485494855048551485524855348554485554855648557485584855948560485614856248563485644856548566485674856848569485704857148572485734857448575485764857748578485794858048581485824858348584485854858648587485884858948590485914859248593485944859548596485974859848599486004860148602486034860448605486064860748608486094861048611486124861348614486154861648617486184861948620486214862248623486244862548626486274862848629486304863148632486334863448635486364863748638486394864048641486424864348644486454864648647486484864948650486514865248653486544865548656486574865848659486604866148662486634866448665486664866748668486694867048671486724867348674486754867648677486784867948680486814868248683486844868548686486874868848689486904869148692486934869448695486964869748698486994870048701487024870348704487054870648707487084870948710487114871248713487144871548716487174871848719487204872148722487234872448725487264872748728487294873048731487324873348734487354873648737487384873948740487414874248743487444874548746487474874848749487504875148752487534875448755487564875748758487594876048761487624876348764487654876648767487684876948770487714877248773487744877548776487774877848779487804878148782487834878448785487864878748788487894879048791487924879348794487954879648797487984879948800488014880248803488044880548806488074880848809488104881148812488134881448815488164881748818488194882048821488224882348824488254882648827488284882948830488314883248833488344883548836488374883848839488404884148842488434884448845488464884748848488494885048851488524885348854488554885648857488584885948860488614886248863488644886548866488674886848869488704887148872488734887448875488764887748878488794888048881488824888348884488854888648887488884888948890488914889248893488944889548896488974889848899489004890148902489034890448905489064890748908489094891048911489124891348914489154891648917489184891948920489214892248923489244892548926489274892848929489304893148932489334893448935489364893748938489394894048941489424894348944489454894648947489484894948950489514895248953489544895548956489574895848959489604896148962489634896448965489664896748968489694897048971489724897348974489754897648977489784897948980489814898248983489844898548986489874898848989489904899148992489934899448995489964899748998489994900049001490024900349004490054900649007490084900949010490114901249013490144901549016490174901849019490204902149022490234902449025490264902749028490294903049031490324903349034490354903649037490384903949040490414904249043490444904549046490474904849049490504905149052490534905449055490564905749058490594906049061490624906349064490654906649067490684906949070490714907249073490744907549076490774907849079490804908149082490834908449085490864908749088490894909049091490924909349094490954909649097490984909949100491014910249103491044910549106491074910849109491104911149112491134911449115491164911749118491194912049121491224912349124491254912649127491284912949130491314913249133491344913549136491374913849139491404914149142491434914449145491464914749148491494915049151491524915349154491554915649157491584915949160491614916249163491644916549166491674916849169491704917149172491734917449175491764917749178491794918049181491824918349184491854918649187491884918949190491914919249193491944919549196491974919849199492004920149202492034920449205492064920749208492094921049211492124921349214492154921649217492184921949220492214922249223492244922549226492274922849229492304923149232492334923449235492364923749238492394924049241492424924349244492454924649247492484924949250492514925249253492544925549256492574925849259492604926149262492634926449265492664926749268492694927049271492724927349274492754927649277492784927949280492814928249283492844928549286492874928849289492904929149292492934929449295492964929749298492994930049301493024930349304493054930649307493084930949310493114931249313493144931549316493174931849319493204932149322493234932449325493264932749328493294933049331493324933349334493354933649337493384933949340493414934249343493444934549346493474934849349493504935149352493534935449355493564935749358493594936049361493624936349364493654936649367493684936949370493714937249373493744937549376493774937849379493804938149382493834938449385493864938749388493894939049391493924939349394493954939649397493984939949400494014940249403494044940549406494074940849409494104941149412494134941449415494164941749418494194942049421494224942349424494254942649427494284942949430494314943249433494344943549436494374943849439494404944149442494434944449445494464944749448494494945049451494524945349454494554945649457494584945949460494614946249463494644946549466494674946849469494704947149472494734947449475494764947749478494794948049481494824948349484494854948649487494884948949490494914949249493494944949549496494974949849499495004950149502495034950449505495064950749508495094951049511495124951349514495154951649517495184951949520495214952249523495244952549526495274952849529495304953149532495334953449535495364953749538495394954049541495424954349544495454954649547495484954949550495514955249553495544955549556495574955849559495604956149562495634956449565495664956749568495694957049571495724957349574495754957649577495784957949580495814958249583495844958549586495874958849589495904959149592495934959449595495964959749598495994960049601496024960349604496054960649607496084960949610496114961249613496144961549616496174961849619496204962149622496234962449625496264962749628496294963049631496324963349634496354963649637496384963949640496414964249643496444964549646496474964849649496504965149652496534965449655496564965749658496594966049661496624966349664496654966649667496684966949670496714967249673496744967549676496774967849679496804968149682496834968449685496864968749688496894969049691496924969349694496954969649697496984969949700497014970249703497044970549706497074970849709497104971149712497134971449715497164971749718497194972049721497224972349724497254972649727497284972949730497314973249733497344973549736497374973849739497404974149742497434974449745497464974749748497494975049751497524975349754497554975649757497584975949760497614976249763497644976549766497674976849769497704977149772497734977449775497764977749778497794978049781497824978349784497854978649787497884978949790497914979249793497944979549796497974979849799498004980149802498034980449805498064980749808498094981049811498124981349814498154981649817498184981949820498214982249823498244982549826498274982849829498304983149832498334983449835498364983749838498394984049841498424984349844498454984649847498484984949850498514985249853498544985549856498574985849859498604986149862498634986449865498664986749868498694987049871498724987349874498754987649877498784987949880498814988249883498844988549886498874988849889498904989149892498934989449895498964989749898498994990049901499024990349904499054990649907499084990949910499114991249913499144991549916499174991849919499204992149922499234992449925499264992749928499294993049931499324993349934499354993649937499384993949940499414994249943499444994549946499474994849949499504995149952499534995449955499564995749958499594996049961499624996349964499654996649967499684996949970499714997249973499744997549976499774997849979499804998149982499834998449985499864998749988499894999049991499924999349994499954999649997499984999950000500015000250003500045000550006500075000850009500105001150012500135001450015500165001750018500195002050021500225002350024500255002650027500285002950030500315003250033500345003550036500375003850039500405004150042500435004450045500465004750048500495005050051500525005350054500555005650057500585005950060500615006250063500645006550066500675006850069500705007150072500735007450075500765007750078500795008050081500825008350084500855008650087500885008950090500915009250093500945009550096500975009850099501005010150102501035010450105501065010750108501095011050111501125011350114501155011650117501185011950120501215012250123501245012550126501275012850129501305013150132501335013450135501365013750138501395014050141501425014350144501455014650147501485014950150501515015250153501545015550156501575015850159501605016150162501635016450165501665016750168501695017050171501725017350174501755017650177501785017950180501815018250183501845018550186501875018850189501905019150192501935019450195501965019750198501995020050201502025020350204502055020650207502085020950210502115021250213502145021550216502175021850219502205022150222502235022450225502265022750228502295023050231502325023350234502355023650237502385023950240502415024250243502445024550246502475024850249502505025150252502535025450255502565025750258502595026050261502625026350264502655026650267502685026950270502715027250273502745027550276502775027850279502805028150282502835028450285502865028750288502895029050291502925029350294502955029650297502985029950300503015030250303503045030550306503075030850309503105031150312503135031450315503165031750318503195032050321503225032350324503255032650327503285032950330503315033250333503345033550336503375033850339503405034150342503435034450345503465034750348503495035050351503525035350354503555035650357503585035950360503615036250363503645036550366503675036850369503705037150372503735037450375503765037750378503795038050381503825038350384503855038650387503885038950390503915039250393503945039550396503975039850399504005040150402504035040450405504065040750408504095041050411504125041350414504155041650417504185041950420504215042250423504245042550426504275042850429504305043150432504335043450435504365043750438504395044050441504425044350444504455044650447504485044950450504515045250453504545045550456504575045850459504605046150462504635046450465504665046750468504695047050471504725047350474504755047650477504785047950480504815048250483504845048550486504875048850489504905049150492504935049450495504965049750498504995050050501505025050350504505055050650507505085050950510505115051250513505145051550516505175051850519505205052150522505235052450525505265052750528505295053050531505325053350534505355053650537505385053950540505415054250543505445054550546505475054850549505505055150552505535055450555505565055750558505595056050561505625056350564505655056650567505685056950570505715057250573505745057550576505775057850579505805058150582505835058450585505865058750588505895059050591505925059350594505955059650597505985059950600506015060250603506045060550606506075060850609506105061150612506135061450615506165061750618506195062050621506225062350624506255062650627506285062950630506315063250633506345063550636506375063850639506405064150642506435064450645506465064750648506495065050651506525065350654506555065650657506585065950660506615066250663506645066550666506675066850669506705067150672506735067450675506765067750678506795068050681506825068350684506855068650687506885068950690506915069250693506945069550696506975069850699507005070150702507035070450705507065070750708507095071050711507125071350714507155071650717507185071950720507215072250723507245072550726507275072850729507305073150732507335073450735507365073750738507395074050741507425074350744507455074650747507485074950750507515075250753507545075550756507575075850759507605076150762507635076450765507665076750768507695077050771507725077350774507755077650777507785077950780507815078250783507845078550786507875078850789507905079150792507935079450795507965079750798507995080050801508025080350804508055080650807508085080950810508115081250813508145081550816508175081850819508205082150822508235082450825508265082750828508295083050831508325083350834508355083650837508385083950840508415084250843508445084550846508475084850849508505085150852508535085450855508565085750858508595086050861508625086350864508655086650867508685086950870508715087250873508745087550876508775087850879508805088150882508835088450885508865088750888508895089050891508925089350894508955089650897508985089950900509015090250903509045090550906509075090850909509105091150912509135091450915509165091750918509195092050921509225092350924509255092650927509285092950930509315093250933509345093550936509375093850939509405094150942509435094450945509465094750948509495095050951509525095350954509555095650957509585095950960509615096250963509645096550966509675096850969509705097150972509735097450975509765097750978509795098050981509825098350984509855098650987509885098950990509915099250993509945099550996509975099850999510005100151002510035100451005510065100751008510095101051011510125101351014510155101651017510185101951020510215102251023510245102551026510275102851029510305103151032510335103451035510365103751038510395104051041510425104351044510455104651047510485104951050510515105251053510545105551056510575105851059510605106151062510635106451065510665106751068510695107051071510725107351074510755107651077510785107951080510815108251083510845108551086510875108851089510905109151092510935109451095510965109751098510995110051101511025110351104511055110651107511085110951110511115111251113511145111551116511175111851119511205112151122511235112451125511265112751128511295113051131511325113351134511355113651137511385113951140511415114251143511445114551146511475114851149511505115151152511535115451155511565115751158511595116051161511625116351164511655116651167511685116951170511715117251173511745117551176511775117851179511805118151182511835118451185511865118751188511895119051191511925119351194511955119651197511985119951200512015120251203512045120551206512075120851209512105121151212512135121451215512165121751218512195122051221512225122351224512255122651227512285122951230512315123251233512345123551236512375123851239512405124151242512435124451245512465124751248512495125051251512525125351254512555125651257512585125951260512615126251263512645126551266512675126851269512705127151272512735127451275512765127751278512795128051281512825128351284512855128651287512885128951290512915129251293512945129551296512975129851299513005130151302513035130451305513065130751308513095131051311513125131351314513155131651317513185131951320513215132251323513245132551326513275132851329513305133151332513335133451335513365133751338513395134051341513425134351344513455134651347513485134951350513515135251353513545135551356513575135851359513605136151362513635136451365513665136751368513695137051371513725137351374513755137651377513785137951380513815138251383513845138551386513875138851389513905139151392513935139451395513965139751398513995140051401514025140351404514055140651407514085140951410514115141251413514145141551416514175141851419514205142151422514235142451425514265142751428514295143051431514325143351434514355143651437514385143951440514415144251443514445144551446514475144851449514505145151452514535145451455514565145751458514595146051461514625146351464514655146651467514685146951470514715147251473514745147551476514775147851479514805148151482514835148451485514865148751488514895149051491514925149351494514955149651497514985149951500515015150251503515045150551506515075150851509515105151151512515135151451515515165151751518515195152051521515225152351524515255152651527515285152951530515315153251533515345153551536515375153851539515405154151542515435154451545515465154751548515495155051551515525155351554515555155651557515585155951560515615156251563515645156551566515675156851569515705157151572515735157451575515765157751578515795158051581515825158351584515855158651587515885158951590515915159251593515945159551596515975159851599516005160151602516035160451605516065160751608516095161051611516125161351614516155161651617516185161951620516215162251623516245162551626516275162851629516305163151632516335163451635516365163751638516395164051641516425164351644516455164651647516485164951650516515165251653516545165551656516575165851659516605166151662516635166451665516665166751668516695167051671516725167351674516755167651677516785167951680516815168251683516845168551686516875168851689516905169151692516935169451695516965169751698516995170051701517025170351704517055170651707517085170951710517115171251713517145171551716517175171851719517205172151722517235172451725517265172751728517295173051731517325173351734517355173651737517385173951740517415174251743517445174551746517475174851749517505175151752517535175451755517565175751758517595176051761517625176351764517655176651767517685176951770517715177251773517745177551776517775177851779517805178151782517835178451785517865178751788517895179051791517925179351794517955179651797517985179951800518015180251803518045180551806518075180851809518105181151812518135181451815518165181751818518195182051821518225182351824518255182651827518285182951830518315183251833518345183551836518375183851839518405184151842518435184451845518465184751848518495185051851518525185351854518555185651857518585185951860518615186251863518645186551866518675186851869518705187151872518735187451875518765187751878518795188051881518825188351884518855188651887518885188951890518915189251893518945189551896518975189851899519005190151902519035190451905519065190751908519095191051911519125191351914519155191651917519185191951920519215192251923519245192551926519275192851929519305193151932519335193451935519365193751938519395194051941519425194351944519455194651947519485194951950519515195251953519545195551956519575195851959519605196151962519635196451965519665196751968519695197051971519725197351974519755197651977519785197951980519815198251983519845198551986519875198851989519905199151992519935199451995519965199751998519995200052001520025200352004520055200652007520085200952010520115201252013520145201552016520175201852019520205202152022520235202452025520265202752028520295203052031520325203352034520355203652037520385203952040520415204252043520445204552046520475204852049520505205152052520535205452055520565205752058520595206052061520625206352064520655206652067520685206952070520715207252073520745207552076520775207852079520805208152082520835208452085520865208752088520895209052091520925209352094520955209652097520985209952100521015210252103521045210552106521075210852109521105211152112521135211452115521165211752118521195212052121521225212352124521255212652127521285212952130521315213252133521345213552136521375213852139521405214152142521435214452145521465214752148521495215052151521525215352154521555215652157521585215952160521615216252163521645216552166521675216852169521705217152172521735217452175521765217752178521795218052181521825218352184521855218652187521885218952190521915219252193521945219552196521975219852199522005220152202522035220452205522065220752208522095221052211522125221352214522155221652217522185221952220522215222252223522245222552226522275222852229522305223152232522335223452235522365223752238522395224052241522425224352244522455224652247522485224952250522515225252253522545225552256522575225852259522605226152262522635226452265522665226752268522695227052271522725227352274522755227652277522785227952280522815228252283522845228552286522875228852289522905229152292522935229452295522965229752298522995230052301523025230352304523055230652307523085230952310523115231252313523145231552316523175231852319523205232152322523235232452325523265232752328523295233052331523325233352334523355233652337523385233952340523415234252343523445234552346523475234852349523505235152352523535235452355523565235752358523595236052361523625236352364523655236652367523685236952370523715237252373523745237552376523775237852379523805238152382523835238452385523865238752388523895239052391523925239352394523955239652397523985239952400524015240252403524045240552406524075240852409524105241152412524135241452415524165241752418524195242052421524225242352424524255242652427524285242952430524315243252433524345243552436524375243852439524405244152442524435244452445524465244752448524495245052451524525245352454524555245652457524585245952460524615246252463524645246552466524675246852469524705247152472524735247452475524765247752478524795248052481524825248352484524855248652487524885248952490524915249252493524945249552496524975249852499525005250152502525035250452505525065250752508525095251052511525125251352514525155251652517525185251952520525215252252523525245252552526525275252852529525305253152532525335253452535525365253752538525395254052541525425254352544525455254652547525485254952550525515255252553525545255552556525575255852559525605256152562525635256452565525665256752568525695257052571525725257352574525755257652577525785257952580525815258252583525845258552586525875258852589525905259152592525935259452595525965259752598525995260052601526025260352604526055260652607526085260952610526115261252613526145261552616526175261852619526205262152622526235262452625526265262752628526295263052631526325263352634526355263652637526385263952640526415264252643526445264552646526475264852649526505265152652526535265452655526565265752658526595266052661526625266352664526655266652667526685266952670526715267252673526745267552676526775267852679526805268152682526835268452685526865268752688526895269052691526925269352694526955269652697526985269952700527015270252703527045270552706527075270852709527105271152712527135271452715527165271752718527195272052721527225272352724527255272652727527285272952730527315273252733527345273552736527375273852739527405274152742527435274452745527465274752748527495275052751527525275352754527555275652757527585275952760527615276252763527645276552766527675276852769527705277152772527735277452775527765277752778527795278052781527825278352784527855278652787527885278952790527915279252793527945279552796527975279852799528005280152802528035280452805528065280752808528095281052811528125281352814528155281652817528185281952820528215282252823528245282552826528275282852829528305283152832528335283452835528365283752838528395284052841528425284352844528455284652847528485284952850528515285252853528545285552856528575285852859528605286152862528635286452865528665286752868528695287052871528725287352874528755287652877528785287952880528815288252883528845288552886528875288852889528905289152892528935289452895528965289752898528995290052901529025290352904529055290652907529085290952910529115291252913529145291552916529175291852919529205292152922529235292452925529265292752928529295293052931529325293352934529355293652937529385293952940529415294252943529445294552946529475294852949529505295152952529535295452955529565295752958529595296052961529625296352964529655296652967529685296952970529715297252973529745297552976529775297852979529805298152982529835298452985529865298752988529895299052991529925299352994529955299652997529985299953000530015300253003530045300553006530075300853009530105301153012530135301453015530165301753018530195302053021530225302353024530255302653027530285302953030530315303253033530345303553036530375303853039530405304153042530435304453045530465304753048530495305053051530525305353054530555305653057530585305953060530615306253063530645306553066530675306853069530705307153072530735307453075530765307753078530795308053081530825308353084530855308653087530885308953090530915309253093530945309553096530975309853099531005310153102531035310453105531065310753108531095311053111531125311353114531155311653117531185311953120531215312253123531245312553126531275312853129531305313153132531335313453135531365313753138531395314053141531425314353144531455314653147531485314953150531515315253153531545315553156531575315853159531605316153162531635316453165531665316753168531695317053171531725317353174531755317653177531785317953180531815318253183531845318553186531875318853189531905319153192531935319453195531965319753198531995320053201532025320353204532055320653207532085320953210532115321253213532145321553216532175321853219532205322153222532235322453225532265322753228532295323053231532325323353234532355323653237532385323953240532415324253243532445324553246532475324853249532505325153252532535325453255532565325753258532595326053261532625326353264532655326653267532685326953270532715327253273532745327553276532775327853279532805328153282532835328453285532865328753288532895329053291532925329353294532955329653297532985329953300533015330253303533045330553306533075330853309533105331153312533135331453315533165331753318533195332053321533225332353324533255332653327533285332953330533315333253333533345333553336533375333853339533405334153342 |
- /* test.c
- *
- * Copyright (C) 2006-2024 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /*
- * Some common, optional build settings:
- * these can also be set in wolfssl/options.h or user_settings.h
- * -------------------------------------------------------------
- *
- * set the default devId for cryptocb to the value instead of INVALID_DEVID
- * WC_USE_DEVID=0x1234
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #ifndef WOLFSSL_USER_SETTINGS
- #include <wolfssl/options.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #ifndef NO_CRYPT_TEST
- #include <wolfssl/version.h>
- #include <wolfssl/wolfcrypt/types.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
- #include <wolfssl/wolfcrypt/mem_track.h>
- #if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
- #include <wolfssl/ssl.h>
- #define err_sys err_sys_remap /* remap err_sys */
- #include <wolfssl/test.h>
- #undef err_sys
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- #include <stdint.h>
- #endif
- #ifdef HAVE_STACK_SIZE_VERBOSE
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
- static WC_MAYBE_UNUSED ssize_t max_relative_stack =
- WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
- #else
- static WC_MAYBE_UNUSED ssize_t max_relative_stack = -1;
- #endif
- #endif
- const byte const_byte_array[] = "A+Gd\0\0\0";
- #define CBPTR_EXPECTED 'A'
- #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
- static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
- #else
- static ssize_t max_relative_heap_allocs = -1;
- #endif
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES
- static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES;
- #else
- static ssize_t max_relative_heap_bytes = -1;
- #endif
- #define PRINT_HEAP_CHECKPOINT() { \
- const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
- const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \
- printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \
- (long int)_rha, \
- _rha == 1 ? "" : "s", \
- (long int)_rhb); \
- if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \
- return err_sys("heap allocs exceed designated max.", \
- WC_TEST_RET_ENC_NC); \
- if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \
- return err_sys("heap bytes exceed designated max.", \
- WC_TEST_RET_ENC_NC); \
- heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \
- heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \
- }
- #else
- #define PRINT_HEAP_CHECKPOINT() WC_DO_NOTHING
- #endif /* WOLFSSL_TRACK_MEMORY_VERBOSE && !WOLFSSL_STATIC_MEMORY */
- #ifdef USE_FLAT_TEST_H
- #ifdef HAVE_CONFIG_H
- #include "test_paths.h"
- #endif
- #include "test.h"
- #else
- #ifdef HAVE_CONFIG_H
- #include "wolfcrypt/test/test_paths.h"
- #endif
- #include "wolfcrypt/test/test.h"
- #endif
- /* printf mappings */
- #ifndef WOLFSSL_LOG_PRINTF
- #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
- #include <mqx.h>
- #include <stdlib.h>
- /* see wc_port.h for fio.h and nio.h includes */
- #elif defined(FREESCALE_KSDK_BM)
- #include "fsl_debug_console.h"
- #undef printf
- #define printf PRINTF
- #elif defined(WOLFSSL_APACHE_MYNEWT)
- #include <assert.h>
- #include <string.h>
- #include "sysinit/sysinit.h"
- #include "os/os.h"
- #ifdef ARCH_sim
- #include "mcu/mcu_sim.h"
- #endif
- #include "os/os_time.h"
- #elif defined(WOLFSSL_ESPIDF)
- #include <time.h>
- #include <sys/time.h>
- #include <esp_log.h>
- #include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
- #define ESPIDF_TAG "wc_test"
- #elif defined(WOLFSSL_ZEPHYR)
- #include <stdio.h>
- #define printf printk
- #elif defined(MICRIUM)
- #include <os.h>
- #if (OS_VERSION < 50000)
- #include <bsp_ser.h>
- void BSP_Ser_Printf (CPU_CHAR* format, ...);
- #undef printf
- #define printf BSP_Ser_Printf
- #else
- #include <stdio.h>
- #endif
- #elif defined(WOLFSSL_PB)
- #include <stdarg.h>
- int wolfssl_pb_print(const char*, ...);
- #undef printf
- #define printf wolfssl_pb_print
- #elif defined(WOLFSSL_TELIT_M2MB)
- #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */
- #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */
- /* remap printf */
- #undef printf
- #define printf M2M_LOG_INFO
- /* OS requires occasional sleep() */
- #ifndef TEST_SLEEP_MS
- #define TEST_SLEEP_MS 50
- #endif
- #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS))
- /* don't use file system for these tests, since ./certs dir isn't loaded */
- #undef NO_FILESYSTEM
- #define NO_FILESYSTEM
- #elif defined(THREADX) && !defined(WOLFSSL_WICED) && \
- !defined(THREADX_NO_DC_PRINTF)
- #ifndef NETOS
- /* since just testing, use THREADX log printf instead (NETOS prototypes
- * this elsewhere) */
- int dc_log_printf(char*, ...);
- #endif
- #undef printf
- #define printf dc_log_printf
- #elif defined(ANDROID)
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #ifndef STRING_USER
- #include <stdio.h>
- #endif
- #include <android/log.h>
- #ifdef ANDROID_V454 /* See fips/android/wolfCrypt_v454_android */
- #ifndef NO_FILESYSTEM
- #define NO_FILESYSTEM /* Turn off tests that want to call SaveDerAndPem() */
- #endif
- #else
- #define printf(...) \
- __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
- #define fprintf(fp, ...) \
- __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
- #endif
- #elif defined(WOLFSSL_DEOS)
- #include <printx.h>
- #undef printf
- #define printf printx
- #elif defined(WOLFSSL_RENESAS_RSIP)
- #ifndef TEST_SLEEP
- #define TEST_SLEEP() vTaskDelay(50)
- #endif
- #undef vprintf
- #define vprintf rsip_vprintf
- #include <stdarg.h> /* for var args */
- int rsip_vprintf(const char* restrict format, va_list args)
- {
- int ret;
- char tmpBuf[80];
- ret = XVSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args);
- printf(tmpBuf);
- return ret;
- }
- #else
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
- #include <stdio.h>
- #endif
- #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
- #undef printf
- #define printf(...) ({})
- #endif
- /* enable way for customer to override test/bench printf */
- #ifdef XPRINTF
- #undef printf
- #define printf XPRINTF
- #elif !defined(printf)
- /* arrange for printf() to flush after every message -- this assures
- * redirected output (to a log file) records progress right up to the
- * moment of a crash/abort(); otherwise anything queued in stdout would
- * be lost.
- */
- #define printf(...) ( printf(__VA_ARGS__), fflush(stdout) )
- #endif
- #endif
- #endif /* !WOLFSSL_LOG_PRINTF */
- #include <wolfssl/wolfcrypt/memory.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/types.h>
- #include <wolfssl/wolfcrypt/asn.h>
- #include <wolfssl/wolfcrypt/md2.h>
- #include <wolfssl/wolfcrypt/md5.h>
- #include <wolfssl/wolfcrypt/md4.h>
- #include <wolfssl/wolfcrypt/sha.h>
- #include <wolfssl/wolfcrypt/sha256.h>
- #include <wolfssl/wolfcrypt/sha512.h>
- #include <wolfssl/wolfcrypt/hash.h>
- #include <wolfssl/wolfcrypt/rc2.h>
- #include <wolfssl/wolfcrypt/arc4.h>
- #if !defined(WC_NO_RNG)
- #include <wolfssl/wolfcrypt/random.h>
- #endif
- #include <wolfssl/wolfcrypt/wolfmath.h>
- #include <wolfssl/wolfcrypt/coding.h>
- #include <wolfssl/wolfcrypt/signature.h>
- #include <wolfssl/wolfcrypt/rsa.h>
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/aes.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #include <wolfssl/wolfcrypt/cmac.h>
- #include <wolfssl/wolfcrypt/siphash.h>
- #include <wolfssl/wolfcrypt/poly1305.h>
- #include <wolfssl/wolfcrypt/camellia.h>
- #include <wolfssl/wolfcrypt/hmac.h>
- #include <wolfssl/wolfcrypt/kdf.h>
- #include <wolfssl/wolfcrypt/dh.h>
- #include <wolfssl/wolfcrypt/dsa.h>
- #include <wolfssl/wolfcrypt/srp.h>
- #include <wolfssl/wolfcrypt/chacha.h>
- #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
- #include <wolfssl/wolfcrypt/pwdbased.h>
- #include <wolfssl/wolfcrypt/ripemd.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
- #endif
- #ifdef WOLFSSL_SM2
- #include <wolfssl/wolfcrypt/sm2.h>
- #endif
- #ifdef HAVE_HPKE
- #include <wolfssl/wolfcrypt/hpke.h>
- #endif
- #ifdef HAVE_CURVE25519
- #include <wolfssl/wolfcrypt/curve25519.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/wolfcrypt/ed25519.h>
- #endif
- #ifdef HAVE_CURVE448
- #include <wolfssl/wolfcrypt/curve448.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/wolfcrypt/ed448.h>
- #endif
- #ifdef WOLFSSL_HAVE_KYBER
- #include <wolfssl/wolfcrypt/kyber.h>
- #ifdef WOLFSSL_WC_KYBER
- #include <wolfssl/wolfcrypt/wc_kyber.h>
- #endif
- #if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
- #include <wolfssl/wolfcrypt/ext_kyber.h>
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_XMSS)
- #include <wolfssl/wolfcrypt/xmss.h>
- #ifdef HAVE_LIBXMSS
- #include <wolfssl/wolfcrypt/ext_xmss.h>
- #else
- #include <wolfssl/wolfcrypt/wc_xmss.h>
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_LMS)
- #include <wolfssl/wolfcrypt/lms.h>
- #ifdef HAVE_LIBLMS
- #include <wolfssl/wolfcrypt/ext_lms.h>
- #else
- #include <wolfssl/wolfcrypt/wc_lms.h>
- #endif
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- #include <wolfssl/wolfcrypt/eccsi.h>
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- #include <wolfssl/wolfcrypt/sakke.h>
- #endif
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- #include <wolfssl/wolfcrypt/blake2.h>
- #endif
- #ifdef WOLFSSL_SHA3
- #include <wolfssl/wolfcrypt/sha3.h>
- #endif
- #ifdef WOLFSSL_SM3
- #include <wolfssl/wolfcrypt/sm3.h>
- #endif
- #ifdef WOLFSSL_SM4
- #include <wolfssl/wolfcrypt/sm4.h>
- #endif
- #ifdef HAVE_LIBZ
- #include <wolfssl/wolfcrypt/compress.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/wolfcrypt/pkcs7.h>
- #endif
- #ifdef HAVE_PKCS12
- #include <wolfssl/wolfcrypt/pkcs12.h>
- #endif
- #ifdef HAVE_FIPS
- #include <wolfssl/wolfcrypt/fips_test.h>
- #endif
- #ifdef HAVE_SELFTEST
- #include <wolfssl/wolfcrypt/selftest.h>
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- #include <wolfssl/wolfcrypt/async.h>
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- #include <wolfssl/wolfcrypt/logging.h>
- #endif
- #ifdef WOLFSSL_CAAM
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #endif
- #ifdef WOLF_CRYPTO_CB
- #include <wolfssl/wolfcrypt/cryptocb.h>
- #ifdef HAVE_INTEL_QA_SYNC
- #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
- #endif
- #ifdef HAVE_RENESAS_SYNC
- #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
- #endif
- #endif
- #ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
- #pragma warning(disable: 4996)
- #endif
- #ifdef OPENSSL_EXTRA
- #ifndef WOLFCRYPT_ONLY
- #include <wolfssl/openssl/evp.h>
- #include <wolfssl/openssl/hmac.h>
- #endif
- #include <wolfssl/openssl/rand.h>
- #include <wolfssl/openssl/aes.h>
- #include <wolfssl/openssl/des.h>
- #endif
- #if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #define USE_CERT_BUFFERS_2048
- #endif
- #if !defined(USE_CERT_BUFFERS_256)
- #define USE_CERT_BUFFERS_256
- #endif
- #endif
- #if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
- #define ENABLE_ECC384_CERT_GEN_TEST
- #endif
- #include <wolfssl/certs_test.h>
- #ifdef DEVKITPRO
- #include <wiiuse/wpad.h>
- #endif
- #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- /* FIPS build has replaced ecc.h. */
- #define wc_ecc_key_get_priv(key) (&((key)->k))
- #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- static WOLFSSL_HEAP_HINT* HEAP_HINT;
- #else
- #define HEAP_HINT NULL
- #endif /* WOLFSSL_STATIC_MEMORY */
- /* these cases do not have intermediate hashing support */
- #if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \
- && !defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- #define NO_INTM_HASH_TEST
- #endif
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
- defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
- defined(WOLFSSL_SECO_CAAM)
- #define HASH_SIZE_LIMIT
- #endif
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- static void initDefaultName(void);
- #endif
- /* for async devices */
- #ifdef WOLFSSL_CAAM_DEVID
- static int devId = WOLFSSL_CAAM_DEVID;
- #else
- #ifdef WC_USE_DEVID
- static int devId = WC_USE_DEVID;
- #else
- static int devId = INVALID_DEVID;
- #endif
- #endif
- #ifdef HAVE_WNR
- const char* wnrConfigFile = "wnr-example.conf";
- #endif
- #define TEST_STRING "Everyone gets Friday off."
- #define TEST_STRING_SZ 25
- typedef struct testVector {
- const char* input;
- const char* output;
- size_t inLen;
- size_t outLen;
- } testVector;
- #ifndef WOLFSSL_TEST_SUBROUTINE
- #define WOLFSSL_TEST_SUBROUTINE
- #endif
- PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
- PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void);
- #if !defined(WOLFSSL_NOSHA512_224) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void);
- #endif
- #if !defined(WOLFSSL_NOSHA512_256) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void);
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
- defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
- defined(WOLFSSL_AFALG_XILINX_RSA)
- /* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
- static wc_test_ret_t hkdf_test(void);
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void);
- #endif
- #endif /* HAVE_HKDF && ! NO_HMAC */
- #ifdef WOLFSSL_HAVE_PRF
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- #ifdef WOLFSSL_BASE16
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void);
- #endif /* WOLFSSL_BASE16 */
- #endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
- #endif /* WOLFSSL_HAVE_PRF */
- #if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void);
- #ifdef WOLFSSL_TLS13
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void);
- #ifdef WC_SRTP_KDF
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void);
- #ifdef WC_RC2
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void);
- #if defined(WOLFSSL_AES_CFB)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void);
- #endif
- #ifdef WOLFSSL_AES_XTS
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void);
- #if defined(WOLFSSL_SIPHASH)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void);
- #ifdef WOLFSSL_SM4
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void);
- #endif
- #ifdef WC_RSA_NO_PADDING
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void);
- #ifndef WC_NO_RNG
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void);
- #endif /* WC_NO_RNG */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
- #ifdef HAVE_ECC
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void);
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void);
- #endif
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
- /* skip for ATECC508/608A, cannot import private key buffers */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void);
- #endif
- #endif
- #ifdef HAVE_CURVE25519
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void);
- #endif
- #ifdef HAVE_ED25519
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void);
- #endif
- #ifdef HAVE_CURVE448
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void);
- #endif
- #ifdef HAVE_ED448
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void);
- #endif
- #ifdef WOLFSSL_HAVE_KYBER
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void);
- #endif
- #if defined(WOLFSSL_HAVE_XMSS)
- #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void);
- #endif
- #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void);
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_LMS)
- #if !defined(WOLFSSL_SMALL_STACK)
- #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
- defined(HAVE_LIBLMS)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
- #endif
- #endif
- #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void);
- #endif
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void);
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void);
- #endif
- #ifdef HAVE_BLAKE2
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void);
- #endif
- #ifdef HAVE_BLAKE2S
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void);
- #endif
- #ifdef HAVE_LIBZ
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void);
- #endif
- #ifdef HAVE_PKCS7
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void);
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void);
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void);
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void);
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key,
- word32 keySz);
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void);
- #endif
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void);
- #if defined(WOLFSSL_PUBLIC_MP) && \
- ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(USE_FAST_MATH))
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
- #endif
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void);
- #endif
- #if defined(__INCLUDE_NUTTX_CONFIG_H)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void);
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void);
- #endif
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void);
- #endif
- #ifdef WOLFSSL_CAAM_BLOB
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void);
- #endif
- #ifdef HAVE_ARIA
- #include "wolfssl/wolfcrypt/port/aria/aria-crypt.h"
- void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
- WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
- #endif
- #ifdef WOLF_CRYPTO_CB
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
- #endif
- #ifdef WOLFSSL_CERT_PIV
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void);
- #endif
- #ifdef WOLFSSL_AES_SIV
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void);
- #endif
- #if defined(WOLFSSL_AES_EAX) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
- #endif /* WOLFSSL_AES_EAX */
- /* General big buffer size for many tests. */
- #define FOURK_BUF 4096
- /* If not defined in user_settings, the ERROR_OUT pause is 120 seconds. */
- #ifndef WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION
- #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION 120
- #endif
- #if defined(WOLFSSL_ESPIDF_ERROR_PAUSE)
- #if defined(CONFIG_FREERTOS_HZ)
- #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
- (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * CONFIG_FREERTOS_HZ)
- #else
- /* If not defined, assume RTOS is 1000 ticks per second. */
- #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
- (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * 1000)
- #endif
- /* When defined, pause at error condition rather than exit with error. */
- #define ERROR_OUT(err, eLabel) \
- do { \
- ret = (err); \
- ESP_LOGE(ESPIDF_TAG, "Failed: Error = %d during %s, line %d", \
- err, __FUNCTION__, __LINE__); \
- ESP_LOGI(ESPIDF_TAG, "Extended system info:"); \
- esp_ShowExtendedSystemInfo(); \
- ESP_LOGW(ESPIDF_TAG, "Paused for %d seconds! " \
- "WOLFSSL_ESPIDF_ERROR_PAUSE is enabled.", \
- WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION); \
- vTaskDelay(WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS); \
- goto eLabel; \
- } while (0)
- #else
- #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
- #endif
- /* Not all unexpected conditions are actually errors .*/
- #define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
- static void render_error_message(const char* msg, wc_test_ret_t es)
- {
- (void)msg;
- (void)es;
- #ifdef WOLFSSL_LINUXKM
- #define err_sys_printf lkm_printf
- #else
- #define err_sys_printf printf
- #endif
- switch (WC_TEST_RET_DEC_TAG(es)) {
- case WC_TEST_RET_TAG_NC:
- err_sys_printf("%s error L=%d\n", msg, WC_TEST_RET_DEC_LN(es));
- break;
- case WC_TEST_RET_TAG_EC:
- #ifdef NO_ERROR_STRINGS
- err_sys_printf("%s error L=%d code=%d\n", msg,
- WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es));
- #else
- err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
- WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
- wc_GetErrorString(-WC_TEST_RET_DEC_I(es)));
- #endif
- break;
- case WC_TEST_RET_TAG_ERRNO:
- {
- /* strerror_r() comes in two mutually incompatible flavors, a native glibc
- * flavor that always returns a non-null char pointer that must be used
- * directly, and a POSIX flavor that returns an error int, and iff success,
- * stores an error string in the supplied buffer. this is all most
- * infelicitous...
- */
- #if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \
- (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) && \
- ((defined(__GLIBC__) && (__GLIBC__ >= 2)) || \
- (defined(__USE_XOPEN2K) && \
- defined(_POSIX_C_SOURCE) && \
- (_POSIX_C_SOURCE >= 200112L)))
- char errno_buf[64], *errno_string;
- /* precisely mirror the gate used in glibc string.h */
- #if defined __USE_XOPEN2K && !defined __USE_GNU
- if (strerror_r(WC_TEST_RET_DEC_I(es),
- errno_buf, sizeof(errno_buf)) != 0)
- XSTRLCPY(errno_buf, "?", sizeof(errno_buf));
- errno_string = errno_buf;
- #else
- errno_string = strerror_r(WC_TEST_RET_DEC_I(es),
- errno_buf, sizeof(errno_buf));
- #endif
- err_sys_printf("%s error L=%d errno=%d (%s)\n", msg,
- WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es),
- errno_string);
- #else /* can't figure out how to strerror_r(), or don't want error strings */
- err_sys_printf("%s error L=%d errno=%d\n", msg,
- WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es));
- #endif
- break;
- }
- case WC_TEST_RET_TAG_I:
- err_sys_printf("%s error L=%d i=%d\n", msg,
- WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es));
- break;
- }
- #undef err_sys_printf
- }
- static void print_fiducials(void);
- #ifdef HAVE_STACK_SIZE
- static THREAD_RETURN err_sys(const char* msg, int es)
- #else
- static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es)
- #endif
- {
- render_error_message(msg, es);
- print_fiducials();
- #ifdef WOLFSSL_LINUXKM
- EXIT_TEST(es);
- #else
- EXIT_TEST(-1);
- #endif
- }
- #ifndef HAVE_WOLFCRYPT_TEST_OPTIONS
- /* func_args from test.h, so don't have to pull in other stuff */
- typedef struct func_args {
- int argc;
- char** argv;
- wc_test_ret_t return_code;
- } func_args;
- #endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
- #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
- static void myFipsCb(int ok, int err, const char* hash)
- {
- printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
- printf("message = %s\n", wc_GetErrorString(err));
- printf("hash = %s\n", hash);
- if (err == IN_CORE_FIPS_E) {
- printf("In core integrity hash check failure, copy above hash\n");
- printf("into verifyCore[] in fips_test.c and rebuild\n");
- }
- }
- #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
- #ifdef WOLFSSL_STATIC_MEMORY
- #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
- static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
- #elif defined(BENCH_EMBEDDED)
- static byte gTestMemory[14000];
- #elif defined(WOLFSSL_CERT_EXT)
- static byte gTestMemory[140000];
- #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(USE_FAST_MATH)) && \
- !defined(ALT_ECC_SIZE)
- static byte gTestMemory[160000];
- #else
- static byte gTestMemory[80000];
- #endif
- #endif
- #ifdef WOLFSSL_PB
- static int wolfssl_pb_print(const char* msg, ...)
- {
- int ret;
- va_list args;
- char tmpBuf[80];
- va_start(args, msg);
- ret = vsprint(tmpBuf, msg, args);
- va_end(args);
- fnDumpStringToSystemLog(tmpBuf);
- return ret;
- }
- #endif /* WOLFSSL_PB */
- #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
- !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- /* Enable support for RNG with crypto callback */
- static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
- {
- int rc = CRYPTOCB_UNAVAILABLE;
- if (info->algo_type == WC_ALGO_TYPE_RNG) {
- rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
- }
- (void)ctx;
- (void)thisDevId;
- return rc;
- }
- #endif
- #if defined(WC_KDF_NIST_SP_800_56C)
- #define INIT_SP80056C_TEST_VECTOR(_z, _fixedInfo, _derivedKey, _hashType) \
- { \
- .z = (const byte*)_z, .zSz = sizeof(_z) - 1, \
- .fixedInfo = (const byte*)_fixedInfo, \
- .fixedInfoSz = sizeof(_fixedInfo) - 1, \
- .derivedKey = (const byte*)_derivedKey, \
- .derivedKeySz = sizeof(_derivedKey) - 1, .hashType = _hashType, \
- }
- #define SP800_56C_MAX_OUT 128
- static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
- {
- struct sp800_56c_test_vector {
- const byte* z;
- word32 zSz;
- const byte* fixedInfo;
- word32 fixedInfoSz;
- const byte* derivedKey;
- word32 derivedKeySz;
- enum wc_HashType hashType;
- };
- struct sp800_56c_test_vector* v;
- byte output[SP800_56C_MAX_OUT];
- word32 i;
- int ret;
- /* vectors from
- * https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
- *
- * (KeyManagement) */
- struct sp800_56c_test_vector vctors[] = {
- #if !defined(NO_SHA)
- /* SHA-1 */
- INIT_SP80056C_TEST_VECTOR(
- "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05"
- "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63"
- "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48"
- "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae"
- "\xb0\x10\x09\xa4\x56\x82\xa5\xe1",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\xae\x64\xab\x2b\x2b\x75\xa9\x4c\xf8\xef\x24\xda\x24\x56\xbd\x3a"
- "\xa3\x6d\xb6\x14\x29\xea\x55\x21",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\xcc\x96\x5a\x52\xd0\x5c\x94\x9e\x52\xc0\x35\xfd\x03\x53\x0d\xb7"
- "\xea\xa4\x08\x70\x2c\x9d\x35\x21\x1e\x67\x21\x54\x12\x45\x91\x51"
- "\xba\x22\x62\xbd\x1e\x28\xe5\x6b",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\x71\x5d\xc0\xea\x24\x6b\x46\x56\x63\xa8\x9c\xde\x04\x12\xc1\x92"
- "\xe1\x9e\x58\xd5\xb0\xb6\x36\x6d\xa7\x89\xad\xbf\x44\x9a\x38\xaa"
- "\x46\x69\xfe\x36\x30\xa2\x0f\x7f\xa3\x14\x9c\x9b\x4b\x0a\xb5\xcd"
- "\x3e\x14\x18\x2b\x75\x04\xd5\xd2\x75\x2b\xf6\x58\x7a\xab\xc9\xf4"
- "\xcb\x8f\xe5\x29\x23\x6a\xb8\x15\x36\xad\xd2\xbd\x25\xd6\xbf\x9d"
- "\x5f\x1d\xf5\x76\x16\x5a\xa5\x5c\x24\x99\x61\xd8\xf8\x75\x00\xed"
- "\x8d\xbf\xc5\xd2\x50\x53\x4c\x07\xd9\x9a\xc9\x17\xf9\x84\x60\x46"
- "\xac\x5c\xb8\xa2\x98\x74\x26\x22\xd3\xc9\x86\x18\x06\x92\x46\xe8"
- "\xad\x37\x11\x25\x57\xe0\xe6\x34\xb5\x81\x32\x7a\x4a\xd3\x2c\x7c"
- "\x76\x4b\xe8\xf8\x08\x0d\x37\x2c\x63\x20\x93\xa7\x67\xf1\x55\xbd"
- "\x22\xec\x00\x3c\xa6\x1c\x8b\x43\x32\x0f\x3a\xbe\xb5\xdd\xc4\xa3"
- "\xb1\x89\x82\xfd\xd6\x51\x0f\x88\x3c\x8d\xc1\xe0\xb1\x57\xff\xb9"
- "\xcf\xc0\xa5\x9c\xe2\xd4\x05\x5f\xfc\x73\xe7\x15\x2a\x6a\x95\x43"
- "\xb9\x19\xe7\x94\xe9\x49\x61\x33\xbe\x2a\x23\x18\xd9\x05\x6e\xfd"
- "\x74\x48\x2d\xc6\x3c\x0d\xb5\x8f\xe6\x42\x6b\x0f\xe7\x35\x45\x42"
- "\xc2\x19\x7a\xb6\xbd\x35\xf1\xa9\x2d\xce\x90\xb1\xc4\x6d\x32\xc1",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x1b\x5f\xcc\x8d\x81\xa5\xd9\xa9\x36\x94\xe6\x47\x77\x88\xd8\x03"
- "\x15\x84\xc3\xf5\x2e\x9f\x11\x7a\xe8\x18\x4d\xba\x56\x47\x9d\x87"
- "\x66\x76\x92\xf1\x2d\x7b\xd3\x8b",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\x33\xe0\x50\xbd\x20\x9f\x2d\xf2\x77\x19\x78\xfc\xd1\xd4\xc8\x2e"
- "\x49\xd0\x1d\x65\xbb\x62\x03\x20\xd3\x0b\xfe\xa8\x7a\xa8\x69\xe1"
- "\x07\xa5\x17\xa4\xc8\x5b\x69\x28\x45\x21\xca\x54\xb7\x7f\x59\xe9"
- "\x4a\x85\x6d\xaa\x30\xa3\x85\xa5\x25\xd8\xa3\xf7\xe1\x5e\xe5\xe9"
- "\xaa\x12\x8d\x45\xef\x63\xf9\x0c\x10\xe0\x8f\xc5\x26\x36\x13\x77"
- "\x81\x54\x7a\x58\x9f\x97\x87\xf9\xd7\xdd\x61\x43\x41\x9a\x26\x16"
- "\x80\x16\x82\x40\xaa\xb2\x01\x3d\x80\x20\xdb\xe8\x4b\x7e\x2b\xed"
- "\xce\x67\x1b\x94\x03\xbd\x1f\x91\x71\xa2\x57\x90\xce\x66\x7d\xed",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x35\x10\x85\x85\xfc\x55\x62\xb5\xf1\x8f\x20\x7b\xa8\x35\x63\xe4"
- "\x49\x28\x45\x6a\x5e\x53\x63\x7e\xae\x6b\xb5\xfc\x33\x88\xae\x02"
- "\x91\x79\x0a\x1d\xc8\x31\x4e\x28",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\x5c\x80\x4f\x45\x4d\x30\xd9\xc4\xdf\x85\x27\x1f\x93\x52\x8c\x91"
- "\xdf\x6b\x48\xab\x5f\x80\xb3\xb5\x9c\xaa\xc1\xb2\x8f\x8a\xcb\xa9"
- "\xcd\x3e\x39\xf3\xcb\x61\x45\x25\xd9\x52\x1d\x2e\x64\x4c\x53\xb8"
- "\x07\xb8\x10\xf3\x40\x06\x2f\x25\x7d\x7d\x6f\xbf\xe8\xd5\xe8\xf0"
- "\x72\xe9\xb6\xe9\xaf\xda\x94\x13\xea\xfb\x2e\x8b\x06\x99\xb1\xfb"
- "\x5a\x0c\xac\xed\xde\xae\xad\x7e\x9c\xfb\xb3\x6a\xe2\xb4\x20\x83"
- "\x5b\xd8\x3a\x19\xfb\x0b\x5e\x96\xbf\x8f\xa4\xd0\x9e\x34\x55\x25"
- "\x16\x7e\xcd\x91\x55\x41\x6f\x46\xf4\x08\xed\x31\xb6\x3c\x6e\x6d",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\xfa\xa0\x22\xce\x7f\xa9\xba\x95\xeb\xa3\x9f\x3f\x44\xf3\xee\x14"
- "\x96\x0a\x0b\x23\x9d\x01\x4b\x57\x70\xe4\x71\xd7\x5a\x99\xea\x87"
- "\x10\xe3\x8f\x0c\xef\x0f\xfc\x67",
- WC_HASH_TYPE_SHA),
- INIT_SP80056C_TEST_VECTOR(
- "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05"
- "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63"
- "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48"
- "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae"
- "\xb0\x10\x09\xa4\x56\x82\xa5\xe1",
- WC_HASH_TYPE_SHA),
- #endif
- #if defined(WOLFSSL_SHA224)
- /* SHA-224*/
- INIT_SP80056C_TEST_VECTOR(
- "\x8c\x5d\x6e\x5d\x36\x06\x83\xba\x55\xb0\x9d\xb1\x69\x6d\x7c\x64"
- "\x02\xff\x87\x88\x5f\xf5\x07\x70\xf2\x76\x7b\x75\x54\x60\x20\x7e"
- "\xd5\xc7\x43\xfd\x27\xe7\xeb\x1d\x0c\xa5\x91\xf8\x56\x38\x93\x11"
- "\x73\x07\x44\xf2\x04\xd2\xe5\x5b\x8b\xd4\x46\xce\xca\x03\x1f\x7b"
- "\xac\xcf\xf1\xa7\x1b\x68\x34\x59\xcc\x54\xd5\x01\xda\xbf\x4a\x84"
- "\xcd\xb8\x6d\xfa\xda\xff\x31\x0f\xbd\xba\xf7\x4d\xd5\x1b\xa1\xe1"
- "\xe1\x19\x1a\xf1\x4c\x9b\xf8\x94\x43\xbf\x58\x8e\x9c\xe3\x30\x34"
- "\xaf\x5e\x89\xbf\x6f\xfc\x47\xd7\xd9\xca\x4a\x5e\x8f\xf8\xa0\x50"
- "\x20\xbb\x0f\x95\xbc\xde\x01\x56\xd8\x7f\xb8\x60\xbd\x40\x83\xfa"
- "\x5b\x53\x1a\x08\xa4\xfb\x7e\xe0\x20\x1a\xe8\xb3\xcc\xff\xe9\x9f"
- "\x27\x0b\xc3\x53\x4b\xaa\xcf\xc0\x01\xcd\xd8\x0a\xd8\x7c\xce\x71"
- "\xf0\x91\xe7\x66\xca\x5c\xc2\x75\xcb\x49\x14\x5a\x5e\xe6\x16\x2e"
- "\xcc\xf5\x58\xce\xc4\xd3\xee\x53\x1e\x91\xe9\xa5\x29\x69\x63\x4d"
- "\x3a\xf8\xd2\x6f\x8d\x15\xdc\x0d\x6f\x6e\x0a\x97\x4b\xe4\x34\x1b"
- "\x68\xa0\x19\x90\xdb\xb8\x64\x95\x89\x1a\xd3\xaf\xc1\xe4\xce\xdf"
- "\x4c\x6a\xe1\xf1\xcd\x60\x81\xcd\xee\xd8\xe6\xb3\x26\x4e\xc3\xbe"
- "\x24\x58\xd1\xc0\xca\x24\x43\x41\x0c\xf3\xb4\x7c\x0c\x25\x4c\x7d"
- "\xc8\xec\xb4\x3e\x6c\x23\x64\xe1\xc0\x62\x19\xcc\x7e\xfb\xff\xbb"
- "\x63\xd7\xff\xfc\x74\x58\x12\xfd\x24\x0c\x33\xd4\x96\xb9\x99\x2f"
- "\x96\x80\xa6\x3c\x07\x96\x3c\x0c\x49\xf3\xc1\xba\xef\xec\xaf\x32"
- "\xe2\xaa\x8a\x2f\x7c\xd3\x0d\x8f\x05\x1e\xe2\xf5\x0f\xbf\x05\xab"
- "\x13\x96\xa4\xea\x87\x44\x7d\x7b\x98\x1b\x5e\x46\x14\x28\x18\x71"
- "\xa6\xf0\xf6\xbf\x1f\xe0\x02\x2f\x7e\xa1\x32\xbe\x0a\xe9\x19\x26"
- "\xab\x12\xaf\x6d\xc4\x50\x64\xaa\xd5\x6b\x84\xb9\x0c\x70\x08\x37"
- "\x09\xcf\xf7\xe3\x1b\x54\x8f\xb7\xfb\x2c\xf7\x5a\xbf\x96\xe0\x1c"
- "\xcd\x3e\x94\x2e\xed\x91\x48\x0d\x4c\x24\xc6\xb7\xf9\x79\xfb\xbe"
- "\x5d\xa2\x39\xb3\x76\x16\x7d\x68\x57\x35\x24\xff\xcb\x50\x99\x54"
- "\xcc\x80\xa0\xe1\xa7\x1c\x40\xc4\xda\x17\xb8\xd1\x57\x2b\x21\x58"
- "\x7a\x8d\x66\xcc\x62\x1c\x7c\xd1\x0f\x49\xab\xd5\xef\x86\x31\x13"
- "\xe6\x19\x21\x08\x6f\xac\x25\x31\x2b\x74\x1c\x11\xa8\xfb\xc1\xe3"
- "\x3c\x34\xd9\xda\x14\xa8\x22\x47\x7f\xcc\x36\x66\x70\x25\xc4\xf1"
- "\x30\xae\x10\x0e\x36\xf1\x5d\xa0\x03\x74\xce\x87\x41\x67\x9f\x61",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x4b\x99\x6a\x60\xc0\x4a\x35\xc5\xe6\xd4\x74\xb1\x0a\x25\x8d\x56"
- "\x2e\xa6\xdc\x52\xf6\xc6\x9b\xf3\x9e\xf8\x8c\x89\xe3\xcc\x8a\x54"
- "\xda\x2f\x3c\x0b\x56\x1b\x53\xfe\x76\x55\x13\x63\xd6\x9c\x3c\xef"
- "\x74\xe3\x4f\xe8\x8e\xb3\xac\x51",
- WC_HASH_TYPE_SHA224),
- INIT_SP80056C_TEST_VECTOR(
- "\x52\x27\x2f\x50\xf4\x6f\x4e\xdc\x91\x51\x56\x90\x92\xf4\x6d\xf2"
- "\xd9\x6e\xcc\x3b\x6d\xc1\x71\x4a\x4e\xa9\x49\xfa\x9f\x18\xff\x54"
- "\xf8\x87\x23\x07\x3f\x64\xa6\x95\x3d\x04\x91\x4f\x45\xa2\x3e\xee"
- "\x7c\xfc\x46\x67\x08\x0a\xa0\xf9",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x77\x56\xbc\xfd\xef\x3e\xe6\x9f\x6a\xc2\x3c\xd2\xdc\x60\x7d\x01"
- "\xfa\x8c\xe1\xb2\x4f\x5c\xaa\xaa\x48\xe0\x4b\x81\x63\xe1\x73\x3a"
- "\xed\x7a\x04\x0e\x73\xf2\xb5\x42\x36\x8f\x00\x54\x8b\x16\x3c\x3d"
- "\xc9\x6d\x70\x09\x99\x16\xf1\x6b",
- WC_HASH_TYPE_SHA224),
- #endif
- #if !defined(NO_SHA256)
- /* SHA-256 */
- INIT_SP80056C_TEST_VECTOR(
- "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1"
- "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88"
- "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14"
- "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08"
- "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d"
- "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52"
- "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc\xa6",
- WC_HASH_TYPE_SHA256),
- INIT_SP80056C_TEST_VECTOR(
- "\x44\xf4\x84\x09\xf3\x1b\xf3\x50\x94\x51\xdb\x4d\x30\x4b\xeb\xd8"
- "\x3c\x2a\xd6\x50\x1c\x1b\x85\xe6\x32\xbc\x92\x58\x8e\x2d\x48\xb5"
- "\xd2\xb8\x44\x44\x62\xad\x94\xe8\xa4\x44\x94\x1e\xd4\x97\x5c\x97"
- "\x91\x17\xd7\x5a\x0a\x2b\xa8\x10\xdf\xa8\x80\x4a\x0f\xe9\x42\x6d"
- "\xd7\xeb\x95\xf2\x9c\xa4\x30\xda\x37\xef\xa5\x2c\x42\xda\x1d\xe2"
- "\x23\x76\x3b\xdd\xc9\x5e\x46\x6a\xa3\xb8\xd2\x06\xb8\x21\x8e\xdf"
- "\x23\x97\x3d\x05\xf3\xc7\xc2\x2b\x22\x46\x53\xd4\xf9\x21\x85\x45"
- "\x79\x83\x26\x2f\x27\xbc\x55\xa0\xa7\xae\xe5\x43\x54\x55\xd4\x3c"
- "\x0e\x0c\x6d\x80\x67\xad\xaf\x90\x42\xb6\xb7\x77\x7e\x19\x8d\x67"
- "\x60\x83\x0d\x96\xb2\x9a\x6a\xae\xf5\x74\xd7\x5e\x2d\x65\x43\x55"
- "\x0f\x75\x55\xcf\x89\x82\xc8\x21\xc4\xec\x9b\x82\x66\x2b\x09\x36"
- "\x69\xfd\x24\x6d\x4d\xcc\xbf\xf3\x1d\x98\x4e\xf6\x3c\x4f\x95\xd7"
- "\x39\xc7\x7e\x66\xf6\x9b\x6d\xb0\xd9\xfc\x1a\x97\x3f\x52\x33\xd1"
- "\x1f\xe7\x15\x4b\x8a\x6b\xe1\x50\x46\x7d\x92\xda\xf0\x91\x44\x34"
- "\xf0\xcf\x17\x6e\x96\x1b\x31\x3f\xe3\xe2\x3b\xfe\x37\x8b\x87\xba"
- "\xf2\x73\x93\x7f\xfa\xa6\x85\x65\x8b\x09\x78\x1d\x26\x97\x86\x4b"
- "\x0d\x82\x48\x5c\xf7\xd6\x2f\xfc\xea\x34\x33\x88\xcf\xec\x15\x27"
- "\x3a\x39\x4b\x84\x32\xee\xb6\x32\x1b\xe3\x1d\x4f\xcd\x16\x15\xc8"
- "\x1c\x69\x37\xc0\x8d\x92\x41\x6e\xdb\xdd\x20\x10\xfa\x8b\x6e\x0a"
- "\x8a\x60\x3d\xad\xe0\x10\xbc\x9c\xd7\x6b\x14\xe3\xe2\x19\x0e\x3b"
- "\xa3\x00\xe7\x1a\xdd\xbf\x24\x4c\xf8\x06\x29\x49\x76\xea\xf0\x7d"
- "\x02\x3b\xdb\x57\xfc\x5d\x19\x64\xc7\xd4\x20\x6e\x72\x06\x1b\xfe"
- "\x1e\xe4\xee\xbc\x92\x00\xe1\x3a\x6c\xba\x32\x86\x9d\xbe\x80\x82"
- "\xcd\xf3\x64\x5b\x5a\x72\x7d\xd2\x7c\xa5\x03\xf4\xed\xeb\x73\xe8"
- "\x8a\x3a\x55\x2c\x7e\x00\xd4\xee\x72\x42\x13\x72\x36\xa0\x96\x5c"
- "\x1e\xc3\xeb\xc0\xb4\x8c\x2b\x46\x7e\xb8\x42\x41\x5a\x28\x3f\x55"
- "\xe2\x20\xff\xd1\x88\x19\x25\x6d\xa2\x47\x4d\x28\xfc\x3b\x04\xe0"
- "\xc0\x7e\x4d\x25\xc1\x74\x93\x41\xd2\x22\x97\x01\x5c\xd8\x17\x8c"
- "\x39\x18\xbe\x8c\x5c\xdf\x0f\xbf\xbb\x9a\x5a\xcc\xdd\x82\xaf\x07"
- "\x83\xef\xe4\xdf\x64\xa8\xd8\x92\x82\x8f\x8d\xe5\x8c\x5d\x56\x9b"
- "\x5b\x08\x45\x58\x96\xc4\xd3\xc3\x4f\xd3\xce\x93\xc4\x34\xc3\x8e"
- "\xf5\x6c\xed\x30\x56\x1c\x37\x1a\xf9\xf2\xd8\x64\xfd\xc5\xb6\x2f",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x42\x35\xac\x89\xc9\xf3\x3e\x5d\xbb\x11\x60\x1a\x29\x83\xe3\x76"
- "\xe2\x15\x39\x97\x87\xd8\x39\xa0\x38\x55\xfe\x04\x53\x3e\x1a\x67"
- "\x66\x91\x5e\x67\xc2\x5e\xeb\x04\x08\x28\xe9\x6c\xd3\xd6\xef\x0a"
- "\xb7\xd1\x7b\x43\x13\x43\xa7\xf3\xaa\xc6\x8f\x0c\x4a\x7e\x77\x9b",
- WC_HASH_TYPE_SHA256),
- /* slightly modified vector to test generation when derivedKeySz %
- * hashOutSz != 0*/
- INIT_SP80056C_TEST_VECTOR(
- "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1"
- "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88"
- "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14"
- "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08"
- "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d"
- "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52"
- "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc",
- WC_HASH_TYPE_SHA256),
- #endif
- #if defined(WOLFSSL_SHA384)
- /* SHA-384 */
- INIT_SP80056C_TEST_VECTOR(
- "\x5e\xa1\xfc\x4a\xf7\x25\x6d\x20\x55\x98\x1b\x11\x05\x75\xe0\xa8"
- "\xca\xe5\x31\x60\x13\x7d\x90\x4c\x59\xd9\x26\xeb\x1b\x84\x56\xe4"
- "\x27\xaa\x8a\x45\x40\x88\x4c\x37\xde\x15\x9a\x58\x02\x8a\xbc\x0e"
- "\x88\x76\x9c\xb7\x2f\xc5\xac\x45\x7c\xd5\x8e\x89\x08\x9b\x19\x6a"
- "\x70\xbf\x53\x3c\x6d\xc9\x1c\x9c\x7e\x17\x41\xdb\x5e\x7a\xb6\xb0"
- "\x84\x9f\x01\xde\xa6\x5f\xed\xd0\x6c\x77\x18\x7c\xd8\x8e\xd0\x30",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x8e\x6e\x26\x5f\x20\x82\xf1\x4d\x34\xda\x23\xe1\x03\x2c\x90\x24"
- "\x83\x4a\xf0\x15\x72\xb6\x64\x77\x82\x41\x1b\xdd\xcb\x84\xa5\xda"
- "\xee\x11\x7b\xa6\xfb\xa6\xd0\xeb\x28\x08\xef\x8a\xb0\x70\x05\xee"
- "\xab\xe5\x2d\x2e\xfd\x31\x12\x1c\x7b\xf9\xd5\xfa\xfc\x40\xe0\x0c"
- "\x6d\x6d\xbf\x39\xef\x43\xfe\x97\x15\xc7\x20\x2c\xdc\x2d\xb7\xe8"
- "\x2b\x88\xd7\x48\xeb\x84\x25\x8b\xf8\x4d\x85\x82\xf2\xbf\xd9\x40",
- WC_HASH_TYPE_SHA384),
- #endif
- #if defined(WOLFSSL_SHA512)
- /* SHA-512 */
- INIT_SP80056C_TEST_VECTOR(
- "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c"
- "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5"
- "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c"
- "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c"
- "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73"
- "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45"
- "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43"
- "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a"
- "\xde\x34\x54\xe4",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x2d\x4a\x46\xa1\x70\x99\xba\xa8\x33\x0b\xc5\x9d\x4a\x1c\xf5\xae"
- "\x3a\x30\x75\xb4\xc6\x2b\xb2\x6e\x7f\xc9\x89\x24\x72\x6d\x27\x4c"
- "\x09\x64\x6f\x44\x08\xe6\x85\x8c\x43\xb4\x2d\xae\xd0\x15\xef\x26"
- "\x17\x08\xd5\x5e\xf2\x4d\xaa\x7d\x3e\xa3\xd1\xc4\xa0\x8c\xfd\x24"
- "\xdb\x60\x00\xa5\xb8\xa6\x7d\xe7\x46\xf3\xd3\xf4\xff\x34\x85\x15"
- "\x8f\xd3\xb6\x91\x55\x79\x1d\xf4\x67\x47\xd4\xdb\xbe\x17\xc4\xb5"
- "\x58\x46\x2e\x26\xbe\x5e\xd3\x5f\xe6\x80\xe2\x97\x14\x22\xc3\xb0"
- "\x1b\x17\xe1\x67\xfc\x43\x7f\x84\x86\x9d\x85\x49\x53\x7b\x33\x38",
- WC_HASH_TYPE_SHA512),
- #endif
- INIT_SP80056C_TEST_VECTOR(
- "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c"
- "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5"
- "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c"
- "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c"
- "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73"
- "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45"
- "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43"
- "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a"
- "\xde\x34\x54\xe4",
- "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
- "\x42\x4f\x42\x42\x59\x34\x35\x36",
- "\x2d\x4a",
- WC_HASH_TYPE_SHA512),
- };
- for (i = 0; i < sizeof(vctors) / sizeof(vctors[0]); i++) {
- v = &vctors[i];
- ret = wc_KDA_KDF_onestep(v->z, v->zSz, v->fixedInfo, v->fixedInfoSz,
- v->derivedKeySz, v->hashType, output,
- /* use derivedKeySz to force the function to use a temporary buff
- for the last block */
- v->derivedKeySz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(output, v->derivedKey, v->derivedKeySz) != 0)
- return WC_TEST_RET_ENC_NC;
- }
- /* negative tests */
- ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info",
- sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16,
- WC_HASH_TYPE_SHA256, output, 16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- /* allow empty FixedInfo */
- ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,
- WC_HASH_TYPE_SHA256, output, 16);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif /* WC_KDF_NIST_SP_800_56C */
- /* optional macro to add sleep between tests */
- #ifndef TEST_SLEEP
- #define TEST_SLEEP() WC_DO_NOTHING
- #else
- #define TEST_PASS test_pass
- #include <stdarg.h> /* for var args */
- static WC_INLINE void test_pass(const char* fmt, ...)
- {
- va_list args;
- va_start(args, fmt);
- STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
- va_end(args);
- PRINT_HEAP_CHECKPOINT();
- TEST_SLEEP();
- ASSERT_RESTORED_VECTOR_REGISTERS(exit(1););
- }
- #endif
- /* set test pass output to printf if not overridden */
- #ifndef TEST_PASS
- /* redirect to printf */
- #define TEST_PASS(...) { \
- if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \
- (max_relative_stack, printf(__VA_ARGS__)) < 0) { \
- return err_sys("post-test check failed", WC_TEST_RET_ENC_NC);\
- } \
- PRINT_HEAP_CHECKPOINT(); \
- ASSERT_RESTORED_VECTOR_REGISTERS(exit(1);); \
- }
- #endif
- #ifdef TEST_ALWAYS_RUN_TO_END
- #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); render_error_message(msg, retval); } while (0)
- #elif !defined(TEST_FAIL)
- #define TEST_FAIL(msg, retval) return err_sys(msg, retval)
- #endif
- #ifdef HAVE_STACK_SIZE
- THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
- #else
- wc_test_ret_t wolfcrypt_test(void* args)
- #endif
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
- long heap_baselineAllocs, heap_baselineBytes;
- #endif
- #ifdef TEST_ALWAYS_RUN_TO_END
- int last_failed_test_ret = 0;
- #endif
- STACK_SIZE_INIT();
- #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
- (void)wolfCrypt_heap_peakAllocs_checkpoint();
- heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
- (void)wolfCrypt_heap_peakBytes_checkpoint();
- heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
- #endif
- #ifdef WC_RNG_SEED_CB
- wc_SetSeed_Cb(wc_GenerateSeed);
- #endif
- printf("------------------------------------------------------------------------------\n");
- printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
- #ifdef WOLF_CRYPTO_CB
- if (devId != INVALID_DEVID)
- printf(" CryptoCB with DevID:%X\n", devId);
- #endif
- printf("------------------------------------------------------------------------------\n");
- if (args) {
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- int ch;
- #endif
- ((func_args*)args)->return_code = -1; /* error state */
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) {
- switch(ch) {
- case 's':
- #ifdef HAVE_STACK_SIZE_VERBOSE
- max_relative_stack = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", WC_TEST_RET_ENC_NC);
- #endif
- case 'm':
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- max_relative_heap_bytes = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC);
- #endif
- case 'a':
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- max_relative_heap_allocs = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC);
- #endif
- case 'h':
- return err_sys("\
- options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
- [-a max_relative_heap_allocs] [-h]\n", 0);
- default:
- return err_sys("unknown test option. try -h.", WC_TEST_RET_ENC_NC);
- }
- }
- #endif
- }
- #ifdef WOLFSSL_STATIC_MEMORY
- if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
- WOLFMEM_GENERAL, 1) != 0) {
- printf("unable to load static memory.\n");
- return(EXIT_FAILURE);
- }
- #ifndef OPENSSL_EXTRA
- wolfSSL_SetGlobalHeapHint(HEAP_HINT);
- #endif
- #endif
- #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
- wolfSSL_Debugging_ON();
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- wc_SetLoggingHeap(HEAP_HINT);
- #endif
- #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
- wolfCrypt_SetCb_fips(myFipsCb);
- #if FIPS_VERSION3_GE(6,0,0)
- printf("FIPS module version in use: %s\n",
- wolfCrypt_GetVersion_fips());
- #endif
- #endif
- #if !defined(NO_BIG_INT)
- if (CheckCtcSettings() != 1) {
- printf("Sizeof mismatch (build) %x != (run) %lx\n",
- CTC_SETTINGS, (unsigned long)CheckRunTimeSettings());
- return err_sys("Build vs runtime math mismatch\n", WC_TEST_RET_ENC_NC);
- }
- #if defined(USE_FAST_MATH) && \
- (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
- if (CheckFastMathSettings() != 1)
- return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
- WC_TEST_RET_ENC_NC);
- #endif /* USE_FAST_MATH */
- #endif /* !NO_BIG_INT */
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- initDefaultName();
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- ret = wolfAsync_DevOpen(&devId);
- if (ret < 0) {
- printf("Async device open failed\nRunning without async\n");
- }
- #else
- (void)devId;
- #endif /* WOLFSSL_ASYNC_CRYPT */
- #ifdef WOLF_CRYPTO_CB
- #ifdef HAVE_INTEL_QA_SYNC
- devId = wc_CryptoCb_InitIntelQa();
- if (INVALID_DEVID == devId) {
- printf("Couldn't init the Intel QA\n");
- }
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- devId = wc_CryptoCb_InitOcteon();
- if (INVALID_DEVID == devId) {
- printf("Couldn't init the Cavium Octeon\n");
- }
- #endif
- #ifdef HAVE_RENESAS_SYNC
- devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo);
- if (devId == INVALID_DEVID) {
- printf("Couldn't get the Renesas device ID\n");
- }
- #endif
- #endif
- #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
- !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- if (devId == INVALID_DEVID) {
- /* for testing RNG with crypto callback register function */
- devId = 100; /* any value beside -2 (INVALID_DEVID) */
- wc_CryptoCb_RegisterDevice(devId, rng_crypto_cb, NULL);
- }
- #endif
- #ifdef HAVE_SELFTEST
- if ( (ret = wolfCrypt_SelfTest()) != 0)
- TEST_FAIL("CAVP selftest failed!\n", ret);
- else
- TEST_PASS("CAVP selftest passed!\n");
- #endif
- if ( (ret = error_test()) != 0)
- TEST_FAIL("error test failed!\n", ret);
- else
- TEST_PASS("error test passed!\n");
- if ( (ret = memory_test()) != 0)
- TEST_FAIL("MEMORY test failed!\n", ret);
- else
- TEST_PASS("MEMORY test passed!\n");
- #ifndef NO_CODING
- if ( (ret = base64_test()) != 0)
- TEST_FAIL("base64 test failed!\n", ret);
- else
- TEST_PASS("base64 test passed!\n");
- #ifdef WOLFSSL_BASE16
- if ( (ret = base16_test()) != 0)
- TEST_FAIL("base16 test failed!\n", ret);
- else
- TEST_PASS("base16 test passed!\n");
- #endif
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- if ( (ret = asn_test()) != 0)
- TEST_FAIL("asn test failed!\n", ret);
- else
- TEST_PASS("asn test passed!\n");
- #endif
- #ifndef WC_NO_RNG
- if ( (ret = random_test()) != 0)
- TEST_FAIL("RANDOM test failed!\n", ret);
- else
- TEST_PASS("RANDOM test passed!\n");
- #endif /* WC_NO_RNG */
- #ifndef NO_MD5
- if ( (ret = md5_test()) != 0)
- TEST_FAIL("MD5 test failed!\n", ret);
- else
- TEST_PASS("MD5 test passed!\n");
- #endif
- #ifdef WOLFSSL_MD2
- if ( (ret = md2_test()) != 0)
- TEST_FAIL("MD2 test failed!\n", ret);
- else
- TEST_PASS("MD2 test passed!\n");
- #endif
- #ifndef NO_MD4
- if ( (ret = md4_test()) != 0)
- TEST_FAIL("MD4 test failed!\n", ret);
- else
- TEST_PASS("MD4 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = sha_test()) != 0)
- TEST_FAIL("SHA test failed!\n", ret);
- else
- TEST_PASS("SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = sha224_test()) != 0)
- TEST_FAIL("SHA-224 test failed!\n", ret);
- else
- TEST_PASS("SHA-224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = sha256_test()) != 0)
- TEST_FAIL("SHA-256 test failed!\n", ret);
- else
- TEST_PASS("SHA-256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = sha384_test()) != 0)
- TEST_FAIL("SHA-384 test failed!\n", ret);
- else
- TEST_PASS("SHA-384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ((ret = sha512_test()) != 0) {
- TEST_FAIL("SHA-512 test failed!\n", ret);
- }
- else {
- TEST_PASS("SHA-512 test passed!\n");
- }
- #if !defined(WOLFSSL_NOSHA512_224) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- if ((ret = sha512_224_test()) != 0) {
- TEST_FAIL("SHA-512/224 test failed!\n", ret);
- }
- else
- TEST_PASS("SHA-512/224 test passed!\n");
- #endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */
- #if !defined(WOLFSSL_NOSHA512_256) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- if ((ret = sha512_256_test()) != 0) {
- TEST_FAIL("SHA-512/256 test failed!\n", ret);
- }
- else
- TEST_PASS("SHA-512/256 test passed!\n");
- #endif /* !defined(WOLFSSL_NOSHA512_256) & !FIPS ... */
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA3
- if ( (ret = sha3_test()) != 0)
- TEST_FAIL("SHA-3 test failed!\n", ret);
- else
- TEST_PASS("SHA-3 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHAKE128
- if ( (ret = shake128_test()) != 0)
- TEST_FAIL("SHAKE128 test failed!\n", ret);
- else
- TEST_PASS("SHAKE128 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHAKE256
- if ( (ret = shake256_test()) != 0)
- TEST_FAIL("SHAKE256 test failed!\n", ret);
- else
- TEST_PASS("SHAKE256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SM3
- if ( (ret = sm3_test()) != 0)
- return err_sys("SM-3 test failed!\n", ret);
- else
- TEST_PASS("SM-3 test passed!\n");
- #endif
- #ifndef NO_HASH_WRAPPER
- if ( (ret = hash_test()) != 0)
- TEST_FAIL("Hash test failed!\n", ret);
- else
- TEST_PASS("Hash test passed!\n");
- #endif
- #ifdef WOLFSSL_RIPEMD
- if ( (ret = ripemd_test()) != 0)
- TEST_FAIL("RIPEMD test failed!\n", ret);
- else
- TEST_PASS("RIPEMD test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2
- if ( (ret = blake2b_test()) != 0)
- TEST_FAIL("BLAKE2b test failed!\n", ret);
- else
- TEST_PASS("BLAKE2b test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2S
- if ( (ret = blake2s_test()) != 0)
- TEST_FAIL("BLAKE2s test failed!\n", ret);
- else
- TEST_PASS("BLAKE2s test passed!\n");
- #endif
- #ifndef NO_HMAC
- #if !defined(NO_MD5) && !(defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) \
- && (HAVE_FIPS_VERSION >= 5))
- if ( (ret = hmac_md5_test()) != 0)
- TEST_FAIL("HMAC-MD5 test failed!\n", ret);
- else
- TEST_PASS("HMAC-MD5 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = hmac_sha_test()) != 0)
- TEST_FAIL("HMAC-SHA test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = hmac_sha224_test()) != 0)
- TEST_FAIL("HMAC-SHA224 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = hmac_sha256_test()) != 0)
- TEST_FAIL("HMAC-SHA256 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = hmac_sha384_test()) != 0)
- TEST_FAIL("HMAC-SHA384 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ret = hmac_sha512_test()) != 0)
- TEST_FAIL("HMAC-SHA512 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA512 test passed!\n");
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
- !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
- !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
- if ( (ret = hmac_sha3_test()) != 0)
- TEST_FAIL("HMAC-SHA3 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA3 test passed!\n");
- #endif
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = hkdf_test()) != 0)
- TEST_FAIL("HMAC-KDF test failed!\n", ret);
- else
- TEST_PASS("HMAC-KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #endif /* !NO_HMAC */
- #ifdef WOLFSSL_WOLFSSH
- PRIVATE_KEY_UNLOCK();
- if ( (ret = sshkdf_test()) != 0)
- TEST_FAIL("SSH-KDF test failed!\n", ret);
- else
- TEST_PASS("SSH-KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif /* WOLFSSL_WOLFSSH */
- #if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = prf_test()) != 0)
- TEST_FAIL("PRF test failed!\n", ret);
- else
- TEST_PASS("PRF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef WOLFSSL_HAVE_PRF
- #if defined (HAVE_HKDF) && !defined(NO_HMAC)
- #ifdef WOLFSSL_BASE16
- PRIVATE_KEY_UNLOCK();
- if ( (ret = tls12_kdf_test()) != 0)
- TEST_FAIL("TLSv1.2 KDF test failed!\n", ret);
- else
- TEST_PASS("TLSv1.2 KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif /* WOLFSSL_BASE16 */
- #endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
- #endif /* WOLFSSL_HAVE_PRF */
- #ifdef WOLFSSL_TLS13
- PRIVATE_KEY_UNLOCK();
- if ( (ret = tls13_kdf_test()) != 0)
- TEST_FAIL("TLSv1.3 KDF test failed!\n", ret);
- else
- TEST_PASS("TLSv1.3 KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif /* WOLFSSL_TLS13 */
- #if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
- if ( (ret = x963kdf_test()) != 0)
- TEST_FAIL("X963-KDF test failed!\n", ret);
- else
- TEST_PASS("X963-KDF test passed!\n");
- #endif
- #if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
- if ( (ret = hpke_test()) != 0)
- TEST_FAIL("HPKE test failed!\n", ret);
- else
- TEST_PASS("HPKE test passed!\n");
- #endif
- #if defined(WC_SRTP_KDF)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = srtpkdf_test()) != 0)
- TEST_FAIL("SRTP KDF test failed!\n", ret);
- else
- TEST_PASS("SRTP KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(WC_KDF_NIST_SP_800_56C)
- if ( (ret = nist_sp80056c_kdf_test()) != 0)
- TEST_FAIL("NIST SP 800-56C KDF test failed!\n", ret);
- else
- TEST_PASS("NIST SP 800-56C KDF test passed!\n");
- #endif
- #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
- !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
- !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
- if ( (ret = gmac_test()) != 0)
- TEST_FAIL("GMAC test failed!\n", ret);
- else
- TEST_PASS("GMAC test passed!\n");
- #endif
- #ifdef WC_RC2
- if ( (ret = rc2_test()) != 0)
- TEST_FAIL("RC2 test failed!\n", ret);
- else
- TEST_PASS("RC2 test passed!\n");
- #endif
- #ifndef NO_RC4
- if ( (ret = arc4_test()) != 0)
- TEST_FAIL("ARC4 test failed!\n", ret);
- else
- TEST_PASS("ARC4 test passed!\n");
- #endif
- #ifdef HAVE_CHACHA
- if ( (ret = chacha_test()) != 0)
- TEST_FAIL("Chacha test failed!\n", ret);
- else
- TEST_PASS("Chacha test passed!\n");
- #endif
- #ifdef HAVE_XCHACHA
- if ( (ret = XChaCha_test()) != 0)
- TEST_FAIL("XChacha test failed!\n", ret);
- else
- TEST_PASS("XChacha test passed!\n");
- #endif
- #ifdef HAVE_POLY1305
- if ( (ret = poly1305_test()) != 0)
- TEST_FAIL("POLY1305 test failed!\n", ret);
- else
- TEST_PASS("POLY1305 test passed!\n");
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- if ( (ret = chacha20_poly1305_aead_test()) != 0)
- TEST_FAIL("ChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- TEST_PASS("ChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
- if ( (ret = XChaCha20Poly1305_test()) != 0)
- TEST_FAIL("XChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- TEST_PASS("XChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des_test()) != 0)
- TEST_FAIL("DES test failed!\n", ret);
- else
- TEST_PASS("DES test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des3_test()) != 0)
- TEST_FAIL("DES3 test failed!\n", ret);
- else
- TEST_PASS("DES3 test passed!\n");
- #endif
- #ifndef NO_AES
- if ( (ret = aes_test()) != 0)
- TEST_FAIL("AES test failed!\n", ret);
- else
- TEST_PASS("AES test passed!\n");
- #if defined(WOLFSSL_AES_192) && \
- !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
- if ( (ret = aes192_test()) != 0)
- TEST_FAIL("AES192 test failed!\n", ret);
- else
- TEST_PASS("AES192 test passed!\n");
- #endif
- #if defined(WOLFSSL_AES_256)
- if ( (ret = aes256_test()) != 0)
- TEST_FAIL("AES256 test failed!\n", ret);
- else
- TEST_PASS("AES256 test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_OFB
- if ( (ret = aesofb_test()) != 0)
- TEST_FAIL("AES-OFB test failed!\n", ret);
- else
- TEST_PASS("AES-OFB test passed!\n");
- #endif
- #ifdef HAVE_AESGCM
- #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO)
- if ( (ret = aesgcm_test()) != 0)
- TEST_FAIL("AES-GCM test failed!\n", ret);
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
- !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
- !defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \
- (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
- if ((ret = aesgcm_default_test()) != 0) {
- TEST_FAIL("AES-GCM test failed!\n", ret);
- }
- #endif
- if (ret == 0) {
- TEST_PASS("AES-GCM test passed!\n");
- }
- #endif
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if ( (ret = aesccm_test()) != 0)
- TEST_FAIL("AES-CCM test failed!\n", ret);
- else
- TEST_PASS("AES-CCM test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_CFB
- if ( (ret = aes_cfb_test()) != 0)
- TEST_FAIL("AES-CFB test failed!\n", ret);
- else
- TEST_PASS("AES-CFB test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_XTS
- if ( (ret = aes_xts_test()) != 0)
- TEST_FAIL("AES-XTS test failed!\n", ret);
- else
- TEST_PASS("AES-XTS test passed!\n");
- #endif
- #ifdef HAVE_AES_KEYWRAP
- if ( (ret = aeskeywrap_test()) != 0)
- TEST_FAIL("AES Key Wrap test failed!\n", ret);
- else
- TEST_PASS("AES Key Wrap test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_SIV
- if ( (ret = aes_siv_test()) != 0)
- TEST_FAIL("AES-SIV test failed!\n", ret);
- else
- TEST_PASS("AES-SIV test passed!\n");
- #endif
- #endif
- #if defined(WOLFSSL_AES_EAX) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- if ( (ret = aes_eax_test()) != 0)
- TEST_FAIL("AES-EAX test failed!\n", ret);
- else
- TEST_PASS("AES-EAX test passed!\n");
- #endif /* WOLFSSL_AES_EAX */
- #ifdef HAVE_ARIA
- if ( (ret = ariagcm_test(MC_ALGID_ARIA_128BITKEY)) != 0)
- TEST_FAIL("ARIA128 test failed!\n", ret);
- else
- TEST_PASS("ARIA128 test passed!\n");
- if ( (ret = ariagcm_test(MC_ALGID_ARIA_192BITKEY)) != 0)
- TEST_FAIL("ARIA192 test failed!\n", ret);
- else
- TEST_PASS("ARIA192 test passed!\n");
- if ( (ret = ariagcm_test(MC_ALGID_ARIA_256BITKEY)) != 0)
- TEST_FAIL("ARIA256 test failed!\n", ret);
- else
- TEST_PASS("ARIA256 test passed!\n");
- #endif
- #ifdef HAVE_CAMELLIA
- if ( (ret = camellia_test()) != 0)
- TEST_FAIL("CAMELLIA test failed!\n", ret);
- else
- TEST_PASS("CAMELLIA test passed!\n");
- #endif
- #ifdef WOLFSSL_SM4
- if ( (ret = sm4_test()) != 0)
- return err_sys("SM-4 test failed!\n", ret);
- else
- TEST_PASS("SM-4 test passed!\n");
- #endif
- #if !defined(NO_RSA) && !defined(HAVE_RENESAS_SYNC)
- #ifdef WC_RSA_NO_PADDING
- if ( (ret = rsa_no_pad_test()) != 0)
- TEST_FAIL("RSA NOPAD test failed!\n", ret);
- else
- TEST_PASS("RSA NOPAD test passed!\n");
- #endif
- if ( (ret = rsa_test()) != 0)
- TEST_FAIL("RSA test failed!\n", ret);
- else
- TEST_PASS("RSA test passed!\n");
- #endif
- #ifndef NO_DH
- PRIVATE_KEY_UNLOCK();
- if ( (ret = dh_test()) != 0)
- TEST_FAIL("DH test failed!\n", ret);
- else
- TEST_PASS("DH test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifndef NO_DSA
- if ( (ret = dsa_test()) != 0)
- TEST_FAIL("DSA test failed!\n", ret);
- else
- TEST_PASS("DSA test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SRP
- if ( (ret = srp_test()) != 0)
- TEST_FAIL("SRP test failed!\n", ret);
- else
- TEST_PASS("SRP test passed!\n");
- #endif
- #ifndef NO_PWDBASED
- PRIVATE_KEY_UNLOCK();
- if ( (ret = pwdbased_test()) != 0)
- TEST_FAIL("PWDBASED test failed!\n", ret);
- else
- TEST_PASS("PWDBASED test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(USE_CERT_BUFFERS_2048) && \
- defined(HAVE_PKCS12) && \
- !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
- !defined(NO_CERTS) && !defined(NO_DES3)
- if ( (ret = pkcs12_test()) != 0)
- TEST_FAIL("PKCS12 test failed!\n", ret);
- else
- TEST_PASS("PKCS12 test passed!\n");
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- if ( (ret = openssl_test()) != 0)
- TEST_FAIL("OPENSSL test failed!\n", ret);
- else
- TEST_PASS("OPENSSL test passed!\n");
- if ( (ret = openSSL_evpMD_test()) != 0)
- TEST_FAIL("OPENSSL (EVP MD) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (EVP MD) passed!\n");
- if ( (ret = openssl_pkey0_test()) != 0)
- TEST_FAIL("OPENSSL (PKEY0) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (PKEY0) passed!\n");
- if ( (ret = openssl_pkey1_test()) != 0)
- TEST_FAIL("OPENSSL (PKEY1) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (PKEY1) passed!\n");
- #if !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- if ( (ret = openssl_evpSig_test()) != 0)
- TEST_FAIL("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (EVP Sign/Verify) passed!\n");
- #endif
- #endif
- #if defined(HAVE_ECC)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = ecc_test()) != 0)
- TEST_FAIL("ECC test failed!\n", ret);
- else
- TEST_PASS("ECC test passed!\n");
- PRIVATE_KEY_LOCK();
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- if ( (ret = ecc_encrypt_test()) != 0)
- TEST_FAIL("ECC Enc test failed!\n", ret);
- else
- TEST_PASS("ECC Enc test passed!\n");
- #endif
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
- /* skip for ATECC508/608A, cannot import private key buffers */
- if ( (ret = ecc_test_buffers()) != 0)
- TEST_FAIL("ECC buffer test failed!\n", ret);
- else
- TEST_PASS("ECC buffer test passed!\n");
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- if ( (ret = cert_test()) != 0)
- TEST_FAIL("CERT test failed!\n", ret);
- else
- TEST_PASS("CERT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
- if ( (ret = certext_test()) != 0)
- TEST_FAIL("CERT EXT test failed!\n", ret);
- else
- TEST_PASS("CERT EXT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- if ( (ret = decodedCertCache_test()) != 0)
- TEST_FAIL("DECODED CERT CACHE test failed!\n", ret);
- else
- TEST_PASS("DECODED CERT CACHE test passed!\n");
- #endif
- #ifdef HAVE_CURVE25519
- if ( (ret = curve25519_test()) != 0)
- TEST_FAIL("CURVE25519 test failed!\n", ret);
- else
- TEST_PASS("CURVE25519 test passed!\n");
- #endif
- #ifdef HAVE_ED25519
- PRIVATE_KEY_UNLOCK();
- if ( (ret = ed25519_test()) != 0)
- TEST_FAIL("ED25519 test failed!\n", ret);
- else
- TEST_PASS("ED25519 test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef HAVE_CURVE448
- if ( (ret = curve448_test()) != 0)
- TEST_FAIL("CURVE448 test failed!\n", ret);
- else
- TEST_PASS("CURVE448 test passed!\n");
- #endif
- #ifdef HAVE_ED448
- PRIVATE_KEY_UNLOCK();
- if ( (ret = ed448_test()) != 0)
- TEST_FAIL("ED448 test failed!\n", ret);
- else
- TEST_PASS("ED448 test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef WOLFSSL_HAVE_KYBER
- if ( (ret = kyber_test()) != 0)
- TEST_FAIL("KYBER test failed!\n", ret);
- else
- TEST_PASS("KYBER test passed!\n");
- #endif
- #if defined(WOLFSSL_HAVE_XMSS)
- #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
- if ( (ret = xmss_test_verify_only()) != 0)
- TEST_FAIL("XMSS Vfy test failed!\n", ret);
- else
- TEST_PASS("XMSS Vfy test passed!\n");
- #endif
- #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
- if ( (ret = xmss_test()) != 0)
- TEST_FAIL("XMSS test failed!\n", ret);
- else
- TEST_PASS("XMSS test passed!\n");
- #endif
- #endif /* if defined(WOLFSSL_HAVE_XMSS) */
- #if defined(WOLFSSL_HAVE_LMS)
- #if !defined(WOLFSSL_SMALL_STACK)
- #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
- defined(HAVE_LIBLMS)
- if ( (ret = lms_test_verify_only()) != 0)
- TEST_FAIL("LMS Vfy test failed!\n", ret);
- else
- TEST_PASS("LMS Vfy test passed!\n");
- #endif
- #endif
- #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
- if ( (ret = lms_test()) != 0)
- TEST_FAIL("LMS test failed!\n", ret);
- else
- TEST_PASS("LMS test passed!\n");
- #endif
- #endif /* if defined(WOLFSSL_HAVE_LMS) */
- #ifdef WOLFCRYPT_HAVE_ECCSI
- if ( (ret = eccsi_test()) != 0)
- TEST_FAIL("ECCSI test failed!\n", ret);
- else
- TEST_PASS("ECCSI test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- if ( (ret = sakke_test()) != 0)
- TEST_FAIL("SAKKE test failed!\n", ret);
- else
- TEST_PASS("SAKKE test passed!\n");
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if ( (ret = cmac_test()) != 0)
- TEST_FAIL("CMAC test failed!\n", ret);
- else
- TEST_PASS("CMAC test passed!\n");
- #endif
- #if defined(WOLFSSL_SIPHASH)
- if ( (ret = siphash_test()) != 0)
- TEST_FAIL("SipHash test failed!\n", ret);
- else
- TEST_PASS("SipHash test passed!\n");
- #endif
- #ifdef HAVE_LIBZ
- if ( (ret = compress_test()) != 0)
- TEST_FAIL("COMPRESS test failed!\n", ret);
- else
- TEST_PASS("COMPRESS test passed!\n");
- #endif
- #ifdef HAVE_PKCS7
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- if ( (ret = pkcs7encrypted_test()) != 0)
- TEST_FAIL("PKCS7encrypted test failed!\n", ret);
- else
- TEST_PASS("PKCS7encrypted test passed!\n");
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- if ( (ret = pkcs7compressed_test()) != 0)
- TEST_FAIL("PKCS7compressed test failed!\n", ret);
- else
- TEST_PASS("PKCS7compressed test passed!\n");
- #endif
- if ( (ret = pkcs7signed_test()) != 0)
- TEST_FAIL("PKCS7signed test failed!\n", ret);
- else
- TEST_PASS("PKCS7signed test passed!\n");
- if ( (ret = pkcs7enveloped_test()) != 0)
- TEST_FAIL("PKCS7enveloped test failed!\n", ret);
- else
- TEST_PASS("PKCS7enveloped test passed!\n");
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- if ( (ret = pkcs7authenveloped_test()) != 0)
- TEST_FAIL("PKCS7authenveloped test failed!\n", ret);
- else
- TEST_PASS("PKCS7authenveloped test passed!\n");
- #endif
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && \
- ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(USE_FAST_MATH))
- if ( (ret = mp_test()) != 0)
- TEST_FAIL("mp test failed!\n", ret);
- else
- TEST_PASS("mp test passed!\n");
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- if ( (ret = prime_test()) != 0)
- TEST_FAIL("prime test failed!\n", ret);
- else
- TEST_PASS("prime test passed!\n");
- #endif
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- if ( (ret = berder_test()) != 0)
- TEST_FAIL("ber-der test failed!\n", ret);
- else
- TEST_PASS("ber-der test passed!\n");
- #endif
- if ( (ret = logging_test()) != 0)
- TEST_FAIL("logging test failed!\n", ret);
- else
- TEST_PASS("logging test passed!\n");
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- if ( (ret = time_test()) != 0)
- TEST_FAIL("time test failed!\n", ret);
- else
- TEST_PASS("time test passed!\n");
- #endif
- #if defined(__INCLUDE_NUTTX_CONFIG_H)
- if ((ret = wolfcrypt_mutex_test()) != 0)
- #else
- if ((ret = mutex_test()) != 0)
- #endif
- TEST_FAIL("mutex test failed!\n", ret);
- else
- TEST_PASS("mutex test passed!\n");
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- if ( (ret = memcb_test()) != 0)
- TEST_FAIL("memcb test failed!\n", ret);
- else
- TEST_PASS("memcb test passed!\n");
- #endif
- #ifdef WOLFSSL_CAAM_BLOB
- if ( (ret = blob_test()) != 0)
- TEST_FAIL("blob test failed!\n", ret);
- else
- TEST_PASS("blob test passed!\n");
- #endif
- #if defined(WOLF_CRYPTO_CB) && \
- !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
- defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC))
- if ( (ret = cryptocb_test()) != 0)
- TEST_FAIL("crypto callback test failed!\n", ret);
- else
- TEST_PASS("crypto callback test passed!\n");
- #endif
- #ifdef WOLFSSL_CERT_PIV
- if ( (ret = certpiv_test()) != 0)
- TEST_FAIL("cert piv test failed!\n", ret);
- else
- TEST_PASS("cert piv test passed!\n");
- #endif
- #ifdef WOLF_CRYPTO_CB
- #ifdef HAVE_INTEL_QA_SYNC
- wc_CryptoCb_CleanupIntelQa(&devId);
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- wc_CryptoCb_CleanupOcteon(&devId);
- #endif
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- wolfAsync_DevClose(&devId);
- #endif
- /* cleanup the thread if fixed point cache is enabled and have thread local */
- #if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
- wc_ecc_fp_free();
- #endif
- #ifdef TEST_ALWAYS_RUN_TO_END
- if (last_failed_test_ret != 0)
- ret = last_failed_test_ret;
- #endif
- if (args)
- ((func_args*)args)->return_code = ret;
- /* If hardware acceleration and respective metrics tracked, show results: */
- #ifdef WOLFSSL_HW_METRICS
- #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
- esp_hw_show_mp_metrics();
- #endif
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) && !defined(OPENSSL_EXTRA)
- wolfSSL_SetGlobalHeapHint(NULL);
- #endif
- TEST_PASS("Test complete\n");
- EXIT_TEST(ret);
- } /* end of wolfcrypt_test() */
- #ifndef NO_MAIN_DRIVER
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- int myoptind = 0;
- char* myoptarg = NULL;
- #endif
- /* so overall tests can pull in test function */
- #if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE)
- wc_test_ret_t wolf_test_task(void)
- #else
- #ifndef NO_MAIN_FUNCTION
- int main(int argc, char** argv)
- {
- return (int)wolfcrypt_test_main(argc, argv);
- }
- #endif
- wc_test_ret_t wolfcrypt_test_main(int argc, char** argv)
- #endif
- {
- wc_test_ret_t ret;
- func_args args = { 0, 0, 0 };
- #if defined(WOLFSSL_ESPIDF) || defined(WOLFSSL_SE050)
- /* set dummy wallclock time. */
- struct timeval utctime;
- struct timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- settimeofday(&utctime, &tz);
- #endif
- #ifdef WOLFSSL_APACHE_MYNEWT
- #ifdef ARCH_sim
- mcu_sim_parse_args(argc, argv);
- #endif
- sysinit();
- /* set dummy wallclock time. */
- struct os_timeval utctime;
- struct os_timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- os_settimeofday(&utctime, &tz);
- #endif
- #ifdef WOLFSSL_ZEPHYR
- /* set dummy wallclock time. */
- struct timespec utctime;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_nsec = 0;
- clock_settime(CLOCK_REALTIME, &utctime);
- #endif
- #ifdef DEVKITPRO
- void *framebuffer;
- GXRModeObj *rmode = NULL;
- VIDEO_Init();
- WPAD_Init();
- rmode = VIDEO_GetPreferredMode(NULL);
- #pragma GCC diagnostic ignored "-Wbad-function-cast"
- framebuffer = MEM_K0_TO_K1(SYS_AllocateFramebuffer(rmode));
- #pragma GCC diagnostic pop
- console_init(framebuffer,20,20,rmode->fbWidth,rmode->xfbHeight,rmode->fbWidth*VI_DISPLAY_PIX_SZ);
- VIDEO_Configure(rmode);
- VIDEO_SetNextFramebuffer(framebuffer);
- VIDEO_SetBlack(FALSE);
- VIDEO_Flush();
- VIDEO_WaitVSync();
- if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
- #endif
- #ifdef HAVE_WNR
- if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) {
- err_sys("Whitewood netRandom global config failed",
- WC_TEST_RET_ENC_EC(ret));
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- #ifndef WOLFSSL_ESPIDF
- args.argc = argc;
- args.argv = argv;
- #endif
- if ((ret = wolfCrypt_Init()) != 0) {
- printf("wolfCrypt_Init failed %d\n", (int)ret);
- err_sys("Error with wolfCrypt_Init!\n", WC_TEST_RET_ENC_EC(ret));
- }
- #ifdef HAVE_WC_INTROSPECTION
- printf("Math: %s\n", wc_GetMathInfo());
- #endif
- #ifdef HAVE_STACK_SIZE
- StackSizeCheck(&args, wolfcrypt_test);
- #else
- wolfcrypt_test(&args);
- #endif
- if ((ret = wolfCrypt_Cleanup()) != 0) {
- printf("wolfCrypt_Cleanup failed %d\n", (int)ret);
- err_sys("Error with wolfCrypt_Cleanup!\n", WC_TEST_RET_ENC_EC(ret));
- }
- #ifdef HAVE_WNR
- if ((ret = wc_FreeNetRandom()) < 0)
- err_sys("Failed to free netRandom context",
- WC_TEST_RET_ENC_EC(ret));
- #endif /* HAVE_WNR */
- #ifdef DOLPHIN_EMULATOR
- /* Returning from main panics the emulator. Just hang
- * and let the user force quit the emulator window. */
- printf("args.return_code: %d\n", args.return_code);
- printf("Testing complete. You may close the window now\n");
- while (1);
- #endif
- #if defined(WOLFSSL_ESPIDF)
- /* ESP_LOGI to print takes up a lot less memory than printf */
- ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n",
- args.return_code);
- #else
- /* gate this for target platforms wishing to avoid printf reference */
- printf("Exiting main with return code: %ld\n", (long int)args.return_code);
- #endif
- return args.return_code;
- } /* wolfcrypt_test_main or wolf_test_task */
- #endif /* NO_MAIN_DRIVER */
- /* helper to save DER, convert to PEM and save PEM */
- #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
- (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- #define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, fD, fP, pT, WC_TEST_RET_LN)
- #else
- #define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, NULL, NULL, pT, WC_TEST_RET_LN)
- #endif
- static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
- const char* fileDer, const char* filePem, int pemType, int calling_line)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- wc_test_ret_t ret;
- XFILE derFile;
- derFile = XFOPEN(fileDer, "wb");
- if (!derFile) {
- return WC_TEST_RET_ENC(calling_line, 0, WC_TEST_RET_TAG_I);
- }
- ret = (int)XFWRITE(der, 1, (size_t)derSz, derFile);
- XFCLOSE(derFile);
- if (ret != derSz) {
- return WC_TEST_RET_ENC(calling_line, 1, WC_TEST_RET_TAG_I);
- }
- #endif
- #ifdef WOLFSSL_DER_TO_PEM
- if (filePem) {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- XFILE pemFile;
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- byte* pem;
- #else
- byte pem[1024];
- #endif
- int pemSz;
- /* calculate PEM size */
- pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, pemType);
- if (pemSz < 0) {
- return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I);
- }
- #ifndef WOLFSSL_NO_MALLOC
- pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I);
- }
- #else
- if (pemSz > (int)sizeof(pem))
- return BAD_FUNC_ARG;
- #endif
- /* Convert to PEM */
- pemSz = wc_DerToPem(der, (word32)derSz, pem, pemSz, pemType);
- if (pemSz < 0) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- pemFile = XFOPEN(filePem, "wb");
- if (!pemFile) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
- }
- ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile);
- XFCLOSE(pemFile);
- if (ret != pemSz) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
- }
- #endif
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* WOLFSSL_DER_TO_PEM */
- /* suppress unused variable warnings */
- (void)der;
- (void)derSz;
- (void)filePem;
- (void)fileDer;
- (void)pemType;
- (void)calling_line;
- return 0;
- }
- #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
- {
- const char* errStr;
- char out[WOLFSSL_MAX_ERROR_SZ];
- const char* unknownStr = wc_GetErrorString(0);
- #ifdef NO_ERROR_STRINGS
- /* Ensure a valid error code's string matches an invalid code's.
- * The string is that error strings are not available.
- */
- WOLFSSL_ENTER("error_test NO_ERROR_STRINGS");
- errStr = wc_GetErrorString(OPEN_RAN_E);
- wc_ErrorString(OPEN_RAN_E, out);
- if (XSTRCMP(errStr, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XSTRCMP(out, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- #else
- int i;
- int j = 0;
- /* Values that are not or no longer error codes. */
- int missing[] = { -124, -166, -167, -168, -169, 0 };
- /* Check that all errors have a string and it's the same through the two
- * APIs. Check that the values that are not errors map to the unknown
- * string.
- */
- for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (i != missing[j]) {
- if (XSTRCMP(errStr, unknownStr) == 0) {
- WOLFSSL_MSG("errStr unknown");
- return WC_TEST_RET_ENC_NC;
- }
- if (XSTRCMP(out, unknownStr) == 0) {
- WOLFSSL_MSG("out unknown");
- return WC_TEST_RET_ENC_NC;
- }
- if (XSTRCMP(errStr, out) != 0) {
- WOLFSSL_MSG("errStr does not match output");
- return WC_TEST_RET_ENC_NC;
- }
- if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) {
- WOLFSSL_MSG("errStr too long");
- return WC_TEST_RET_ENC_NC;
- }
- }
- else {
- j++;
- if (XSTRCMP(errStr, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XSTRCMP(out, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- }
- }
- /* Check if the next possible value has been given a string. */
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (XSTRCMP(errStr, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XSTRCMP(out, unknownStr) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- return 0;
- }
- #ifndef NO_CODING
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
- {
- wc_test_ret_t ret;
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = "A+Gd\0\0\0";
- WOLFSSL_SMALL_STACK_STATIC const byte goodEnd[] = "A+Gd \r\n";
- WOLFSSL_SMALL_STACK_STATIC const byte good_spaces[] = " A + G d \0";
- byte out[128];
- word32 outLen;
- #ifdef WOLFSSL_BASE64_ENCODE
- byte data[3];
- word32 dataLen;
- byte longData[79] = { 0 };
- WOLFSSL_SMALL_STACK_STATIC const byte symbols[] = "+/A=";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte badSmall[] = "AAA!Gdj=";
- WOLFSSL_SMALL_STACK_STATIC const byte badLarge[] = "AAA~Gdj=";
- WOLFSSL_SMALL_STACK_STATIC const byte badEOL[] = "A+Gd!AA";
- WOLFSSL_SMALL_STACK_STATIC const byte badPadding[] = "AA=A";
- WOLFSSL_SMALL_STACK_STATIC const byte badChar[] = ",-.:;<=>?@[\\]^_`";
- byte goodChar[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz"
- "0123456789+/;";
- byte charTest[] = "A+Gd\0\0\0";
- int i;
- WOLFSSL_ENTER("base64_test");
- /* Good Base64 encodings. */
- outLen = sizeof(out);
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(goodChar);
- ret = Base64_Decode(goodChar, sizeof(goodChar), goodChar, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (outLen != 64 / 4 * 3)
- return WC_TEST_RET_ENC_NC;
- outLen = sizeof(out);
- ret = Base64_Decode(good_spaces, sizeof(good_spaces), out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Bad parameters. */
- outLen = 1;
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_EC(ret);
- /* Bad character at each offset 0-3. */
- for (i = 0; i < 4; i++) {
- outLen = sizeof(out);
- ret = Base64_Decode(badSmall + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- ret = Base64_Decode(badLarge + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- }
- /* Invalid character less than 0x2b */
- for (i = 1; i < 0x2b; i++) {
- outLen = sizeof(out);
- charTest[0] = (byte)i;
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- }
- /* Bad characters in range 0x2b - 0x7a. */
- for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
- outLen = sizeof(out);
- charTest[0] = badChar[i];
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- }
- /* Invalid character greater than 0x7a */
- for (i = 0x7b; i < 0x100; i++) {
- outLen = sizeof(out);
- charTest[0] = (byte)i;
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return WC_TEST_RET_ENC_I(i);
- }
- #ifdef WOLFSSL_BASE64_ENCODE
- /* Decode and encode all symbols - non-alphanumeric. */
- dataLen = sizeof(data);
- ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = 7;
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Data that results in an encoding longer than one line. */
- outLen = sizeof(out);
- dataLen = sizeof(longData);
- ret = Base64_Encode(longData, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #ifdef WOLFSSL_BASE16
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void)
- {
- wc_test_ret_t ret;
- WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n";
- WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
- byte encoded[40];
- word32 encodedLen;
- byte plain[40];
- word32 len;
- WOLFSSL_ENTER("base16_test");
- /* length returned includes null termination */
- encodedLen = sizeof(encoded);
- ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- len = (word32)XSTRLEN((char*)encoded);
- if (len != encodedLen - 1)
- return WC_TEST_RET_ENC_NC;
- len = sizeof(plain);
- ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
- return WC_TEST_RET_ENC_NC;
- if (encodedLen != sizeof(encodedTestData) ||
- XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- return 0;
- }
- #endif /* WOLFSSL_BASE16 */
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
- {
- wc_test_ret_t ret;
- /* ASN1 encoded date buffer */
- WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {
- 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
- 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a
- };
- byte format;
- int length;
- const byte* datePart;
- #ifndef NO_ASN_TIME
- struct tm timearg;
- time_t now;
- #endif
- WOLFSSL_ENTER("asn_test");
- ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
- &length);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef NO_ASN_TIME
- /* Parameter Validation tests. */
- if ((ret = wc_GetTime(NULL, sizeof(now))) != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- if ((ret = wc_GetTime(&now, 0)) != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- now = 0;
- if ((ret = wc_GetTime(&now, sizeof(now))) != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (now == 0) {
- printf("RTC/Time not set!\n");
- return WC_TEST_RET_ENC_NC;
- }
- ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* !NO_ASN_TIME */
- return 0;
- }
- #endif /* !NO_ASN */
- #ifdef WOLFSSL_MD2
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
- {
- wc_test_ret_t ret = 0;
- Md2 md2;
- byte hash[MD2_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md2[7];
- int times = sizeof(test_md2) / sizeof(testVector), i;
- WOLFSSL_ENTER("md2_test");
- a.input = "";
- a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
- "\x27\x73";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD2_DIGEST_SIZE;
- b.input = "a";
- b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
- "\xb5\xd1";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD2_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
- "\xd6\xbb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD2_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
- "\x06\xb0";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD2_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
- "\x94\x0b";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD2_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
- "\x38\xcd";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD2_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
- "\xef\xd8";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD2_DIGEST_SIZE;
- test_md2[0] = a;
- test_md2[1] = b;
- test_md2[2] = c;
- test_md2[3] = d;
- test_md2[4] = e;
- test_md2[5] = f;
- test_md2[6] = g;
- wc_InitMd2(&md2);
- for (i = 0; i < times; ++i) {
- wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
- wc_Md2Final(&md2, hash);
- if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Md2Hash((byte*)test_md2[i].input, (word32)test_md2[i].inLen, hash);
- if (ret != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- return 0;
- }
- #endif
- #ifndef NO_MD5
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void)
- {
- wc_test_ret_t ret = 0;
- wc_Md5 md5, md5Copy;
- byte hash[WC_MD5_DIGEST_SIZE];
- byte hashcopy[WC_MD5_DIGEST_SIZE];
- testVector a, b, c, d, e, f;
- testVector test_md5[6];
- int times = sizeof(test_md5) / sizeof(testVector), i;
- WOLFSSL_ENTER("md5_test");
- a.input = "";
- a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
- "\x7e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
- "\x72";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "message digest";
- c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
- "\xd0";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- d.input = "abcdefghijklmnopqrstuvwxyz";
- d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
- "\x3b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_MD5_DIGEST_SIZE;
- e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
- "\x9f";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_MD5_DIGEST_SIZE;
- f.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_MD5_DIGEST_SIZE;
- test_md5[0] = a;
- test_md5[1] = b;
- test_md5[2] = c;
- test_md5[3] = d;
- test_md5[4] = e;
- test_md5[5] = f;
- ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Md5Free(&md5);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
- (word32)test_md5[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Md5GetHash(&md5, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Md5Copy(&md5, &md5Copy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Md5Free(&md5Copy);
- if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Md5SizeSet(&md5, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Md5Free(&md5);
- wc_Md5Free(&md5Copy);
- return ret;
- }
- #endif /* NO_MD5 */
- #ifndef NO_MD4
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
- {
- Md4 md4;
- byte hash[MD4_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md4[7];
- int times = sizeof(test_md4) / sizeof(testVector), i;
- WOLFSSL_ENTER("md4_test");
- a.input = "";
- a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
- "\xc0";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD4_DIGEST_SIZE;
- b.input = "a";
- b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
- "\x24";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD4_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
- "\x9d";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD4_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
- "\x4b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD4_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
- "\xa9";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD4_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
- "\xe4";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD4_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
- "\x36";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD4_DIGEST_SIZE;
- test_md4[0] = a;
- test_md4[1] = b;
- test_md4[2] = c;
- test_md4[3] = d;
- test_md4[4] = e;
- test_md4[5] = f;
- test_md4[6] = g;
- wc_InitMd4(&md4);
- for (i = 0; i < times; ++i) {
- wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
- wc_Md4Final(&md4, hash);
- if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- return 0;
- }
- #endif /* NO_MD4 */
- #ifndef NO_SHA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
- {
- wc_test_ret_t ret = 0;
- wc_Sha sha, shaCopy;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte hashcopy[WC_SHA_DIGEST_SIZE];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha_test");
- a.input = "";
- a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
- "\x90\xaf\xd8\x07\x09";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
- "\x6C\x9C\xD0\xD8\x9D";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
- "\xE5\xE5\x46\x70\xF1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa";
- d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
- "\x2A\x25\xEC\x64\x4D";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA_DIGEST_SIZE;
- e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_ShaFree(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_ShaGetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_ShaCopy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_ShaFree(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
- defined(HASH_SIZE_LIMIT)
- const char* large_digest =
- "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
- "\x15\x8c\x6d\xb6";
- #else
- const char* large_digest =
- "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
- "\xc5\xd9\x0a\xac";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
- defined(HASH_SIZE_LIMIT)
- times = 20;
- #else
- times = 100;
- #endif
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_ShaSizeSet(&sha, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_ShaFree(&sha);
- wc_ShaFree(&shaCopy);
- return ret;
- }
- #endif /* NO_SHA */
- #ifdef WOLFSSL_RIPEMD
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void)
- {
- RipeMd ripemd;
- wc_test_ret_t ret;
- byte hash[RIPEMD_DIGEST_SIZE];
- testVector a, b, c, d;
- testVector test_ripemd[4];
- int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("ripemd_test");
- a.input = "abc";
- a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
- "\xb0\x87\xf1\x5a\x0b\xfc";
- a.inLen = XSTRLEN(a.input);
- a.outLen = RIPEMD_DIGEST_SIZE;
- b.input = "message digest";
- b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
- "\x5f\xfa\x21\x59\x5f\x36";
- b.inLen = XSTRLEN(b.input);
- b.outLen = RIPEMD_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
- "\xf4\x9a\xda\x62\xeb\x2b";
- c.inLen = XSTRLEN(c.input);
- c.outLen = RIPEMD_DIGEST_SIZE;
- d.input = "12345678901234567890123456789012345678901234567890123456"
- "789012345678901234567890";
- d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
- "\x82\xbf\x63\x32\x6b\xfb";
- d.inLen = XSTRLEN(d.input);
- d.outLen = RIPEMD_DIGEST_SIZE;
- test_ripemd[0] = a;
- test_ripemd[1] = b;
- test_ripemd[2] = c;
- test_ripemd[3] = d;
- ret = wc_InitRipeMd(&ripemd);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
- (word32)test_ripemd[i].inLen);
- if (ret != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- ret = wc_RipeMdFinal(&ripemd, hash);
- if (ret != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- return 0;
- }
- #endif /* WOLFSSL_RIPEMD */
- #ifdef HAVE_BLAKE2
- #define BLAKE2B_TESTS 3
- static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] =
- {
- {
- 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
- 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
- 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
- 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
- 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
- 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
- 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
- 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
- },
- {
- 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
- 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
- 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
- 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
- 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
- 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
- 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
- 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
- },
- {
- 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
- 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
- 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
- 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
- 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
- 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
- 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
- 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
- }
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void)
- {
- Blake2b b2b;
- byte digest[64];
- byte input[64];
- int i, ret;
- WOLFSSL_ENTER("blake2b_test");
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2B_TESTS; i++) {
- ret = wc_InitBlake2b(&b2b, 64);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Blake2bUpdate(&b2b, input, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Blake2bFinal(&b2b, digest, 64);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2 */
- #ifdef HAVE_BLAKE2S
- #define BLAKE2S_TESTS 3
- static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] =
- {
- {
- 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
- 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
- 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
- 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9,
- },
- {
- 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6,
- 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2,
- 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb,
- 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea,
- },
- {
- 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49,
- 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe,
- 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88,
- 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c,
- }
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void)
- {
- Blake2s b2s;
- byte digest[32];
- byte input[64];
- int i, ret;
- WOLFSSL_ENTER("blake2s_test");
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2S_TESTS; i++) {
- ret = wc_InitBlake2s(&b2s, 32);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Blake2sUpdate(&b2s, input, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Blake2sFinal(&b2s, digest, 32);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2S */
- #ifdef WOLFSSL_SHA224
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
- {
- wc_Sha224 sha, shaCopy;
- byte hash[WC_SHA224_DIGEST_SIZE];
- byte hashcopy[WC_SHA224_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha224_test");
- a.input = "";
- a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
- "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
- "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
- "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha224Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha224GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha224Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Sha224Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- exit:
- wc_Sha224Free(&sha);
- wc_Sha224Free(&shaCopy);
- return ret;
- }
- #endif
- #ifndef NO_SHA256
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
- {
- wc_Sha256 sha, shaCopy;
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashcopy[WC_SHA256_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c, d;
- testVector test_sha[4];
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- byte i_hash[WC_SHA256_DIGEST_SIZE];
- byte i_hashcopy[WC_SHA256_DIGEST_SIZE];
- testVector interleave_test_sha[4];
- wc_Sha256 i_sha, i_shaCopy;
- #endif
- #ifndef NO_LARGE_HASH_TEST
- #define LARGE_HASH_TEST_INPUT_SZ 1024
- #ifdef WOLFSSL_SMALL_STACK
- byte *large_input = NULL;
- #else
- byte large_input[LARGE_HASH_TEST_INPUT_SZ];
- #endif
- #endif
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha256_test");
- a.input = "";
- a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
- "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
- "\xb8\x55";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"; /* this is BLOCKSIZE length */
- d.output = "\xFF\xE0\x54\xFE\x7A\xE0\xCB\x6D\xC6\x5C\x3A\xF9\xB6\x1D\x52"
- "\x09\xF4\x39\x85\x1D\xB4\x3D\x0B\xA5\x99\x73\x37\xDF\x15\x46"
- "\x68\xEB";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- interleave_test_sha[0] = a;
- interleave_test_sha[1] = b;
- interleave_test_sha[2] = c;
- interleave_test_sha[3] = d;
- #endif
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_InitSha256_ex(&i_sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha256Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_InitSha256_ex(&i_shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha256Free(&sha);
- wc_Sha256Free(&i_sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_Sha256Update(&i_sha, (byte*)interleave_test_sha[i].input,
- (word32)interleave_test_sha[i].inLen);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #endif
- ret = wc_Sha256GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_Sha256GetHash(&i_sha, i_hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha256Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_Sha256Copy(&i_sha, &i_shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- ret = wc_Sha256Final(&i_sha, i_hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- wc_Sha256Free(&shaCopy);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- wc_Sha256Free(&i_shaCopy);
- #endif
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- if (XMEMCMP(i_hash, interleave_test_sha[i].output,
- WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, i_hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #endif
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- #ifdef HASH_SIZE_LIMIT
- WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
- "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
- "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
- #else
- WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
- "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
- "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- large_input = (byte *)XMALLOC(LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit);
- }
- #endif
- for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Sha256SizeSet(&sha, times * LARGE_HASH_TEST_INPUT_SZ);
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)large_input,
- LARGE_HASH_TEST_INPUT_SZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #undef LARGE_HASH_TEST_INPUT_SZ
- #endif /* NO_LARGE_HASH_TEST */
- #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH)
- unsigned char data_hb[WC_SHA256_BLOCK_SIZE] = {
- 0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18
- };
- ret = wc_Sha256HashBlock(&sha, data_hb, hash);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- #endif
- exit:
- #if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- wc_Sha256Free(&sha);
- wc_Sha256Free(&shaCopy);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- wc_Sha256Free(&i_sha);
- wc_Sha256Free(&i_shaCopy);
- #endif
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHA512
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
- {
- /*
- ** See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512.pdf
- */
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- wc_Sha512 i_sha, i_shaCopy;
- byte i_hash[WC_SHA512_DIGEST_SIZE];
- byte i_hashcopy[WC_SHA512_DIGEST_SIZE];
- testVector interleave_test_sha[3];
- #endif
- #ifndef NO_LARGE_HASH_TEST
- #define LARGE_HASH_TEST_INPUT_SZ 1024
- #ifdef WOLFSSL_SMALL_STACK
- byte *large_input = NULL;
- #else
- byte large_input[LARGE_HASH_TEST_INPUT_SZ];
- #endif
- #endif
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha512_test");
- a.input = "";
- a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
- "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
- "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
- "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
- "\xf9\x27\xda\x3e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
- "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
- "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
- "\xa5\x4c\xa4\x9f";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- interleave_test_sha[0] = a;
- interleave_test_sha[1] = b;
- interleave_test_sha[2] = c;
- #endif
- ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_InitSha512_ex(&i_sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_InitSha512_ex(&i_shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512Free(&sha);
- wc_Sha512Free(&i_sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_Sha512Update(&i_sha, (byte*)interleave_test_sha[i].input,
- (word32)interleave_test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha512GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_Sha512GetHash(&i_sha, i_hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha512Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_Sha512Copy(&i_sha, &i_shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- ret = wc_Sha512Final(&i_sha, i_hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- wc_Sha512Free(&shaCopy);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- wc_Sha512Free(&i_shaCopy);
- #endif
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_WOLFSSL_SHA512_INTERLEAVE
- if (XMEMCMP(i_hash, interleave_test_sha[i].output,
- WC_SHA512_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, i_hashcopy, WC_SHA512_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- if (XMEMCMP(i_hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #endif
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- #ifdef HASH_SIZE_LIMIT
- WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
- "\x30\x9B\x96\xA6\xE9\x43\x78\x30\xA3\x71\x51\x61\xC1\xEB\xE1\xBE"
- "\xC8\xA5\xF9\x13\x5A\xD6\x6D\x9E\x46\x31\x31\x67\x8D\xE2\xC0\x0B"
- "\x2A\x1A\x03\xE1\xF3\x48\xA7\x33\xBD\x49\xF8\xFF\xF1\xC2\xC2\x95"
- "\xCB\xF0\xAF\x87\x61\x85\x58\x63\x6A\xCA\x70\x9C\x8B\x83\x3F\x5D";
- #else
- WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
- "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
- "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
- "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
- "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- large_input = (byte *)XMALLOC(LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit);
- }
- #endif
- for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)large_input,
- LARGE_HASH_TEST_INPUT_SZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- #ifndef NO_UNALIGNED_MEMORY_TEST
- /* Unaligned memory access test */
- for (i = 1; i < 16; i++) {
- ret = wc_Sha512Update(&sha, (byte*)large_input + i,
- LARGE_HASH_TEST_INPUT_SZ - i);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Sha512Final(&sha, hash);
- }
- #endif
- } /* END LARGE HASH TEST */
- #undef LARGE_HASH_TEST_INPUT_SZ
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- #if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- wc_Sha512Free(&sha);
- wc_Sha512Free(&shaCopy);
- #ifndef NO_WOLFSSL_SHA256_INTERLEAVE
- wc_Sha512Free(&i_sha);
- wc_Sha512Free(&i_shaCopy);
- #endif
- return ret;
- }
- #if !defined(WOLFSSL_NOSHA512_224) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
- {
- /*
- ** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values
- **
- ** NIST SHA512/224 Document Example:
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_224.pdf
- */
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_224_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_224_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha512_224_test");
- a.input = "";
- a.output = "\x6e\xd0\xdd\x02"
- "\x80\x6f\xa8\x9e" "\x25\xde\x06\x0c"
- "\x19\xd3\xac\x86" "\xca\xbb\x87\xd6"
- "\xa0\xdd\xd0\x5c" "\x33\x3b\x84\xf4";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_224_DIGEST_SIZE;
- /*
- ** See page 1 in above document for the SHA512/224 "abc" test:
- */
- b.input = "abc";
- /*
- ** See page 1 in above document for the SHA512/224 "abc" test digest:
- */
- b.output = "\x46\x34\x27\x0f"
- "\x70\x7b\x6a\x54" "\xda\xae\x75\x30"
- "\x46\x08\x42\xe2" "\x0e\x37\xed\x26"
- "\x5c\xee\xe9\xa4" "\x3e\x89\x24\xaa";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_224_DIGEST_SIZE;
- /*
- ** See page 4 in above for the 2-block test:
- */
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- /*
- ** see page 9 in above document for the 2-block test message digest:
- */
- c.output = "\x23\xfe\xc5\xbb"
- "\x94\xd6\x0b\x23" "\x30\x81\x92\x64"
- "\x0b\x0c\x45\x33" "\x35\xd6\x64\x73"
- "\x4f\xe4\x0e\x72" "\x68\x67\x4a\xf9";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha512_224_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha512_224_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512_224Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512_224Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_224GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_224Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Sha512_224Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\x98\x68\xc3\xd9\xb9\xef\x17\x53"
- "\x43\x66\x0e\x60\xdf\x29\xf8\xef"
- "\x96\xe3\x93\x34\x8c\x6f\xc0\xeb"
- "\x14\x6c\xcf\x6a";
- #else
- const char* large_digest =
- "\x26\x5f\x98\xd1\x76\x49\x71\x4e"
- "\x82\xb7\x9d\x52\x32\x67\x9d\x56"
- "\x91\xf5\x88\xc3\x05\xbb\x3f\x90"
- "\xe2\x4e\x85\x05";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512_224Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha512_224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- #ifndef NO_UNALIGNED_MEMORY_TEST
- /* Unaligned memory access test */
- for (i = 1; i < 16; i++) {
- ret = wc_Sha512_224Update(&sha, (byte*)large_input + i,
- (word32)sizeof(large_input) - i);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Sha512_224Final(&sha, hash);
- }
- #endif
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha512_224Free(&sha);
- wc_Sha512_224Free(&shaCopy);
- return ret;
- } /* sha512_224_test */
- #endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */
- #if !defined(WOLFSSL_NOSHA512_256) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
- {
- /*
- ** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values
- ** NIST SHA512/256 Document Example:
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf
- */
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_256_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_256_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha512_256_test");
- a.input = "";
- a.output = "\xc6\x72\xb8\xd1" "\xef\x56\xed\x28"
- "\xab\x87\xc3\x62" "\x2c\x51\x14\x06"
- "\x9b\xdd\x3a\xd7" "\xb8\xf9\x73\x74"
- "\x98\xd0\xc0\x1e" "\xce\xf0\x96\x7a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_256_DIGEST_SIZE;
- /*
- ** See page 1 of above document for "abc" example:
- */
- b.input = "abc";
- /*
- ** See page 4 of above document for "abc" example digest:
- */
- b.output = "\x53\x04\x8e\x26" "\x81\x94\x1e\xf9"
- "\x9b\x2e\x29\xb7" "\x6b\x4c\x7d\xab"
- "\xe4\xc2\xd0\xc6" "\x34\xfc\x6d\x46"
- "\xe0\xe2\xf1\x31" "\x07\xe7\xaf\x23";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_256_DIGEST_SIZE;
- /*
- ** See page 4 of above document for Two Block Message Sample:
- */
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- /*
- ** See page 10 of above document for Two Block Message Sample digest:
- */
- c.output = "\x39\x28\xe1\x84" "\xfb\x86\x90\xf8"
- "\x40\xda\x39\x88" "\x12\x1d\x31\xbe"
- "\x65\xcb\x9d\x3e" "\xf8\x3e\xe6\x14"
- "\x6f\xea\xc8\x61" "\xe1\x9b\x56\x3a";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha512_256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha512_256_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512_256Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512_256Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_256GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_256Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha512_256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Sha512_256Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\x49\xcc\xbc\x7a\x93\x0b\x02\xb8"
- "\xad\x9a\x46\x51\x00\x1f\x13\x80"
- "\x35\x84\x36\xf1\xf2\x3c\xeb\xd8"
- "\x41\xd4\x06\x8b\x1d\x19\xad\x72";
- #else
- const char* large_digest =
- "\x7a\xe3\x84\x05\xcb\x06\x22\x08"
- "\x7e\x2c\x65\x89\x1f\x26\x45\xfd"
- "\xad\xbc\x2e\x29\x83\x12\x84\x4b"
- "\xf2\xa0\xde\xbe\x06\x11\xd7\x44";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512_256Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha512_256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- #ifndef NO_UNALIGNED_MEMORY_TEST
- /* Unaligned memory access test */
- for (i = 1; i < 16; i++) {
- ret = wc_Sha512_256Update(&sha, (byte*)large_input + i,
- (word32)sizeof(large_input) - i);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Sha512_256Final(&sha, hash);
- }
- #endif
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha512_256Free(&sha);
- wc_Sha512_256Free(&shaCopy);
- return ret;
- } /* sha512_256_test */
- #endif /* !defined(WOLFSSL_NOSHA512_256) && !FIPS ... */
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA384
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
- {
- wc_Sha384 sha, shaCopy;
- byte hash[WC_SHA384_DIGEST_SIZE];
- byte hashcopy[WC_SHA384_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- WOLFSSL_ENTER("sha384_test");
- a.input = "";
- a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
- "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
- "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
- "\x98\xb9\x5b";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha384Free(&sha);
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha384GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha384Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- wc_Sha384Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\xB5\xAD\x66\x6F\xD9\x58\x5E\x68\xDD\x5E\x30\xD3\x95\x72\x33\xA4"
- "\xE9\x4B\x99\x3A\xEF\xF8\xE1\xBF\x1F\x05\x32\xAA\x16\x00\x82\xEC"
- "\x15\xDA\xF2\x75\xEE\xE9\x06\xAF\x52\x8A\x5C\xEF\x72\x81\x80\xD6";
- #else
- const char* large_digest =
- "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
- "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
- "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha384Free(&sha);
- wc_Sha384Free(&shaCopy);
- return ret;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static wc_test_ret_t sha3_224_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
- "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
- "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
- "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_224_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
- "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha3_224_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- static wc_test_ret_t sha3_256_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
- "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
- #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* test vector with hash of empty string */
- const char* Keccak256EmptyOut =
- "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0"
- "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70";
- #endif
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-256_Msg0.pdf
- */
- a.input = "";
- a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
- "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
- "\x43\x4a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
- "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
- "\x15\x32";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
- "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
- "\x33\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_256_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- /* this is a software only variant of SHA3 not supported by external hardware devices */
- #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* Test for Keccak256 */
- ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_256_Update(&sha, (byte*)"", 0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
- exit:
- wc_Sha3_256_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- #ifndef WOLFSSL_NOSHA3_384
- static wc_test_ret_t sha3_384_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- byte buf[64];
- #ifndef NO_INTM_HASH_TEST
- byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
- #endif
- testVector a, b, c;
- testVector test_sha[3];
- wc_test_ret_t ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-384_Msg0.pdf
- */
- a.input = "";
- a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
- "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
- "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
- "\xd5\xf0\x04";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_384_DIGEST_SIZE;
- #if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- /* NIST test vector with a length that is a multiple of 4 */
- b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
- "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
- b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4"
- "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4"
- "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14"
- "\x19\x87\x22";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- #else
- b.input = "abc";
- b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
- "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
- "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
- "\x37\x6d\x25";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- #endif
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
- "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
- "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
- "\x65\x7c\x22";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_384_DIGEST_SIZE;
- #if defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- test_sha[0] = b; /* hardware acc. pre-Versal can not handle "" string */
- #else
- test_sha[0] = a;
- #endif
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_384(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- XMEMCPY(buf, test_sha[i].input, test_sha[i].inLen);
- ret = wc_Sha3_384_Update(&sha, buf,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_INTM_HASH_TEST
- ret = wc_Sha3_384_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #ifndef NO_INTM_HASH_TEST
- if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- #endif
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
- "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
- "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_384_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha3_384_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_384 */
- #ifndef WOLFSSL_NOSHA3_512
- static wc_test_ret_t sha3_512_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- wc_test_ret_t ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-512_Msg0.pdf
- */
- a.input = "";
- a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
- "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
- "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
- "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
- "\x28\x1d\xcd\x26";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
- "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
- "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
- "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
- "\x4e\xec\x53\xf0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_512_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
- "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
- "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
- "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
- "\x39\xd6\xe7\x5e";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_512(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_512_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
- "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
- "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
- "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sha3_512_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void)
- {
- wc_test_ret_t ret;
- (void)ret;
- WOLFSSL_ENTER("sha3_test");
- #ifndef WOLFSSL_NOSHA3_224
- if ((ret = sha3_224_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- if ((ret = sha3_256_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- if ((ret = sha3_384_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- if ((ret = sha3_512_test()) != 0)
- return ret;
- #endif
- return 0;
- }
- #endif /* WOLFSSL_SHA3 */
- #ifdef WOLFSSL_SHAKE128
- static wc_test_ret_t shake128_absorb_test(wc_Shake* sha, byte *large_input_buf,
- size_t large_input_buf_size)
- {
- testVector a, b, c, d, e;
- testVector test_sha[5];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- static const char large_digest[] =
- "\x2b\xd1\x69\x9f\xb3\x75\x40\x74\xb8\xb2\xd2\x0b\x92\x47\x9b\xfe"
- "\xc9\x91\x48\xbe\xda\xa4\x09\xd7\x61\x35\x18\x05\x07\x71\xa5\x61"
- "\x4d\xc4\x94\xad\xbe\x04\x7d\xad\x95\x2f\xeb\x2c\xc0\x10\x67\x43"
- "\x40\xf1\x4a\x58\x1c\x54\xfa\x24\x1c\x1a\x4e\x8d\x9b\xbc\xea\xa7"
- "\x32\xf2\x4c\xc7\x86\x05\x36\xdc\xb4\x42\xd8\x35\xd1\xb4\xa2\x79"
- "\xa2\xe6\xee\x67\x4f\xbf\x2a\x93\x41\x88\x25\x56\x29\x90\x1a\x06"
- "\xba\xfe\x9f\xa6\x1a\x74\xe8\x7e\x85\x4a\xc8\x58\x60\xb1\x7b\x18"
- "\xdf\x77\x59\x46\x04\xc1\xff\x4b\x9b\xcb\xad\xfe\x91\x28\xf0\x01"
- "\xc1\x33\xd0\x99\x99\x2e\x0c\x86\x84\x67\x4d\x37\xa4\x42\x45\x10"
- "\xdc\x8f\xdb\x6f\xa6\x9b\xee\x8a\x60\xa5\x1f\x95\x3f\x8f\xf5\x31"
- "\x4b\x1d\x48\x1e\x45\xff\x79\x5c\xbe\x72\xfc\x56\xed\x6d\x1a\x99"
- "\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b"
- "\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41"
- "\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59"
- "\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d\xa8"
- "\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb\x67\x86"
- "\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b\x3d\xca\x95"
- "\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47\xcf\x56\xba\x71"
- "\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a\xff\xb4\xbe\x72\x26"
- "\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e\xd9\xe9\xe6\xf9\xff\xa5";
- byte hash[sizeof(large_digest) - 1];
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf
- */
- a.input = "";
- a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
- "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
- "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
- "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
- "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
- "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
- "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
- "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
- "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea\x17\xcd\xa7\xcf\xad\x76\x5f"
- "\x56\x23\x47\x4d\x36\x8c\xcc\xa8\xaf\x00\x07\xcd\x9f\x5e\x4c"
- "\x84\x9f\x16\x7a\x58\x0b\x14\xaa\xbd\xef\xae\xe7\xee\xf4\x7c"
- "\xb0\xfc\xa9";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_128_BLOCK_SIZE;
- b.input = "abc";
- b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
- "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
- "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
- "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
- "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
- "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
- "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
- "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
- "\x35\x99\xb2\x7f\x34\x62\xbb\xa4\xa0\xed\x29\x6c\x80\x1f\x9f"
- "\xf7\xf5\x73\x02\xbb\x30\x76\xee\x14\x5f\x97\xa3\x2a\xe6\x8e"
- "\x76\xab\x66\xc4\x8d\x51\x67\x5b\xd4\x9a\xcc\x29\x08\x2f\x56"
- "\x47\x58\x4e";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_128_BLOCK_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
- "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
- "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
- "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
- "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
- "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
- "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
- "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa\x54\x56\x54\xf7\x0a\xe5"
- "\x86\xff\x10\x13\x14\x20\x77\x14\x83\xec\x92\xed\xab\x40\x8c"
- "\x76\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c\x8c\xa2\x14\xd8\x4c\x4d"
- "\xc7\x00\xd0\xc5\x06\x30\xb2\xff\xc3\x79\x3e\xa4\xd8\x72\x58"
- "\xb4\xc9\x54";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_128_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
- "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
- "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
- "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
- "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
- "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
- "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
- "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
- "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
- "\xa1\x41\x9b\xaf\x60\x52\xc0\xc1\xb4\x45\xf8\x35\x17\x57\xb0"
- "\xd0\x22\x87\x21\x89\xe2\xc0\x27\x3f\x82\xd9\x69\x69\x66\x3e"
- "\x55\x4d\x09";
- d.inLen = 32;
- d.outLen = WC_SHA3_128_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
- "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
- "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
- "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
- "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
- "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
- "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
- "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
- "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
- "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
- "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
- "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
- "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
- "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
- "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
- "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d"
- "\xa8\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb"
- "\x67\x86\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b"
- "\x3d\xca\x95\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47"
- "\xcf\x56\xba\x71\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a"
- "\xff\xb4\xbe\x72\x26\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e"
- "\xd9\xe9\xe6\xf9\xff\xa5";
- e.inLen = 32;
- e.outLen = 2 * WC_SHA3_128_BLOCK_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- for (i = 0; i < times; ++i) {
- ret = wc_InitShake128(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake128_Absorb(sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake128_SqueezeBlocks(sha, hash,
- (word32)test_sha[i].outLen / WC_SHA3_128_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)large_input_buf_size; i++) {
- large_input_buf[i] = (byte)(i & 0xFF);
- }
- ret = wc_InitShake128(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Absorb is non-incremental. */
- ret = wc_Shake128_Absorb(sha, (byte*)large_input_buf,
- (word32)large_input_buf_size);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Able to squeeze out blocks incrementally. */
- ret = wc_Shake128_SqueezeBlocks(sha, hash, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Shake128_SqueezeBlocks(sha, hash,
- ((word32)sizeof(hash) / WC_SHA3_128_BLOCK_SIZE) - 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
- {
- wc_Shake sha;
- byte hash[250];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- #define SHAKE128_LARGE_INPUT_BUFSIZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *large_input = NULL;
- #else
- byte large_input[SHAKE128_LARGE_INPUT_BUFSIZ];
- #endif
- static const char large_digest[] =
- "\x88\xd7\x0e\x86\x46\x72\x6b\x3d\x7d\x22\xe1\xa9\x2d\x02\xdb\x35"
- "\x92\x4f\x1b\x03\x90\xee\xa3\xce\xd1\x3a\x08\x3a\xd7\x4e\x10\xdf"
- "\x09\x67\x33\x35\x4f\xdd\x38\x50\x5b\xcb\x75\xc7\xba\x65\xe5\xe8"
- "\xb8\x76\xde\xc5\xee\xd7\xf1\x65\x93\x4e\x5e\xc4\xb1\xd7\x6b\xee"
- "\x4b\x57\x48\xf5\x38\x49\x9e\x45\xa0\xf7\x32\xe9\x05\x26\x6a\x10"
- "\x70\xd4\x7c\x19\x01\x1f\x6d\x37\xba\x7b\x74\xc2\xbc\xb6\xbc\x74"
- "\xa3\x66\x6c\x9b\x11\x84\x9d\x4a\x36\xbc\x8a\x0d\x4c\xe3\x39\xfa"
- "\xfa\x1b";
- WOLFSSL_ENTER("shake128_test");
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf
- */
- a.input = "";
- a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
- "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
- "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
- "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
- "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
- "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
- "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
- "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = 114;
- b.input = "abc";
- b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
- "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
- "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
- "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
- "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
- "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
- "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
- "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3";
- b.inLen = XSTRLEN(b.input);
- b.outLen = 114;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
- "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
- "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
- "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
- "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
- "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
- "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
- "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa";
- c.inLen = XSTRLEN(c.input);
- c.outLen = 114;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
- "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
- "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
- "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
- "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
- "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
- "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
- "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
- "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
- "\xa1";
- d.inLen = 32;
- d.outLen = 136;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
- "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
- "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
- "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
- "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
- "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
- "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
- "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
- "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
- "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
- "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
- "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
- "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
- "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
- "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
- "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4";
- e.inLen = 32;
- e.outLen = 250;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitShake128(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Shake128_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake128_Final(&sha, hash, (word32)test_sha[i].outLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(SHAKE128_LARGE_INPUT_BUFSIZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- #endif
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < SHAKE128_LARGE_INPUT_BUFSIZ; i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake128_Update(&sha, (byte*)large_input,
- SHAKE128_LARGE_INPUT_BUFSIZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Shake128_Final(&sha, hash, (word32)sizeof(hash));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, sizeof(large_digest) - 1) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- ret = shake128_absorb_test(&sha, large_input, SHAKE128_LARGE_INPUT_BUFSIZ);
- exit:
- wc_Shake128_Free(&sha);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (large_input != NULL)
- XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHAKE256
- static wc_test_ret_t shake256_absorb_test(wc_Shake* sha, byte *large_input_buf,
- size_t large_input_buf_size)
- {
- testVector a, b, c, d, e;
- testVector test_sha[5];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- static const char large_digest[] =
- "\x21\x25\x8e\xae\x6e\x4f\xa7\xe1\xb9\x6d\xa7\xc9\x7d\x46\x03\x69"
- "\x29\x0d\x81\x49\xba\x5d\xaf\x37\xfd\xeb\x25\x52\x1d\xd9\xbd\x65"
- "\xfa\x99\xb9\xd1\x70\x6b\xeb\xd4\xc1\x2c\xea\x24\x20\x27\xa7\xcd"
- "\xfa\xe1\x81\xd9\xd5\xc1\x1c\xc7\xe9\x70\xc3\xc7\x21\x6f\x32\x22"
- "\xe3\x27\xdb\x58\x5e\xea\x18\x2d\x63\x4d\x14\x6c\x94\xcf\x2b\x7e"
- "\x6e\x2a\x74\xf3\xe0\xac\xb3\xb2\xcc\xef\x38\xe9\xe7\x35\xb3\xc5"
- "\x77\x9d\xff\xe3\x08\x8e\xf8\x2c\x89\xbb\x45\x22\x16\x99\x91\xc0"
- "\xe7\x71\x57\x75\xc5\xb1\xc6\xaf\x27\xcb\x64\x8c\xc4\xee\x3d\x5f"
- "\x4c\x35\xfb\x1c\xf3\xf8\x0e\xfd\x5e\xfc\x07\xd8\x4d\x55\x32\x49"
- "\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93"
- "\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43"
- "\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48"
- "\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08"
- "\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a"
- "\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4\xe6"
- "\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97\x68\x44";
- byte hash[sizeof(large_digest) - 1];
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
- */
- a.input = "";
- a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
- "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
- "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
- "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
- "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
- "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
- "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
- "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
- "\x95\x52\x2a\x6b\xcd\x16\xcf\x86\xf3\xd1\x22\x10\x9e\x3b\x1f"
- "\xdd";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_256_BLOCK_SIZE;
- b.input = "abc";
- b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
- "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
- "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
- "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
- "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
- "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
- "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
- "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
- "\x62\x27\x20\xd7\xa7\x5c\x63\x34\xe8\xa2\xd7\xec\x71\xa7\xcc"
- "\x29";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_256_BLOCK_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
- "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
- "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
- "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
- "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
- "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
- "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
- "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4\x9d\xd3\xef\x7e\x18\x2b"
- "\x15\x24\xdf\x82\xea\x1c\xef\xe1\xc6\xc3\x96\x61\x75\xf0\x22"
- "\x8d";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_256_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
- "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
- "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
- "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
- "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
- "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
- "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
- "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
- "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
- "\xc2";
- d.inLen = 32;
- d.outLen = WC_SHA3_256_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
- "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
- "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
- "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
- "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
- "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
- "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
- "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
- "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
- "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
- "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
- "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
- "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
- "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
- "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
- "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4"
- "\xe6\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97"
- "\x68\x44";
- e.inLen = 32;
- e.outLen = 2 * WC_SHA3_256_BLOCK_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- for (i = 0; i < times; ++i) {
- ret = wc_InitShake256(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake256_Absorb(sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake256_SqueezeBlocks(sha, hash,
- (word32)test_sha[i].outLen / WC_SHA3_256_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)large_input_buf_size; i++) {
- large_input_buf[i] = (byte)(i & 0xFF);
- }
- ret = wc_InitShake256(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Absorb is non-incremental. */
- ret = wc_Shake256_Absorb(sha, large_input_buf,
- (word32)large_input_buf_size);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Able to squeeze out blocks incrementally. */
- ret = wc_Shake256_SqueezeBlocks(sha, hash, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_Shake256_SqueezeBlocks(sha, hash,
- ((word32)sizeof(hash) / WC_SHA3_256_BLOCK_SIZE) - 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
- {
- wc_Shake sha;
- byte hash[250];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- wc_test_ret_t ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- #define SHAKE256_LARGE_INPUT_BUFSIZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *large_input = NULL;
- #else
- byte large_input[SHAKE256_LARGE_INPUT_BUFSIZ];
- #endif
- const char* large_digest =
- "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7"
- "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f"
- "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68"
- "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac"
- "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5"
- "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
- "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
- "\xea\x26";
- WOLFSSL_ENTER("shake256_test");
- /*
- ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
- */
- a.input = "";
- a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
- "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
- "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
- "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
- "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
- "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
- "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
- "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
- a.inLen = XSTRLEN(a.input);
- a.outLen = 114;
- b.input = "abc";
- b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
- "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
- "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
- "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
- "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
- "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
- "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
- "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = 114;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
- "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
- "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
- "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
- "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
- "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
- "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
- "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
- c.inLen = XSTRLEN(c.input);
- c.outLen = 114;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
- "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
- "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
- "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
- "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
- "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
- "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
- "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
- "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
- "\xc2";
- d.inLen = 32;
- d.outLen = 136;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
- "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
- "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
- "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
- "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
- "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
- "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
- "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
- "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
- "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
- "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
- "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
- "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
- "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
- "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
- "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
- e.inLen = 32;
- e.outLen = 250;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitShake256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < times; ++i) {
- ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(SHAKE256_LARGE_INPUT_BUFSIZ, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- #endif
- #ifndef NO_LARGE_HASH_TEST
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < SHAKE256_LARGE_INPUT_BUFSIZ; i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake256_Update(&sha, (byte*)large_input,
- SHAKE256_LARGE_INPUT_BUFSIZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, 114) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- } /* END LARGE HASH TEST */
- #endif /* NO_LARGE_HASH_TEST */
- ret = shake256_absorb_test(&sha, large_input, SHAKE256_LARGE_INPUT_BUFSIZ);
- exit:
- wc_Shake256_Free(&sha);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (large_input != NULL)
- XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SM3
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void)
- {
- wc_Sm3 sm3, sm3Copy;
- byte hash[WC_SM3_DIGEST_SIZE];
- byte hashGet[WC_SM3_DIGEST_SIZE];
- byte hashCopy[WC_SM3_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("sm3_test");
- testVector a, b, c;
- testVector test_sm3[3];
- int times = sizeof(test_sm3) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f\x8e\x61\x19\x48\x31\xe8\x1a"
- "\x8f\x22\xbe\xc8\xc7\x28\xfe\xfb\x74\x7e\xd0\x35\xeb\x50\x82"
- "\xaa\x2b";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SM3_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4"
- "\xe2\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b"
- "\xa8\xe0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SM3_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1"
- "\xea\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b"
- "\x8c\x05";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SM3_DIGEST_SIZE;
- test_sm3[0] = a;
- test_sm3[1] = b;
- test_sm3[2] = c;
- ret = wc_InitSm3(&sm3, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSm3(&sm3Copy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sm3Free(&sm3);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Test all the KATs. */
- for (i = 0; i < times; ++i) {
- ret = wc_Sm3Update(&sm3, (byte*)test_sm3[i].input,
- (word32)test_sm3[i].inLen);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- /* Get the final hash but leave ready for more updates. */
- ret = wc_Sm3GetHash(&sm3, hashGet);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- /* Make a copy of the hash. */
- ret = wc_Sm3Copy(&sm3, &sm3Copy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- /* Get the final hash with original. */
- ret = wc_Sm3Final(&sm3, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- /* Get the final hash with copy. */
- ret = wc_Sm3Final(&sm3Copy, hashCopy);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- /* Dispose of copy. */
- wc_Sm3Free(&sm3Copy);
- /* Check hashes match expected. */
- if (XMEMCMP(hash, test_sm3[i].output, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashGet, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- if (XMEMCMP(hash, hashCopy, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- #ifndef NO_LARGE_HASH_TEST
- {
- word32 sz;
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\x6c\x42\x57\x64\x8e\x45\xf3\xb6\xc0\x83\xd3\x41\x83\x66\x51\xb4"
- "\x50\xfe\x06\xb5\xb7\x1e\xd5\x0d\x41\xfc\x1e\xe5\xc6\x57\x95\x0f";
- times = 20;
- #else
- const char* large_digest =
- "\x34\x51\x3c\xde\x7c\x30\xb7\xc5\xaa\x97\x3b\xed\xb3\x16\xb9\x76"
- "\x35\x46\x14\x80\x2a\x57\xca\xd9\x48\xf9\x93\xcc\x1f\xdd\xab\x79";
- times = 100;
- #endif
- /* Set large input to something. */
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- /* Hash a large number of times. */
- for (i = 0; i < times; ++i) {
- ret = wc_Sm3Update(&sm3, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- /* Calculate hash and compare to expected. */
- ret = wc_Sm3Final(&sm3, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Check updating with various sizes works. */
- for (sz = 1; sz <= 64; sz++) {
- /* Hash a large number of times. */
- for (i = 0; i < times; ++i) {
- word32 o;
- /* Update sz bytes at a time from large input buffer. */
- for (o = 0; o + sz <= (word32)sizeof(large_input); o += sz) {
- ret = wc_Sm3Update(&sm3, (byte*)(large_input + o), sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(o), exit);
- }
- /* Check for left-overs. */
- if (o < (word32)sizeof(large_input)) {
- ret = wc_Sm3Update(&sm3, (byte*)(large_input + o),
- (word32)sizeof(large_input) - o);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
- }
- }
- /* Calculate hash and compare to expected. */
- ret = wc_Sm3Final(&sm3, hash);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit);
- if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit);
- }
- }
- #endif /* NO_LARGE_HASH_TEST */
- exit:
- wc_Sm3Free(&sm3);
- wc_Sm3Free(&sm3Copy);
- return ret;
- }
- #endif
- #ifndef NO_HASH_WRAPPER
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
- {
- wc_HashAlg hash;
- int ret, exp_ret;
- int i, j;
- int digestSz;
- byte data[] = "0123456789abcdef0123456789abcdef0123456";
- byte out[WC_MAX_DIGEST_SIZE];
- byte hashOut[WC_MAX_DIGEST_SIZE];
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- enum wc_HashType hashType;
- #endif
- enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
- WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
- WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512,
- WC_HASH_TYPE_SHA3_224,
- WC_HASH_TYPE_SHA3_256,
- WC_HASH_TYPE_SHA3_384,
- WC_HASH_TYPE_SHA3_512 };
- enum wc_HashType typesNoImpl[] = {
- #ifdef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifdef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifndef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifdef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifndef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifndef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224)
- WC_HASH_TYPE_SHA3_224,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256)
- WC_HASH_TYPE_SHA3_256,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384)
- WC_HASH_TYPE_SHA3_384,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512)
- WC_HASH_TYPE_SHA3_512,
- #endif
- WC_HASH_TYPE_NONE
- };
- enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 };
- enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_NONE };
- WOLFSSL_ENTER("hash_test");
- /* Parameter Validation testing. */
- ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Try invalid hash algorithms. */
- for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
- ret = wc_HashInit(&hash, typesBad[i]);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashFinal(&hash, typesBad[i], out);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_I(i);
- wc_HashFree(&hash, typesBad[i]);
- }
- /* Try valid hash algorithms. */
- for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
- exp_ret = 0;
- if (typesGood[i] == typesNoImpl[j]) {
- /* Recognized but no implementation compiled in. */
- exp_ret = HASH_TYPE_E;
- j++;
- }
- ret = wc_HashInit(&hash, typesGood[i]);
- if (ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
- if (ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashFinal(&hash, typesGood[i], out);
- if (ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- wc_HashFree(&hash, typesGood[i]);
- digestSz = wc_HashGetDigestSize(typesGood[i]);
- if (exp_ret < 0 && digestSz != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- if (exp_ret == 0 && digestSz < 0)
- return WC_TEST_RET_ENC_I(i);
- if (exp_ret == 0) {
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
- digestSz - 1);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_I(i);
- }
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz);
- if (ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HashGetBlockSize(typesGood[i]);
- if (exp_ret < 0 && ret != exp_ret)
- return WC_TEST_RET_ENC_I(i);
- if (exp_ret == 0 && ret < 0)
- return WC_TEST_RET_ENC_I(i);
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(typesGood[i]);
- if (ret == BAD_FUNC_ARG ||
- (exp_ret == 0 && ret == HASH_TYPE_E) ||
- (exp_ret != 0 && ret != HASH_TYPE_E)) {
- return WC_TEST_RET_ENC_I(i);
- }
- hashType = wc_OidGetHash(ret);
- if (exp_ret == 0 && hashType != typesGood[i])
- return WC_TEST_RET_ENC_I(i);
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- }
- for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
- ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
- if ((ret != BAD_FUNC_ARG) && (ret != BUFFER_E) && (ret != HASH_TYPE_E))
- return WC_TEST_RET_ENC_I(i);
- }
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- hashType = wc_OidGetHash(646); /* Md2h */
- #ifdef WOLFSSL_MD2
- if (hashType != WC_HASH_TYPE_MD2)
- return WC_TEST_RET_ENC_NC;
- #else
- if (hashType != WC_HASH_TYPE_NONE)
- return WC_TEST_RET_ENC_NC;
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
- #ifndef NO_MD5
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- hashType = wc_OidGetHash(0);
- if (hashType != WC_HASH_TYPE_NONE)
- return WC_TEST_RET_ENC_NC;
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
- #if !defined(NO_MD5) && !defined(NO_SHA)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != HASH_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(NO_CERTS) && !defined(NO_ASN)
- #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = wc_GetCTC_HashOID(MD2);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifndef NO_MD5
- ret = wc_GetCTC_HashOID(WC_MD5);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifndef NO_SHA
- ret = wc_GetCTC_HashOID(WC_SHA);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SHA224
- ret = wc_GetCTC_HashOID(WC_SHA224);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifndef NO_SHA256
- ret = wc_GetCTC_HashOID(WC_SHA256);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SHA384
- ret = wc_GetCTC_HashOID(WC_SHA384);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_GetCTC_HashOID(WC_SHA512);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_GetCTC_HashOID(-1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif /* !NO_HASH_WRAPPER */
- #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS) && \
- defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION >= 5))
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
- {
- Hmac hmac;
- byte hash[WC_MD5_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_md5_test");
- /* Following test vectors are from RFC 2202 section 2 */
- a.input = "Hi There";
- a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
- "\x9d";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
- "\x38";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
- "\xf6";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0"
- "\xcd";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_MD5_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1) {
- continue; /* cavium can't handle short keys, fips not allowed */
- }
- #endif
- ret = wc_HmacInit(&hmac, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif /* !NO_HMAC && !NO_MD5 && (!HAVE_FIPS || (HAVE_FIPS_VERSION < 5)) */
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha_test");
- /* Following test vectors are from RFC 2202 section 3 */
- a.input = "Hi There";
- a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
- "\x8e\xf1\x46\xbe\x00";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
- "\x9c\x25\x9a\x7c\x79";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
- "\x4f\x63\xf1\x75\xd3";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b"
- "\x55\xed\x40\x21\x12";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- #if FIPS_VERSION3_GE(6,0,0)
- int allowShortKeyWithFips = 1;
- #endif
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- #if FIPS_VERSION3_GE(6,0,0)
- if (i == 1) {
- if (ret != HMAC_MIN_KEYLEN_E)
- return WC_TEST_RET_ENC_EC(ret);
- /* Now use the ex and allow short keys with FIPS option */
- ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i],
- (word32)XSTRLEN(keys[i]), allowShortKeyWithFips);
- }
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA224_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha224_test");
- /* Following test vectors are from RFC 4231 section 4 */
- a.input = "Hi There";
- a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
- "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
- "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
- "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA224_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA256_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c, d, e;
- testVector test_hmac[5];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha256_test");
- /* Following test vectors are from RFC 4231 section 4 */
- a.input = "Hi There";
- a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
- "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
- "\xcf\xf7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
- "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
- "\x38\x43";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
- "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
- "\x65\xfe";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- d.input = 0;
- d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
- "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
- "\x3e\x46";
- d.inLen = 0;
- d.outLen = WC_SHA256_DIGEST_SIZE;
- e.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- e.output = "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7"
- "\x7f\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3"
- "\x7f\x54";
- e.inLen = XSTRLEN(e.input);;
- e.outLen = WC_SHA256_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- test_hmac[4] = e;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
- if (i == 3)
- continue; /* QuickAssist can't handle empty HMAC */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (test_hmac[i].input != NULL) {
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #if FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(21)) != HMAC_KAT_FIPS_E)
- #else
- if ((ret = wc_HmacSizeByType(21)) != BAD_FUNC_ARG)
- #endif
- {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- if ((ret = wolfSSL_GetHmacMaxSize()) != WC_MAX_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA384_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha384_test");
- /* Following test vectors are from RFC 4231 section 4 */
- a.input = "Hi There";
- a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
- "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
- "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
- "\xfa\x9c\xb6";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
- "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
- "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
- "\xb2\x16\x49";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
- "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
- "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
- "\xa3\x4f\x27";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5"
- "\xb4\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a"
- "\xc4\xc6\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63"
- "\xf4\x49\x52";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA384_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA512_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- wc_test_ret_t ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- WOLFSSL_ENTER("hmac_sha512_test");
- /* Following test vectors are from RFC 4231 section 4 */
- a.input = "Hi There";
- a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
- "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
- "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
- "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
- "\x3a\x12\x68\x54";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
- "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
- "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
- "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
- "\x38\xbc\xe7\x37";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
- "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
- "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
- "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
- "\xe1\x32\x92\xfb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
- d.output = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8"
- "\xb4\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8"
- "\xf3\x52\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d"
- "\x6a\x1e\x52\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98"
- "\x5d\x78\x65\x98";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA512_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_I(i);
- wc_HmacFree(&hmac);
- }
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
- !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
- !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- const char* key[4] =
- {
- "Jefe",
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- const char* input[4] =
- {
- "what do ya want for nothing?",
- "Hi There",
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
- "Big Key Input"
- };
- const int hashType[4] =
- {
- WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
- };
- const int hashSz[4] =
- {
- WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
- WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
- };
- const char* output[16] =
- {
- /* key = jefe, input = what do ya want for nothing? */
- /* HMAC-SHA3-224 */
- "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
- "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
- /* HMAC-SHA3-256 */
- "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
- "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
- /* HMAC-SHA3-384 */
- "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
- "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
- "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
- /* HMAC-SHA3-512 */
- "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
- "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
- "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
- "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
- /* key = 0b..., input = Hi There */
- /* HMAC-SHA3-224 */
- "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
- "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
- /* HMAC-SHA3-256 */
- "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
- "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
- /* HMAC-SHA3-384 */
- "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
- "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
- "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
- /* HMAC-SHA3-512 */
- "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
- "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
- "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
- "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
- /* key = aa..., output = dd... */
- /* HMAC-SHA3-224 */
- "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
- "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
- /* HMAC-SHA3-256 */
- "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
- "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
- /* HMAC-SHA3-384 */
- "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
- "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
- "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
- /* HMAC-SHA3-512 */
- "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
- "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
- "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
- "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
- /* key = big key, input = Big Key Input */
- /* HMAC-SHA3-224 */
- "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
- "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
- /* HMAC-SHA3-256 */
- "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
- "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
- /* HMAC-SHA3-384 */
- "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
- "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
- "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
- /* HMAC-SHA3-512 */
- "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
- "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
- "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
- "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
- };
- int i = 0, iMax = sizeof(input) / sizeof(input[0]),
- j, jMax = sizeof(hashType) / sizeof(hashType[0]);
- int ret;
- WOLFSSL_ENTER("hmac_sha3_test");
- #ifdef HAVE_FIPS
- /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
- * short. Skip it in FIPS builds. */
- i = 1;
- #endif
- for (; i < iMax; i++) {
- for (j = 0; j < jMax; j++) {
- if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
- (word32)XSTRLEN(key[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacUpdate(&hmac, (byte*)input[i],
- (word32)XSTRLEN(input[i]));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_HmacFree(&hmac);
- if (i > 0)
- continue;
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- ret = wc_HmacSizeByType(hashType[j]);
- if (ret != hashSz[j])
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- }
- }
- return 0;
- }
- #endif
- #ifdef WC_RC2
- typedef struct rc2TestVector {
- const char* input;
- const char* output;
- const char* key; /* Key, variable up to 128 bytes */
- const char* iv; /* IV, 8-bytes */
- int inLen;
- int outLen;
- int keyLen;
- int effectiveKeyBits; /* Up to 1024 bits supported */
- } rc2TestVector;
- static wc_test_ret_t rc2_ecb_test(void)
- {
- wc_test_ret_t ret = 0;
- byte cipher[RC2_BLOCK_SIZE];
- byte plain[RC2_BLOCK_SIZE];
- rc2TestVector a, b, c, d, e, f, g, h;
- rc2TestVector test_rc2[8];
- int times = sizeof(test_rc2) / sizeof(rc2TestVector), i;
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff";
- a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.inLen = RC2_BLOCK_SIZE;
- a.outLen = RC2_BLOCK_SIZE;
- a.keyLen = 8;
- a.effectiveKeyBits = 63;
- b.input = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49";
- b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.inLen = RC2_BLOCK_SIZE;
- b.outLen = RC2_BLOCK_SIZE;
- b.keyLen = 8;
- b.effectiveKeyBits = 64;
- c.input = "\x10\x00\x00\x00\x00\x00\x00\x01";
- c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
- c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.inLen = RC2_BLOCK_SIZE;
- c.outLen = RC2_BLOCK_SIZE;
- c.keyLen = 8;
- c.effectiveKeyBits = 64;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0";
- d.key = "\x88";
- d.inLen = RC2_BLOCK_SIZE;
- d.outLen = RC2_BLOCK_SIZE;
- d.keyLen = 1;
- d.effectiveKeyBits = 64;
- e.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f";
- e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
- e.inLen = RC2_BLOCK_SIZE;
- e.outLen = RC2_BLOCK_SIZE;
- e.keyLen = 7;
- e.effectiveKeyBits = 64;
- f.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1";
- f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- f.inLen = RC2_BLOCK_SIZE;
- f.outLen = RC2_BLOCK_SIZE;
- f.keyLen = 16;
- f.effectiveKeyBits = 64;
- g.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6";
- g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- g.inLen = RC2_BLOCK_SIZE;
- g.outLen = RC2_BLOCK_SIZE;
- g.keyLen = 16;
- g.effectiveKeyBits = 128;
- h.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1";
- h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
- "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
- "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
- "\x1e";
- h.inLen = RC2_BLOCK_SIZE;
- h.outLen = RC2_BLOCK_SIZE;
- h.keyLen = 33;
- h.effectiveKeyBits = 129;
- a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL;
- test_rc2[0] = a;
- test_rc2[1] = b;
- test_rc2[2] = c;
- test_rc2[3] = d;
- test_rc2[4] = e;
- test_rc2[5] = f;
- test_rc2[6] = g;
- test_rc2[7] = h;
- for (i = 0; i < times; ++i) {
- Rc2 enc;
- XMEMSET(cipher, 0, RC2_BLOCK_SIZE);
- XMEMSET(plain, 0, RC2_BLOCK_SIZE);
- ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen,
- NULL, test_rc2[i].effectiveKeyBits);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* ECB encrypt */
- ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input,
- (word32)test_rc2[i].outLen);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) {
- return WC_TEST_RET_ENC_NC;
- }
- /* ECB decrypt */
- ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- return 0;
- }
- static wc_test_ret_t rc2_cbc_test(void)
- {
- wc_test_ret_t ret = 0;
- byte cipher[128];
- byte plain[128];
- rc2TestVector a, b, c, d, e, f, g, h, i;
- rc2TestVector test_rc2[9];
- int times = sizeof(test_rc2) / sizeof(rc2TestVector), j;
- /* key length = 7, effective key bits = 63 */
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF"
- "\xF0\x51\x77\x8B\x65\xDB\x13\x57";
- a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.inLen = RC2_BLOCK_SIZE*2;
- a.outLen = RC2_BLOCK_SIZE*2;
- a.keyLen = 8;
- a.effectiveKeyBits = 63;
- /* key length = 8, effective key bits = 64, all 0xFF */
- b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD"
- "\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F";
- b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.inLen = RC2_BLOCK_SIZE*2;
- b.outLen = RC2_BLOCK_SIZE*2;
- b.keyLen = 8;
- b.effectiveKeyBits = 64;
- /* key length = 8, effective key bits = 64 */
- c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
- "\x10\x00\x00\x00\x00\x00\x00\x01";
- c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
- "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
- c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.inLen = RC2_BLOCK_SIZE*2;
- c.outLen = RC2_BLOCK_SIZE*2;
- c.keyLen = 8;
- c.effectiveKeyBits = 64;
- /* key length = 1, effective key bits = 64 */
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0"
- "\x6D\x19\xE8\xF1\xFC\xE7\x38\x87";
- d.key = "\x88";
- d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.inLen = RC2_BLOCK_SIZE*2;
- d.outLen = RC2_BLOCK_SIZE*2;
- d.keyLen = 1;
- d.effectiveKeyBits = 64;
- /* key length = 7, effective key bits = 64 */
- e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F"
- "\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B";
- e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
- e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.inLen = RC2_BLOCK_SIZE*2;
- e.outLen = RC2_BLOCK_SIZE*2;
- e.keyLen = 7;
- e.effectiveKeyBits = 64;
- /* key length = 16, effective key bits = 64 */
- f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1"
- "\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA";
- f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.inLen = RC2_BLOCK_SIZE*2;
- f.outLen = RC2_BLOCK_SIZE*2;
- f.keyLen = 16;
- f.effectiveKeyBits = 64;
- /* key length = 16, effective bits = 128 */
- g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6"
- "\x53\x6E\xFD\x2D\x89\xE1\x2A\x73";
- g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.inLen = RC2_BLOCK_SIZE*2;
- g.outLen = RC2_BLOCK_SIZE*2;
- g.keyLen = 16;
- g.effectiveKeyBits = 128;
- /* key length = 33, effective bits = 129 */
- h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1"
- "\x45\x30\xA8\xD5\xC7\x7C\x46\x19";
- h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
- "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
- "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
- "\x1e";
- h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.inLen = RC2_BLOCK_SIZE*2;
- h.outLen = RC2_BLOCK_SIZE*2;
- h.keyLen = 33;
- h.effectiveKeyBits = 129;
- /* key length = 10, effective bits = 40 */
- i.input = "\x11\x22\x33\x44\x55\x66\x77\x88"
- "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"
- "\x11\x22\x33\x44\x55\x66\x77\x88"
- "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00";
- i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F"
- "\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB"
- "\xB2\x6E\x0D\xA4\x72\xBC\x31\x51"
- "\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D";
- i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8"
- "\x3E\x96";
- i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08";
- i.inLen = RC2_BLOCK_SIZE*4;
- i.outLen = RC2_BLOCK_SIZE*4;
- i.keyLen = 10;
- i.effectiveKeyBits = 40;
- test_rc2[0] = a;
- test_rc2[1] = b;
- test_rc2[2] = c;
- test_rc2[3] = d;
- test_rc2[4] = e;
- test_rc2[5] = f;
- test_rc2[6] = g;
- test_rc2[7] = h;
- test_rc2[8] = i;
- for (j = 0; j < times; ++j) {
- Rc2 rc2;
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen,
- (byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input,
- test_rc2[j].inLen);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) {
- return WC_TEST_RET_ENC_NC;
- }
- /* reset IV for decrypt, since overridden by encrypt operation */
- ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void)
- {
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("rc2_test");
- ret = rc2_ecb_test();
- if (ret != 0) {
- return ret;
- }
- return rc2_cbc_test();
- }
- #endif
- #ifndef NO_RC4
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void)
- {
- byte cipher[16];
- byte plain[16];
- wc_test_ret_t ret;
- const char* keys[] =
- {
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xef\x01\x23\x45"
- };
- testVector a, b, c, d;
- testVector test_arc4[4];
- int times = sizeof(test_arc4) / sizeof(testVector), i;
- WOLFSSL_ENTER("arc4_test");
- a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
- c.inLen = 8;
- c.outLen = 8;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
- d.inLen = 10;
- d.outLen = 10;
- test_arc4[0] = a;
- test_arc4[1] = b;
- test_arc4[2] = c;
- test_arc4[3] = d;
- for (i = 0; i < times; ++i) {
- Arc4 enc;
- Arc4 dec;
- int keylen = 8; /* XSTRLEN with key 0x00 not good */
- if (i == 3)
- keylen = 4;
- ret = wc_Arc4Init(&enc, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4Init(&dec, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4SetKey(&enc, (byte*)keys[i], (word32)keylen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4SetKey(&dec, (byte*)keys[i], (word32)keylen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
- (word32)test_arc4[i].outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
- return WC_TEST_RET_ENC_I(i);
- wc_Arc4Free(&enc);
- wc_Arc4Free(&dec);
- }
- return 0;
- }
- #endif
- #ifdef HAVE_CHACHA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
- {
- ChaCha enc;
- ChaCha dec;
- byte cipher[128];
- byte plain[128];
- byte sliver[64];
- byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- word32 keySz = 32;
- wc_test_ret_t ret = 0;
- int i;
- int times = 4;
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- /* 128 bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte key4[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* keys[] = {key1, key2, key3, key4};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
- #ifndef BENCH_EMBEDDED
- WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
- 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
- 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a,
- 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00,
- 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32,
- 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6,
- 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17,
- 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e,
- 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0,
- 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6,
- 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87,
- 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4,
- 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28,
- 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26,
- 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d,
- 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91,
- 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4,
- 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad,
- 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0,
- 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46,
- 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb,
- 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95,
- 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a,
- 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76,
- 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5,
- 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a,
- 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8,
- 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52,
- 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7,
- 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3,
- 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef,
- 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90,
- 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56,
- 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac,
- 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85,
- 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0,
- 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d,
- 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a,
- 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d,
- 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f,
- 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda,
- 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39,
- 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83,
- 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e,
- 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92,
- 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc,
- 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3,
- 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6,
- 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9,
- 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16,
- 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7,
- 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65,
- 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f,
- 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38,
- 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9,
- 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0,
- 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb,
- 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d,
- 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44,
- 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a,
- 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80,
- 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d,
- 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce,
- 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51,
- 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24,
- 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2,
- 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88,
- 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47,
- 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45,
- 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4,
- 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c,
- 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7,
- 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92,
- 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5,
- 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc,
- 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19,
- 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3,
- 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a,
- 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9,
- 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f,
- 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89,
- 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5,
- 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c,
- 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d,
- 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99,
- 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5,
- 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18,
- 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf,
- 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3,
- 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d,
- 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca,
- 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a,
- 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39,
- 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13,
- 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee,
- 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8,
- 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc,
- 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a,
- 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2,
- 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1,
- 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07,
- 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0,
- 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3,
- 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3,
- 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19,
- 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8,
- 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02,
- 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e,
- 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22,
- 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec
- };
- #define CHACHA_BIG_TEST_SIZE 1305
- #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
- byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0};
- byte plain_big[CHACHA_BIG_TEST_SIZE] = {0};
- byte input_big[CHACHA_BIG_TEST_SIZE] = {0};
- #else
- byte* cipher_big;
- byte* plain_big;
- byte* input_big;
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- int block_size;
- #endif /* BENCH_EMBEDDED */
- byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
- byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
- byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
- byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
- byte* test_chacha[4];
- test_chacha[0] = a;
- test_chacha[1] = b;
- test_chacha[2] = c;
- test_chacha[3] = d;
- WOLFSSL_ENTER("chacha_test");
- #ifndef BENCH_EMBEDDED
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher_big == NULL) {
- return MEMORY_E;
- }
- plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (plain_big == NULL) {
- return MEMORY_E;
- }
- input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (input_big == NULL) {
- return MEMORY_E;
- }
- XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
- XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
- XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE);
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- #endif /* BENCH_EMBEDDED */
- for (i = 0; i < times; ++i) {
- if (i < 3) {
- keySz = 32;
- }
- else {
- keySz = 16;
- }
- XMEMCPY(plain, keys[i], keySz);
- XMEMSET(cipher, 0, 32);
- XMEMCPY(cipher + 4, ivs[i], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 0);
- if (ret != 0)
- return ret;
- XMEMCPY(plain, input, 8);
- ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8);
- ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8);
- if (ret != 0)
- return ret;
- if (XMEMCMP(test_chacha[i], cipher, 8))
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(plain, input, 8))
- return WC_TEST_RET_ENC_I(i);
- }
- /* test of starting at a different counter
- encrypts all of the information and decrypts starting at 2nd chunk */
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMCPY(cipher + 4, ivs[0], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 1);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain));
- ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver));
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain + 64, sliver, 64))
- return WC_TEST_RET_ENC_NC;
- #ifndef BENCH_EMBEDDED
- /* test of encrypting more data */
- keySz = 32;
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
- ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
- ret |= wc_Chacha_Process(&dec, plain_big, cipher_big,
- CHACHA_BIG_TEST_SIZE);
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
- return WC_TEST_RET_ENC_NC;
- for (i = 0; i < 18; ++i) {
- /* this will test all paths
- * block sizes: 1 3 7 15 31 63 127 255 511 (i = 0- 8)
- * 2 4 8 16 32 64 128 256 512 (i = 9-17)
- */
- block_size = (2 << (i%9)) - (i<9?1:0);
- keySz = 32;
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
- ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , (word32)block_size);
- ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, (word32)block_size);
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain_big, input_big, block_size))
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(cipher_big, cipher_big_result, block_size))
- return WC_TEST_RET_ENC_I(i);
- }
- /* Streaming test */
- for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) {
- int j, rem;
- ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
- ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- rem = CHACHA_BIG_TEST_SIZE - j;
- ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
- return WC_TEST_RET_ENC_NC;
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- #endif /* BENCH_EMBEDDED */
- return 0;
- }
- #endif /* HAVE_CHACHA */
- #ifdef HAVE_POLY1305
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
- {
- byte tag[16];
- Poly1305 enc;
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
- 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
- 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
- 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
- 0x75,0x70
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
- 0x6c,0x64,0x21
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- byte additional[] =
- {
- 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
- 0xc4,0xc5,0xc6,0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
- {
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
- {
- 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
- 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
- {
- 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
- 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
- {
- 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
- 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
- {
- 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
- 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
- {
- 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
- {
- 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
- 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
- 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
- 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
- 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
- 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key4[] = {
- 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
- 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
- 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
- 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key5[] = {
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6};
- word32 szm[] = {0, sizeof(msg1), sizeof(msg2),
- sizeof(msg3), sizeof(msg5), sizeof(msg6)};
- const byte* keys[] = {key, key, key2, key2, key5, key};
- const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
- correct6};
- int i;
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("poly1305_test");
- for (i = 0; i < 6; i++) {
- ret = wc_Poly1305SetKey(&enc, keys[i], 32);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_Poly1305Final(&enc, tag);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(tag, tests[i], sizeof(tag)))
- return WC_TEST_RET_ENC_I(i);
- }
- /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
- XMEMSET(tag, 0, sizeof(tag));
- ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(tag, correct4, sizeof(tag)))
- return WC_TEST_RET_ENC_NC;
- /* Check fail of TLS MAC function if altering additional data */
- XMEMSET(tag, 0, sizeof(tag));
- additional[0]++;
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_POLY1305 */
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
- {
- /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plaintext1[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
- 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
- 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
- 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
- 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
- 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
- 0x74, 0x2e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = {
- 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47
- };
- WOLFSSL_SMALL_STACK_STATIC const byte aad1[] = { /* additional data */
- 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
- 0xc4, 0xc5, 0xc6, 0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = { /* expected output from operation */
- 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
- 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
- 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
- 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
- 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
- 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
- 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
- 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
- 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
- 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
- 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
- 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
- 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
- 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
- 0x61, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte authTag1[] = { /* expected output from operation */
- 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
- 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
- };
- /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
- 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
- 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
- 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plaintext2[] = {
- 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
- 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
- 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
- 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
- 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
- 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
- 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
- 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
- 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
- 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
- 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
- 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
- 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
- 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
- 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
- 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
- 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
- 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
- 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
- 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
- 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
- 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
- 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
- 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
- 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
- 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
- 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
- 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
- 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
- 0x9d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
- 0x05, 0x06, 0x07, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte aad2[] = { /* additional data */
- 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x4e, 0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = { /* expected output from operation */
- 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
- 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
- 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
- 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
- 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
- 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
- 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
- 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
- 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
- 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
- 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
- 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
- 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
- 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
- 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
- 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
- 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
- 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
- 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
- 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
- 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
- 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
- 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
- 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
- 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
- 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
- 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
- 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
- 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
- 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
- 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
- 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
- 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
- 0x9b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte authTag2[] = { /* expected output from operation */
- 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
- 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
- };
- byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
- byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
- byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
- ChaChaPoly_Aead aead;
- #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
- #define TEST_SMALL_CHACHA_CHUNKS 32
- #else
- #define TEST_SMALL_CHACHA_CHUNKS 64
- #endif
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- word32 testLen;
- #endif
- wc_test_ret_t err;
- WOLFSSL_ENTER("chacha20_poly1305_aead_test");
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Parameter Validation testing */
- /* Encrypt */
- err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1), generatedCiphertext,
- generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, NULL);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- /* Decrypt */
- err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), NULL, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, NULL);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- /* Test #1 */
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
- aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return WC_TEST_RET_ENC_EC(err);
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return WC_TEST_RET_ENC_NC;
- }
- if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
- aad1, sizeof(aad1),
- cipher1, sizeof(cipher1),
- authTag1, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test #2 */
- err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
- aad2, sizeof(aad2),
- plaintext2, sizeof(plaintext2),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return err;
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return WC_TEST_RET_ENC_NC;
- }
- if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
- aad2, sizeof(aad2),
- cipher2, sizeof(cipher2),
- authTag2, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* AEAD init/update/final - bad argument tests */
- err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
- generatedPlaintext, sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
- sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
- sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_Final(&aead, NULL);
- if (err != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(err);
- /* AEAD init/update/final - bad state tests */
- /* clear struct - make valgrind happy to resolve
- "Conditional jump or move depends on uninitialised value(s)".
- The enum is "int" size and aead.state is "byte" */
- /* The wc_ChaCha20Poly1305_Init function does this normally */
- XMEMSET(&aead, 0, sizeof(aead));
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- aead.state = CHACHA20_POLY1305_STATE_DATA;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
- generatedPlaintext, sizeof(plaintext1));
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- aead.state = CHACHA20_POLY1305_STATE_READY;
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(err);
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test 1 - Encrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
- CHACHA20_POLY1305_AEAD_ENCRYPT);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext1); ) {
- word32 dataLen = sizeof(plaintext1) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen],
- &generatedCiphertext[testLen], dataLen);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1,
- generatedCiphertext, sizeof(plaintext1));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* Test 1 - Decrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext1); ) {
- word32 dataLen = sizeof(plaintext1) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead,
- &generatedCiphertext[testLen], &generatedPlaintext[testLen],
- dataLen);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
- generatedPlaintext, sizeof(cipher1));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test 2 - Encrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
- CHACHA20_POLY1305_AEAD_ENCRYPT);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext2); ) {
- word32 dataLen = sizeof(plaintext2) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen],
- &generatedCiphertext[testLen], dataLen);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext,
- sizeof(plaintext2));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return WC_TEST_RET_ENC_NC;
- }
- /* Test 2 - Decrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext2); ) {
- word32 dataLen = sizeof(plaintext2) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead,
- &generatedCiphertext[testLen], &generatedPlaintext[testLen],
- dataLen);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
- generatedPlaintext, sizeof(cipher2));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
- if (err != 0)
- return WC_TEST_RET_ENC_EC(err);
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return WC_TEST_RET_ENC_NC;
- }
- return err;
- }
- #endif /* HAVE_CHACHA && HAVE_POLY1305 */
- #ifndef NO_DES3
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des enc;
- Des dec;
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- wc_test_ret_t ret;
- WOLFSSL_ENTER("des_test");
- ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, sizeof(cipher)))
- return WC_TEST_RET_ENC_NC;
- ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
- {
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(EncryptedInfo));
- XMEMCPY(info.iv, iv, sizeof(iv));
- info.ivSz = sizeof(iv);
- info.keySz = sizeof(key);
- info.cipherType = WC_CIPHER_DES;
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_SHA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Test invalid info ptr */
- ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_SHA);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef NO_PWDBASED
- /* Test invalid hash type - only applies to wc_PBKDF1 call */
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_NONE);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* !NO_PWDBASED */
- }
- #endif
- return 0;
- }
- #endif /* !NO_DES3 */
- #ifndef NO_DES3
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des3 enc;
- Des3 dec;
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
- {
- 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
- 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
- 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
- };
- wc_test_ret_t ret;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- size_t i;
- #endif
- WOLFSSL_ENTER("des3_test");
- ret = wc_Des3Init(&enc, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3Init(&dec, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return WC_TEST_RET_ENC_NC;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- /* test the same vectors with using compatibility layer */
- for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){
- DES_key_schedule ks1;
- DES_key_schedule ks2;
- DES_key_schedule ks3;
- DES_cblock iv4;
- byte tmp[sizeof(vector)];
- XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
- XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
- XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(cipher, 0, sizeof(cipher));
- /* Test in-place encrypt/decrypt */
- XMEMCPY(tmp, vector, sizeof(vector));
- /* Use i as the splitter */
- XMEMCPY(iv4, iv3, sizeof(DES_cblock));
- DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
- &iv4, DES_ENCRYPT);
- DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
- &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT);
- XMEMCPY(cipher, tmp, sizeof(cipher));
- XMEMCPY(iv4, iv3, sizeof(DES_cblock));
- DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
- &iv4, DES_DECRYPT);
- DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
- &ks1, &ks2, &ks3, &iv4, DES_DECRYPT);
- XMEMCPY(plain, tmp, sizeof(plain));
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* OPENSSL_EXTRA */
- wc_Des3Free(&enc);
- wc_Des3Free(&dec);
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
- {
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(EncryptedInfo));
- XMEMCPY(info.iv, iv3, sizeof(iv3));
- info.ivSz = sizeof(iv3);
- info.keySz = sizeof(key3);
- info.cipherType = WC_CIPHER_DES3;
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3,
- sizeof(key3), WC_HASH_TYPE_SHA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- return 0;
- }
- #endif /* NO_DES3 */
- static const int fiducial1 = WC_TEST_RET_LN; /* source code reference point --
- * see print_fiducials() below.
- */
- #ifndef NO_AES
- #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
- defined(WOLFSSL_AES_XTS)
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
- /* pass in the function, key, iv, plain text and expected and this function
- * tests that the encryption and decryption is successful */
- static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
- const byte* iv, const byte* plain, int plainSz,
- const byte* expected, int expectedSz)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = NULL;
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- int ctx_inited = 0;
- int idx, cipherSz;
- wc_test_ret_t ret = 0;
- byte* cipher;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL)
- return MEMORY_E;
- #endif
- cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto EVP_TEST_END;
- }
- /* test encrypt */
- EVP_CIPHER_CTX_init(ctx);
- ctx_inited = 1;
- if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- cipherSz = idx;
- if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- cipherSz += idx;
- if (XMEMCMP(cipher, expected, plainSz)) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
- ctx_inited = 0;
- if (ret == WOLFSSL_SUCCESS)
- ret = 0;
- else {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- /* test decrypt */
- EVP_CIPHER_CTX_init(ctx);
- ctx_inited = 1;
- if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- cipherSz = idx;
- if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- cipherSz += idx;
- if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
- ret = WC_TEST_RET_ENC_NC;
- goto EVP_TEST_END;
- }
- EVP_TEST_END:
- if (cipher)
- XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- (void)cipherSz;
- if (ctx_inited) {
- int cleanup_ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
- if (cleanup_ret != WOLFSSL_SUCCESS)
- ret = WC_TEST_RET_ENC_NC;
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- return ret;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION3_GE(6,0,0) */
- #endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY && !HAVE_SELFTEST */
- #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
- #ifdef WOLFSSL_AES_OFB
- /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void)
- {
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
- 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
- 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
- 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
- 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain1[] =
- {
- 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
- 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
- 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
- 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
- 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
- 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
- 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
- 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
- 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
- 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
- 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
- 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
- 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
- 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
- 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
- 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
- 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- #endif /* WOLFSSL_AES_192 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("aesofb_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #endif
- #endif
- XMEMSET(enc, 0, sizeof *enc);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(dec, 0, sizeof *dec);
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
- cipher2, sizeof(cipher2));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
- cipher3, sizeof(cipher3));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
- plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
- cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* multiple blocks at once */
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* inline decrypt/encrypt*/
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
- ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* 256 key size test leftover support */
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, 3))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, plain1, 6))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- out:
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(dec);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* WOLFSSL_AES_OFB */
- #if defined(WOLFSSL_AES_CFB)
- /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of
- * Operation Methods and Techniques
- */
- static wc_test_ret_t aescfb_test_0(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- wc_test_ret_t ret = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
- 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
- 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 size key test */
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
- 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
- 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
- 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
- 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
- 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
- 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
- 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 size key simple test */
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
- 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
- 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
- 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
- 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
- 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
- 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
- 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* test restarting encryption process */
- ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
- msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
- cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
- cipher2, sizeof(cipher2));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
- cipher3, sizeof(cipher3));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- /* test with data left overs, magic lengths are checking near edges */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg3, 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain + 4, msg3 + 4, 27))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- return ret;
- }
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0))
- static wc_test_ret_t aescfb1_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE];
- #endif
- wc_test_ret_t ret = 0;
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9,
- 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73,
- 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0xC0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1_7bit[] =
- {
- 0x1C
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13,
- 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10,
- 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6,
- 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x30
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x80
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
- 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e,
- 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50,
- 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e,
- 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20,
- 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xF7, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x41, 0xC0
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (cipher[0] != cipher1[0])
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (plain[0] != msg1[0])
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 7);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (cipher[0] != cipher1_7bit[0])
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1,
- sizeof(msg1) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
- cipher, sizeof(msg1));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key tests */
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg2,
- sizeof(msg2) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
- cipher, sizeof(msg2));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key tests */
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg3,
- sizeof(msg3) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
- cipher, sizeof(msg3));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- return ret;
- }
- static wc_test_ret_t aescfb8_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE];
- #endif
- wc_test_ret_t ret = 0;
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae,
- 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46,
- 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0xd2,0x76,0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0xc9,0x06,0x35
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93,
- 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5,
- 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54,
- 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e,
- 0xb5,0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3,
- 0x3a,0x60
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
- 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44,
- 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc,
- 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9,
- 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23,
- 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0x1c,0xff,0x95
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0xb9,0x74,0xfa
- };
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key tests */
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
- cipher2, sizeof(msg2));
- if (ret != 0) {
- return ret;
- }
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key tests */
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
- cipher3, sizeof(msg3));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif /* WOLFSSL_AES_256 */
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- return ret;
- }
- #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
- #endif /* WOLFSSL_AES_CFB */
- static wc_test_ret_t aes_key_size_test(void)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *aes;
- #else
- Aes aes[1];
- #endif
- byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- #ifndef WOLFSSL_CRYPTOCELL
- byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
- #endif
- byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- byte iv[] = "1234567890abcdef";
- #ifndef HAVE_FIPS
- word32 keySize;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- #if !defined(HAVE_FIPS) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
- /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
- * supported with that FIPS version */
- ret = wc_AesInit(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_AesInit(aes, HEAP_HINT, devId);
- /* 0 check OK for FIPSv1 */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_FIPS
- /* Parameter Validation testing. */
- ret = wc_AesGetKeySize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGetKeySize(aes, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGetKeySize(NULL, &keySize);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* Crashes in FIPS */
- ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- /* NULL IV indicates to use all zeros IV. */
- ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* CryptoCell handles rounds internally */
- #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
- /* PSA don't use aes->rounds */
- #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_AES)
- /* Force invalid rounds */
- aes->rounds = 16;
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- #endif
- ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key16))
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- #ifndef WOLFSSL_CRYPTOCELL
- /* Cryptocell only supports AES-128 key size */
- ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_192
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key24))
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_256
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key32))
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- #endif /* !WOLFSSL_CRYPTOCELL */
- ret = 0; /* success */
- out:
- wc_AesFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
- /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
- #ifdef WOLFSSL_AES_128
- static wc_test_ret_t aes_xts_128_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
- unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
- #ifdef WOLFSSL_AESXTS_STREAM
- struct XtsAesStreamData stream;
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- #define LARGE_XTS_SZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* large_input = NULL;
- #else
- byte large_input[LARGE_XTS_SZ];
- #endif
- #endif
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
- 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
- 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
- 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
- };
- /* plain text test of partial block is not from NIST test vector list */
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
- 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
- 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
- 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
- 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
- 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
- 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
- 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
- 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
- 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
- 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
- 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = {
- 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
- 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
- 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
- };
- #ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
- 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
- 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
- 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
- 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
- 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
- };
- #endif /* HAVE_FIPS */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
- if (ret != 0) {
- printf("EVP_aes_128_xts failed!\n");
- goto out;
- }
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i2), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, cipher, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, buf, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, cipher, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* fail case with decrypting using wrong key */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* set correct key and retest */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifndef HAVE_FIPS
- /* Test ciphertext stealing in-place. */
- XMEMCPY(buf, p3, sizeof(p3));
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, buf, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, buf, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, buf, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, buf, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #endif /* !HAVE_FIPS */
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- {
- int i;
- int j;
- #ifdef WOLFSSL_AESXTS_STREAM
- int k;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
- #endif
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #ifdef WOLFSSL_AESXTS_STREAM
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- /* first, encrypt block by block then decrypt with a one-shot call. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- /* second, encrypt with a one-shot call then decrypt block by block. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #endif /* WOLFSSL_AESXTS_STREAM */
- }
- #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
- * !WOLFSSL_AFALG
- */
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
- !defined(WOLFSSL_NO_MALLOC)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- static wc_test_ret_t aes_xts_192_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
- unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
- #ifdef WOLFSSL_AESXTS_STREAM
- struct XtsAesStreamData stream;
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- #define LARGE_XTS_SZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* large_input = NULL;
- #else
- byte large_input[LARGE_XTS_SZ];
- #endif
- #endif
- /* 192 bit key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
- 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
- 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
- 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
- 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
- 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4,
- 0xdb, 0x4e, 0xd3, 0x69, 0xdf, 0x8e, 0x3a, 0xe0
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
- 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
- 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
- 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
- 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
- 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
- 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
- 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
- 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
- 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0x6c, 0xa6, 0xb5, 0x73, 0x48, 0xf1, 0x89, 0xfa,
- 0xdd, 0x80, 0x72, 0x1f, 0xb8, 0x56, 0x0c, 0xa2,
- 0x35, 0xd4, 0x08, 0xbf, 0x24, 0xcb, 0xec, 0xdb,
- 0x81, 0xe0, 0xe6, 0x4f, 0x3d, 0x1c, 0x5c, 0x46
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = {
- 0xe9, 0x58, 0xfe, 0xab, 0x66, 0xb4, 0xf1, 0x79,
- 0x91, 0x3f, 0x91, 0xdc, 0x6f, 0xdf, 0xd6, 0xac,
- 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4
- };
- #ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
- 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
- 0xa4, 0xf2, 0x71, 0x5d, 0x80, 0x60, 0x68, 0xa0,
- 0x80, 0x61, 0xd7, 0xc1, 0x55, 0xc8, 0x3a, 0x2e,
- 0xd7, 0xf4, 0x62, 0xaf, 0xbd, 0x2d, 0xf9, 0x5f,
- 0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba,
- 0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde
- };
- #endif /* HAVE_FIPS */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, cipher, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, buf, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cp2, cipher, sizeof(cp2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
- defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* fail case with decrypting using wrong key */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* set correct key and retest */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifndef HAVE_FIPS
- /* Test ciphertext stealing in-place. */
- XMEMCPY(buf, p3, sizeof(p3));
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, buf, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p3, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p3 + AES_BLOCK_SIZE, sizeof(p3) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, buf, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, buf, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptUpdate(aes, buf, c3, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf + AES_BLOCK_SIZE, c3 + AES_BLOCK_SIZE, sizeof(c3) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, buf, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- #endif /* !HAVE_FIPS */
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- {
- int i;
- int j;
- #ifdef WOLFSSL_AESXTS_STREAM
- int k;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
- #endif
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #ifdef WOLFSSL_AESXTS_STREAM
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- /* first, encrypt block by block then decrypt with a one-shot call. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- /* second, encrypt with a one-shot call then decrypt block by block. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #endif /* WOLFSSL_AESXTS_STREAM */
- }
- #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
- * !WOLFSSL_AFALG
- */
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
- !defined(WOLFSSL_NO_MALLOC)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- static wc_test_ret_t aes_xts_256_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 3];
- unsigned char cipher[AES_BLOCK_SIZE * 3];
- #ifdef WOLFSSL_AESXTS_STREAM
- struct XtsAesStreamData stream;
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- #define LARGE_XTS_SZ 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* large_input = NULL;
- #else
- byte large_input[LARGE_XTS_SZ];
- #endif
- #endif
- /* 256 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
- 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
- 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
- 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
- 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
- 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
- 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
- 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
- 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
- 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
- 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
- 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
- };
- /* plain text test of partial block is not from NIST test vector list */
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
- 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
- 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
- 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
- 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
- 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
- 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
- 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
- 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
- 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
- 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
- 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
- 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
- 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
- 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
- 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
- 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
- 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
- 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
- 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
- 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
- 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
- if (ret != 0) {
- printf("EVP_aes_256_xts failed\n");
- goto out;
- }
- #endif
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p2, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf + AES_BLOCK_SIZE, p2 + AES_BLOCK_SIZE, sizeof(p2) - AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef WOLFSSL_AESXTS_STREAM
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, sizeof(p1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* WOLFSSL_AESXTS_STREAM */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG)
- {
- int i;
- int j;
- #ifdef WOLFSSL_AESXTS_STREAM
- int k;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (large_input == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
- #endif
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #ifdef WOLFSSL_AESXTS_STREAM
- for (i = 0; i < (int)LARGE_XTS_SZ; i++)
- large_input[i] = (byte)i;
- /* first, encrypt block by block then decrypt with a one-shot call. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- /* second, encrypt with a one-shot call then decrypt block by block. */
- for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
- sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (k = 0; k < j; k += AES_BLOCK_SIZE) {
- if ((j - k) < AES_BLOCK_SIZE*2)
- ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
- else
- ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, AES_BLOCK_SIZE, &stream);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
- WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if ((j - k) < AES_BLOCK_SIZE*2)
- break;
- }
- for (i = 0; i < j; i++) {
- if (large_input[i] != (byte)i) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- }
- #endif /* WOLFSSL_AESXTS_STREAM */
- }
- #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
- * !WOLFSSL_AFALG
- */
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \
- !defined(WOLFSSL_NO_MALLOC)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- /* both 128 and 256 bit key test */
- static wc_test_ret_t aes_xts_sector_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- /* 256 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
- 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
- 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
- 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
- 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
- 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
- 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
- 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
- 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
- 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
- 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
- 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
- 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
- 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
- };
- word64 s2 = 187;
- #if !defined(BENCH_EMBEDDED) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- /* Sector size for encrypt/decrypt consecutive sectors testcase */
- word32 sectorSz = 512;
- unsigned char data[550];
- WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
- 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
- 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
- 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
- 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
- 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
- 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
- 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
- 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
- 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
- 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
- 0xfc, 0xfd, 0xfe, 0xff,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
- 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
- 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
- 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
- 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
- 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
- 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
- 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
- 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
- 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
- 0xfc, 0xfd, 0xfe, 0xff,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
- 0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62,
- 0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9,
- 0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37,
- 0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64,
- 0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80,
- 0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4,
- 0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5,
- 0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83,
- 0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24,
- 0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0,
- 0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95,
- 0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9,
- 0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1,
- 0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87,
- 0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc,
- 0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e,
- 0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9,
- 0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5,
- 0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44,
- 0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4,
- 0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08,
- 0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2,
- 0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81,
- 0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79,
- 0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1,
- 0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74,
- 0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68,
- 0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c,
- 0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd,
- 0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6,
- 0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78,
- 0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b,
- 0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f,
- 0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3,
- 0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5,
- 0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2,
- 0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a,
- 0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63,
- 0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17,
- 0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a,
- 0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5,
- 0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7,
- 0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad,
- 0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde,
- 0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44,
- 0x24, 0xe7, 0x3d, 0x6f
- };
- word64 s3 = 0x000000ffffffffff;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* 256 bit key tests */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if !defined(BENCH_EMBEDDED) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- /* encrypt consecutive sectors test */
- XMEMSET(data, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptConsecutiveSectors(aes, data, p3,
- sizeof(p3), s3, sectorSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c3, data, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decrypt consecutive sectors test */
- XMEMSET(data, 0, sizeof(buf));
- ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptConsecutiveSectors(aes, data, c3,
- sizeof(c3), s3, sectorSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, data, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* !BENCH_EMBEDDED && (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) */
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- /* testing of bad arguments */
- static wc_test_ret_t aes_xts_args_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- wc_test_ret_t ret;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- aes_inited = 1;
- if (wc_AesXtsSetKeyNoInit(NULL, k1, sizeof(k1), AES_ENCRYPTION) == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (wc_AesXtsSetKeyNoInit(aes, NULL, sizeof(k1), AES_ENCRYPTION) == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* encryption operations */
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decryption operations */
- ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
- ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
- #else
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #endif
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = 0;
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- static wc_test_ret_t aes_cbc_test(void)
- {
- byte cipher[AES_BLOCK_SIZE];
- byte plain[AES_BLOCK_SIZE];
- wc_test_ret_t ret;
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- /* Parameter Validation testing. */
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_AES_DECRYPT */
- (void)plain;
- return 0;
- }
- #endif
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- static wc_test_ret_t aesecb_test(void)
- {
- wc_test_ret_t ret = 0;
- #if defined(WOLFSSL_AES_256)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain[AES_BLOCK_SIZE * 4];
- #endif /* HAVE_AES_DECRYPT */
- {
- WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- enc_inited = 1;
- #if defined(HAVE_AES_DECRYPT)
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- dec_inited = 1;
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #endif /* HAVE_AES_DECRYPT */
- }
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #ifdef HAVE_AES_DECRYPT
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #endif
- #else
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* HAVE_AES_ECB */
- #ifdef WOLFSSL_AES_COUNTER
- static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
- {
- wc_test_ret_t ret = 0;
- /* test vectors from "Recommendation for Block Cipher Modes of
- * Operation" NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] =
- {
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xfe
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0x0f,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96_2[] =
- {
- 0xff,0xff,0xff,0xf0,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- #endif
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] =
- {
- 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
- 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
- 0x7e,0xad,0xea,0x5c,0xd1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32CipherLong[] =
- {
- 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
- 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
- 0x7e,0xad,0xea,0x5c,0xd1,0xb7,0x98,0xf0,
- 0x22,0x20,0xfe,0x67,0xb0,0x02,0x23,0x50
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32_2CipherLong[] =
- {
- 0x6e,0xa1,0x27,0x4d,0xea,0x20,0x5f,0x39,
- 0x68,0xc8,0xb6,0x78,0xde,0xfc,0x53,0x5c,
- 0x90,0xc8,0xf6,0xc6,0xfa,0xe0,0x7b,0x09,
- 0x7c,0xf8,0x9c,0x6a,0x5a,0xa5,0x17,0x7f,
- 0x03,0x92,0x5f,0x4e,0x85,0xea,0x26,0xc9,
- 0x5a,0xc2,0x74,0xe2,0xbf,0xe4,0x1b,0xd4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64Cipher[] =
- {
- 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
- 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
- 0xae,0x74,0x94,0x72,0x8e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64CipherLong[] =
- {
- 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
- 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
- 0xae,0x74,0x94,0x72,0x8e,0xd0,0x71,0xc0,
- 0x89,0x8a,0xa1,0xb0,0x29,0xa0,0x10,0x9e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64_2CipherLong[] =
- {
- 0x3f,0xe7,0xd5,0xf3,0xfa,0x09,0xfe,0x40,
- 0xa6,0xa1,0x32,0x8b,0x57,0x12,0xb9,0xfa,
- 0xf2,0x2d,0xe4,0x3c,0x66,0x1d,0x0a,0x8e,
- 0x46,0xf8,0x2e,0x33,0xce,0x8d,0x4e,0x3b,
- 0x17,0x67,0x9e,0x9f,0x76,0x9e,0xc2,0x99,
- 0xd5,0xd4,0x71,0xed,0xb4,0x33,0xb2,0xcd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96Cipher[] =
- {
- 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
- 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
- 0x9d,0x77,0xc9,0x5f,0x38
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96CipherLong[] =
- {
- 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
- 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
- 0x9d,0x77,0xc9,0x5f,0x38,0xb5,0x6e,0x44,
- 0x21,0x8e,0xda,0x57,0xe0,0x41,0xc7,0x6a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96_2CipherLong[] =
- {
- 0xc8,0x81,0x1a,0xbe,0xc7,0x5b,0x93,0x6f,
- 0xe6,0x52,0xe4,0xb1,0x2d,0x1c,0x39,0xbc,
- 0xeb,0x82,0x27,0x0a,0x7e,0xa5,0x0e,0x2d,
- 0x32,0xda,0xbe,0x10,0x7a,0x10,0xcc,0xd3,
- 0x6f,0xc6,0x83,0x28,0x05,0x57,0x8a,0x24,
- 0x44,0x76,0x17,0x81,0xb9,0x5c,0x94,0x81
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] =
- {
- 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
- 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
- 0xd3,0xda,0xe1,0x5b,0x04
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] =
- {
- 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
- 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
- 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
- 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] =
- {
- 0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67,
- 0xc1,0xa7,0x90,0x3b,0x3f,0xdd,0xfa,0x89,
- 0x24,0xdf,0x0c,0x56,0x5c,0xf4,0x2a,0x68,
- 0x97,0x87,0x13,0xb6,0x7a,0xd1,0x24,0xfd,
- 0x4d,0x3f,0x77,0x4a,0xb9,0xe4,0x7d,0xa2,
- 0xdb,0xb9,0x31,0x5e,0xa3,0x11,0x06,0x80
- };
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
- 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
- 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
- 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
- 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
- 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
- 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] =
- {
- 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
- 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
- 0x0c,0x33,0x97,0x06,0xc0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32CipherLong[] =
- {
- 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
- 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
- 0x0c,0x33,0x97,0x06,0xc0,0xbe,0x83,0x87,
- 0xdd,0xd3,0xff,0xd8,0xe4,0x6a,0x5b,0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32_2CipherLong[] =
- {
- 0xf5,0x00,0xa2,0x91,0x54,0xa3,0x76,0xa2,
- 0xdd,0xad,0x16,0x89,0xe5,0xf0,0x1d,0x40,
- 0x84,0xcd,0x74,0x84,0xcb,0x8b,0x9e,0x29,
- 0xa9,0x8a,0x12,0x65,0xa0,0x79,0x5e,0xce,
- 0xd9,0x50,0x65,0x21,0x86,0xb0,0x85,0x0d,
- 0x98,0x2d,0x9a,0x5a,0x11,0xbe,0xa5,0x7f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64Cipher[] =
- {
- 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
- 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
- 0x3d,0xf7,0xb4,0xfd,0x8c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64CipherLong[] =
- {
- 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
- 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
- 0x3d,0xf7,0xb4,0xfd,0x8c,0x55,0x47,0x10,
- 0xd5,0x91,0x35,0xbe,0xd8,0x0d,0xa5,0x9e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64_2CipherLong[] =
- {
- 0x59,0xf1,0xed,0x70,0x62,0x42,0xa8,0x06,
- 0x07,0x36,0xe1,0xc5,0x04,0x79,0xc3,0x9b,
- 0xd1,0x14,0x5c,0xcc,0x6f,0x81,0x5f,0x2f,
- 0xa0,0xde,0xcf,0x61,0x55,0x18,0x7a,0xac,
- 0xb0,0x59,0x37,0x90,0x53,0xb3,0x00,0x88,
- 0xb4,0x49,0x90,0x7b,0x96,0xcd,0xcc,0xc3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96Cipher[] =
- {
- 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
- 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
- 0x47,0xb5,0xf3,0x30,0x3b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96CipherLong[] =
- {
- 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
- 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
- 0x47,0xb5,0xf3,0x30,0x3b,0xef,0xcd,0x80,
- 0xe3,0x61,0x34,0xef,0x4e,0x1b,0x79,0xc1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96_2CipherLong[] =
- {
- 0x3c,0xb2,0xff,0xc0,0x24,0xe1,0xf5,0xc4,
- 0x0f,0xd1,0x0a,0x1b,0xbe,0x1f,0x23,0xa1,
- 0x8e,0xbf,0x2b,0x96,0xb6,0x37,0xc8,0x25,
- 0x06,0x90,0xe2,0xca,0x71,0x24,0x52,0x95,
- 0xaa,0x8c,0x80,0xdf,0xb7,0xd7,0x30,0xb0,
- 0xcc,0x06,0x4f,0x28,0xa2,0x74,0x27,0xf8
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128Cipher[] =
- {
- 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
- 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
- 0x8c,0x68,0xa7,0xd9,0x57
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128CipherLong[] =
- {
- 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
- 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
- 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f,
- 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] =
- {
- 0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0,
- 0xfc,0xbc,0x63,0xdc,0xd9,0x60,0x52,0xb2,
- 0x99,0x2f,0xbb,0x1e,0x00,0xf5,0x9f,0x6d,
- 0xab,0x48,0x0f,0xc6,0x37,0x12,0x56,0xe3,
- 0x12,0x8d,0x31,0xc8,0xea,0xf4,0x41,0x82,
- 0x7a,0x88,0xe0,0xd7,0xf0,0x67,0x03,0xa4
- };
- #endif
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
- 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
- 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
- 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
- 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
- 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
- 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] =
- {
- 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
- 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
- 0xa2,0x13,0x47,0x74,0xda
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32CipherLong[] =
- {
- 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
- 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
- 0xa2,0x13,0x47,0x74,0xda,0x89,0x77,0x40,
- 0x28,0x9c,0xe8,0x19,0x26,0x32,0xd8,0x1f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32_2CipherLong[] =
- {
- 0xf6,0xd9,0x22,0xc6,0x80,0x29,0xaf,0x14,
- 0x54,0x6c,0x0a,0xce,0x42,0xea,0x3c,0xa1,
- 0x7c,0xeb,0x36,0x0d,0x8e,0xd7,0x8c,0x59,
- 0xa8,0x09,0x9f,0x9e,0xba,0x5b,0x95,0xfa,
- 0x26,0x8c,0x37,0x59,0xf8,0xae,0x8e,0xaa,
- 0x4d,0xe4,0x1c,0xfe,0x51,0xc7,0xb7,0xcc
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64Cipher[] =
- {
- 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
- 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
- 0xd4,0x94,0x4c,0xcd,0x4d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64CipherLong[] =
- {
- 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
- 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
- 0xd4,0x94,0x4c,0xcd,0x4d,0x47,0x5a,0x92,
- 0x26,0x49,0x81,0x7a,0xda,0x36,0x27,0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64_2CipherLong[] =
- {
- 0xf7,0x9c,0xbf,0xf6,0xa2,0xaa,0x8a,0x0a,
- 0x63,0x8a,0x20,0x2f,0x12,0xf1,0x8e,0x49,
- 0x30,0xc0,0x8d,0x5c,0x5f,0x8b,0xbc,0x16,
- 0xdd,0x71,0xee,0x13,0x14,0x7b,0xe1,0x25,
- 0xcb,0x87,0x8a,0xc6,0xdc,0x1d,0x54,0x7a,
- 0xe1,0xe4,0x6f,0x0d,0x95,0x1b,0xd1,0x8b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96Cipher[] =
- {
- 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
- 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
- 0xb8,0x69,0xa1,0x48,0x45
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96CipherLong[] =
- {
- 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
- 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
- 0xb8,0x69,0xa1,0x48,0x45,0xf1,0xc6,0x27,
- 0x36,0xa8,0xb2,0x4b,0x0e,0x62,0x6b,0x72
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96_2CipherLong[] =
- {
- 0xd5,0x56,0x73,0xaa,0xb8,0xe4,0x06,0xf6,
- 0x83,0x45,0x3a,0xb4,0xb9,0x63,0xec,0xad,
- 0x73,0xc5,0xab,0x78,0xb1,0x21,0xab,0xef,
- 0x69,0x15,0xb7,0x0c,0xe9,0xb4,0x3a,0xe7,
- 0xbc,0xc4,0x22,0xbd,0x93,0xba,0x52,0xe0,
- 0x91,0x2f,0x5e,0x8d,0x6d,0x59,0xf7,0xc2
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] =
- {
- 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
- 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
- 0x4b,0x45,0x7c,0xd6,0x8a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] =
- {
- 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
- 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
- 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
- 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] =
- {
- 0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94,
- 0x2b,0x93,0x56,0x13,0x48,0xa0,0x21,0xce,
- 0x95,0x11,0xa3,0x76,0xd6,0x59,0x88,0x42,
- 0x04,0x71,0x69,0x62,0x28,0xb2,0xee,0x9d,
- 0xd5,0xa0,0xea,0xc7,0x37,0x93,0x92,0xc7,
- 0xf2,0xb6,0x8d,0xd9,0x59,0x1a,0xfa,0xbb
- };
- #endif
- #endif
- int i;
- struct {
- const byte* key;
- int keySz;
- const byte* iv;
- const byte* plain;
- int len;
- const byte* cipher;
- } testVec[] = {
- #ifdef WOLFSSL_AES_128
- { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr128Cipher },
- /* and an additional 9 bytes to reuse tmp left buffer */
- { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher },
- /* Counter wrapping */
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
- ctr128Wrap128CipherLong },
- #ifdef WOLFSSL_ARMASM
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong),
- ctr128Wrap128_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr128Wrap96Cipher), ctr128Wrap96Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr128Wrap96CipherLong),
- ctr128Wrap96CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr128Wrap96_2CipherLong),
- ctr128Wrap96_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr128Wrap64Cipher), ctr128Wrap64Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr128Wrap64CipherLong),
- ctr128Wrap64CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr128Wrap64_2CipherLong),
- ctr128Wrap64_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr128Wrap32Cipher), ctr128Wrap32Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr128Wrap32CipherLong),
- ctr128Wrap32CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr128Wrap32_2CipherLong),
- ctr128Wrap32_2CipherLong },
- #endif
- #endif
- #ifdef WOLFSSL_AES_192
- { ctr192Key, (int)sizeof(ctr192Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr192Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr192Key, (int)sizeof(ctr192Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr192Cipher },
- /* Counter wrapping */
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr192Wrap128CipherLong),
- ctr192Wrap128CipherLong },
- #ifdef WOLFSSL_ARMASM
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong),
- ctr192Wrap128_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr192Wrap96Cipher), ctr192Wrap96Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr192Wrap96CipherLong),
- ctr192Wrap96CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr192Wrap96_2CipherLong),
- ctr192Wrap96_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr192Wrap64Cipher), ctr192Wrap64Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr192Wrap64CipherLong),
- ctr192Wrap64CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr192Wrap64_2CipherLong),
- ctr192Wrap64_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr192Wrap32Cipher), ctr192Wrap32Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr192Wrap32CipherLong),
- ctr192Wrap32CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr192Wrap32_2CipherLong),
- ctr192Wrap32_2CipherLong },
- #endif
- #endif
- #ifdef WOLFSSL_AES_256
- { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr256Cipher },
- /* Counter wrapping */
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
- ctr256Wrap128CipherLong },
- #ifdef WOLFSSL_ARMASM
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong),
- ctr256Wrap128_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr256Wrap96Cipher), ctr256Wrap96Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr256Wrap96CipherLong),
- ctr256Wrap96CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr256Wrap96_2CipherLong),
- ctr256Wrap96_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr256Wrap64Cipher), ctr256Wrap64Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr256Wrap64CipherLong),
- ctr256Wrap64CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr256Wrap64_2CipherLong),
- ctr256Wrap64_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr256Wrap32Cipher), ctr256Wrap32Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr256Wrap32CipherLong),
- ctr256Wrap32CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr256Wrap32_2CipherLong),
- ctr256Wrap32_2CipherLong },
- #endif
- #endif
- };
- #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
- for (i = 0; i < AES_CTR_TEST_LEN; i++) {
- if (testVec[i].key != NULL) {
- ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- /* Ctr only uses encrypt, even on key setup */
- ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- }
- ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, (word32)testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- ret = wc_AesCtrEncrypt(dec, plain, cipher, (word32)testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
- if (XMEMCMP(cipher, testVec[i].cipher, (size_t)testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #endif
- }
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- for (i = 0; i < AES_CTR_TEST_LEN; i++) {
- if (testVec[i].key != NULL) {
- ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- /* Ctr only uses encrypt, even on key setup */
- ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- }
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
- if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #endif
- }
- for (i = 0; i < AES_CTR_TEST_LEN; i++) {
- if (testVec[i].key != NULL) {
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- /* Ctr only uses encrypt, even on key setup */
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- }
- ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
- if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- #endif
- }
- #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
- out:
- return ret;
- }
- #endif /* WOLFSSL_AES_COUNTER */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
- {
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE * 4];
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE * 4];
- #endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
- wc_test_ret_t ret = 0;
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- #ifdef HAVE_RENESAS_SYNC
- const byte *key =
- (byte*)guser_PKCbInfo.wrapped_key_aes128;
- #else
- WOLFSSL_SMALL_STACK_STATIC const
- byte key[] = "0123456789abcdef "; /* align */
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */
- WOLFSSL_ENTER("aes_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- if (enc == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- if (dec == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- enc_inited = 1;
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- dec_inited = 1;
- #endif
- ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- #ifdef HAVE_AES_ECB
- {
- WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[AES_BLOCK_SIZE] = {
- 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
- 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
- };
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, verify_ecb, AES_BLOCK_SIZE)) {
- WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- WOLFSSL_MSG("failed wc_AesCbcDecrypt");
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) {
- WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- /* skipped because wrapped key use in case of renesas sm */
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) {
- WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #endif /* WOLFSSL_AES_128 */
- #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
- /* "All work and no play makes Jack a dull boy. " */
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
- word32 keySz, msgSz;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((bigCipher == NULL) ||
- (bigPlain == NULL)) {
- if (bigCipher != NULL)
- XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #else
- byte bigCipher[sizeof(bigMsg)];
- byte bigPlain[sizeof(bigMsg)];
- #endif
- /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
- * message by AES_BLOCK_SIZE for each size of AES key. */
- for (keySz = 16; keySz <= 32; keySz += 8) {
- for (msgSz = AES_BLOCK_SIZE;
- msgSz <= sizeof(bigMsg);
- msgSz += AES_BLOCK_SIZE) {
- XMEMSET(bigCipher, 0, sizeof(bigMsg));
- XMEMSET(bigPlain, 0, sizeof(bigMsg));
- ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
- ret = WC_TEST_RET_ENC_NC;
- break;
- }
- }
- if (ret != 0)
- break;
- }
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
- * message by AES_BLOCK_SIZE for each size of AES key. */
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- for (keySz = 16; keySz <= 32; keySz += 8) {
- for (msgSz = AES_BLOCK_SIZE;
- msgSz <= sizeof(bigMsg);
- msgSz += AES_BLOCK_SIZE) {
- XMEMSET(bigCipher, 0, sizeof(bigMsg));
- XMEMSET(bigPlain, 0, sizeof(bigMsg));
- ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
- ret = WC_TEST_RET_ENC_NC;
- break;
- }
- }
- if (ret != 0)
- break;
- }
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (ret != 0)
- goto out;
- }
- #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
- /* Test of AES IV state with encrypt/decrypt */
- #if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC)
- {
- /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
- * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
- */
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] =
- {
- 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
- 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
- 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
- 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
- msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(HAVE_AES_DECRYPT)
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
- verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE)) {
- WOLFSSL_MSG("wc_AesCbcDecrypt failed plain-msg2 compare");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
- #endif /* HAVE_AES_CBC */
- #ifdef WOLFSSL_AES_COUNTER
- ret = aesctr_test(enc, dec, cipher, plain);
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_SELFTEST) && \
- (defined(WOLFSSL_LINUXKM) || \
- !defined(HAVE_FIPS) || \
- (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- ret = wc_AesEncryptDirect(enc, cipher, niPlain);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #else
- wc_AesEncryptDirect(enc, cipher, niPlain);
- #endif
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_SELFTEST) && \
- (defined(WOLFSSL_LINUXKM) || \
- !defined(HAVE_FIPS) || \
- (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- ret = wc_AesDecryptDirect(dec, plain, niCipher);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #else
- wc_AesDecryptDirect(dec, plain, niCipher);
- #endif
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- #ifndef HAVE_RENESAS_SYNC
- ret = aes_key_size_test();
- if (ret != 0)
- goto out;
- #endif
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
- !defined(HAVE_RENESAS_SYNC)
- ret = aes_cbc_test();
- if (ret != 0)
- goto out;
- #endif
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = aesecb_test();
- if (ret != 0)
- goto out;
- #endif
- out:
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else
- if (enc_inited)
- wc_AesFree(enc);
- #endif
- (void)cipher;
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- (void)plain;
- #endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
- return ret;
- }
- #if defined(WOLFSSL_AES_CFB)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void)
- {
- int ret;
- WOLFSSL_ENTER("aes_cfb_test");
- ret = aescfb_test_0();
- if (ret != 0)
- return ret;
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = aescfb1_test();
- if (ret != 0)
- return ret;
- ret = aescfb8_test();
- if (ret != 0)
- return ret;
- #endif
- return 0;
- }
- #endif
- #if defined(WOLFSSL_AES_XTS)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void)
- {
- int ret = 0;
- WOLFSSL_ENTER("aes_xts_test");
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_128_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_AES_192
- ret = aes_xts_192_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_AES_256
- ret = aes_xts_256_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- ret = aes_xts_sector_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_args_test();
- if (ret != 0)
- return ret;
- #endif
- return 0;
- }
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
- {
- #ifdef HAVE_AES_CBC
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- wc_test_ret_t ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
- * Appendix F.2.3 */
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
- 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- WOLFSSL_ENTER("aes192_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- dec_inited = 1;
- #endif
- ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- WOLFSSL_MSG("failed wc_AesCbcDecrypt plain-msg compare");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #ifdef HAVE_AES_DECRYPT
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #endif
- #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
- {
- #ifdef HAVE_AES_CBC
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- wc_test_ret_t ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
- * Appendix F.2.5 */
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
- 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
- };
- #ifdef HAVE_RENESAS_SYNC
- byte *key =
- (byte*)guser_PKCbInfo.wrapped_key_aes256;
- int keySz = (256/8);
- #else
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- int keySz = (int)sizeof(key);
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- WOLFSSL_ENTER("aes256_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #endif
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- dec_inited = 1;
- #endif
- ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, (word32)keySz, iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #ifdef HAVE_AES_DECRYPT
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #endif
- #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #ifdef HAVE_AESGCM
- #ifdef WOLFSSL_AES_128
- static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
- byte* plain, int plainSz, byte* cipher, int cipherSz,
- byte* aad, int aadSz, byte* tag, int tagSz)
- {
- wc_test_ret_t ret;
- int enc_inited = 0, dec_inited = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- Aes *dec = NULL;
- #else
- Aes enc[1];
- Aes dec[1];
- #endif
- byte resultT[AES_BLOCK_SIZE];
- byte resultP[AES_BLOCK_SIZE * 3];
- byte resultC[AES_BLOCK_SIZE * 3];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- enc_inited = 1;
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- dec_inited = 1;
- ret = wc_AesGcmSetKey(enc, key, (word32)keySz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, ivSz,
- resultT, (word32)tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (cipher != NULL) {
- if (XMEMCMP(cipher, resultC, cipherSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- if (XMEMCMP(tag, resultT, tagSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
- resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (cipher != NULL) {
- if (XMEMCMP(cipher, resultC, cipherSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- if (XMEMCMP(tag, resultT, tagSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmSetKey(dec, key, (word32)keySz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz,
- iv, (word32)ivSz, resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (plain != NULL) {
- if (XMEMCMP(plain, resultP, plainSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
- iv, ivSz, resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (plain != NULL) {
- if (XMEMCMP(plain, resultP, plainSz))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #endif /* HAVE_AES_DECRYPT */
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc) {
- if (enc_inited)
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- if (dec) {
- if (dec_inited)
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- if (enc_inited)
- wc_AesFree(enc);
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- return ret;
- }
- #endif
- /* tests that only use 12 byte IV and 16 or less byte AAD
- * test vectors are from NIST SP 800-38D
- * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void)
- {
- #ifdef WOLFSSL_AES_128
- byte key1[] = {
- 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
- 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
- };
- byte iv1[] = {
- 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
- 0xe4, 0xed, 0x2f, 0x6d
- };
- ALIGN64 byte plain1[] = {
- 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
- 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
- 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
- 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
- };
- byte aad1[] = {
- 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
- 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
- };
- ALIGN64 byte cipher1[] = {
- 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
- 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
- 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
- 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
- };
- byte tag1[] = {
- 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
- 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
- };
- byte key2[] = {
- 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
- 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
- };
- byte iv2[] = {
- 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
- 0xc9, 0x8a, 0xff, 0xe3
- };
- ALIGN64 byte plain2[] = {
- 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
- 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
- };
- ALIGN64 byte cipher2[] = {
- 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
- 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
- };
- byte tag2[] = {
- 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
- 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
- };
- byte key3[] = {
- 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
- 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
- };
- byte iv3[] = {
- 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
- 0x6a, 0x4b, 0xd5, 0xe1
- };
- byte tag3[] = {
- 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
- 0x11, 0x64, 0xb2, 0xff
- };
- wc_test_ret_t ret;
- WOLFSSL_ENTER("aesgcm_default_test");
- ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
- plain1, sizeof(plain1), cipher1, sizeof(cipher1),
- aad1, sizeof(aad1), tag1, sizeof(tag1));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
- plain2, sizeof(plain2), cipher2, sizeof(cipher2),
- NULL, 0, tag2, sizeof(tag2));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
- NULL, 0, NULL, 0,
- NULL, 0, tag3, sizeof(tag3));
- if (ret != 0) {
- return ret;
- }
- #endif
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc = NULL;
- Aes *dec = NULL;
- #else
- Aes enc[1];
- Aes dec[1];
- #endif
- /*
- * This is Test Case 16 from the document Galois/
- * Counter Mode of Operation (GCM) by McGrew and
- * Viega.
- */
- WOLFSSL_SMALL_STACK_STATIC const byte p[] =
- {
- 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
- 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
- 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
- 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
- 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
- 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
- 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
- 0xba, 0x63, 0x7b, 0x39
- };
- #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
- WOLFSSL_SMALL_STACK_STATIC const byte a[] =
- {
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xab, 0xad, 0xda, 0xd2
- };
- #endif
- #ifdef WOLFSSL_AES_256
- #ifdef HAVE_RENESAS_SYNC
- const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
- int k1Sz = (int)(256/8);
- #else
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
- };
- int k1Sz = (int)sizeof(k1);
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
- 0xde, 0xca, 0xf8, 0x88
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
- {
- 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
- 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
- 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
- 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
- 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
- 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
- 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
- 0xbc, 0xc9, 0xf6, 0x62
- };
- #endif /* WOLFSSL_AES_256 || WOLFSSL_AES_192 */
- WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
- {
- 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
- 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
- };
- /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */
- #if !defined(HAVE_FIPS) && \
- !defined(WOLFSSL_PIC32MZ_CRYPT) && \
- !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \
- !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
- !defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_AES) && \
- !(defined(WOLF_CRYPTO_CB) && \
- (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
- #define ENABLE_NON_12BYTE_IV_TEST
- #ifdef WOLFSSL_AES_192
- /* Test Case 12, uses same plaintext and AAD data. */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
- 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
- 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
- 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
- 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
- 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
- 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
- 0xa6, 0x37, 0xb3, 0x9b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
- {
- 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
- 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
- 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
- 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
- 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
- 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
- 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
- 0xe9, 0xb7, 0x37, 0x3b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
- {
- 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
- 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- /* The following is an interesting test case from the example
- * FIPS test vectors for AES-GCM. IVlen = 1 byte */
- WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
- {
- 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
- 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
- };
- #ifdef HAVE_RENESAS_SYNC
- const byte *k3 =
- (byte*)guser_PKCbInfo.wrapped_key_aes128;
- int k3Sz = (int)(128/8);
- #else
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
- {
- 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
- 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
- };
- int k3Sz = (int)sizeof(k3);
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
- {
- 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
- 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a3[] =
- {
- 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
- 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t3[] =
- {
- 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
- 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_256
- int ivlen;
- #endif
- #endif
- byte resultT[sizeof(t1) + AES_BLOCK_SIZE];
- byte resultP[sizeof(p) + AES_BLOCK_SIZE];
- byte resultC[sizeof(p) + AES_BLOCK_SIZE];
- wc_test_ret_t ret = 0;
- #ifdef WOLFSSL_AES_256
- #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
- int alen;
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- int plen;
- #endif
- #endif
- #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- byte buf[sizeof(p) + AES_BLOCK_SIZE];
- byte bufA[sizeof(a) + 1];
- byte *large_aad = (byte*)XMALLOC((size_t)1024 + 16, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
- #if !defined(BENCH_AESGCM_LARGE)
- #define BENCH_AESGCM_LARGE 1024
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! large_input) || (! large_output) || (! large_outdec))
- ERROR_OUT(MEMORY_E, out);
- #else
- byte large_input[BENCH_AESGCM_LARGE];
- byte large_output[BENCH_AESGCM_LARGE + AES_BLOCK_SIZE];
- byte large_outdec[BENCH_AESGCM_LARGE];
- #endif
- XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
- XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
- XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
- #endif
- WOLFSSL_ENTER("aesgcm_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesInit(dec, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef WOLFSSL_AES_256
- ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(c1, resultC, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t1, resultT, sizeof(t1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
- iv1, sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256)
- /* Variable IV length test */
- for (ivlen=1; ivlen<k1Sz; ivlen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
- (word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1,
- (word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif
- #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
- /* Variable authenticated data length test */
- for (alen=0; alen<(int)sizeof(p); alen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
- sizeof(iv1), resultT, sizeof(t1), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
- sizeof(iv1), resultT, sizeof(t1), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
- if (! large_aad)
- ERROR_OUT(MEMORY_E, out);
- XMEMSET(large_aad, 0, 1024+16);
- /* Variable authenticated data length test */
- for (alen=0; alen<=1024; alen+=16) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
- sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
- sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- /* Test unaligned memory of all potential arguments */
- ret = wc_AesGcmSetKey(enc, k1, k1Sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- XMEMCPY(&buf[1], p, sizeof(p));
- XMEMCPY(&bufA[1], a, sizeof(a));
- ret = wc_AesGcmEncrypt(enc, &resultC[1], &buf[1], sizeof(p), iv1, sizeof(iv1),
- &resultT[1], sizeof(t1), &bufA[1], sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c1, &resultC[1], sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t1, &resultT[1], sizeof(t1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmSetKey(dec, k1, k1Sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecrypt(dec, &resultP[1], &resultC[1], sizeof(c1),
- iv1, sizeof(iv1), &resultT[1], sizeof(t1), &bufA[1], sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, &resultP[1], sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* Xilinx Versal */
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- #ifdef BENCH_AESGCM_LARGE
- /* Variable plain text length test */
- for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, large_output, large_input,
- (word32)plen, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- (word32)plen, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #else /* BENCH_AESGCM_LARGE */
- /* Variable plain text length test */
- for (plen=1; plen<(int)sizeof(p); plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* BENCH_AESGCM_LARGE */
- #endif
- #endif /* WOLFSSL_AES_256 */
- /* test with IV != 12 bytes */
- #ifdef ENABLE_NON_12BYTE_IV_TEST
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #ifdef WOLFSSL_AES_192
- wc_AesGcmSetKey(enc, k2, sizeof(k2));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c2, resultC, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t2, resultT, sizeof(t1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c1),
- iv2, sizeof(iv2), resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- wc_AesGcmSetKey(enc, k2, (word32)k3Sz);
- wc_AesGcmSetKey(dec, k2, (word32)k3Sz);
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
- resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(c3, resultC, sizeof(c3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t3, resultT, sizeof(t3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
- iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p3, resultP, sizeof(p3)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
- wc_AesGcmSetKey(dec, k3, (word32)k3Sz);
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(t1), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #endif /* WOLFSSL_AES_128 */
- #endif /* ENABLE_NON_12BYTE_IV_TEST */
- #if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
- !defined(WOLFSSL_XILINX_CRYPT) && \
- !(defined(WOLF_CRYPTO_CB) && \
- defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT + 1, sizeof(t1) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_RENESAS_SYNC
- if (XMEMCMP(c1, resultC, sizeof(c1)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t1, resultT + 1, sizeof(t1) - 1))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
- iv1, sizeof(iv1), resultT + 1, sizeof(t1) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- /* Test encrypt with internally generated IV */
- #if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \
- && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC))
- {
- WC_RNG rng;
- byte randIV[12];
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(randIV, 0, sizeof(randIV));
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
- ret = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncrypt_ex(enc,
- resultC, p, sizeof(p),
- randIV, sizeof(randIV),
- resultT, sizeof(t1),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* Check the IV has been set. */
- {
- word32 i, ivSum = 0;
- for (i = 0; i < sizeof(randIV); i++)
- ivSum += randIV[i];
- if (ivSum == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef HAVE_AES_DECRYPT
- wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
- ret = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecrypt(dec,
- resultP, resultC, sizeof(c1),
- randIV, sizeof(randIV),
- resultT, sizeof(t1),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- wc_FreeRng(&rng);
- }
- #endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
- #endif /* HAVE_FIPS_VERSION >= 2 */
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- #ifdef WOLFSSL_AES_256
- #ifdef WOLFSSL_AESGCM_STREAM
- ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(resultP, p, sizeof(p)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* alen is the size to pass in with each update. */
- for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
- ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* plen is the offset into AAD to update with. */
- for (plen = 0; plen < (int)sizeof(a); plen += alen) {
- int len = sizeof(a) - plen;
- if (len > alen) len = alen;
- ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* plen is the offset into plaintext to update with. */
- for (plen = 0; plen < (int)sizeof(p); plen += alen) {
- int len = sizeof(p) - plen;
- if (len > alen) len = alen;
- ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, (word32)len,
- NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef HAVE_AES_DECRYPT
- for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
- ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* plen is the offset into AAD to update with. */
- for (plen = 0; plen < (int)sizeof(a); plen += alen) {
- int len = sizeof(a) - plen;
- if (len > alen) len = alen;
- ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* plen is the offset into cipher text to update with. */
- for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
- int len = sizeof(c1) - plen;
- if (len > alen) len = alen;
- ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, (word32)len,
- NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(resultP, p, sizeof(p)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- #ifdef BENCH_AESGCM_LARGE
- /* setup test buffer */
- ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncryptUpdate(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecryptUpdate(enc, large_outdec, large_output,
- BENCH_AESGCM_LARGE, a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesGcmDecryptFinal(enc, resultT, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #endif /* WOLFSSL_AESGCM_STREAM */
- #endif /* WOLFSSL_AES_256 */
- #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
- wc_AesFree(enc);
- wc_AesFree(dec);
- ret = 0;
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
- !defined(WOLFSSL_NO_MALLOC)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (large_output)
- XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (large_outdec)
- XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #ifdef WOLFSSL_AES_128
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Gmac *gmac;
- #else
- Gmac gmac[1];
- #endif
- wc_test_ret_t ret;
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
- 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
- 0xe2, 0x8c, 0x8f, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
- {
- 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
- 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
- {
- 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
- /* FIPS builds only allow 16-byte auth tags. */
- /* This sample uses a 15-byte auth tag. */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
- 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
- 0x1a, 0x60, 0x24, 0xa7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
- {
- 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
- 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
- {
- 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
- 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
- };
- #endif
- byte tag[16];
- WOLFSSL_ENTER("gmac_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- XMEMSET(gmac, 0, sizeof *gmac); /* clear context */
- (void)wc_AesInit(&gmac->aes, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(gmac, k1, sizeof(k1));
- wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
- if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) )
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(gmac, k2, sizeof(k2));
- wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
- if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte badT[] =
- {
- 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- WC_RNG rng;
- byte iv[12];
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #else
- ret = wc_InitRng(&rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- t1, sizeof(t1));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- badT, sizeof(badT));
- if (ret != AES_GCM_AUTH_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
- t2, sizeof(t2));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(iv, 0, sizeof(iv));
- ret = wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag), &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_FreeRng(&rng);
- }
- #endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */
- #endif /* HAVE_FIPS */
- ret = 0;
- out:
- wc_AesFree(&gmac->aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AESGCM */
- #if defined(HAVE_AESCCM)
- #if defined(WOLFSSL_AES_256)
- static wc_test_ret_t aesccm_256_test(void)
- {
- wc_test_ret_t ret;
- /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */
- WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F,
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte in_nonce[7] = {
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
- WOLFSSL_SMALL_STACK_STATIC const byte in_auth[8] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
- WOLFSSL_SMALL_STACK_STATIC const byte in_plaintext[4] = {
- 0x20, 0x21, 0x22, 0x23};
- WOLFSSL_SMALL_STACK_STATIC const byte exp_ciphertext[4] = {
- 0x8A, 0xB1, 0xA8, 0x74};
- WOLFSSL_SMALL_STACK_STATIC const byte exp_tag[4] = {
- 0x95, 0xFC, 0x08, 0x20};
- byte output[sizeof(in_plaintext)];
- byte atag[sizeof(exp_tag)];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes* aes = (Aes*)XMALLOC(sizeof(Aes), HEAP_HINT, DYNAMIC_TYPE_AES);
- if (aes == NULL) {
- return MEMORY_E;
- }
- #else
- Aes aes[1];
- #endif
- ret = wc_AesInit(aes, HEAP_HINT, devId);
- if (ret == 0) {
- ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key));
- }
- if (ret == 0) {
- ret = wc_AesCcmEncrypt(aes, output, in_plaintext, sizeof(in_plaintext),
- in_nonce, sizeof(in_nonce),
- atag, sizeof(atag),
- in_auth, sizeof(in_auth));
- }
- /* Verify we produce the proper ciphertext and tag */
- if (ret == 0 &&
- (XMEMCMP(output, exp_ciphertext, sizeof(output)) ||
- XMEMCMP(atag, exp_tag, sizeof(atag)))) {
- ret = WC_TEST_RET_ENC_NC;
- }
- #ifdef HAVE_AES_DECRYPT
- if (ret == 0) {
- /* decrypt inline */
- ret = wc_AesCcmDecrypt(aes, output, output, sizeof(output),
- in_nonce, sizeof(in_nonce),
- atag, sizeof(atag),
- in_auth, sizeof(in_auth));
- }
- /* Verify decryption was successful */
- if (ret == 0 &&
- XMEMCMP(output, in_plaintext, sizeof(output))) {
- ret = WC_TEST_RET_ENC_NC;
- }
- #endif
- wc_AesFree(aes);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_128)
- static wc_test_ret_t aesccm_128_test(void)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *enc;
- #else
- Aes enc[1];
- #endif
- /* key */
- WOLFSSL_SMALL_STACK_STATIC const byte k[] =
- {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- /* nonce */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
- 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
- };
- /* plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte p[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
- };
- /* plaintext - long */
- WOLFSSL_SMALL_STACK_STATIC const byte pl[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
- 0x50
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- /* ciphertext */
- WOLFSSL_SMALL_STACK_STATIC const byte c[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
- };
- /* tag - authentication */
- WOLFSSL_SMALL_STACK_STATIC const byte t[] =
- {
- 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
- };
- /* ciphertext - long */
- WOLFSSL_SMALL_STACK_STATIC const byte cl[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
- 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
- 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
- 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
- 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
- 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
- 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
- 0x0b
- };
- /* tag - authentication - long */
- WOLFSSL_SMALL_STACK_STATIC const byte tl[] =
- {
- 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
- };
- /* tag - authentication - empty plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] =
- {
- 0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5
- };
- byte t2[sizeof(t)];
- byte p2[sizeof(p)];
- byte c2[sizeof(c)];
- byte iv2[sizeof(iv)];
- byte pl2[sizeof(pl)];
- byte cl2[sizeof(cl)];
- byte tl2[sizeof(tl)];
- byte t_empty2[sizeof(t_empty)];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- XMEMSET(enc, 0, sizeof *enc); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(c, c2, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t, t2, sizeof(t2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(p, p2, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* Test the authentication failure */
- t2[0]++; /* Corrupt the authentication tag. */
- ret = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (ret == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* Clear c2 to compare against p2. p2 should be set to zero in case of
- * authentication fail. */
- XMEMSET(c2, 0, sizeof(c2));
- if (XMEMCMP(p2, c2, sizeof(p2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- wc_AesFree(enc);
- XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- XMEMSET(iv2, 0, sizeof(iv2));
- ret = wc_AesInit(enc, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_SELFTEST
- /* selftest build does not have wc_AesCcmSetNonce() or
- * wc_AesCcmEncrypt_ex() */
- ret = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmSetNonce(enc, iv, sizeof(iv));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
- t2, sizeof(t2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(iv, iv2, sizeof(iv2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(c, c2, sizeof(c2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(t, t2, sizeof(t2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- /* test fail on invalid IV sizes */
- ret = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, 1, a, sizeof(a));
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- ret = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
- tl2, sizeof(tl2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(cl, cl2, sizeof(cl2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(tl, tl2, sizeof(tl2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
- tl2, sizeof(tl2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pl, pl2, sizeof(pl2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif
- /* test empty message as null input or output with nonzero inSz. */
- ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- /* test empty message as null input and output with zero inSz --
- * must either succeed, or fail early with BAD_FUNC_ARG.
- */
- ret = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (ret != BAD_FUNC_ARG) {
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
- 0 /* inSz */, iv, sizeof(iv), t_empty2,
- sizeof(t_empty2), a, sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- }
- /* test empty message as zero-length string -- must work. */
- ret = wc_AesCcmEncrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv,
- sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- wc_AesFree(enc);
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void)
- {
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("aesccm_test");
- #ifdef WOLFSSL_AES_128
- if (ret == 0)
- ret = aesccm_128_test();
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0)
- ret = aesccm_256_test();
- #endif
- return ret;
- }
- #endif /* HAVE_AESCCM */
- #if defined(WOLFSSL_AES_EAX) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
- {
- typedef struct {
- byte key[AES_256_KEY_SIZE];
- int key_length;
- byte iv[AES_BLOCK_SIZE];
- int iv_length;
- byte aad[AES_BLOCK_SIZE * 2];
- int aad_length;
- byte msg[AES_BLOCK_SIZE * 2];
- int msg_length;
- byte ct[AES_BLOCK_SIZE * 2];
- int ct_length;
- byte tag[AES_BLOCK_SIZE];
- int tag_length;
- int valid;
- } AadVector;
- /* A small selection of Google wycheproof vectors that use vectors
- * from the original paper: eprint.iacr.org/2003/069
- * https://github.com/google/wycheproof/blob/master/testvectors/aes_eax_test.json
- */
- WOLFSSL_SMALL_STACK_STATIC const AadVector vectors[] = {
- /* Vector from paper - empty message with auth data */
- {
- /* key, key length */
- {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
- 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
- /* iv, iv length */
- {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
- 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
- /* aad, aad length */
- {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
- /* msg, msg length */
- {0}, 0,
- /* ct, ct length */
- {0}, 0,
- /* tag, tag length */
- {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2,
- 0x7b, 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
- /* valid */
- 1,
- },
- /* Vector from paper - no auth data, valid auth tag */
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv , iv length */
- {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
- 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
- /* aad, aad length */
- {0}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
- /* ct, ct length */
- {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
- 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
- 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
- 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
- /* tag, tag length */
- {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
- 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
- /* valid */
- 1,
- },
- /* Vector from paper - no auth data with invalid auth tag */
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct , ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- };
- WOLFSSL_SMALL_STACK_STATIC byte ciphertext[sizeof(vectors[0].ct)];
- WOLFSSL_SMALL_STACK_STATIC byte authtag[sizeof(vectors[0].tag)];
- int i;
- int len;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("aes_eax_test");
- for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
- XMEMSET(ciphertext, 0, sizeof(ciphertext));
- len = sizeof(authtag);
- ret = wc_AesEaxEncryptAuth(vectors[i].key, (word32)vectors[i].key_length,
- ciphertext,
- vectors[i].msg, (word32)vectors[i].msg_length,
- vectors[i].iv, (word32)vectors[i].iv_length,
- authtag, (word32)len,
- vectors[i].aad, (word32)vectors[i].aad_length);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* check ciphertext matches vector */
- if (XMEMCMP(ciphertext, vectors[i].ct, (size_t)vectors[i].ct_length)) {
- return WC_TEST_RET_ENC_NC;
- }
- /* check that tag matches vector only for vectors marked as valid */
- ret = XMEMCMP(authtag, vectors[i].tag, len);
- if (vectors[i].valid == 1 && ret != 0 ) {
- return WC_TEST_RET_ENC_NC;
- }
- else if (vectors[i].valid == 0 && ret == 0) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(ciphertext, 0, sizeof(ciphertext));
- ret = wc_AesEaxDecryptAuth(vectors[i].key, (word32)vectors[i].key_length,
- ciphertext,
- vectors[i].ct, (word32)vectors[i].ct_length,
- vectors[i].iv, (word32)vectors[i].iv_length,
- authtag, (word32)len,
- vectors[i].aad, (word32)vectors[i].aad_length);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* check decrypted ciphertext matches vector plaintext */
- if (XMEMCMP(ciphertext, vectors[i].msg, (size_t)vectors[i].msg_length)) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- return 0;
- }
- #endif /* WOLFSSL_AES_EAX */
- #ifdef HAVE_AES_KEYWRAP
- #define MAX_KEYWRAP_TEST_OUTLEN 40
- #define MAX_KEYWRAP_TEST_PLAINLEN 32
- typedef struct keywrapVector {
- const byte* kek;
- const byte* data;
- const byte* verify;
- word32 kekLen;
- word32 dataLen;
- word32 verifyLen;
- } keywrapVector;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
- {
- int wrapSz, plainSz, testSz, i;
- /* test vectors from RFC 3394 (kek, data, verify) */
- #ifdef WOLFSSL_AES_128
- /* Wrap 128 bits of Key Data with a 128-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d1[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v1[] = {
- 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
- 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
- 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* Wrap 128 bits of Key Data with a 192-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d2[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v2[] = {
- 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
- 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
- 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 128 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d3[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v3[] = {
- 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
- 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
- 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
- };
- #endif
- #ifdef WOLFSSL_AES_192
- /* Wrap 192 bits of Key Data with a 192-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k4[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d4[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v4[] = {
- 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
- 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
- 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
- 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 192 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k5[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d5[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v5[] = {
- 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
- 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
- 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
- 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
- };
- /* Wrap 256 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k6[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d6[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v6[] = {
- 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
- 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
- 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
- 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
- 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
- };
- #endif /* WOLFSSL_AES_256 */
- byte output[MAX_KEYWRAP_TEST_OUTLEN];
- byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
- const keywrapVector test_wrap[] =
- {
- #ifdef WOLFSSL_AES_128
- {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
- {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
- #endif
- };
- WOLFSSL_ENTER("aeskeywrap_test");
- testSz = sizeof(test_wrap) / sizeof(keywrapVector);
- XMEMSET(output, 0, sizeof(output));
- XMEMSET(plain, 0, sizeof(plain));
- for (i = 0; i < testSz; i++) {
- wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
- test_wrap[i].data, test_wrap[i].dataLen,
- output, sizeof(output), NULL);
- if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
- return WC_TEST_RET_ENC_NC;
- plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
- output, (word32)wrapSz,
- plain, sizeof(plain), NULL);
- if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- return 0;
- }
- #endif /* HAVE_AES_KEYWRAP */
- #endif /* NO_AES */
- #ifdef HAVE_ARIA
- void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
- {
- #ifndef DEBUG_WOLFSSL
- (void)strName;
- (void)data;
- (void)dataSz;
- #else
- WOLFSSL_MSG_EX("%s (%d):", strName,dataSz);
- WOLFSSL_BUFFER(data,dataSz);
- #endif
- }
- WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
- {
- byte data[] = TEST_STRING;
- word32 dataSz = TEST_STRING_SZ;
- /* Arbitrarily random long key that we will truncate to the right size */
- byte key[] = { 0x1E, 0xCC, 0x95, 0xCB, 0xD3, 0x74, 0x58, 0x4F,
- 0x6F, 0x8A, 0x70, 0x26, 0xF7, 0x3C, 0x8D, 0xB6,
- 0xDC, 0x32, 0x76, 0x20, 0xCF, 0x05, 0x4A, 0xCF,
- 0x11, 0x86, 0xCD, 0x23, 0x5E, 0xC1, 0x6E, 0x2B };
- byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[AES_BLOCK_SIZE];
- word32 keySz, adSz = 256, authTagSz = sizeof(authTag);
- wc_Aria aria;
- int ret = 0;
- WOLFSSL_ENTER("ariagcm_test");
- XMEMSET((void *)&aria, 0, sizeof(aria));
- ret = wc_AriaInitCrypt(&aria, algo);
- if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
- ret = wc_AriaSetKey(&aria, key);
- if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
- MC_GetObjectValue(aria.hSession, aria.hKey, key, &keySz);
- printOutput("Key", key, keySz);
- WC_RNG rng;
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_AriaGcmSetIV(&aria, GCM_NONCE_MID_SZ, NULL, 0, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_FreeRng(&rng);
- printOutput("Plaintext", data, sizeof(data));
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AriaEncrypt(&aria, cipher, data, dataSz,
- (byte *)aria.nonce, aria.nonceSz, ad, adSz,
- authTag, authTagSz);
- if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
- printOutput("Ciphertext", cipher, sizeof(cipher));
- printOutput("AuthTag", authTag, sizeof(authTag));
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_AriaDecrypt(&aria, plain, cipher, dataSz,
- (byte *)aria.nonce, aria.nonceSz, ad, adSz,
- authTag, authTagSz);
- if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
- printOutput("Plaintext", plain, sizeof(plain));
- if (XMEMCMP(plain, data, dataSz) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC,out);
- out:
- if (ret != 0) { wc_AriaFreeCrypt(&aria); }
- else { ret = wc_AriaFreeCrypt(&aria); }
- return ret;
- }
- #endif /* HAVE_ARIA */
- #ifdef HAVE_CAMELLIA
- enum {
- CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
- };
- typedef struct {
- int type;
- const byte* plaintext;
- const byte* iv;
- const byte* ciphertext;
- const byte* key;
- word32 keySz;
- int errorCode;
- } test_vector_t;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
- {
- /* Camellia ECB Test Plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte pte[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- /* Camellia ECB Test Initialization Vector */
- WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- /* Test 1: Camellia ECB 128-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
- {
- 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
- 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
- };
- /* Test 2: Camellia ECB 192-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
- {
- 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
- 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
- };
- /* Test 3: Camellia ECB 256-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
- {
- 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
- 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
- };
- /* Camellia CBC Test Plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte ptc[] =
- {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- /* Camellia CBC Test Initialization Vector */
- WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- /* Test 4: Camellia-CBC 128-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k4[] =
- {
- 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
- 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c4[] =
- {
- 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
- 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
- };
- /* Test 5: Camellia-CBC 192-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k5[] =
- {
- 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
- 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
- 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c5[] =
- {
- 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
- 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
- };
- /* Test 6: CBC 256-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k6[] =
- {
- 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
- 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
- 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
- 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c6[] =
- {
- 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
- 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
- };
- byte out[CAMELLIA_BLOCK_SIZE];
- Camellia cam;
- WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
- {
- {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
- {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
- {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
- {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
- {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
- {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
- {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
- {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
- {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
- {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
- {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
- {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
- };
- int i, testsSz;
- int ret;
- WOLFSSL_ENTER("camellia_test");
- testsSz = sizeof(testVectors)/sizeof(test_vector_t);
- for (i = 0; i < testsSz; i++) {
- if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
- testVectors[i].iv) != 0)
- return testVectors[i].errorCode;
- switch (testVectors[i].type) {
- case CAM_ECB_ENC:
- ret = wc_CamelliaEncryptDirect(&cam, out,
- testVectors[i].plaintext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_ECB_DEC:
- ret = wc_CamelliaDecryptDirect(&cam, out,
- testVectors[i].ciphertext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_ENC:
- ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_DEC:
- ret = wc_CamelliaCbcDecrypt(&cam, out,
- testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- default:
- break;
- }
- }
- /* Setting the IV and checking it was actually set. */
- ret = wc_CamelliaSetIV(&cam, ivc);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE) != 0)
- return WC_TEST_RET_ENC_NC;
- /* Setting the IV to NULL should be same as all zeros IV */
- ret = wc_CamelliaSetIV(&cam, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE) != 0)
- return WC_TEST_RET_ENC_NC;
- /* First parameter should never be null */
- if (wc_CamelliaSetIV(NULL, NULL) == 0)
- return WC_TEST_RET_ENC_NC;
- /* First parameter should never be null, check it fails */
- if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
- return WC_TEST_RET_ENC_NC;
- /* Key should have a size of 16, 24, or 32 */
- if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_CAMELLIA */
- #ifdef WOLFSSL_SM4
- #ifdef WOLFSSL_SM4_ECB
- static int sm4_ecb_test(void)
- {
- /* draft-ribose-cfrg-sm4-10 A.2.1.1 */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1_ecb[] = {
- 0x5E, 0xC8, 0x14, 0x3D, 0xE5, 0x09, 0xCF, 0xF7,
- 0xB5, 0x17, 0x9F, 0x8F, 0x47, 0x4B, 0x86, 0x19,
- 0x2F, 0x1D, 0x30, 0x5A, 0x7F, 0xB1, 0x7D, 0xF9,
- 0x85, 0xF8, 0x1C, 0x84, 0x82, 0x19, 0x23, 0x04
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt with ECB. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4EcbEncrypt(&sm4, enc, p1, sizeof(p1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1_ecb, sizeof(c1_ecb)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4EcbDecrypt(&sm4, dec, enc, sizeof(c1_ecb));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_SM4_CBC
- static int sm4_cbc_test(void)
- {
- /* draft-ribose-cfrg-sm4-10 A.2.2.1 */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1_cbc[] = {
- 0x78, 0xEB, 0xB1, 0x1C, 0xC4, 0x0B, 0x0A, 0x48,
- 0x31, 0x2A, 0xAE, 0xB2, 0x04, 0x02, 0x44, 0xCB,
- 0x4C, 0xB7, 0x01, 0x69, 0x51, 0x90, 0x92, 0x26,
- 0x97, 0x9B, 0x0D, 0x15, 0xDC, 0x6A, 0x8F, 0x6D
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt with CBC. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CbcEncrypt(&sm4, enc, p1, sizeof(p1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CbcDecrypt(&sm4, dec, enc, sizeof(c1_cbc));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* Encrypt and decrypt in-place with CBC. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- XMEMCPY(enc, p1, sizeof(p1));
- ret = wc_Sm4CbcEncrypt(&sm4, enc, enc, sizeof(p1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CbcDecrypt(&sm4, enc, enc, sizeof(c1_cbc));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_SM4_CTR
- static int sm4_ctr_test(void)
- {
- /* draft-ribose-cfrg-sm4-10 A.2.5.1 */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
- 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
- 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
- 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2_ctr[] = {
- 0xAC, 0x32, 0x36, 0xCB, 0x97, 0x0C, 0xC2, 0x07,
- 0x91, 0x36, 0x4C, 0x39, 0x5A, 0x13, 0x42, 0xD1,
- 0xA3, 0xCB, 0xC1, 0x87, 0x8C, 0x6F, 0x30, 0xCD,
- 0x07, 0x4C, 0xCE, 0x38, 0x5C, 0xDD, 0x70, 0xC7,
- 0xF2, 0x34, 0xBC, 0x0E, 0x24, 0xC1, 0x19, 0x80,
- 0xFD, 0x12, 0x86, 0x31, 0x0C, 0xE3, 0x7B, 0x92,
- 0x6E, 0x02, 0xFC, 0xD0, 0xFA, 0xA0, 0xBA, 0xF3,
- 0x8B, 0x29, 0x33, 0x85, 0x1D, 0x82, 0x45, 0x14
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- int chunk;
- int i;
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt using encrypt with CTR. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CtrEncrypt(&sm4, enc, p2, sizeof(p2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CtrEncrypt(&sm4, dec, enc, sizeof(c2_ctr));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
- return WC_TEST_RET_ENC_NC;
- for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
- ret = wc_Sm4SetIV(&sm4, i1);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(chunk);
- XMEMSET(enc, 0, sizeof(enc));
- for (i = 0; i + chunk <= (int)sizeof(p2); i += chunk) {
- ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, chunk);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- if (i < (int)sizeof(p2)) {
- ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, sizeof(p2) - i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(chunk);
- }
- if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0)
- return WC_TEST_RET_ENC_I(chunk);
- }
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_SM4_GCM
- static int sm4_gcm_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a1[] = {
- 0xFF, 0xEE, 0xDD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = {
- 0x83, 0xb2, 0x91, 0xcf, 0x22, 0xc9, 0x5f, 0x89,
- 0xde, 0x3d, 0x52, 0x8d, 0xd7, 0x13, 0x50, 0x89
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] = {
- 0xff, 0x8b, 0xb2, 0x3b, 0x0a, 0x0a, 0x12, 0xa4,
- 0xa8, 0x4c, 0x4f, 0x67, 0x06, 0x81, 0xbb, 0x88,
- 0x66, 0x17, 0xc7, 0x43, 0xbf, 0xae, 0x41, 0x40,
- 0xec, 0x1e, 0x03, 0x85, 0x2b, 0x56, 0xa8, 0xc0
- };
- /* RFC8998 A.1. */
- WOLFSSL_SMALL_STACK_STATIC const byte i2[] = {
- 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00,
- 0x00, 0x00, 0xAB, 0xCD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
- 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
- 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a2[] = {
- 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xAB, 0xAD, 0xDA, 0xD2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] = {
- 0x17, 0xF3, 0x99, 0xF0, 0x8C, 0x67, 0xD5, 0xEE,
- 0x19, 0xD0, 0xDC, 0x99, 0x69, 0xC4, 0xBB, 0x7D,
- 0x5F, 0xD4, 0x6F, 0xD3, 0x75, 0x64, 0x89, 0x06,
- 0x91, 0x57, 0xB2, 0x82, 0xBB, 0x20, 0x07, 0x35,
- 0xD8, 0x27, 0x10, 0xCA, 0x5C, 0x22, 0xF0, 0xCC,
- 0xFA, 0x7C, 0xBF, 0x93, 0xD4, 0x96, 0xAC, 0x15,
- 0xA5, 0x68, 0x34, 0xCB, 0xCF, 0x98, 0xC3, 0x97,
- 0xB4, 0x02, 0x4A, 0x26, 0x91, 0x23, 0x3B, 0x8D
- };
- WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = {
- 0x83, 0xDE, 0x35, 0x41, 0xE4, 0xC2, 0xB5, 0x81,
- 0x77, 0xE0, 0x65, 0xA9, 0xBF, 0x7B, 0x62, 0xEC
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- byte tag[SM4_BLOCK_SIZE];
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt using encrypt with GCM. */
- ret = wc_Sm4GcmSetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4GcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag,
- sizeof(tag), a1, sizeof(a1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1, sizeof(c1)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag,
- sizeof(tag), a1, sizeof(a1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* RFC8998 test vector. */
- ret = wc_Sm4GcmSetKey(&sm4, k2, sizeof(k2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4GcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag,
- sizeof(tag), a2, sizeof(a2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c2, sizeof(c2)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag,
- sizeof(tag), a2, sizeof(a2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_SM4_CCM
- static int sm4_ccm_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a1[] = {
- 0xFF, 0xEE, 0xDD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = {
- 0x9a, 0x98, 0x04, 0xb6, 0x0f, 0x19, 0x4a, 0x46,
- 0xba, 0xed, 0xe6, 0x89, 0x69, 0x34, 0xad, 0x61
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] = {
- 0xbd, 0xc0, 0x72, 0x60, 0xda, 0x2d, 0x11, 0xdc,
- 0x66, 0x33, 0xcc, 0xec, 0xb2, 0xf4, 0x53, 0x59,
- 0x9e, 0xb1, 0xb3, 0x6b, 0x1f, 0x1c, 0xfb, 0x29,
- 0xf5, 0x37, 0xfc, 0x00, 0xf2, 0x4e, 0x70, 0x6f
- };
- /* RFC8998 A.1. */
- WOLFSSL_SMALL_STACK_STATIC const byte i2[] = {
- 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00,
- 0x00, 0x00, 0xAB, 0xCD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
- 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
- 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
- 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
- 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a2[] = {
- 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xAB, 0xAD, 0xDA, 0xD2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] = {
- 0x48, 0xAF, 0x93, 0x50, 0x1F, 0xA6, 0x2A, 0xDB,
- 0xCD, 0x41, 0x4C, 0xCE, 0x60, 0x34, 0xD8, 0x95,
- 0xDD, 0xA1, 0xBF, 0x8F, 0x13, 0x2F, 0x04, 0x20,
- 0x98, 0x66, 0x15, 0x72, 0xE7, 0x48, 0x30, 0x94,
- 0xFD, 0x12, 0xE5, 0x18, 0xCE, 0x06, 0x2C, 0x98,
- 0xAC, 0xEE, 0x28, 0xD9, 0x5D, 0xF4, 0x41, 0x6B,
- 0xED, 0x31, 0xA2, 0xF0, 0x44, 0x76, 0xC1, 0x8B,
- 0xB4, 0x0C, 0x84, 0xA7, 0x4B, 0x97, 0xDC, 0x5B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = {
- 0x16, 0x84, 0x2D, 0x4F, 0xA1, 0x86, 0xF5, 0x6A,
- 0xB3, 0x32, 0x56, 0x97, 0x1F, 0xA1, 0x10, 0xF4
- };
- wc_Sm4 sm4;
- byte enc[SM4_BLOCK_SIZE * 4];
- byte dec[SM4_BLOCK_SIZE * 4];
- byte tag[SM4_BLOCK_SIZE];
- int ret;
- ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Encrypt and decrypt using encrypt with CCM. */
- ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag,
- sizeof(tag), a1, sizeof(a1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c1, sizeof(c1)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag,
- sizeof(tag), a1, sizeof(a1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* RFC8998 test vector. */
- ret = wc_Sm4SetKey(&sm4, k2, sizeof(k2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_Sm4CcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag,
- sizeof(tag), a2, sizeof(a2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(enc, c2, sizeof(c2)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag,
- sizeof(tag), a2, sizeof(a2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
- return WC_TEST_RET_ENC_NC;
- wc_Sm4Free(&sm4);
- return 0;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void)
- {
- wc_test_ret_t ret;
- WOLFSSL_ENTER("sm4_test");
- #ifdef WOLFSSL_SM4_ECB
- ret = sm4_ecb_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SM4_CBC
- ret = sm4_cbc_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SM4_CTR
- ret = sm4_ctr_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SM4_GCM
- ret = sm4_gcm_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SM4_CCM
- ret = sm4_ccm_test();
- if (ret != 0)
- return ret;
- #endif
- return 0;
- }
- #endif
- #ifdef HAVE_XCHACHA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
- WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
- 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
- 0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */
- 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */
- 0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */
- 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */
- 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */
- 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */
- 0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */
- 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */
- 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */
- 0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */
- 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */
- 0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */
- 0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */
- 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */
- 0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */
- 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */
- 0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */
- };
- WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */
- WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
- 0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f,
- 0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9,
- 0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa,
- 0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d,
- 0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a,
- 0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda,
- 0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31,
- 0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44,
- 0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b,
- 0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40,
- 0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e,
- 0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c,
- 0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41,
- 0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae,
- 0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa,
- 0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c,
- 0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20,
- 0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63,
- 0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
- };
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
- byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_ENTER("XChaCha_test");
- if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #else
- struct ChaCha chacha[1];
- byte buf1[sizeof Plaintext];
- byte buf2[sizeof Plaintext];
- WOLFSSL_ENTER("XChaCha_test");
- #endif
- ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (chacha)
- XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
- if (buf1)
- XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf2)
- XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_XCHACHA */
- #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
- WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
- 0x74, 0x2e }; /* t. */
- WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
- WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
- WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
- 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
- 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
- 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
- 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
- 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
- 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
- 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
- 0xb5, 0x2e };
- WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
- 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
- };
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_ENTER("XChaCha20Poly1305_test");
- if ((buf1 == NULL) || (buf2 == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #else
- byte buf1[sizeof Ciphertext + sizeof Tag];
- byte buf2[sizeof Plaintext];
- WOLFSSL_ENTER("XChaCha20Poly1305_test");
- #endif
- ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
- Plaintext, sizeof Plaintext,
- AAD, sizeof AAD,
- IV, sizeof IV,
- Key, sizeof Key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(buf1, Ciphertext, sizeof Ciphertext))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(buf1 + sizeof Ciphertext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
- buf1, sizeof Ciphertext + sizeof Tag,
- AAD, sizeof AAD,
- IV, sizeof IV,
- Key, sizeof Key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (buf1 != NULL)
- XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf2 != NULL)
- XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
- #ifndef WC_NO_RNG
- static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
- {
- byte block[32];
- wc_test_ret_t ret;
- int i;
- XMEMSET(block, 0, sizeof(block));
- ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
- if (ret != 0) {
- ret = 1;
- goto exit;
- }
- /* Check for 0's */
- for (i=0; i<(int)sizeof(block); i++) {
- if (block[i] == 0) {
- ret++;
- }
- }
- /* All zeros count check */
- if (ret >= (int)sizeof(block)) {
- ret = 2;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(rng, block);
- if (ret != 0) {
- ret = 3;
- goto exit;
- }
- /* Parameter validation testing. */
- ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = 4;
- goto exit;
- }
- ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = 5;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(NULL, block);
- if (ret != BAD_FUNC_ARG) {
- ret = 6;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(rng, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = 7;
- goto exit;
- }
- ret = 0;
- exit:
- if (ret != 0)
- ret = errorOffset - (ret * 1000000);
- return ret;
- }
- static wc_test_ret_t random_rng_test(void)
- {
- WC_RNG localRng;
- WC_RNG* rng;
- wc_test_ret_t ret;
- rng = &localRng;
- /* Test stack based RNG. */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
- /* Make sure and free RNG */
- wc_FreeRng(rng);
- if (ret != 0)
- return ret;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
- {
- byte nonce[8] = { 0 };
- /* Test dynamic RNG */
- rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
- if (rng == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
- wc_rng_free(rng);
- rng = NULL;
- if (ret != 0)
- return ret;
- /* Test dynamic RNG using extended API */
- ret = wc_rng_new_ex(&rng, nonce, (word32)sizeof(nonce),
- HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
- wc_rng_free(rng);
- if (ret != 0)
- return ret;
- }
- #endif
- return ret;
- }
- #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- #ifdef WC_RNG_SEED_CB
- static int seed_cb(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- (void)os;
- /* Known answer test. Set the seed to the same value every time. */
- for (i = 0; i < sz; i++)
- output[i] = (byte)i;
- return 0;
- }
- static wc_test_ret_t rng_seed_test(void)
- {
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const byte check[] =
- {
- 0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
- 0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
- 0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
- 0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
- };
- #else
- /* FIPS uses a longer seed, so different check value. */
- WOLFSSL_SMALL_STACK_STATIC const byte check[] =
- {
- 0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
- 0xbd, 0xa5, 0xa3, 0x52, 0x69, 0xf3, 0xb9, 0xb2,
- 0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
- 0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
- };
- #endif
- byte output[WC_SHA256_DIGEST_SIZE];
- WC_RNG rng;
- wc_test_ret_t ret;
- ret = wc_SetSeed_Cb(seed_cb);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_RNG_GenerateBlock(&rng, output, sizeof(output));
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = XMEMCMP(output, check, sizeof(output));
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- ret = wc_FreeRng(&rng);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_SetSeed_Cb(wc_GenerateSeed);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- out:
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
- {
- 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
- 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
- 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
- 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] =
- {
- 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
- 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
- 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
- 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
- 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
- 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
- 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
- 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
- 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
- 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
- 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] =
- {
- 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
- 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
- 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
- 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] =
- {
- 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
- 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
- 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] =
- {
- 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
- 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
- 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
- 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
- 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
- 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
- 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
- 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
- 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
- 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
- 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
- };
- byte output[WC_SHA256_DIGEST_SIZE * 4];
- wc_test_ret_t ret;
- WOLFSSL_ENTER("random_test");
- ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
- output, sizeof(output));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
- test2EntropyB, sizeof(test2EntropyB),
- output, sizeof(output));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* Basic RNG generate block test */
- if ((ret = random_rng_test()) != 0)
- return ret;
- /* Test the seed check function. */
- #if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- {
- word32 i, outputSz;
- /* Repeat the same byte over and over. Should fail. */
- outputSz = sizeof(output);
- XMEMSET(output, 1, outputSz);
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- /* Every byte of the entropy scratch is different,
- * entropy is a single byte that shouldn't match. */
- outputSz = (sizeof(output) / 2) + 1;
- for (i = 0; i < outputSz; i++)
- output[i] = (byte)i;
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- outputSz = sizeof(output);
- for (i = 0; i < outputSz; i++)
- output[i] = (byte)i;
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- /* Test the seed callback. */
- #ifdef WC_RNG_SEED_CB
- if ((ret = rng_seed_test()) != 0)
- return ret;
- #endif
- return 0;
- }
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
- {
- WOLFSSL_ENTER("random_test");
- /* Basic RNG generate block test */
- return random_rng_test();
- }
- #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
- #endif /* WC_NO_RNG */
- #ifndef MEM_TEST_SZ
- #define MEM_TEST_SZ 1024
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
- static int simple_mem_test(int sz)
- {
- int ret = 0;
- byte* b;
- int i;
- b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- return WC_TEST_RET_ENC_NC;
- }
- /* utilize memory */
- for (i = 0; i < sz; i++) {
- b[i] = (byte)i;
- }
- /* read back and verify */
- for (i = 0; i < sz; i++) {
- if (b[i] != (byte)i) {
- ret = WC_TEST_RET_ENC_NC;
- break;
- }
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- /* If successful, returns the first letter of the byte array `in`.
- **
- ** This is a deceptively simple test of a read-only embedded Linux file system.
- ** (e.g CFLAGS `-mfdpic` and `-mforce-l32`) for Xtensa Linux ESP32. When the
- ** `-mforce-l32` is missing, access to `in` will fail with Illegal Instruction.
- ** Const is on read-only memory-mapped file system, *not* loaded in app memory.
- **
- ** Edit with caution. See PR #6523. */
- static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ)
- {
- wc_test_ret_t ret = 0;
- volatile word32 j = (word32)-1; /* must be volatile to properly detect error */
- ret = (wc_test_ret_t)*in; /* accessed *in value. */
- (void)ret;
- j = *outJ; /* Found index to use in const array. */
- if (j == 0) {
- #ifdef WOLFSSL_DEBUG
- printf("Testing const byte ptr reference...\n");
- #endif
- /* although j is zero, in[0] does not detect the Illegal instruction */
- ret = in[j]; /* The big test: can we actually access the `in` data? */
- }
- else {
- ret = WC_TEST_RET_ENC_I(j);
- }
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
- {
- wc_test_ret_t ret = 0;
- word32 j = 0; /* used in embedded const pointer test */
- WOLFSSL_ENTER("memory_test");
- #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
- int i;
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- word32 size[] = { WOLFMEM_BUCKETS };
- word32 dist[] = { WOLFMEM_DIST };
- byte buffer[30000]; /* make large enough to involve many bucket sizes */
- int pad = -(int)((wc_ptr_t)buffer) & (WOLFSSL_STATIC_ALIGN - 1);
- /* pad to account for if head of buffer is not at set memory
- * alignment when tests are ran */
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- /* check macro settings */
- if (sizeof(size)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) {
- return WC_TEST_RET_ENC_NC;
- }
- if (sizeof(dist)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) {
- return WC_TEST_RET_ENC_NC;
- }
- if (WOLFMEM_DEF_BUCKETS > WOLFMEM_MAX_BUCKETS) {
- return WC_TEST_RET_ENC_NC;
- }
- for (i = 0; i < WOLFMEM_DEF_BUCKETS; i++) {
- if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
- /* each element in array should be divisible by alignment size */
- return WC_TEST_RET_ENC_NC;
- }
- }
- for (i = 1; i < WOLFMEM_DEF_BUCKETS; i++) {
- if (size[i - 1] >= size[i]) {
- return WC_TEST_RET_ENC_NC; /* sizes should be in increasing order */
- }
- }
- #ifndef WOLFSSL_STATIC_MEMORY_LEAN
- /* check that padding size returned is possible */
- if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
- return WC_TEST_RET_ENC_NC; /* no room for wc_Memory struct */
- }
- ret = wolfSSL_MemoryPaddingSz();
- if (ret < 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
- return WC_TEST_RET_ENC_NC; /* not aligned! */
- }
- /* check function to return optimum buffer size (rounded down) */
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
- if (ret < 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
- return WC_TEST_RET_ENC_NC; /* not aligned! */
- }
- if ((unsigned int)ret > sizeof(buffer)) {
- return WC_TEST_RET_ENC_NC; /* did not round down as expected */
- }
- if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
- return WC_TEST_RET_ENC_NC; /* return value changed when using suggested
- * value
- */
- }
- ret = wolfSSL_MemoryPaddingSz();
- ret += pad; /* add space that is going to be needed if buffer not aligned */
- if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
- (ret + (int)size[0])) {
- return WC_TEST_RET_ENC_NC; /* did not round down to nearest bucket
- * value
- */
- }
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
- if ((ret - pad) < 0) {
- return WC_TEST_RET_ENC_NC;
- }
- if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
- return WC_TEST_RET_ENC_NC; /* not even chunks of memory for IO size */
- }
- if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
- return WC_TEST_RET_ENC_NC; /* memory not aligned */
- }
- /* check for passing bad or unknown arguments to functions */
- if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
- return WC_TEST_RET_ENC_NC;
- }
- if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
- return WC_TEST_RET_ENC_NC; /* should round to 0
- since struct + bucket will not fit */
- }
- #endif
- (void)pad;
- (void)dist; /* avoid static analysis warning of variable not used */
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
- /* simple test */
- ret = simple_mem_test(MEM_TEST_SZ);
- if (ret != 0)
- return ret;
- #endif
- #ifdef COMPLEX_MEM_TEST
- /* test various size blocks */
- for (i = 1; i < MEM_TEST_SZ; i*=2) {
- ret = simple_mem_test(i);
- if (ret != 0)
- return ret;
- }
- #endif
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) && defined(XREALLOC)
- /* realloc test */
- {
- byte *b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef WOLFSSL_NO_REALLOC
- byte *c = NULL;
- if (b) {
- c = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (c)
- b = c;
- }
- #endif
- if (b)
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((b == NULL)
- #ifndef WOLFSSL_NO_REALLOC
- || (c == NULL)
- #endif
- ) {
- return WC_TEST_RET_ENC_ERRNO;
- }
- }
- #endif
- if (ret == 0) {
- /* This test is only interesting on embedded R/O Flash systems */
- if (const_byte_ptr_test(const_byte_array, &j) != CBPTR_EXPECTED) {
- ret = 1;
- }
- }
- return ret;
- }
- #ifndef NO_FILESYSTEM
- /* Cert Paths */
- #ifdef FREESCALE_MQX
- #define CERT_PREFIX "a:\\"
- #define CERT_PATH_SEP "\\"
- #elif defined(WOLFSSL_uTKERNEL2)
- #define CERT_PREFIX "/uda/"
- #define CERT_PATH_SEP "/"
- #elif defined(_WIN32_WCE)
- #define CERT_PREFIX "\\windows\\"
- #define CERT_PATH_SEP "\\"
- #endif
- #ifndef CERT_PREFIX
- #define CERT_PREFIX "./"
- #endif
- #ifndef CERT_PATH_SEP
- #define CERT_PATH_SEP "/"
- #endif
- #ifndef CERT_WRITE_TEMP_DIR
- #define CERT_WRITE_TEMP_DIR CERT_PREFIX
- #endif
- #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
- /* Generated Test Certs */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #if !defined(NO_RSA) && !defined(NO_ASN)
- static const char* clientKey = CERT_ROOT "client-key.der";
- static const char* clientCert = CERT_ROOT "client-cert.der";
- #ifdef WOLFSSL_CERT_EXT
- static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
- #endif
- #endif /* !NO_RSA && !NO_ASN */
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- #if !defined(NO_RSA) && !defined(NO_ASN)
- #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7)
- static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
- #ifdef WOLFSSL_CERT_GEN
- static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
- #endif
- #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
- static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
- #endif
- #ifdef HAVE_PKCS7
- static const char* rsaServerCertDerFile =
- CERT_ROOT "server-cert.der";
- static const char* rsaServerKeyDerFile =
- CERT_ROOT "server-key.der";
- #endif
- #endif
- #endif /* !NO_RSA && !NO_ASN */
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #if !defined(NO_ASN) && !defined(NO_DH)
- static const char* dhParamsFile = CERT_ROOT "dh2048.der";
- #endif
- #endif
- #if !defined(NO_ASN) && !defined(NO_DH)
- #if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- #if !defined(USE_CERT_BUFFERS_2048)
- static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der";
- static const char* dhKeyPubFile = CERT_ROOT "statickeys/dh-ffdhe2048-pub.der";
- #endif
- #endif
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- #ifndef NO_DSA
- static const char* dsaKey = CERT_ROOT "dsa2048.der";
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256)
- #ifdef HAVE_ECC
- /* cert files to be used in rsa cert gen test, check if RSA enabled */
- #ifdef HAVE_ECC_KEY_IMPORT
- static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
- #endif
- #endif
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
- #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) && \
- !defined(NO_ECC_SECP)
- #ifndef NO_RSA
- static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
- #endif
- #ifndef NO_ASN_TIME
- static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
- static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- static const char* eccCaKey384File =
- CERT_ROOT "ca-ecc384-key.der";
- static const char* eccCaCert384File =
- CERT_ROOT "ca-ecc384-cert.pem";
- #endif
- #endif
- #endif
- #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
- static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
- static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
- #endif
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd25519Cert =
- CERT_ROOT "ed25519/server-ed25519.der";
- static const char* caEd25519Cert =
- CERT_ROOT "ed25519/ca-ed25519.der";
- #endif
- #endif
- #ifdef HAVE_ED448
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd448Cert =
- CERT_ROOT "ed448/server-ed448.der";
- static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der";
- #endif
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- static const char* certExtNc =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nc.der";
- static const char* certExtIa =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-ia.der";
- static const char* certExtNct =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nct.der";
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- static const char* certBadNegInt =
- CERT_ROOT "test" CERT_PATH_SEP "cert-bad-neg-int.der";
- #endif
- static const char* certBadOid =
- CERT_ROOT "test" CERT_PATH_SEP "cert-bad-oid.der";
- #ifndef WOLFSSL_NO_ASN_STRICT
- static const char* certBadUtf8 =
- CERT_ROOT "test" CERT_PATH_SEP "cert-bad-utf8.der";
- #endif
- #endif
- #ifndef NO_WRITE_TEMP_FILES
- #ifdef HAVE_ECC
- #ifndef NO_ECC_SECP
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
- static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
- static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
- static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
- static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
- #endif
- #endif
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ASN_CRYPT)
- static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
- static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
- static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
- #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
- #endif
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
- static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
- static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
- static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
- static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem";
- #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
- static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der";
- static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem";
- #endif
- #endif
- #endif /* !NO_RSA */
- #if !defined(NO_RSA) || !defined(NO_DSA)
- #ifdef WOLFSSL_KEY_GEN
- static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
- static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
- #endif
- #endif
- #endif /* !NO_WRITE_TEMP_FILES */
- #endif /* !NO_FILESYSTEM */
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- static CertName certDefaultName;
- static void initDefaultName(void)
- {
- #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
- NameAttrib* n;
- #endif
- XMEMCPY(certDefaultName.country, "US", sizeof("US"));
- certDefaultName.countryEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
- certDefaultName.stateEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.street, "Main St", sizeof("Main St"));
- certDefaultName.streetEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
- certDefaultName.localityEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
- certDefaultName.surEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
- certDefaultName.orgEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
- certDefaultName.unitEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
- certDefaultName.commonNameEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
- certDefaultName.serialDevEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.postalCode, "12-456", sizeof("12-456"));
- certDefaultName.postalCodeEnc = CTC_PRINTABLE;
- #ifdef WOLFSSL_CERT_EXT
- XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
- certDefaultName.busCatEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.joiSt, "US", sizeof("US"));
- certDefaultName.joiStEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.joiC, "Oregon", sizeof("Oregon"));
- certDefaultName.joiCEnc = CTC_PRINTABLE;
- #endif
- XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
- XMEMCPY(certDefaultName.userId, "TestUserID", sizeof("TestUserID"));
- certDefaultName.userIdEnc = CTC_PRINTABLE;
- #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
- /* test having additional OUs and setting DC */
- n = &certDefaultName.name[0];
- n->id = ASN_ORGUNIT_NAME;
- n->type = CTC_UTF8;
- n->sz = XSTRLEN("Development-2");
- XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
- #if CTC_MAX_ATTRIB > 3
- n = &certDefaultName.name[1];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = XSTRLEN("com");
- XMEMCPY(n->value, "com", sizeof("com"));
- n = &certDefaultName.name[2];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = XSTRLEN("wolfssl");
- XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
- #endif
- #endif /* WOLFSSL_MULTI_ATTRIB && WOLFSSL_TEST_CERT */
- #ifdef WOLFSSL_CUSTOM_OID
- /* TODO: Add test case for custom OID's */
- #endif
- }
- #ifdef WOLFSSL_CERT_EXT
- #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
- defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC)
- WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
- "digitalSignature,nonRepudiation";
- #endif
- #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_ASN_TIME)
- WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
- "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
- #endif
- #endif /* WOLFSSL_CERT_EXT */
- #endif /* WOLFSSL_CERT_GEN */
- #ifndef NO_RSA
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- static const byte minSerial[] = { 0x02, 0x01, 0x01 };
- static const byte minName[] = { 0x30, 0x00 };
- static const byte nameBad[] = {
- 0x30, 0x08,
- 0x31, 0x06,
- 0x30, 0x04,
- 0x06, 0x02,
- 0x55, 0x04,
- };
- static const byte minDates[] = {
- 0x30, 0x1e,
- 0x17, 0x0d,
- 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
- 0x32, 0x33, 0x31, 0x30, 0x5a,
- 0x17, 0x0d,
- 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
- 0x32, 0x33, 0x31, 0x30, 0x5a
- };
- static const byte minPubKey[] = {
- 0x30, 0x1c,
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01,
- 0x05, 0x00,
- 0x03, 0x0b,
- 0x00, 0x30, 0x08,
- 0x02, 0x01,
- 0x03,
- 0x02, 0x03,
- 0x01, 0x00, 0x01
- };
- static const byte minSigAlg[] = {
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x0b,
- 0x05, 0x00
- };
- static const byte minSig[] = {
- 0x03, 0x01,
- 0x00
- };
- static int add_seq(byte* certData, int offset, byte* data, byte length)
- {
- XMEMMOVE(certData + offset + 2, data, length);
- certData[offset++] = 0x30;
- certData[offset++] = length;
- return offset + length;
- }
- static int add_data(byte* certData, int offset, const byte* data, byte length)
- {
- XMEMCPY(certData + offset, data, length);
- return offset + length;
- }
- static wc_test_ret_t cert_asn1_test(void)
- {
- wc_test_ret_t ret;
- int len[3];
- DecodedCert cert;
- byte certData[114];
- byte* badCert = NULL;
- len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
- len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
- len[1] = add_seq(certData, 0, certData, len[2]);
- len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
- len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
- len[0] = add_seq(certData, 0, certData, len[1]);
- /* Minimal good certificate */
- InitDecodedCert(&cert, certData, len[0], 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* Bad issuer name */
- len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
- len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
- len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
- len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
- len[1] = add_seq(certData, 0, certData, len[2]);
- len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
- len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
- len[0] = add_seq(certData, 0, certData, len[1]);
- /* Put data into allocated buffer to allow access error checking. */
- badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XMEMCPY(badCert, certData, len[0]);
- InitDecodedCert(&cert, badCert, len[0], 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != ASN_PARSE_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- badCert = NULL;
- ret = 0;
- done:
- if (badCert != NULL)
- XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- static wc_test_ret_t cert_load_bad(const char* fname, byte* tmp, int err)
- {
- wc_test_ret_t ret;
- DecodedCert cert;
- XFILE file;
- size_t bytes;
- if ((fname == NULL) || (tmp == NULL)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- file = XFOPEN(fname, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != err) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- ret = 0;
- done:
- return ret;
- }
- static wc_test_ret_t cert_bad_asn1_test(void)
- {
- wc_test_ret_t ret = 0;
- byte* tmp;
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
- if (ret == 0) {
- /* Serial number: 0xff 0xa8. 0xff and top bit set on next byte invalid.
- */
- ret = cert_load_bad(certBadNegInt, tmp, ASN_EXPECT_0_E);
- }
- #endif
- if (ret == 0) {
- /* Subject name OID: 55 04 f4. Last byte with top bit set invalid. */
- ret = cert_load_bad(certBadOid, tmp, ASN_PARSE_E);
- }
- #ifndef WOLFSSL_NO_ASN_STRICT
- if (ret == 0) {
- /* Issuer name UTF8STRING: df 52 4e 44. Top bit of second byte not set.
- */
- ret = cert_load_bad(certBadUtf8, tmp, ASN_PARSE_E);
- }
- #endif
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
- {
- #if !defined(NO_FILESYSTEM)
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- XFILE file;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("cert_test");
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- /* Certificate with Name Constraints extension. */
- file = XFOPEN(certExtNc, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- FreeDecodedCert(&cert);
- /* Certificate with Inhibit Any Policy extension. */
- file = XFOPEN(certExtIa, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- FreeDecodedCert(&cert);
- /* Certificate with Netscape Certificate Type extension. */
- file = XFOPEN(certExtNct, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #else
- if (ret != ASN_CRIT_EXT_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- ret = 0;
- #endif
- done:
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* !NO_FILESYSTEM */
- if (ret == 0)
- ret = cert_asn1_test();
- if (ret == 0)
- ret = cert_bad_asn1_test();
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
- {
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- XFILE file;
- wc_test_ret_t ret;
- /* created from rsa_test : othercert.der */
- byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- /* created from rsa_test : othercert.der */
- byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
- "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
- #ifdef HAVE_ECC
- /* created from ecc_test_cert_gen : certecc.der */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Authority key id from ./certs/ca-ecc384-cert.pem */
- byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
- "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
- #else
- /* Authority key id from ./certs/ca-ecc-cert.pem */
- byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
- "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
- #endif
- #endif /* HAVE_ECC */
- /* created from rsa_test : cert.der */
- byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- WOLFSSL_ENTER("certext_test");
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- /* load othercert.der (Cert signed by an authority) */
- file = XFOPEN(otherCertDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- return WC_TEST_RET_ENC_ERRNO;
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* check the SKID from a RSA certificate */
- if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the AKID from an RSA certificate */
- if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the Key Usage from an RSA certificate */
- if (!cert.extKeyUsageSet)
- return WC_TEST_RET_ENC_NC;
- if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
- return WC_TEST_RET_ENC_NC;
- /* check the CA Basic Constraints from an RSA certificate */
- if (cert.isCA)
- return WC_TEST_RET_ENC_NC;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 1)
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return WC_TEST_RET_ENC_NC;
- #endif
- FreeDecodedCert(&cert);
- #ifdef HAVE_ECC
- /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
- file = XFOPEN(certEccDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- return WC_TEST_RET_ENC_ERRNO;
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* check the SKID from a ECC certificate - generated dynamically */
- /* check the AKID from an ECC certificate */
- if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the Key Usage from an ECC certificate */
- if (!cert.extKeyUsageSet)
- return WC_TEST_RET_ENC_NC;
- if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
- return WC_TEST_RET_ENC_NC;
- /* check the CA Basic Constraints from an ECC certificate */
- if (cert.isCA)
- return WC_TEST_RET_ENC_NC;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
- return WC_TEST_RET_ENC_NC;
- #endif
- FreeDecodedCert(&cert);
- #endif /* HAVE_ECC */
- /* load cert.der (self signed certificate) */
- file = XFOPEN(certDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- return WC_TEST_RET_ENC_ERRNO;
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* check the SKID from a CA certificate */
- if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the AKID from an CA certificate */
- if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return WC_TEST_RET_ENC_NC;
- /* check the Key Usage from CA certificate */
- if (!cert.extKeyUsageSet)
- return WC_TEST_RET_ENC_NC;
- if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
- return WC_TEST_RET_ENC_NC;
- /* check the CA Basic Constraints CA certificate */
- if (!cert.isCA)
- return WC_TEST_RET_ENC_NC;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return WC_TEST_RET_ENC_NC;
- if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
- return WC_TEST_RET_ENC_NC;
- #endif
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
- #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT &&
- !NO_FILESYSTEM && WOLFSSL_CERT_GEN */
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
- {
- wc_test_ret_t ret = 0;
- Cert cert;
- FILE* file;
- byte* der;
- word32 derSz;
- WOLFSSL_ENTER("decodedCertCache_test");
- derSz = FOURK_BUF;
- der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- ret = WC_TEST_RET_ENC_NC;
- if (ret == 0) {
- /* load cert.der */
- file = XFOPEN(certDerFile, "rb");
- if (file != NULL) {
- derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (derSz == 0)
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- else
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- if (ret == 0) {
- ret = wc_InitCert_ex(&cert, HEAP_HINT, devId);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetSubjectBuffer(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetSubjectBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetSubjectRaw(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetSubjectRaw(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetIssuerBuffer(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetIssuerBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetIssuerRaw(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetIssuerRaw(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #ifdef WOLFSSL_ALT_NAMES
- if (ret == 0) {
- ret = wc_SetAltNamesBuffer(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetAltNamesBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetDatesBuffer(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetDatesBuffer(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- if (ret == 0) {
- ret = wc_SetAuthKeyIdFromCert(&cert, der, derSz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_SetAuthKeyIdFromCert(NULL, der, derSz);
- if (ret == BAD_FUNC_ARG)
- ret = 0;
- else
- ret = WC_TEST_RET_ENC_NC;
- }
- wc_SetCert_Free(&cert);
- if (ret == 0) {
- if(cert.decodedCert != NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
- #define RSA_TEST_BYTES 512 /* up to 4096-bit key */
- #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static wc_test_ret_t rsa_flatten_test(RsaKey* key)
- {
- wc_test_ret_t ret;
- byte e[RSA_TEST_BYTES];
- byte n[RSA_TEST_BYTES];
- word32 eSz = sizeof(e);
- word32 nSz = sizeof(n);
- /* Parameter Validation testing. */
- ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- eSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- eSz = sizeof(e);
- nSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif /* NO_ASN */
- #if !defined(HAVE_FIPS) && !defined(NO_ASN) \
- && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static wc_test_ret_t rsa_export_key_test(RsaKey* key)
- {
- wc_test_ret_t ret;
- byte e[3];
- word32 eSz = sizeof(e);
- byte n[RSA_TEST_BYTES];
- word32 nSz = sizeof(n);
- byte d[RSA_TEST_BYTES];
- word32 dSz = sizeof(d);
- byte p[RSA_TEST_BYTES/2];
- word32 pSz = sizeof(p);
- byte q[RSA_TEST_BYTES/2];
- word32 qSz = sizeof(q);
- word32 zero = 0;
- ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
- if (ret != RSA_BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef NO_SIG_WRAPPER
- static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
- WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20,
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[RSA_TEST_BYTES];
- /* Parameter Validation testing. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = (word32)modLen;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, NULL, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, NULL, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, 0, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, NULL);
- #if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
- /* blinding / rng handled with hardware acceleration */
- if (ret != 0)
- #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- /* async may not require RNG */
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- if (ret != NO_VALID_DEVID)
- #else
- if (ret != 0 && ret != MISSING_RNG_E)
- #endif
- #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
- /* FIPS140 implementation does not do blinding */
- if (ret != 0)
- #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
- if (ret != SIG_TYPE_E)
- #elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050)
- /* RNG is handled by hardware */
- if (ret != 0)
- #else
- if (ret != MISSING_RNG_E)
- #endif
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = 0;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, 0, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, NULL, keyLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef HAVE_ECC
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
- if (ret != SIG_TYPE_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- return 0;
- #endif
- /* Use APIs. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
- if (ret != modLen)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
- if (ret != modLen)
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = (word32)ret;
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- XMEMSET(out, 0, sizeof(out));
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Wrong signature type. */
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret == 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* check hash functions */
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- (void)hash;
- (void)hashEnc;
- #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
- return 0;
- }
- #endif /* !NO_SIG_WRAPPER */
- #ifdef WC_RSA_NONBLOCK
- static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
- word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- int count;
- int signSz = 0;
- RsaNb nb;
- byte* inlinePlain = NULL;
- /* Enable non-blocking RSA mode - provide context */
- ret = wc_RsaSetNonBlock(key, &nb);
- if (ret != 0)
- return ret;
- #ifdef WC_RSA_NONBLOCK_TIME
- /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */
- ret = wc_RsaSetNonBlockTime(key, 8, 3100);
- if (ret != 0)
- return ret;
- #endif
- count = 0;
- do {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("RSA non-block sign: %d times\n", count);
- #endif
- signSz = ret;
- /* Test non-blocking verify */
- XMEMSET(plain, 0, plainSz);
- count = 0;
- do {
- ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("RSA non-block verify: %d times\n", count);
- #endif
- if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) {
- return SIG_VERIFY_E;
- }
- /* Test inline non-blocking verify */
- count = 0;
- do {
- ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("RSA non-block inline verify: %d times\n", count);
- #endif
- if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) {
- return SIG_VERIFY_E;
- }
- /* Disabling non-block RSA mode */
- ret = wc_RsaSetNonBlock(key, NULL);
- (void)count;
- return 0;
- }
- #endif
- #if !defined(NO_ASN)
- static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
- {
- wc_test_ret_t ret;
- word32 inSz;
- word32 inOutIdx;
- WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 };
- WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
- 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
- 0x30, 0x1a, 0x30, 0x18,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
- 0x30, 0x1b, 0x30, 0x19,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
- 0x30, 0x16, 0x30, 0x14,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
- 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
- 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
- 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
- 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
- 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
- 0x30, 0x17, 0x30, 0x15,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Parameter Validation testing. */
- ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
- #if defined(USE_INTEGER_HEAP_MATH)
- if (ret != 0)
- #else
- if (ret != ASN_GETINT_E)
- #endif
- {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
- #if defined(USE_INTEGER_HEAP_MATH)
- if (ret != 0)
- #else
- if (ret != ASN_GETINT_E)
- #endif
- {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Use API. */
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Parameter Validation testing. */
- inSz = sizeof(good);
- ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Use good data and offset to bad data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId);
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- #ifndef WOLFSSL_NO_DECODE_EXTRA
- if (ret != ASN_PARSE_E)
- #else
- if (ret != ASN_RSA_KEY_E)
- #endif
- {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Try different bad data. */
- inSz = sizeof(badAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNotBitString);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
- if (ret != ASN_BITSTR_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badBitStringLen);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNoSeq);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNoObj);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badIntN);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNotIntE);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* TODO: Shouldn't pass as the sequence length is too small. */
- inSz = sizeof(badLength);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
- #ifndef WOLFSSL_ASN_TEMPLATE
- if (ret != 0)
- #else
- if (ret != ASN_PARSE_E)
- #endif
- {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* TODO: Shouldn't ignore object id's data. */
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- inSz = sizeof(badBitStrNoZero);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Valid data cases. */
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- inSz = sizeof(goodAlgId);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- inSz = sizeof(goodAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- done:
- wc_FreeRsaKey(keyPub);
- return ret;
- }
- #endif
- #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
- /* Need to create known good signatures to test with this. */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
- {
- byte digest[WC_MAX_DIGEST_SIZE];
- wc_test_ret_t ret = 0;
- const char inStr[] = TEST_STRING;
- word32 inLen = (word32)TEST_STRING_SZ;
- word32 outSz;
- word32 plainSz;
- word32 digestSz;
- int i, j;
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- int k, l;
- #endif
- #ifndef WOLFSSL_SE050
- int len;
- #endif
- byte* plain;
- int mgf[] = {
- #ifndef NO_SHA
- WC_MGF1SHA1,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_MGF1SHA224,
- #endif
- WC_MGF1SHA256,
- #ifdef WOLFSSL_SHA384
- WC_MGF1SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_MGF1SHA512
- #endif
- };
- enum wc_HashType hash[] = {
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- WC_HASH_TYPE_SHA256,
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- };
- WC_DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || sig == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa_pss);
- #endif
- XMEMCPY(in, inStr, inLen);
- /* Test all combinations of hash and MGF. */
- for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
- /* Calculate hash of message. */
- ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- digestSz = (word32)wc_HashGetDigestSize(hash[j]);
- #ifdef WOLFSSL_SE050
- /* SE050 only supports MGF matched to same hash type */
- i = j;
- #else
- for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
- #endif
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
- hash[j], mgf[i], -1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- outSz = (word32)ret;
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
- mgf[i], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- plainSz = (word32)ret;
- TEST_SLEEP();
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz,
- hash[j], -1, wc_RsaEncryptSize(key)*8, HEAP_HINT);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
- for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
- if (i == k && j == l)
- continue;
- XMEMCPY(sig, out, outSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
- (byte**)&plain, hash[l], mgf[k], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret >= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- }
- }
- #endif
- #ifndef WOLFSSL_SE050
- } /* end mgf for loop */
- #endif
- }
- /* SE050 generates salts internally only of hash length */
- #ifndef WOLFSSL_SE050
- /* Test that a salt length of zero works. */
- digestSz = (word32)wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], 0, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- outSz = (word32)ret;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- plainSz = (word32)ret;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, sig, plainSz,
- hash[0], 0, 0, HEAP_HINT);
- #endif
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- plainSz = (word32)ret;
- TEST_SLEEP();
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], 0);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], 0, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- 0, 0, HEAP_HINT);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- /* Test bad salt lengths in various APIs. */
- digestSz = (word32)wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- len = -2;
- #else
- len = -3;
- #endif
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], len, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], digestSz + 1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
- mgf[0], -2, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- digestSz + 1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- TEST_SLEEP();
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- len = -2;
- #else
- len = -3;
- #endif
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- len, 0, HEAP_HINT);
- #endif
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #ifndef WOLFSSL_PSS_LONG_SALT
- len = (int)(digestSz + 1);
- #else
- len = (int)(plainSz - digestSz - 1);
- #endif
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len, 0);
- if (ret != BAD_PADDING_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- len, 0, HEAP_HINT);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
- #endif
- ret = 0;
- #endif /* WOLFSSL_SE050 */
- exit_rsa_pss:
- WC_FREE_VAR(sig, HEAP_HINT);
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- return ret;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */
- #endif
- #ifdef WC_RSA_NO_PADDING
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
- {
- WC_RNG rng;
- byte* tmp = NULL;
- size_t bytes;
- wc_test_ret_t ret;
- word32 inLen = 0;
- word32 idx = 0;
- word32 outSz = RSA_TEST_BYTES;
- word32 plainSz = RSA_TEST_BYTES;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- WC_DECLARE_VAR(key, RsaKey, 1, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(key, RsaKey, 1, HEAP_HINT);
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WOLFSSL_ENTER("rsa_no_pad_test");
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (key == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
- #endif
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(key, 0, sizeof(RsaKey));
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open clientKey, Please run from wolfSSL home dir",
- WC_TEST_RET_ENC_ERRNO);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding);
- #else
- /* No key to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- /* after loading in key use tmp as the test buffer */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- inLen = (word32)wc_RsaEncryptSize(key);
- outSz = inLen;
- plainSz = inLen;
- XMEMSET(tmp, 7, inLen);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
- RSA_PRIVATE_ENCRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- /* encrypted result should not be the same as input */
- if (XMEMCMP(out, tmp, inLen) == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- /* decrypt with public key and compare result */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
- RSA_PUBLIC_DECRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(NULL, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaSetRNG(key, &rng);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, outSz, key, &rng,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, plainSz, key,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* test some bad arguments */
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != LENGTH_ONLY_E || plainSz != inLen) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
- RSA_PUBLIC_DECRYPT, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
- }
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_nopadding:
- wc_FreeRsaKey(key);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WC_FREE_VAR(key, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WC_RSA_NO_PADDING */
- #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
- static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
- {
- byte* tmp = NULL;
- size_t bytes;
- wc_test_ret_t ret;
- word32 inLen = 0;
- #ifndef NO_ASN
- word32 idx = 0;
- #endif
- word32 outSz = RSA_TEST_BYTES;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- word32 plainSz = RSA_TEST_BYTES;
- #endif
- #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \
- !defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #endif
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (out == NULL
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- || plain == NULL
- #endif
- ) {
- ERROR_OUT(MEMORY_E, exit_rsa_even_mod);
- }
- #endif
- #if defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod);
- }
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod);
- #else
- /* No key to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod);
- #endif /* USE_CERT_BUFFERS */
- #ifndef NO_ASN
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #else
- #ifdef USE_CERT_BUFFERS_2048
- ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #ifndef NO_SIG_WRAPPER
- modLen = 2048;
- #endif
- #else
- #error Not supported yet!
- #endif
- #endif
- key->n.dp[0] &= (mp_digit)-2;
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- /* after loading in key use tmp as the test buffer */
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM))) && \
- !defined(WOLFSSL_XILINX_CRYPT)
- /* The ARM64_ASM code that was FIPS validated did not return these expected
- * failure codes. These tests cases were added after the assembly was
- * in-lined in the module and validated, these tests will be available in
- * the 140-3 module */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- inLen = 32;
- outSz = wc_RsaEncryptSize(key);
- XMEMSET(tmp, 7, plainSz);
- ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #endif
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(key, rng);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
- }
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_even_mod:
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WC_FREE_VAR(out, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- WC_FREE_VAR(plain, HEAP_HINT);
- #endif
- (void)out;
- (void)outSz;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- (void)plain;
- (void)plainSz;
- #endif
- (void)inLen;
- (void)rng;
- return ret;
- }
- #endif /* WOLFSSL_HAVE_SP_RSA */
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
- static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- RsaKey caKey[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- #endif
- byte* der = NULL;
- wc_test_ret_t ret;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE file3;
- #endif
- #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
- struct tm beforeTime;
- struct tm afterTime;
- #endif
- const byte mySerial[8] = {1,2,3,4,5,6,7,8};
- (void)keypub;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (caKey == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #ifdef WOLFSSL_TEST_CERT
- if (decode == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #endif
- XMEMSET(caKey, 0, sizeof *caKey);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- /* self signed */
- ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
- myCert->serialSz = (int)sizeof(mySerial);
- myCert->isCA = 1;
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- /* add AKID from the Public Key */
- ret = wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- /* add Key Usage */
- ret = wc_SetKeyUsage(myCert,"cRLSign,keyCertSign");
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #ifdef WOLFSSL_EKU_OID
- {
- const char unique[] = "2.16.840.1.111111.100.1.10.1";
- ret = wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
- HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- certSz = (int)ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
- CERT_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- /* Setup Certificate */
- ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
- /* Get CA Cert for testing */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- bytes3 = sizeof_ca_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- bytes3 = sizeof_ca_cert_der_2048;
- #else
- file3 = XFOPEN(rsaCaCertDerFile, "rb");
- if (!file3) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- if (bytes3 == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- #if defined(WOLFSSL_ALT_NAMES)
- #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
- !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
- ret = wc_SetAltNames(myCert, rsaCaCertFile);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif
- /* get alt names from der */
- ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* get dates from der */
- ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_ASN_TIME
- ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif
- #endif /* WOLFSSL_ALT_NAMES */
- #endif /* WOLFSSL_ALT_NAMES || HAVE_PKCS7 */
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = XFOPEN(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- if (bytes3 == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb =1;
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add Key Usage */
- ret = wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
- if (certSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
- caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- certSz = (int)ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
- CERT_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(caKey);
- #endif
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- #if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
- defined(WOLFSSL_CERT_GEN)
- /* Make Cert / Sign example for ECC cert and RSA CA */
- static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- RsaKey caKey[1];
- ecc_key caEccKey[1];
- ecc_key caEccKeyPub[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- #endif
- byte* der = NULL;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
- || !defined(USE_CERT_BUFFERS_256)
- #ifndef NO_FILESYSTEM
- XFILE file3;
- #endif
- #endif
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL)
- #ifdef WOLFSSL_TEST_CERT
- || (decode == NULL)
- #endif
- )
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMSET(caKey, 0, sizeof *caKey);
- XMEMSET(caEccKey, 0, sizeof *caEccKey);
- XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = XFOPEN(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- if (bytes3 == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* Get Cert Key */
- #if defined(USE_CERT_BUFFERS_256)
- {
- XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
- bytes3 = sizeof_ecc_key_pub_der_256;
- }
- #elif !defined(NO_FILESYSTEM)
- {
- file3 = XFOPEN(eccKeyPubFileDer, "rb");
- if (!file3) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- if (bytes3 == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- #else
- {
- WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(1)");
- ERROR_OUT(ASN_PARSE_E, exit_rsa);
- }
- #endif
- ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- idx3 = 0;
- ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* Setup Certificate */
- ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add Key Usage */
- ret = wc_SetKeyUsage(myCert, certKeyUsage);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng);
- if (certSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- certSz = (int)ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, 0);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
- CERT_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (caEccKey != NULL) {
- wc_ecc_free(caEccKey);
- XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (caEccKeyPub != NULL) {
- wc_ecc_free(caEccKeyPub);
- XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(caKey);
- wc_ecc_free(caEccKey);
- wc_ecc_free(caEccKeyPub);
- #endif
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- myCert = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- if (ret >= 0)
- ret = 0;
- return ret;
- }
- #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
- #ifdef WOLFSSL_KEY_GEN
- static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey genKey[1];
- #endif
- wc_test_ret_t ret;
- #ifndef WOLFSSL_NO_MALLOC
- byte* der = NULL;
- #else
- byte der[1024];
- #endif
- #ifndef WOLFSSL_CRYPTOCELL
- word32 idx = 0;
- #endif
- int derSz = 0;
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
- int keySz = 1024;
- #else
- int keySz = 2048;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (! genKey)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMSET(genKey, 0, sizeof *genKey);
- ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifdef HAVE_FIPS
- for (;;) {
- #endif
- ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #ifdef HAVE_FIPS
- if (ret == PRIME_GEN_E)
- continue;
- break;
- }
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- #ifdef WOLFSSL_RSA_KEY_CHECK
- ret = wc_CheckRsaKey(genKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- #endif
- derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
- PRIVATEKEY_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- wc_FreeRsaKey(genKey);
- ret = wc_InitRsaKey(genKey, HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef WOLFSSL_CRYPTOCELL
- idx = 0;
- /* The private key part of the key gen pairs from cryptocell can't be exported */
- ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, (word32)derSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif /* WOLFSSL_CRYPTOCELL */
- exit_rsa:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (genKey) {
- wc_FreeRsaKey(genKey);
- XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeRsaKey(genKey);
- #endif
- #ifndef WOLFSSL_NO_MALLOC
- if (der != NULL) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif
- return ret;
- }
- #endif
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- word32 idx = 0;
- const char inStr[] = TEST_STRING;
- const word32 inLen = (word32)TEST_STRING_SZ;
- const word32 outSz = RSA_TEST_BYTES;
- const word32 plainSz = RSA_TEST_BYTES;
- byte* res = NULL;
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMCPY(in, inStr, inLen);
- #ifndef NO_SHA
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* NO_SHA */
- #endif
- #ifndef NO_SHA256
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (ret != (int)inLen) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* check fails if not using the same optional label */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
- /* label is unused in cryptocell and SE050 so it won't detect decrypt error
- * due to label */
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* in this case decrypt should fail */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- ret = 0;
- TEST_SLEEP();
- #endif /* !HAVE_CAVIUM */
- /* check using optional label with encrypt/decrypt */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #ifndef NO_SHA
- /* check fail using mismatch hash algorithms */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
- in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* should fail */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- ret = 0;
- TEST_SLEEP();
- #endif /* !HAVE_CAVIUM */
- #endif /* NO_SHA */
- #endif /* NO_SHA256 */
- #ifdef WOLFSSL_SHA512
- /* Check valid RSA key size is used while using hash length of SHA512
- If key size is less than (hash length * 2) + 2 then is invalid use
- and test, since OAEP padding requires this.
- BAD_FUNC_ARG is returned when this case is not met */
- if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- }
- #endif /* WOLFSSL_SHA512 */
- /* check using pkcsv15 padding with _ex API */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- exit_rsa:
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- (void)idx;
- (void)inStr;
- (void)res;
- if (ret >= 0)
- ret = 0;
- return ret;
- }
- #endif
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
- {
- wc_test_ret_t ret;
- size_t bytes;
- WC_RNG rng;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* tmp = NULL;
- byte* der = NULL;
- RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey key[1];
- byte tmp[FOURK_BUF];
- #endif
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey keypub[1];
- #endif
- #endif
- word32 idx = 0;
- const char inStr[] = TEST_STRING;
- const word32 inLen = (word32)TEST_STRING_SZ;
- const word32 outSz = RSA_TEST_BYTES;
- const word32 plainSz = RSA_TEST_BYTES;
- byte* res = NULL;
- #ifndef NO_SIG_WRAPPER
- int modLen;
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #ifdef WOLFSSL_TEST_CERT
- XFILE file2;
- #endif
- #endif
- #ifdef WOLFSSL_TEST_CERT
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DecodedCert cert[1];
- #endif
- #ifndef NO_ASN_TIME
- struct tm timearg;
- const byte* date;
- byte dateFormat;
- int dateLength;
- #endif
- #endif
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- WOLFSSL_ENTER("rsa_test");
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMCPY(in, inStr, inLen);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- if (keypub == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #ifdef WOLFSSL_TEST_CERT
- if (cert == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(key, 0, sizeof *key);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- XMEMSET(keypub, 0, sizeof *keypub);
- #endif
- #if !defined(NO_ASN)
- ret = rsa_decode_test(key);
- if (ret != 0)
- ERROR_OUT(ret, exit_rsa);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- bytes = (size_t)sizeof_client_key_der_3072;
- if (bytes < (size_t)sizeof_client_cert_der_3072)
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- bytes = (size_t)sizeof_client_key_der_4096;
- if (bytes < (size_t)sizeof_client_cert_der_4096)
- bytes = (size_t)sizeof_client_cert_der_4096;
- #else
- bytes = FOURK_BUF;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #else
- /* No key to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_ASN
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_SIG_WRAPPER
- modLen = wc_RsaEncryptSize(key);
- #endif
- #else
- #ifdef USE_CERT_BUFFERS_2048
- ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifndef NO_SIG_WRAPPER
- modLen = 2048;
- #endif
- #else
- #error Not supported yet!
- #endif
- #endif
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif
- #ifndef NO_SIG_WRAPPER
- ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef WC_RSA_NONBLOCK
- ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- #ifdef WC_RSA_BLINDING
- {
- wc_test_ret_t tmpret = ret;
- ret = wc_RsaSetRNG(key, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- ret = tmpret;
- }
- #endif
- idx = (word32)ret; /* save off encrypted length */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (ret != (int)inLen) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- TEST_SLEEP();
- #elif defined(WOLFSSL_PUBLIC_MP)
- {
- static const byte signature_2048[] = {
- 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
- 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
- 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
- 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
- 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
- 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
- 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
- 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
- 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
- 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
- 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
- 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
- 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
- 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
- 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
- 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
- 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
- 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
- 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
- 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
- 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
- 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
- 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
- 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
- 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
- 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
- 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
- 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
- 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
- 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
- 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
- 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
- };
- ret = sizeof(signature_2048);
- XMEMCPY(out, signature_2048, ret);
- }
- #endif
- #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
- ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
- defined(WOLFSSL_PUBLIC_MP)) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- idx = (word32)ret;
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- #ifndef WOLFSSL_RSA_VERIFY_INLINE
- #if defined(WOLFSSL_CRYPTOCELL)
- /*
- Cryptocell requires the input data and signature byte array to verify.
- first argument must be the input data
- second argument must be the length of input data
- third argument must be the signature byte array or the output from
- wc_RsaSSL_Sign()
- fourth argument must be the length of the signature byte array
- */
- ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key);
- #else
- ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key);
- #endif /* WOLFSSL_CRYPTOCELL */
- #else
- byte* dec = NULL;
- ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key);
- if (ret > 0) {
- XMEMCPY(plain, dec, ret);
- }
- #endif
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- if (XMEMCMP(plain, in, (size_t)ret)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- }
- TEST_SLEEP();
- #endif
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- ret = rsa_oaep_padding_test(key, &rng);
- if (ret != 0)
- return ret;
- #endif /* !HAVE_FIPS */
- #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #if !defined(HAVE_FIPS) && !defined(NO_ASN) \
- && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = rsa_export_key_test(key);
- if (ret != 0)
- return ret;
- #endif
- #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = rsa_flatten_test(key);
- if (ret != 0)
- return ret;
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
- !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- (void)clientCert;
- #endif
- #ifdef WOLFSSL_TEST_CERT
- #if defined(WOLFSSL_MDK_ARM)
- #define sizeof(s) XSTRLEN((char *)(s))
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072);
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096);
- bytes = (size_t)sizeof_client_cert_der_4096;
- #elif !defined(NO_FILESYSTEM)
- file2 = XFOPEN(clientCert, "rb");
- if (!file2) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file2);
- XFCLOSE(file2);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
- #endif
- #ifdef sizeof
- #undef sizeof
- #endif
- InitDecodedCert(cert, tmp, (word32)bytes, NULL);
- ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #ifndef NO_ASN_TIME
- ret = wc_GetDateInfo(cert->afterDate, cert->afterDateLen, &date,
- &dateFormat, &dateLength);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- ret = wc_GetDateAsCalendarTime(date, dateLength, dateFormat, &timearg);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #endif
- FreeDecodedCert(cert);
- #endif /* WOLFSSL_TEST_CERT */
- #ifdef WOLFSSL_CERT_EXT
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- bytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- bytes = sizeof_client_keypub_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
- bytes = sizeof_client_keypub_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096);
- bytes = sizeof_client_keypub_der_4096;
- #else
- file = XFOPEN(clientKeyPub, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-keyPub.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(keypub, HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- idx = 0;
- ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_KEY_GEN
- ret = rsa_keygen_test(&rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
- /* Make Cert / Sign example for RSA cert and RSA CA */
- ret = rsa_certgen_test(key, keypub, &rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP)
- ret = rsa_ecc_certgen_test(&rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
- {
- Cert *req;
- int derSz;
- #ifndef WOLFSSL_SMALL_STACK
- byte* der = NULL;
- #endif
- req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (! req)
- ERROR_OUT(MEMORY_E, exit_rsa);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
- }
- ret = wc_InitCert_ex(req, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- req->version = 0;
- req->isCA = 1;
- XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE);
- XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName));
- #ifndef NO_SHA256
- req->sigType = CTC_SHA256wRSA;
- #else
- req->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add Key Usage */
- ret = wc_SetKeyUsage(req, certKeyUsage2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- /* add Extended Key Usage */
- ret = wc_SetExtKeyUsage(req,
- "serverAuth,clientAuth,codeSigning,"
- "emailProtection,timeStamping,OCSPSigning");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- #ifdef WOLFSSL_EKU_OID
- {
- WOLFSSL_SMALL_STACK_STATIC const char unique[] =
- "2.16.840.1.111111.100.1.10.1";
- ret = wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0,
- HEAP_HINT);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- #ifdef WOLFSSL_CERT_EXT
- /* Try again with "any" flag set, will override all others */
- ret = wc_SetExtKeyUsage(req, "any");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
- key, NULL, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
- derSz = (int)ret;
- ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
- CERTREQ_TYPE);
- if (ret != 0) {
- goto exit_rsa;
- }
- derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- /* Test getting the size of the buffer without providing the buffer.
- * derSz is set to the "largest buffer" we are willing to allocate. */
- derSz = wc_MakeCertReq(req, NULL, 10000, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
- }
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif /* WOLFSSL_CERT_REQ */
- #endif /* WOLFSSL_CERT_GEN */
- #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
- /* Need to create known good signatures to test with this. */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- ret = rsa_pss_test(&rng, key);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- /* New key to be loaded in rsa_even_mod_test(). */
- if (key != NULL)
- #endif
- wc_FreeRsaKey(key);
- /* New key to be loaded in rsa_even_mod_test(). */
- ret = rsa_even_mod_test(&rng, key);
- #endif
- exit_rsa:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_FreeRsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- if (keypub != NULL) {
- wc_FreeRsaKey(keypub);
- XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #ifdef WOLFSSL_TEST_CERT
- if (cert != NULL)
- XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_FreeRsaKey(key);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- wc_FreeRsaKey(keypub);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- wc_FreeRng(&rng);
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- (void)res;
- (void)bytes;
- (void)idx;
- (void)in;
- (void)out;
- (void)plain;
- (void)idx;
- (void)inStr;
- (void)inLen;
- (void)outSz;
- (void)plainSz;
- /* ret can be greater then 0 with certgen but all negative values should
- * be returned and treated as an error */
- if (ret >= 0) {
- return 0;
- }
- else {
- return ret;
- }
- }
- #endif /* !NO_RSA */
- #ifndef NO_DH
- static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
- {
- wc_test_ret_t ret = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DhKey key[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte p[] = {
- 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
- 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
- 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
- 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
- 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
- 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
- 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
- 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
- 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
- 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
- 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
- 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
- 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
- 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
- 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
- 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
- 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
- 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
- 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
- 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
- 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
- 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
- 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
- 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
- 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
- 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
- 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
- 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
- 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
- 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
- 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
- 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
- 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
- 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
- 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
- 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
- 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
- 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
- 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
- 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
- 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
- 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
- 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
- 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
- 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
- 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
- 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
- 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
- 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
- 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
- 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
- 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
- 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
- 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
- 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
- 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
- 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
- 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
- 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
- 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
- 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
- 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
- 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
- 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte q[] = {
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- WOLFSSL_SMALL_STACK_STATIC const byte q0[] = {
- 0x00,
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- byte priv[256];
- byte pub[256];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL)
- ERROR_OUT(MEMORY_E, exit_gen_test);
- #endif
- /* Parameter Validation testing. */
- ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- /* Use API. */
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- #ifndef HAVE_SELFTEST
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- /* Taint the public key so the check fails. */
- pub[0]++;
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != MP_CMP_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- #ifdef WOLFSSL_KEY_GEN
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateParams(rng, 2048, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- privSz = sizeof(priv);
- pubSz = sizeof(pub);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- #endif /* WOLFSSL_KEY_GEN */
- #endif /* HAVE_SELFTEST */
- ret = 0;
- exit_gen_test:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key) {
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeDhKey(key);
- #endif
- return ret;
- }
- static wc_test_ret_t dh_generate_test(WC_RNG *rng)
- {
- wc_test_ret_t ret = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- DhKey *smallKey = NULL;
- #else
- DhKey smallKey[1];
- #endif
- byte p[2] = { 1, 7 }; /* 263 in decimal */
- byte g[2] = { 0, 2 };
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
- #ifdef WOLFSSL_DH_CONST
- /* the table for constant DH lookup will round to the lowest byte size 21 */
- byte priv[21];
- byte pub[21];
- #else
- byte priv[2];
- byte pub[2];
- #endif
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #endif
- int smallKey_inited = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- smallKey_inited = 1;
- /* Parameter Validation testing. */
- ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeDhKey(NULL);
- ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
- /* Use API. */
- ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #else
- (void)rng;
- #if defined(HAVE_FIPS) || !defined(WOLFSSL_NO_DH186)
- ret = 0;
- #endif
- #endif
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_NO_DH186)
- {
- byte priv[260];
- byte pub[260];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- /* test odd ball param generation with DH */
- wc_FreeDhKey(smallKey);
- ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- ret = wc_DhGenerateParams(rng, 2056, smallKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- privSz = sizeof(priv);
- pubSz = sizeof(pub);
- ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
- }
- #endif /* !HAVE_FIPS and WOLFSSL_NO_DH186 */
- exit_gen_test:
- if (smallKey_inited)
- wc_FreeDhKey(smallKey);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (smallKey != NULL)
- XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- typedef struct dh_pubvalue_test {
- const byte* data;
- word32 len;
- } dh_pubvalue_test;
- static wc_test_ret_t dh_test_check_pubvalue(void)
- {
- wc_test_ret_t ret;
- word32 i;
- WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01};
- WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01};
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
- const dh_pubvalue_test dh_pubval_fail[] = {
- { prime, sizeof(prime) },
- { pubValZero, sizeof(pubValZero) },
- { pubValZeroLong, sizeof(pubValZeroLong) },
- { pubValOne, sizeof(pubValOne) },
- { pubValOneLong, sizeof(pubValOneLong) },
- { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
- { pubValPrimeLong, sizeof(pubValPrimeLong) },
- { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
- { pubValTooBig0, sizeof(pubValTooBig0) },
- { pubValTooBig1, sizeof(pubValTooBig1) },
- { pubValTooLong, sizeof(pubValTooLong) },
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
- const dh_pubvalue_test dh_pubval_pass[] = {
- { pubValTwo, sizeof(pubValTwo) },
- { pubValTwoLong, sizeof(pubValTwoLong) },
- { pubValGood, sizeof(pubValGood) },
- { pubValGoodLen, sizeof(pubValGoodLen) },
- { pubValGoodLong, sizeof(pubValGoodLong) },
- };
- for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
- ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
- dh_pubval_fail[i].len);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_I(i);
- }
- for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) {
- ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data,
- dh_pubval_pass[i].len);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- return 0;
- }
- #endif
- #if defined(HAVE_FFDHE)
- #if defined(HAVE_FFDHE_4096)
- #define MAX_DH_PRIV_SZ 39
- #define MAX_DH_KEY_SZ 512
- #elif defined(HAVE_FFDHE_3072)
- #define MAX_DH_PRIV_SZ 34
- #define MAX_DH_KEY_SZ 384
- #else
- #define MAX_DH_PRIV_SZ 29
- #define MAX_DH_KEY_SZ 256
- #endif
- #ifndef WC_NO_RNG
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
- #ifdef HAVE_PUBLIC_FFDHE
- static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
- #else
- static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
- #endif
- {
- wc_test_ret_t ret;
- word32 privSz, pubSz, privSz2, pubSz2;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *priv = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *priv2 = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key = (DhKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key2 = (DhKey*)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte priv[MAX_DH_PRIV_SZ];
- byte pub[MAX_DH_KEY_SZ];
- byte priv2[MAX_DH_PRIV_SZ];
- byte pub2[MAX_DH_KEY_SZ];
- byte agree[MAX_DH_KEY_SZ];
- byte agree2[MAX_DH_KEY_SZ];
- DhKey key[1];
- DhKey key2[1];
- #endif
- word32 agreeSz = MAX_DH_KEY_SZ;
- word32 agreeSz2 = MAX_DH_KEY_SZ;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((priv == NULL) ||
- (pub == NULL) ||
- (priv2 == NULL) ||
- (pub2 == NULL) ||
- (agree == NULL) ||
- (agree2 == NULL) ||
- (key == NULL) ||
- (key2 == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- pubSz = MAX_DH_KEY_SZ;
- pubSz2 = MAX_DH_KEY_SZ;
- #ifdef HAVE_PUBLIC_FFDHE
- privSz = MAX_DH_PRIV_SZ;
- privSz2 = MAX_DH_PRIV_SZ;
- #else
- privSz = wc_DhGetNamedKeyMinSize(name);
- privSz2 = privSz;
- #endif
- XMEMSET(key, 0, sizeof(*key));
- XMEMSET(key2, 0, sizeof(*key2));
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_PUBLIC_FFDHE
- ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
- #else
- ret = wc_DhSetNamedKey(key, name);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_PUBLIC_FFDHE
- ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
- params->g_len);
- #else
- ret = wc_DhSetNamedKey(key2, name);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \
- !defined(HAVE_INTEL_QA)
- /* Make p even */
- key->p.dp[0] &= (mp_digit)-2;
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #ifndef HAVE_SELFTEST
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_CMP_E &&
- ret != ASYNC_OP_E) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- /* Getting here means success - set ret to 0. */
- ret = 0;
- #endif /* (SP DH or Fast Math) and not Intel QuickAssist */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \
- !defined(WC_NO_RNG)
- if (priv)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv2)
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub2)
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree)
- XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree2)
- XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key) {
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_FreeDhKey(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeDhKey(key);
- wc_FreeDhKey(key2);
- #endif
- return ret;
- }
- #endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_FFDHE */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
- {
- wc_test_ret_t ret;
- word32 bytes;
- word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
- #ifndef WC_NO_RNG
- WC_RNG rng;
- int rngInit = 0;
- #endif
- int keyInit = 0, key2Init = 0;
- #define DH_TEST_TMP_SIZE 1024
- #if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #define DH_TEST_BUF_SIZE 256
- #else
- #define DH_TEST_BUF_SIZE 512
- #endif
- #ifndef WC_NO_RNG
- word32 agreeSz = DH_TEST_BUF_SIZE;
- word32 agreeSz2 = DH_TEST_BUF_SIZE;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DhKey key[1];
- DhKey key2[1];
- byte tmp[DH_TEST_TMP_SIZE];
- #endif
- #ifndef WC_NO_RNG
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
- agree == NULL || agree2 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #else
- byte priv[DH_TEST_BUF_SIZE];
- byte pub[DH_TEST_BUF_SIZE];
- byte priv2[DH_TEST_BUF_SIZE];
- byte pub2[DH_TEST_BUF_SIZE];
- byte agree[DH_TEST_BUF_SIZE];
- byte agree2[DH_TEST_BUF_SIZE];
- #endif
- #endif /* !WC_NO_RNG */
- WOLFSSL_ENTER("dh_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL || key2 == NULL || tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
- bytes = (size_t)sizeof_dh_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
- bytes = (size_t)sizeof_dh_key_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072);
- bytes = (size_t)sizeof_dh_key_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096);
- bytes = (size_t)sizeof_dh_key_der_4096;
- #elif defined(NO_ASN)
- /* don't use file, no DER parsing */
- #elif !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(dhParamsFile, "rb");
- if (! file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #else
- /* No DH key to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif /* USE_CERT_BUFFERS */
- (void)idx;
- (void)tmp;
- (void)bytes;
- pubSz = DH_TEST_BUF_SIZE;
- pubSz2 = DH_TEST_BUF_SIZE;
- privSz = DH_TEST_BUF_SIZE;
- privSz2 = DH_TEST_BUF_SIZE;
- #ifndef WC_NO_RNG
- XMEMSET(&rng, 0, sizeof(rng));
- #endif
- /* Use API for coverage. */
- ret = wc_InitDhKey(key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- keyInit = 1;
- ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- key2Init = 1;
- #ifdef NO_ASN
- #ifndef WOLFSSL_SP_MATH
- ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #else
- ret = wc_DhSetKey(key, dh2048_p, sizeof(dh2048_p), dh2048_g,
- sizeof(dh2048_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhSetKey(key2, dh2048_p, sizeof(dh2048_p), dh2048_g,
- sizeof(dh2048_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #else
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- idx = 0;
- ret = wc_DhKeyDecode(tmp, &idx, key2, bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- rngInit = 1;
- ret = wc_DhGenerateKeyPair(key, &rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhGenerateKeyPair(key2, &rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* !WC_NO_RNG */
- #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = wc_DhCheckPrivKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhCheckPrivKey(key, priv, privSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- {
- word32 pSz, qSz, gSz;
- ret = wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- /* Test DH key import / export */
- #if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifndef NO_ASN
- {
- /* DH Private - Key Export / Import */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *tmp2;
- #else
- byte tmp2[DH_TEST_TMP_SIZE];
- #endif
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_ffdhe_statickey_der_2048, sizeof_dh_ffdhe_statickey_der_2048);
- bytes = sizeof_dh_ffdhe_statickey_der_2048;
- #else
- XFILE file = XFOPEN(dhKeyFile, "rb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- tmp2 = (byte*)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp2 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- idx = 0;
- XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
- /* Import DH Private key as DER */
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret == 0) {
- /* Export as DER */
- idx = DH_TEST_TMP_SIZE;
- ret = wc_DhPrivKeyToDer(key, tmp2, &idx);
- }
- /* Verify export matches original */
- if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- /* DH Public Key - Export / Import */
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_ffdhe_pub_statickey_der_2048, sizeof_dh_ffdhe_pub_statickey_der_2048);
- bytes = sizeof_dh_ffdhe_pub_statickey_der_2048;
- #else
- file = XFOPEN(dhKeyPubFile, "rb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- /* for HAVE_WOLF_BIGINT prevent leak */
- wc_FreeDhKey(key);
- (void)wc_InitDhKey_ex(key, HEAP_HINT, devId);
- idx = 0;
- XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
- /* Import DH Public key as DER */
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret == 0) {
- /* Export as DER */
- idx = DH_TEST_TMP_SIZE;
- ret = wc_DhPubKeyToDer(key, tmp2, &idx);
- }
- /* Verify export matches original */
- if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- #else
- ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif /* !NO_ASN */
- privSz = DH_TEST_BUF_SIZE;
- pubSz = DH_TEST_BUF_SIZE;
- ret = wc_DhExportKeyPair(key, priv, &privSz, pub, &pubSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_DhImportKeyPair(key2, priv, privSz, pub, pubSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM && !FIPS <= 2 */
- #ifndef WC_NO_RNG
- ret = dh_generate_test(&rng);
- if (ret != 0)
- ERROR_OUT(ret, done);
- ret = dh_fips_generate_test(&rng);
- if (ret != 0)
- ERROR_OUT(ret, done);
- #endif /* !WC_NO_RNG */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = dh_test_check_pubvalue();
- if (ret != 0)
- ERROR_OUT(ret, done);
- #endif
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
- /* RNG with DH and SP_ASM code not supported in the in-lined FIPS ASM code,
- * this will be available for testing in the 140-3 module */
- #ifndef WC_NO_RNG
- /* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */
- #ifdef HAVE_FFDHE_2048
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_2048);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #ifdef HAVE_FFDHE_3072
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_3072);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #ifdef HAVE_FFDHE_4096
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_4096);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */
- wc_FreeDhKey(key);
- keyInit = 0;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
- /* Test Check Key */
- ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
- NULL, 0, 0, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
- #endif
- done:
- #ifndef WC_NO_RNG
- if (rngInit)
- wc_FreeRng(&rng);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key) {
- if (keyInit)
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- if (key2Init)
- wc_FreeDhKey(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmp)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv2)
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub2)
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree)
- XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree2)
- XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- if (keyInit)
- wc_FreeDhKey(key);
- if (key2Init)
- wc_FreeDhKey(key2);
- #endif
- (void)privSz;
- (void)pubSz;
- (void)pubSz2;
- (void)privSz2;
- return ret;
- #undef DH_TEST_BUF_SIZE
- #undef DH_TEST_TMP_SIZE
- }
- #endif /* NO_DH */
- #ifndef NO_DSA
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
- {
- wc_test_ret_t ret = 0;
- int answer;
- word32 bytes;
- word32 idx = 0;
- WC_RNG rng;
- int rng_inited = 0;
- wc_Sha sha;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte signature[40];
- int key_inited = 0;
- #ifdef WOLFSSL_KEY_GEN
- byte* der = 0;
- int derIn_inited = 0;
- int genKey_inited = 0;
- #endif
- #define DSA_TEST_TMP_SIZE 1024
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *tmp = (byte *)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DsaKey *key = (DsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_KEY_GEN
- DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- WOLFSSL_ENTER("dsa_test");
- if ((tmp == NULL) ||
- (key == NULL)
- #ifdef WOLFSSL_KEY_GEN
- || (derIn == NULL)
- || (genKey == NULL)
- #endif
- ) {
- ret = WC_TEST_RET_ENC_NC;
- goto out;
- }
- #else
- byte tmp[1024];
- DsaKey key[1];
- #ifdef WOLFSSL_KEY_GEN
- DsaKey derIn[1];
- DsaKey genKey[1];
- #endif
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- {
- XFILE file = XFOPEN(dsaKey, "rb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_ShaUpdate(&sha, tmp, bytes);
- wc_ShaFinal(&sha, hash);
- wc_ShaFree(&sha);
- ret = wc_InitDsaKey(key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- key_inited = 1;
- ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- rng_inited = 1;
- ret = wc_DsaSign(hash, signature, key, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_DsaVerify(hash, signature, key, &answer);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (answer != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- wc_FreeDsaKey(key);
- key_inited = 0;
- ret = wc_InitDsaKey_h(key, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- key_inited = 1;
- #ifdef WOLFSSL_KEY_GEN
- {
- int derSz = 0;
- ret = wc_InitDsaKey(genKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- genKey_inited = 1;
- ret = wc_MakeDsaParameters(&rng, 1024, genKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_MakeDsaKey(&rng, genKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF);
- if (derSz < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), out);
- ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
- DSA_PRIVATEKEY_TYPE);
- if (ret != 0)
- goto out;
- ret = wc_InitDsaKey(derIn);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- derIn_inited = 1;
- idx = 0;
- ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, (word32)derSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- #endif /* WOLFSSL_KEY_GEN */
- out:
- #ifdef WOLFSSL_KEY_GEN
- if (der)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (tmp)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key) {
- if (key_inited)
- wc_FreeDsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_KEY_GEN
- if (derIn) {
- if (derIn_inited)
- wc_FreeDsaKey(derIn);
- XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (genKey) {
- if (genKey_inited)
- wc_FreeDsaKey(genKey);
- XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
- if (key_inited)
- wc_FreeDsaKey(key);
- #ifdef WOLFSSL_KEY_GEN
- if (derIn_inited)
- wc_FreeDsaKey(derIn);
- if (genKey_inited)
- wc_FreeDsaKey(genKey);
- #endif
- #endif
- if (rng_inited)
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* NO_DSA */
- #ifdef WOLFCRYPT_HAVE_SRP
- static wc_test_ret_t generate_random_salt(byte *buf, word32 size)
- {
- wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
- WC_RNG rng;
- if(NULL == buf || !size)
- return WC_TEST_RET_ENC_NC;
- if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
- ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
- wc_FreeRng(&rng);
- }
- return ret;
- }
- static wc_test_ret_t srp_test_digest(SrpType dgstType)
- {
- wc_test_ret_t r;
- byte clientPubKey[192]; /* A */
- byte serverPubKey[192]; /* B */
- word32 clientPubKeySz = 192;
- word32 serverPubKeySz = 192;
- byte username[] = "user";
- word32 usernameSz = 4;
- byte password[] = "password";
- word32 passwordSz = 8;
- WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
- 0xfc, 0x58, 0x7a, 0x8a, 0x70, 0xfb, 0x5a, 0x9a,
- 0x5d, 0x39, 0x48, 0xbf, 0x1c, 0x46, 0xd8, 0x3b,
- 0x7a, 0xe9, 0x1f, 0x85, 0x36, 0x18, 0xc4, 0x35,
- 0x3f, 0xf8, 0x8a, 0x8f, 0x8c, 0x10, 0x2e, 0x01,
- 0x58, 0x1d, 0x41, 0xcb, 0xc4, 0x47, 0xa8, 0xaf,
- 0x9a, 0x6f, 0x58, 0x14, 0xa4, 0x68, 0xf0, 0x9c,
- 0xa6, 0xe7, 0xbf, 0x0d, 0xe9, 0x62, 0x0b, 0xd7,
- 0x26, 0x46, 0x5b, 0x27, 0xcb, 0x4c, 0xf9, 0x7e,
- 0x1e, 0x8b, 0xe6, 0xdd, 0x29, 0xb7, 0xb7, 0x15,
- 0x2e, 0xcf, 0x23, 0xa6, 0x4b, 0x97, 0x9f, 0x89,
- 0xd4, 0x86, 0xc4, 0x90, 0x63, 0x92, 0xf4, 0x30,
- 0x26, 0x69, 0x48, 0x9d, 0x7a, 0x4f, 0xad, 0xb5,
- 0x6a, 0x51, 0xad, 0xeb, 0xf9, 0x90, 0x31, 0x77,
- 0x53, 0x30, 0x2a, 0x85, 0xf7, 0x11, 0x21, 0x0c,
- 0xb8, 0x4b, 0x56, 0x03, 0x5e, 0xbb, 0x25, 0x33,
- 0x7c, 0xd9, 0x5a, 0xd1, 0x5c, 0xb2, 0xd4, 0x53,
- 0xc5, 0x16, 0x68, 0xf0, 0xdf, 0x48, 0x55, 0x3e,
- 0xd4, 0x59, 0x87, 0x64, 0x59, 0xaa, 0x39, 0x01,
- 0x45, 0x89, 0x9c, 0x72, 0xff, 0xdd, 0x8f, 0x6d,
- 0xa0, 0x42, 0xbc, 0x6f, 0x6e, 0x62, 0x18, 0x2d,
- 0x50, 0xe8, 0x18, 0x97, 0x87, 0xfc, 0xef, 0x1f,
- 0xf5, 0x53, 0x68, 0xe8, 0x49, 0xd1, 0xa2, 0xe8,
- 0xb9, 0x26, 0x03, 0xba, 0xb5, 0x58, 0x6f, 0x6c,
- 0x8b, 0x08, 0xa1, 0x7b, 0x6f, 0x42, 0xc9, 0x53
- };
- WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
- 0x02
- };
- byte salt[10];
- byte verifier[192];
- word32 v_size = sizeof(verifier);
- word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
- word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER); /* M1 */
- byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER); /* M2 */
- if ((cli == NULL) ||
- (srv == NULL) ||
- (clientProof == NULL) ||
- (serverProof == NULL)) {
- r = WC_TEST_RET_ENC_NC;
- goto out;
- }
- #else
- Srp cli[1], srv[1];
- byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
- byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
- #endif
- /* set as 0's so if second init on srv not called SrpTerm is not on
- * garbage values */
- XMEMSET(srv, 0, sizeof *srv);
- XMEMSET(cli, 0, sizeof *cli);
- /* generating random salt */
- r = generate_random_salt(salt, sizeof(salt));
- /* client knows username and password. */
- /* server knows N, g, salt and verifier. */
- if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId);
- if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
- /* loading N, g and salt in advance to generate the verifier. */
- if (!r) r = wc_SrpSetParams(cli, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetPassword(cli, password, passwordSz);
- if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size);
- /* client sends username to server */
- if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId);
- if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
- if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size);
- if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz);
- /* server sends N, g, salt and B to client */
- if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz);
- if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz);
- /* client sends A and M1 to server */
- if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz);
- if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz);
- /* server sends M2 to client */
- if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz);
- wc_SrpTerm(cli);
- wc_SrpTerm(srv);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- out:
- if (cli)
- XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (srv)
- XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (clientProof)
- XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (serverProof)
- XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return r;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void)
- {
- wc_test_ret_t ret;
- WOLFSSL_ENTER("srp_test");
- #ifndef NO_SHA
- ret = srp_test_digest(SRP_TYPE_SHA);
- if (ret != 0)
- return ret;
- #endif
- #ifndef NO_SHA256
- ret = srp_test_digest(SRP_TYPE_SHA256);
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SHA384
- ret = srp_test_digest(SRP_TYPE_SHA384);
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = srp_test_digest(SRP_TYPE_SHA512);
- if (ret != 0)
- return ret;
- #endif
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_SRP */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- static wc_test_ret_t openssl_aes_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- int i;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 32)
- return 3408;
- EVP_CIPHER_CTX_cleanup(en);
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 2)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 18)
- return 3427;
- if (XMEMCMP(plain, cbcPlain, 18))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(de);
- /* test with encrypting/decrypting more than 16 bytes at once */
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 17) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[17] , 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 32)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- /* final call on non block size should fail */
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[17], 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[17+1], 14) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 2)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 18)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, cbcPlain, 18))
- return WC_TEST_RET_ENC_NC;
- /* test byte by byte decrypt */
- for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
- plain[i] = i;
- }
- EVP_CIPHER_CTX_cleanup(de);
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != AES_BLOCK_SIZE * 3)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != sizeof(plain))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
- if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
- (byte*)cipher + i, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen > 0) {
- int j;
- total += outlen;
- for (j = 0; j < total; j++) {
- if (plain[j] != j) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- }
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != AES_BLOCK_SIZE * 3) {
- return WC_TEST_RET_ENC_NC;
- }
- for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
- if (plain[i] != i) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- EVP_CIPHER_CTX_cleanup(de);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- /* set buffers to be exact size to catch potential over read/write */
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- #define EVP_TEST_BUF_SZ 18
- #define EVP_TEST_BUF_PAD 32
- byte cipher[EVP_TEST_BUF_SZ];
- byte plain [EVP_TEST_BUF_SZ];
- byte padded[EVP_TEST_BUF_PAD];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- /* should fail here */
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- /* turn padding back on and do successful encrypt */
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
- (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (total != 32)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
- EVP_CIPHER_CTX_cleanup(en);
- /* test out of bounds read on buffers w/o padding during decryption */
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
- EVP_TEST_BUF_SZ) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- /* should fail since not using padding */
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(de);
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
- EVP_TEST_BUF_PAD) == 0)
- return WC_TEST_RET_ENC_NC;
- if (outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(de);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- { /* evp_cipher test: EVP_aes_128_cbc */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(ctx);
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(ctx);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AES_CBC */
- #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #else
- AES_KEY enc[1];
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec[1];
- #endif
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc == NULL)
- return MEMORY_E;
- #ifdef HAVE_AES_DECRYPT
- if (dec == NULL)
- return MEMORY_E;
- #endif
- #endif
- AES_set_encrypt_key(key, sizeof(key)*8, enc);
- AES_set_decrypt_key(key, sizeof(key)*8, dec);
- AES_encrypt(msg, cipher, enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #endif
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- #ifdef WOLFSSL_AES_128
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_en == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_de == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- #endif /* WOLFSSL_AES_256 */
- }
- #endif /* HAVE_AES_COUNTER */
- #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
- #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- AES_KEY enc[1];
- AES_KEY dec[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
- };
- byte cipher[AES_BLOCK_SIZE * 2];
- byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
- int num = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((enc == NULL) || (dec == NULL))
- return MEMORY_E;
- #endif
- XMEMCPY(iv, setIv, sizeof(setIv));
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
- wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
- return WC_TEST_RET_ENC_NC;
- if (num != 15) /* should have used 15 of the 16 bytes */
- return WC_TEST_RET_ENC_NC;
- wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
- cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- return WC_TEST_RET_ENC_NC;
- if (num != 0)
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- }
- #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
- #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
- return 0;
- }
- #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- EVP_MD_CTX *md_ctx = (EVP_MD_CTX *)XMALLOC(sizeof(EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
- #else
- EVP_MD_CTX md_ctx[1];
- #endif
- testVector a, b, c, d, e, f;
- byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
- #ifdef WOLFSSL_SMALL_STACK
- if (md_ctx == NULL)
- return WC_TEST_RET_ENC_EC(MEMORY_E);
- #endif
- WOLFSSL_ENTER("openssl_test");
- a.inLen = 0;
- b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
- (void)a;
- (void)b;
- (void)c;
- (void)d;
- (void)e;
- (void)f;
- /* test malloc / free , 10 is an arbitrary amount of memory chosen */
- {
- byte* p;
- p = (byte*)CRYPTO_malloc(10, "", 0);
- if (p == NULL) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(p, 0, 10);
- CRYPTO_free(p, "", 0);
- }
- #ifndef NO_MD5
- a.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_md5());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen);
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* NO_MD5 */
- #ifndef NO_SHA
- b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha1());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(hash, b.output, b.outLen) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* NO_SHA */
- #ifdef WOLFSSL_SHA224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
- "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA224_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_SHA224 */
- #ifndef NO_SHA256
- d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA256_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* !NO_SHA256 */
- #ifdef WOLFSSL_SHA384
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA384_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha384());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha512());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #if !defined(WOLFSSL_NOSHA512_224) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x23\xfe\xc5\xbb\x94\xd6\x0b\x23\x30\x81\x92\x64\x0b\x0c\x45"
- "\x33\x35\xd6\x64\x73\x4f\xe4\x0e\x72\x68\x67\x4a\xf9";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_224_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha512_224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
- #if !defined(WOLFSSL_NOSHA512_256) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x39\x28\xe1\x84\xfb\x86\x90\xf8\x40\xda\x39\x88\x12\x1d\x31"
- "\xbe\x65\xcb\x9d\x3e\xf8\x3e\xe6\x14\x6f\xea\xc8\x61\xe1\x9b"
- "\x56\x3a";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_256_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha512_256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a"
- "\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA3_224_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha3_224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf"
- "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad"
- "\x1d\x18";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA3_256_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha3_256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47"
- "\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6"
- "\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79"
- "\xaa\x7f\xc7";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA3_384_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha3_384());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #ifndef WOLFSSL_NOSHA3_512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78"
- "\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18"
- "\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8"
- "\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55"
- "\xf2\x1d\xd1\x85";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA3_512_DIGEST_SIZE;
- EVP_MD_CTX_init(md_ctx);
- ret = EVP_DigestInit(md_ctx, EVP_sha3_512());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, f.output, f.outLen) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- #endif /* WOLFSSL_SHA3 */
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(md_ctx, NULL, DYNAMIC_TYPE_OPENSSL);
- md_ctx = NULL;
- #endif
- #ifndef WC_NO_RNG
- if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifndef NO_MD5
- c.input = "what do ya want for nothing?";
- c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
- "\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)
- /* Expect failure with MD5 + HMAC when using FIPS 140-3. */
- if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
- hash, 0) != NULL)
- #else
- if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
- hash, 0) == NULL ||
- XMEMCMP(hash, c.output, c.outLen) != 0)
- #endif
- {
- return WC_TEST_RET_ENC_NC;
- }
- #endif /* NO_MD5 */
- #ifndef NO_DES3
- { /* des test */
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- const_DES_cblock key = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- DES_cblock iv = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- DES_key_schedule sched;
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- DES_key_sched(&key, &sched);
- DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
- DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
- if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* test changing iv */
- DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
- DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- } /* end des test */
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- if ((ret = openssl_aes_test()) != 0) {
- return ret;
- }
- #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
- { /* evp_cipher test: EVP_aes_128_cbc */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- int idx, cipherSz, plainSz;
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
- 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
- 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- cipherSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
- return WC_TEST_RET_ENC_NC;
- /* check partial decrypt (not enough padding for full block) */
- plainSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- /* this test should fail... not enough padding for full block */
- ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
- if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
- ret = WOLFSSL_SUCCESS;
- else
- ret = WC_TEST_RET_ENC_NC;
- }
- else
- ret = WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return ret;
- plainSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
- return WC_TEST_RET_ENC_NC;
- cipherSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_Cipher(ctx, plain, cipher, 16);
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != 16)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
- #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #else
- AES_KEY enc[1];
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec[1];
- #endif
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- printf("openSSL extra test\n") ;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc == NULL)
- return MEMORY_E;
- #ifdef HAVE_AES_DECRYPT
- if (dec == NULL)
- return MEMORY_E;
- #endif
- #endif
- AES_set_encrypt_key(key, sizeof(key)*8, enc);
- AES_set_decrypt_key(key, sizeof(key)*8, dec);
- AES_encrypt(msg, cipher, enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- #ifdef WOLFSSL_AES_128
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- EVP_CIPHER_CTX_cleanup(de);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_en == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_de == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(p_en);
- EVP_CIPHER_CTX_cleanup(p_de);
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- EVP_CIPHER_CTX_cleanup(de);
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- EVP_CIPHER_CTX_cleanup(de);
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_cleanup(en);
- EVP_CIPHER_CTX_cleanup(de);
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- #endif /* HAVE_AES_COUNTER */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- /* openSSL compatibility, if(inlen == 0)return 1; */
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 0) != 1)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if(total != 32)
- return WC_TEST_RET_ENC_NC;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 2)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if(total != 18)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(plain, cbcPlain, 18))
- return WC_TEST_RET_ENC_NC;
- total = 0;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if(total != 32)
- return 3438;
- total = 0;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 16)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
- return WC_TEST_RET_ENC_NC;
- if(outlen != 2)
- return WC_TEST_RET_ENC_NC;
- total += outlen;
- if(total != 18)
- return 3447;
- if (XMEMCMP(plain, cbcPlain, 18))
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_key_length(NULL) != 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_mode(NULL) != 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(de);
- if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_init(en);
- EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv);
- if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
- return WC_TEST_RET_ENC_NC;
- if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
- return WC_TEST_RET_ENC_NC;
- EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
- EVP_CIPHER_CTX_set_flags(en, 42);
- if (en->flags != 42)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
- #endif /* ifndef NO_AES */
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_SHA256) && !defined(NO_SHA)
- WOLFSSL_EVP_MD_CTX* ctx;
- WOLFSSL_EVP_MD_CTX* ctx2;
- WOLFSSL_ENTER("openSSL_evpMD_test");
- ctx = EVP_MD_CTX_create();
- ctx2 = EVP_MD_CTX_create();
- ret = EVP_DigestInit(ctx, EVP_sha256());
- if (ret != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_DigestInit(ctx, EVP_sha1());
- if (ret != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_add_digest(NULL) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- if (wolfSSL_EVP_add_cipher(NULL) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto openSSL_evpMD_test_done;
- }
- ret = 0; /* got to success state without jumping to end with a fail */
- openSSL_evpMD_test_done:
- EVP_MD_CTX_destroy(ctx);
- EVP_MD_CTX_destroy(ctx2);
- #endif /* NO_SHA256 */
- return ret;
- }
- #ifdef DEBUG_SIGN
- static void show(const char *title, const char *p, unsigned int s) {
- char* i;
- printf("%s: ", title);
- for (i = p;
- i < p + s;
- printf("%c", *i), i++);
- printf("\n");
- }
- #else
- #define show(a,b,c) WC_DO_NOTHING
- #endif
- #define FOURK_BUFF 4096
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_RSA) && !defined(NO_SHA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa = NULL;
- RSA *pubRsa = NULL;
- EVP_PKEY *prvPkey = NULL;
- EVP_PKEY *pubPkey = NULL;
- EVP_PKEY_CTX *enc = NULL;
- EVP_PKEY_CTX *dec = NULL;
- byte in[] = TEST_STRING;
- byte out[256];
- size_t outlen;
- size_t keySz;
- byte plain[256];
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE keyFile;
- XFILE keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- WOLFSSL_ENTER("openssl_pkey0_test");
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = XFOPEN(cliKey, "rb");
- if (!keyFile) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- return WC_TEST_RET_ENC_ERRNO;
- }
- prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- XFCLOSE(keyFile);
- if (prvBytes == 0) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- keypubFile = XFOPEN(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- return WC_TEST_RET_ENC_ERRNO;
- }
- pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- XFCLOSE(keypubFile);
- if (pubBytes == 0) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- printf("error with RSA_new\n");
- ret = WC_TEST_RET_ENC_ERRNO;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- keySz = (size_t)RSA_size(pubRsa);
- prvPkey = wolfSSL_EVP_PKEY_new();
- pubPkey = wolfSSL_EVP_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- printf("error with PKEY_new\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if(ret != 2){
- printf("error with PKEY_set1_RSA\n");
- ret = WC_TEST_RET_ENC_I(ret);
- goto openssl_pkey0_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvPkey, NULL);
- enc = EVP_PKEY_CTX_new(pubPkey, NULL);
- if((dec == NULL)||(enc==NULL)){
- printf("error with EVP_PKEY_CTX_new\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- /* RSA_PKCS1_OAEP_PADDING test */
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- printf("first set rsa padding error\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- printf("second set rsa padding error\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- printf("third set rsa padding error\n");
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey0_test_done;
- }
- #endif
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- ret = 0; /* made it to this point without error then set success */
- openssl_pkey0_test_done:
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- EVP_PKEY_CTX_free(dec);
- EVP_PKEY_CTX_free(enc);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* NO_RSA */
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
- EVP_PKEY_CTX* dec = NULL;
- EVP_PKEY_CTX* enc = NULL;
- EVP_PKEY* pubKey = NULL;
- EVP_PKEY* prvKey = NULL;
- X509* x509 = NULL;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
- const unsigned char* clikey;
- long cliKeySz;
- size_t outlen;
- int keyLenBits = 2048;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((tmp == NULL) ||
- (cipher == NULL) ||
- (plain == NULL)) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- #else
- unsigned char tmp[FOURK_BUF];
- unsigned char cipher[RSA_TEST_BYTES];
- unsigned char plain[RSA_TEST_BYTES];
- #endif
- WOLFSSL_ENTER("openssl_pkey1_test");
- #if defined(USE_CERT_BUFFERS_1024)
- XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
- cliKeySz = (long)sizeof_client_key_der_1024;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
- sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
- keyLenBits = 1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
- cliKeySz = (long)sizeof_client_key_der_2048;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
- sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
- cliKeySz = (long)sizeof_client_key_der_3072;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
- sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
- keyLenBits = 3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096);
- cliKeySz = (long)sizeof_client_key_der_4096;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096,
- sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1);
- keyLenBits = 4096;
- #else
- {
- XFILE f;
- f = XFOPEN(clientKey, "rb");
- if (!f) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- ret = WC_TEST_RET_ENC_ERRNO;
- goto openssl_pkey1_test_done;
- }
- cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f);
- XFCLOSE(f);
- if (cliKeySz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, openssl_pkey1_test_done);
- }
- /* using existing wolfSSL api to get public and private key */
- x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
- #endif /* USE_CERT_BUFFERS */
- clikey = tmp;
- if ((prvKey = EVP_PKEY_new()) == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto openssl_pkey1_test_done;
- }
- EVP_PKEY_free(prvKey);
- prvKey = NULL;
- if (x509 == NULL) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- pubKey = X509_get_pubkey(x509);
- if (pubKey == NULL) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
- if (prvKey == NULL) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
- if (EVP_PKEY_bits(prvKey) != keyLenBits) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvKey, NULL);
- enc = EVP_PKEY_CTX_new(pubKey, NULL);
- if (dec == NULL || enc == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_decrypt_init(dec) != 1) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_encrypt_init(enc) != 1) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey1_test_done;
- }
- #endif
- XMEMSET(cipher, 0, RSA_TEST_BYTES);
- outlen = (size_t)(keyLenBits/8);
- if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto openssl_pkey1_test_done;
- }
- XMEMSET(plain, 0, RSA_TEST_BYTES);
- if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
- ret = WC_TEST_RET_ENC_NC;
- goto openssl_pkey1_test_done;
- }
- openssl_pkey1_test_done:
- if (pubKey != NULL) {
- EVP_PKEY_free(pubKey);
- }
- if (prvKey != NULL) {
- EVP_PKEY_free(prvKey);
- }
- if (dec != NULL) {
- EVP_PKEY_CTX_free(dec);
- }
- if (enc != NULL) {
- EVP_PKEY_CTX_free(enc);
- }
- if (x509 != NULL) {
- X509_free(x509);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher != NULL)
- XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (plain != NULL)
- XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
- {
- #if !defined(NO_RSA) && !defined(NO_SHA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa;
- RSA *pubRsa;
- EVP_PKEY *prvPkey;
- EVP_PKEY *pubPkey;
- EVP_MD_CTX* sign;
- EVP_MD_CTX* verf;
- char msg[] = "see spot run";
- unsigned char sig[256];
- unsigned int sigSz;
- const void* pt;
- unsigned int count;
- wc_test_ret_t ret, ret1, ret2;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE keyFile;
- XFILE keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- WOLFSSL_ENTER("openssl_evpSig_test");
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = XFOPEN(cliKey, "rb");
- if (!keyFile) {
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- return WC_TEST_RET_ENC_ERRNO;
- }
- prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- XFCLOSE(keyFile);
- if (prvBytes == 0) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- keypubFile = XFOPEN(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
- return WC_TEST_RET_ENC_ERRNO;
- }
- pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- XFCLOSE(keypubFile);
- if (pubBytes == 0) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_ERRNO;
- }
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("ERROR with RSA_new", WC_TEST_RET_ENC_NC);
- return WC_TEST_RET_ENC_NC;
- }
- ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- printf("error with RSA_LoadDer_ex\n");
- return WC_TEST_RET_ENC_NC;
- }
- prvPkey = wolfSSL_EVP_PKEY_new();
- pubPkey = wolfSSL_EVP_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with KEY_new\n");
- return WC_TEST_RET_ENC_NC;
- }
- ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if((ret1 != 1) || (ret2 != 1)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with EVP_PKEY_set1_RSA\n");
- return WC_TEST_RET_ENC_NC;
- }
- /****************** sign and verify *******************/
- sign = EVP_MD_CTX_create();
- verf = EVP_MD_CTX_create();
- if((sign == NULL)||(verf == NULL)){
- printf("error with EVP_MD_CTX_create\n");
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- return WC_TEST_RET_ENC_NC;
- }
- ret = EVP_SignInit(sign, EVP_sha1());
- if (ret != SSL_SUCCESS){
- printf("error with EVP_SignInit\n");
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- return WC_TEST_RET_ENC_NC;
- }
- count = sizeof(msg);
- show("message = ", (char *)msg, count);
- /* sign */
- XMEMSET(sig, 0, sizeof(sig));
- pt = (const void*)msg;
- ret1 = EVP_SignUpdate(sign, pt, count);
- ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_MD_CTX_create\n");
- return WC_TEST_RET_ENC_NC;
- }
- show("signature = ", (char *)sig, sigSz);
- /* verify */
- pt = (const void*)msg;
- ret1 = EVP_VerifyInit(verf, EVP_sha1());
- ret2 = EVP_VerifyUpdate(verf, pt, count);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_Verify\n");
- return WC_TEST_RET_ENC_NC;
- }
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_VerifyFinal\n");
- return WC_TEST_RET_ENC_NC;
- }
- /* expect fail without update */
- EVP_VerifyInit(verf, EVP_sha1());
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("EVP_VerifyInit without update not detected\n");
- return WC_TEST_RET_ENC_NC;
- }
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- #endif /* NO_RSA */
- return 0;
- }
- #endif /* OPENSSL_EXTRA */
- #ifndef NO_PWDBASED
- #ifdef HAVE_SCRYPT
- /* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
- {
- #ifdef HAVE_FIPS
- /* RFC 7914 test vector keys are too short for FIPS. */
- #else
- wc_test_ret_t ret;
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = {
- 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
- 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
- 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
- 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
- 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
- 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
- 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
- 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
- };
- #if !defined(BENCH_EMBEDDED)
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
- 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
- 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
- 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
- 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
- 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
- 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
- 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
- };
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
- 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
- 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
- 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
- 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
- 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
- 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
- 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
- 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
- };
- #endif
- #ifdef SCRYPT_TEST_ALL
- /* Test case is very slow.
- * Use for confirmation after code change or new platform.
- */
- WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
- 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
- 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
- 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
- 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
- 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
- 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
- 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
- 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
- };
- #endif
- WOLFSSL_ENTER("scrypt_test");
- ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
- return WC_TEST_RET_ENC_NC;
- #if !defined(BENCH_EMBEDDED)
- ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
- sizeof(verify2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- /* Test case with parallel overflowing */
- ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
- sizeof(verify1));
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Don't run these test on embedded, since they use large mallocs */
- #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
- return WC_TEST_RET_ENC_NC;
- #ifdef SCRYPT_TEST_ALL
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- #else
- #ifdef SCRYPT_TEST_ALL
- (void)verify4;
- #endif
- #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
- #if !defined(BENCH_EMBEDDED)
- ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
- 8, 16, sizeof(verify2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- #endif /* !HAVE_FIPS */
- return 0;
- }
- #endif
- #ifdef HAVE_PKCS12
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
- 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
- WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
- 0x00, 0x67, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
- 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
- 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
- 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
- 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
- };
- int id = 1;
- int kLen = 24;
- int iterations = 1;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("pkcs12_pbkdf_test");
- ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify, kLen) != 0)
- return WC_TEST_RET_ENC_NC;
- iterations = 1000;
- ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id, HEAP_HINT);
- if (ret < 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify2, 24) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_PKCS12 */
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
- {
- char passwd[] = "passwordpassword";
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
- 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 2048;
- int kLen = 24;
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
- 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
- };
- wc_test_ret_t ret;
- WOLFSSL_ENTER("pbkdf2_test");
- ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd),
- salt, (int)sizeof(salt), iterations,
- kLen, WC_SHA256, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_PBKDF2 && !NO_SHA256 && !NO_HMAC */
- #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void)
- {
- char passwd[] = "password";
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 1000;
- int kLen = 16;
- byte derived[16];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F,
- 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
- };
- wc_test_ret_t ret;
- WOLFSSL_ENTER("pbkdf1_test");
- ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
- (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
- HEAP_HINT);
- if (ret != 0)
- return ret;
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* HAVE_PBKDF2 && !NO_SHA */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
- {
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("pwdbased_test");
- #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
- ret = pbkdf1_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- ret = pbkdf2_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_PKCS12
- ret = pkcs12_pbkdf_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_SCRYPT
- ret = scrypt_test();
- if (ret != 0)
- return ret;
- #endif
- return ret;
- }
- #endif /* NO_PWDBASED */
- #if defined(USE_CERT_BUFFERS_2048) && \
- defined(HAVE_PKCS12) && \
- !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
- !defined(NO_CERTS) && !defined(NO_DES3)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
- {
- wc_test_ret_t ret = 0;
- WC_PKCS12* pkcs12 = NULL;
- /* Gen vars */
- byte* pkcs12der = NULL;
- int pkcs12derSz = 0;
- WC_DerCertList derCaList = {
- (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL
- };
- char* pass = (char*)"wolfSSL test";
- /* Parsing vars */
- WC_DerCertList* derCaListOut = NULL;
- byte* keyDer = NULL;
- byte* certDer = NULL;
- word32 keySz;
- word32 certSz;
- WOLFSSL_ENTER("pkcs12_test");
- pkcs12 = wc_PKCS12_create(pass, (word32)XSTRLEN(pass),
- (char*)"friendlyName" /* not used currently */,
- (byte*)server_key_der_2048, sizeof_server_key_der_2048,
- (byte*)server_cert_der_2048, sizeof_server_cert_der_2048,
- &derCaList, PBE_SHA1_DES3, PBE_SHA1_DES3, 100, 100,
- 0 /* not used currently */, HEAP_HINT);
- if (pkcs12 == NULL) {
- ret = WC_TEST_RET_ENC_EC(MEMORY_E);
- goto out;
- }
- ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz);
- if (ret != LENGTH_ONLY_E) {
- if (ret == 0)
- ret = WC_TEST_RET_ENC_NC;
- else
- ret = WC_TEST_RET_ENC_I(ret);
- goto out;
- }
- pkcs12der = (byte*)XMALLOC(pkcs12derSz, HEAP_HINT, DYNAMIC_TYPE_PKCS);
- if (pkcs12der == NULL) {
- ret = WC_TEST_RET_ENC_EC(MEMORY_E);
- goto out;
- }
- {
- /* Use tmp pointer to avoid advancing pkcs12der */
- byte* tmp = pkcs12der;
- ret = wc_i2d_PKCS12(pkcs12, &tmp, &pkcs12derSz);
- if (ret <= 0) {
- if (ret == 0)
- ret = WC_TEST_RET_ENC_NC;
- else
- ret = WC_TEST_RET_ENC_I(ret);
- goto out;
- }
- }
- wc_PKCS12_free(pkcs12);
- pkcs12 = wc_PKCS12_new_ex(HEAP_HINT);
- if (pkcs12 == NULL) {
- ret = WC_TEST_RET_ENC_EC(MEMORY_E);
- goto out;
- }
- /* convert the DER file into an internal structure */
- ret = wc_d2i_PKCS12(pkcs12der, pkcs12derSz, pkcs12);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto out;
- }
- /* parse the internal structure into its parts */
- ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz,
- &certDer, &certSz, &derCaListOut);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto out;
- }
- if (keyDer == NULL || certDer == NULL || derCaListOut == NULL) {
- ret = WC_TEST_RET_ENC_NC;
- goto out;
- }
- out:
- if (derCaListOut)
- wc_FreeCertList(derCaListOut, HEAP_HINT);
- XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
- XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
- if (pkcs12)
- wc_PKCS12_free(pkcs12);
- XFREE(pkcs12der, HEAP_HINT, DYNAMIC_TYPE_PKCS);
- return ret;
- }
- #endif
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
- defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
- defined(WOLFSSL_AFALG_XILINX_RSA)
- /* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
- static wc_test_ret_t hkdf_test(void)
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
- #endif
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_SHA) || !defined(NO_SHA256)
- int L;
- byte okm1[42];
- byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
- #ifndef HAVE_FIPS
- byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c };
- byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9 };
- #endif
- #ifndef NO_SHA
- byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
- 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
- 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
- 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
- 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
- 0x49, 0x18 };
- #ifndef HAVE_FIPS
- byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
- 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
- 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
- 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
- 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
- 0xf8, 0x96 };
- #endif
- #endif /* !NO_SHA */
- #ifndef NO_SHA256
- byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
- 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
- 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
- 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
- 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
- 0x96, 0xc8 };
- #ifndef HAVE_FIPS
- byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
- 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
- 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
- 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
- 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
- 0x58, 0x65 };
- #endif
- #endif /* !NO_SHA256 */
- WOLFSSL_ENTER("hkdf_test");
- XMEMSET(okm1, 0, sizeof(okm1));
- L = (int)sizeof(okm1);
- #ifndef NO_SHA
- ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
- okm1, (word32)L);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(okm1, res1, L) != 0)
- return WC_TEST_RET_ENC_NC;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- L = (int)sizeof(okm1);
- ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1),
- info1, (word32)sizeof(info1), okm1, (word32)L);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(okm1, res2, L) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_FIPS */
- #endif /* !NO_SHA */
- #ifndef NO_SHA256
- ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
- okm1, (word32)L);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(okm1, res3, L) != 0)
- return WC_TEST_RET_ENC_NC;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1),
- salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, (word32)L);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(okm1, res4, L) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif /* HAVE_FIPS */
- #endif /* !NO_SHA256 */
- #endif /* !NO_SHA || !NO_SHA256 */
- return ret;
- }
- #endif /* HAVE_HKDF */
- #ifdef WOLFSSL_WOLFSSH
- typedef struct {
- byte hashId;
- byte keyId;
- const byte* k;
- word32 kSz;
- const byte* h;
- word32 hSz;
- const byte* sessionId;
- word32 sessionIdSz;
- const byte* expectedKey;
- word32 expectedKeySz;
- } SshKdfTestVector;
- /** Test Vector Set #3: SHA-256 **/
- static const byte sshKdfTvSet3k[] = {
- 0x6A, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1,
- 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64,
- 0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C,
- 0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22,
- 0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE,
- 0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76,
- 0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75,
- 0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0,
- 0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3,
- 0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E,
- 0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56,
- 0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C,
- 0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63,
- 0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF,
- 0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81,
- 0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD,
- 0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC,
- 0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78,
- 0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA,
- 0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24,
- 0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3,
- 0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60,
- 0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE,
- 0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04,
- 0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7,
- 0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE,
- 0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD,
- 0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F,
- 0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F,
- 0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22,
- 0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56,
- 0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22
- };
- static const byte sshKdfTvSet3h[] = {
- 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
- 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
- 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
- 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
- };
- static const byte sshKdfTvSet3sid[] = {
- 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
- 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
- 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
- 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
- };
- static const byte sshKdfTvSet3a[] = {
- 0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61,
- 0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9
- };
- static const byte sshKdfTvSet3b[] = {
- 0x3F, 0x6F, 0xD2, 0x06, 0x5E, 0xEB, 0x2B, 0x0B,
- 0x1D, 0x93, 0x19, 0x5A, 0x1F, 0xED, 0x48, 0xA5
- };
- static const byte sshKdfTvSet3c[] = {
- 0xC3, 0x54, 0x71, 0x03, 0x4E, 0x6F, 0xD6, 0x54,
- 0x76, 0x13, 0x17, 0x8E, 0x23, 0x43, 0x5F, 0x21
- };
- static const byte sshKdfTvSet3d[] = {
- 0x7E, 0x9D, 0x79, 0x03, 0x20, 0x90, 0xD9, 0x9F,
- 0x98, 0xB0, 0x15, 0x63, 0x4D, 0xD9, 0xF4, 0x62
- };
- static const byte sshKdfTvSet3e[] = {
- 0x24, 0xEE, 0x55, 0x9A, 0xD7, 0xCE, 0x71, 0x2B,
- 0x68, 0x5D, 0x0B, 0x22, 0x71, 0xE4, 0x43, 0xC1,
- 0x7A, 0xB1, 0xD1, 0xDC, 0xEB, 0x5A, 0x36, 0x05,
- 0x69, 0xD2, 0x5D, 0x5D, 0xC2, 0x43, 0x00, 0x2F
- };
- static const byte sshKdfTvSet3f[] = {
- 0xC3, 0x41, 0x9C, 0x2B, 0x96, 0x62, 0x35, 0x86,
- 0x9D, 0x71, 0x4B, 0xA5, 0xAC, 0x48, 0xDD, 0xB7,
- 0xD9, 0xE3, 0x5C, 0x8C, 0x19, 0xAA, 0xC7, 0x34,
- 0x22, 0x33, 0x7A, 0x37, 0x34, 0x53, 0x60, 0x7E
- };
- static const SshKdfTestVector sshKdfTestVectors[] = {
- {WC_HASH_TYPE_SHA256, 'A',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3a, sizeof(sshKdfTvSet3a)},
- {WC_HASH_TYPE_SHA256, 'B',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3b, sizeof(sshKdfTvSet3b)},
- {WC_HASH_TYPE_SHA256, 'C',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3c, sizeof(sshKdfTvSet3c)},
- {WC_HASH_TYPE_SHA256, 'D',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3d, sizeof(sshKdfTvSet3d)},
- {WC_HASH_TYPE_SHA256, 'E',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3e, sizeof(sshKdfTvSet3e)},
- {WC_HASH_TYPE_SHA256, 'F',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3f, sizeof(sshKdfTvSet3f)},
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
- {
- byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
- word32 i;
- word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
- const SshKdfTestVector* tv = NULL;
- wc_test_ret_t result = 0;
- WOLFSSL_ENTER("sshkdf_test");
- /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
- for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) {
- result = wc_SSH_KDF(tv->hashId, tv->keyId,
- cKey, tv->expectedKeySz,
- tv->k, tv->kSz, tv->h, tv->hSz,
- tv->sessionId, tv->sessionIdSz);
- if (result != 0) {
- printf("KDF: Could not derive key.\n");
- result = WC_TEST_RET_ENC_EC(result);
- }
- else {
- if (XMEMCMP(cKey, tv->expectedKey, tv->expectedKeySz) != 0) {
- printf("KDF: Calculated Key does not match Expected Key.\n");
- result = WC_TEST_RET_ENC_EC(result);
- }
- }
- if (result != 0) break;
- }
- return result;
- }
- #endif /* WOLFSSL_WOLFSSH */
- #if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- #define DIGL 12
- #define SECL 48
- #define LBSL 63
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void)
- {
- int ret;
- byte dig[DIGL] = {0};
- byte secret[SECL] = {
- 0x10, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c,
- 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f,
- 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71,
- 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8,
- 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99,
- 0x9d, 0xfc, 0x47
- };
- byte lablSd[LBSL] = {
- 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69,
- 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba,
- 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43,
- 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e,
- 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a,
- 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf,
- 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43
- };
- byte expected[DIGL] = {
- 0xee, 0xcb, 0xb1, 0x30, 0xf2, 0xcd, 0xb3, 0x4a,
- 0xbe, 0xda, 0xc1, 0xf6
- };
- int digL = DIGL;
- int secL = SECL;
- int lblsdL = LBSL;
- int hash_type = sha384_mac;
- ret = wc_PRF(dig, (word32)digL, secret, secL, lablSd, lblsdL, hash_type,
- HEAP_HINT, INVALID_DEVID);
- if (ret != 0) {
- printf("Failed w/ code: %d\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (XMEMCMP(expected, dig, DIGL) != 0) {
- printf("Got unexpected digest\n");
- return WC_TEST_RET_ENC_NC;
- }
- return 0;
- }
- #endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */
- #ifdef WOLFSSL_HAVE_PRF
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- #ifdef WOLFSSL_BASE16
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void)
- {
- const char* preMasterSecret = "D06F9C19BFF49B1E91E4EFE97345D089"
- "4E6C2E6C34A165B24540E2970875D641"
- "2AA6515871B389B4C199BB8389C71CED";
- const char* helloRandom = "162B81EDFBEAE4F25240320B87E7651C"
- "865564191DD782DB0B9ECA275FBA1BB9"
- "5A1DA3DF436D68DA86C5E7B4B4A36E46"
- "B977C61767983A31BE270D74517BD0F6";
- const char* masterSecret = "EB38B8D89B98B1C266DE44BB3CA14E83"
- "C32F009F9955B1D994E61D3C51EE8760"
- "90B4EF89CC7AF42F46E72201BFCC7977";
- const char* label = "master secret";
- byte pms[48] = {0};
- byte seed[64] = {0};
- byte ms[48] = {0};
- byte result[48] = {0};
- word32 pmsSz = (word32)sizeof(pms);
- word32 seedSz = (word32)sizeof(seed);
- word32 msSz = (word32)sizeof(ms);
- int ret;
- ret = Base16_Decode((const byte*)preMasterSecret,
- (word32)XSTRLEN(preMasterSecret), pms, &pmsSz);
- if (ret != 0)
- return ret;
- ret = Base16_Decode((const byte*)helloRandom,
- (word32)XSTRLEN(helloRandom), seed, &seedSz);
- if (ret != 0)
- return ret;
- ret = Base16_Decode((const byte*)masterSecret,
- (word32)XSTRLEN(masterSecret), ms, &msSz);
- if (ret != 0)
- return ret;
- ret = wc_PRF_TLS(result, msSz, pms, pmsSz,
- (const byte*)label, (word32)XSTRLEN(label), seed, seedSz,
- 1, sha256_mac, NULL, INVALID_DEVID);
- if (ret != 0) {
- if (ret == FIPS_PRIVATE_KEY_LOCKED_E) {
- printf(" wc_PRF_TLSv12: Private key locked.\n");
- }
- return WC_TEST_RET_ENC_NC;
- }
- if (XMEMCMP(result, ms, msSz) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* WOLFSSL_BASE16 */
- #endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */
- #endif /* WOLFSSL_HAVE_PRF */
- #ifdef WOLFSSL_TLS13
- #define TLSV13_PSK_DHE_SZ 40
- typedef struct {
- enum wc_HashType hashAlg;
- word32 pskSz;
- word32 dheSz;
- byte psk[TLSV13_PSK_DHE_SZ];
- byte dhe[TLSV13_PSK_DHE_SZ];
- byte hashHello1[WC_MAX_DIGEST_SIZE];
- byte hashHello2[WC_MAX_DIGEST_SIZE];
- byte hashFinished1[WC_MAX_DIGEST_SIZE];
- byte hashFinished2[WC_MAX_DIGEST_SIZE];
- /* Expected */
- byte clientEarlyTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte earlyExporterMasterSecret[WC_MAX_DIGEST_SIZE];
- byte clientHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte serverHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte clientApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte serverApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte exporterMasterSecret[WC_MAX_DIGEST_SIZE];
- byte resumptionMasterSecret[WC_MAX_DIGEST_SIZE];
- } Tls13KdfTestVector;
- /* The following tests come from the CAVP test vectors we used for
- * our FIPS validation. The hash values used are the components from
- * the test hashed together. hashHello1 is the hash of the
- * clientHelloRandom value of the test vector. hashHello2 is the hash
- * of the clientHelloRandom and serverHelloRandom values from the test
- * vector. hashFinished1 is clientHelloRandom, serverHelloRandom, and
- * serverFinishedRandom. hashFinished2 is clientHelloRandom,
- * serverHelloRandom, serverFinishedRandom, and clietnFinishedRandom
- * hashed together. */
- static const Tls13KdfTestVector tls13KdfTestVectors[] = {
- { /* 1 */
- WC_HASH_TYPE_SHA256, 35, 35,
- { /* PSK */
- 0x7b, 0xf1, 0x05, 0x31, 0x36, 0xfa, 0x03, 0xdc,
- 0x31, 0x97, 0x88, 0x04, 0x9c, 0xbc, 0xee, 0xf7,
- 0x8d, 0x84, 0x95, 0x26, 0xaf, 0x1d, 0x68, 0xb0,
- 0x60, 0x7a, 0xcc, 0x4f, 0xc1, 0xd3, 0xa1, 0x68,
- 0x7f, 0x6d, 0xbe
- },
- { /* DHE */
- 0x6e, 0xa1, 0x77, 0xab, 0x2f, 0x43, 0xd2, 0x4b,
- 0xe5, 0xa1, 0x09, 0xe0, 0x7a, 0xd0, 0x01, 0x35,
- 0x8d, 0xf8, 0xf2, 0x5c, 0x91, 0x02, 0xb0, 0x6c,
- 0x3f, 0xeb, 0xee, 0xa4, 0x42, 0x19, 0xce, 0xdc,
- 0x81, 0x26, 0x40
- },
- { /* Hello 1 */
- 0xd9, 0x4b, 0xe4, 0x17, 0xef, 0x58, 0x73, 0x7d,
- 0x28, 0x3d, 0xf0, 0xcc, 0x05, 0x03, 0xaf, 0xac,
- 0x3d, 0x92, 0x79, 0x48, 0xe8, 0x8c, 0xdb, 0xce,
- 0x95, 0x82, 0x21, 0x31, 0x7b, 0x61, 0xd7, 0xc6
- },
- { /* Hello 2 */
- 0xb7, 0x7f, 0x29, 0x91, 0xa4, 0x8b, 0x34, 0xdb,
- 0xbd, 0xc7, 0x54, 0x1c, 0x3b, 0x86, 0xa3, 0x69,
- 0xfe, 0x26, 0xe4, 0x7b, 0xac, 0x57, 0x71, 0xb3,
- 0x32, 0x97, 0xed, 0xd2, 0x0e, 0x95, 0xb8, 0x63
- },
- { /* Finished 1 */
- 0x65, 0xdb, 0x6d, 0x71, 0x71, 0xd0, 0xd8, 0x49,
- 0xd0, 0x3c, 0x8e, 0x2b, 0x24, 0xdf, 0xc2, 0xe9,
- 0xd6, 0xfd, 0xea, 0x04, 0x95, 0x7c, 0xf0, 0x7e,
- 0x57, 0x74, 0x7c, 0xdd, 0xa3, 0x0b, 0x2b, 0x36
- },
- { /* Finished 2 */
- 0x28, 0xf2, 0xf2, 0x79, 0xcf, 0x20, 0x52, 0x90,
- 0x1d, 0x91, 0x05, 0xad, 0x44, 0x26, 0x23, 0x96,
- 0x32, 0xce, 0xec, 0x61, 0xd1, 0xbf, 0x00, 0x48,
- 0x4a, 0xa5, 0x60, 0xcc, 0x28, 0xb5, 0x8d, 0x98
- },
- { /* Client Early Traffic Secret */
- 0x07, 0x14, 0x6a, 0x26, 0x5b, 0x6c, 0x7f, 0x4d, 0x6b, 0x47, 0x3f, 0xd5,
- 0x03, 0x1d, 0xd2, 0x23, 0x3d, 0x89, 0x3e, 0xc6, 0x51, 0xd1, 0xac, 0xf8,
- 0x28, 0xae, 0x4b, 0x76, 0xc8, 0x10, 0x7e, 0xdd
- },
- { /* Early Exporter Master Secret */
- 0xb8, 0xd3, 0x25, 0x7e, 0x2d, 0x41, 0x7b, 0xcb, 0x5e, 0x82, 0x49, 0xf5,
- 0x51, 0x3d, 0xb7, 0x59, 0x32, 0xb3, 0xdf, 0x99, 0x4e, 0x04, 0x69, 0xc6,
- 0x96, 0x8e, 0xe6, 0x3d, 0x91, 0xe4, 0x81, 0x11
- },
- { /* Client Handshake Traffic Secret */
- 0xd9, 0x3b, 0x54, 0xe2, 0xb0, 0xd1, 0x85, 0xf0, 0xfd, 0xf3, 0x48, 0x4a,
- 0xf8, 0x0b, 0xa5, 0xdc, 0x4c, 0x37, 0xcb, 0xd4, 0x20, 0xaf, 0x60, 0xc7,
- 0xd5, 0x50, 0x5d, 0x0c, 0x77, 0x3b, 0x6f, 0xd2
- },
- { /* Server Handshake Traffic Secret */
- 0x4d, 0x40, 0x2b, 0xd2, 0x8c, 0x33, 0x90, 0x39, 0x67, 0x67, 0x05, 0xf7,
- 0x5d, 0x37, 0x1e, 0xdc, 0x4a, 0x70, 0x6b, 0x9e, 0xf8, 0x06, 0x61, 0x89,
- 0x70, 0xe1, 0x3d, 0x36, 0xad, 0x88, 0x7e, 0x5b
- },
- { /* Client Application Traffic Secret */
- 0x74, 0x6e, 0xa0, 0x13, 0x18, 0x34, 0x48, 0x4d, 0x23, 0x31, 0xf1, 0xf9,
- 0xee, 0x44, 0x6d, 0xad, 0xc1, 0xad, 0x92, 0x73, 0xca, 0x27, 0x16, 0x91,
- 0xa2, 0x50, 0x9a, 0xfc, 0xec, 0xf0, 0x6b, 0x24
- },
- { /* Server Application Traffic Secret */
- 0x89, 0x18, 0x7e, 0x34, 0x8d, 0xfc, 0x14, 0xb1, 0x4f, 0x21, 0xd8, 0x29,
- 0xdb, 0x9b, 0xfb, 0x55, 0xcf, 0xa1, 0x4f, 0x95, 0xf8, 0xe0, 0xb0, 0x83,
- 0xd5, 0x34, 0x9e, 0x0b, 0x83, 0x37, 0x42, 0x93
- },
- { /* Exporter Master Secret */
- 0x7d, 0xc8, 0x88, 0x46, 0xd5, 0x57, 0x15, 0xb6, 0x24, 0x25, 0x92, 0x61,
- 0xb1, 0x18, 0x86, 0x2a, 0x6d, 0xa5, 0x84, 0xeb, 0x59, 0xdf, 0x13, 0xbd,
- 0x73, 0xaa, 0x5d, 0x65, 0xab, 0xd9, 0xb4, 0x56
- },
- { /* Resumption Master Secret */
- 0x20, 0xb7, 0xd0, 0xe3, 0x82, 0x01, 0xa1, 0x04, 0xb8, 0x13, 0x29, 0xed,
- 0x35, 0xe4, 0x2f, 0xbf, 0x58, 0x23, 0x7f, 0x21, 0xdb, 0x9f, 0xf8, 0xe0,
- 0xe8, 0xe4, 0xab, 0xc4, 0xa1, 0x61, 0xb9, 0xbb
- }
- },
- { /* 6 */
- WC_HASH_TYPE_SHA256, 0, 33,
- { 0 }, /* PSK */
- { /* DHE */
- 0x7a, 0x46, 0x8c, 0x5a, 0xd1, 0x8e, 0x95, 0xba,
- 0x61, 0xe6, 0x6f, 0xe6, 0x76, 0x0c, 0x20, 0x43,
- 0x16, 0x82, 0x15, 0xfe, 0x54, 0xa3, 0xc7, 0xfd,
- 0x3b, 0x2c, 0x88, 0xb4, 0xd3, 0x42, 0x70, 0x12,
- 0x18
- },
- { /* Hello 1 */
- 0x63, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3,
- 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6,
- 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb,
- 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b
- },
- { /* Hello 2 */
- 0xea, 0xfe, 0x9e, 0x8e, 0xff, 0x1f, 0x6f, 0x43,
- 0xf9, 0x5d, 0xfd, 0xbf, 0xe2, 0x5f, 0x02, 0x2f,
- 0x6d, 0x47, 0x60, 0x9a, 0x48, 0x9a, 0x75, 0xfb,
- 0xb5, 0x4a, 0xbf, 0x9c, 0x4e, 0xff, 0xbf, 0x0b
- },
- { /* Finished 1 */
- 0xca, 0x25, 0xb3, 0x53, 0x8e, 0x6d, 0xc3, 0x36,
- 0x17, 0x30, 0x07, 0xdf, 0x0d, 0xd7, 0x79, 0xb0,
- 0x7f, 0xcb, 0xbe, 0x7a, 0xbc, 0x2d, 0x9f, 0x2d,
- 0x94, 0x44, 0x94, 0xe6, 0xa4, 0xf3, 0xe8, 0x53
- },
- { /* Finished 2 */
- 0x2e, 0xa6, 0x5a, 0xaf, 0xb5, 0xba, 0x9f, 0x2f,
- 0x74, 0x83, 0x5d, 0xbf, 0x86, 0xa4, 0xa6, 0xf6,
- 0xb9, 0x89, 0xdf, 0x17, 0xe1, 0xa8, 0x14, 0xc0,
- 0xe1, 0x50, 0xfa, 0xec, 0xfa, 0xae, 0x8b, 0x7b
- },
- {
- 0x20, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72,
- 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4,
- 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3
- },
- {
- 0x68, 0x10, 0x20, 0xd1, 0x5e, 0xfc, 0x0c, 0x53, 0x85, 0xbb, 0xdb, 0x18,
- 0xa8, 0x78, 0xf1, 0x2b, 0x13, 0xba, 0x64, 0x1d, 0xe7, 0x09, 0xbe, 0x13,
- 0x49, 0x26, 0xf9, 0x98, 0x56, 0xf1, 0x43, 0xfb
- },
- {
- 0x24, 0x35, 0x3e, 0x10, 0x6f, 0x39, 0x50, 0xd6, 0xa2, 0x12, 0x99, 0xf2,
- 0xd5, 0xf5, 0x19, 0xf5, 0x84, 0xed, 0xee, 0x78, 0x2a, 0xa6, 0xfa, 0x3d,
- 0x06, 0xa8, 0xa7, 0x5d, 0x97, 0x78, 0xd6, 0x58
- },
- {
- 0xf4, 0x57, 0xac, 0x24, 0x7a, 0xfb, 0x7c, 0x3b, 0xb6, 0x39, 0x17, 0x14,
- 0xd9, 0xd4, 0x58, 0x4d, 0x46, 0xd5, 0x1b, 0xde, 0xf7, 0x9d, 0x06, 0xee,
- 0x8d, 0x1a, 0x2c, 0x25, 0x6d, 0x64, 0xde, 0x89
- },
- {
- 0xb6, 0x00, 0xce, 0x63, 0xed, 0x65, 0x8b, 0x66, 0x66, 0x42, 0xc6, 0xbd,
- 0x89, 0xc4, 0x71, 0x6f, 0xce, 0x28, 0xb2, 0xac, 0x97, 0x07, 0x5b, 0xea,
- 0xb8, 0x1d, 0x4c, 0xeb, 0x9e, 0x71, 0x07, 0x8f
- },
- {
- 0xf8, 0x92, 0xc8, 0xba, 0xe7, 0x83, 0xfe, 0x68, 0xe4, 0xd6, 0x5e, 0xcb,
- 0xb3, 0xef, 0x49, 0xd0, 0xe7, 0xb1, 0xac, 0xcb, 0x39, 0x19, 0xfd, 0xa7,
- 0xf7, 0xca, 0xab, 0x1e, 0x42, 0x14, 0xd8, 0xe7
- },
- {
- 0x32, 0x4a, 0x1a, 0xad, 0xe2, 0xbb, 0x55, 0x8a, 0xdd, 0xe9, 0xa5, 0x2a,
- 0x46, 0x5e, 0x6c, 0x83, 0x66, 0x27, 0x27, 0x94, 0xdd, 0x68, 0x59, 0xa0,
- 0xbb, 0xe8, 0x31, 0x7c, 0x39, 0xd7, 0xfd, 0x6d
- },
- {
- 0x58, 0xbc, 0x6c, 0x5b, 0x24, 0xad, 0x82, 0xb3, 0xcc, 0xc7, 0xd1, 0xa1,
- 0xaa, 0x2b, 0x98, 0x9f, 0x2f, 0x7e, 0xa9, 0x63, 0xc2, 0x8e, 0xb6, 0x06,
- 0xc2, 0x2b, 0x74, 0x4b, 0x79, 0x19, 0x7e, 0x2e
- }
- },
- { /* 11 */
- WC_HASH_TYPE_SHA256, 33, 0,
- { /* PSK */
- 0x3d, 0x39, 0x49, 0x36, 0x98, 0xc5, 0xfd, 0xcd,
- 0xa0, 0x17, 0xbd, 0x65, 0x0a, 0xdb, 0xd4, 0x07,
- 0x56, 0xa2, 0x7b, 0xb8, 0x2a, 0x7e, 0xfb, 0x26,
- 0x74, 0xe1, 0xbc, 0x08, 0x4b, 0xf0, 0x30, 0x14,
- 0x12
- },
- { 0 }, /* DHE */
- { /* Hello 1 */
- 0xb7, 0x44, 0x74, 0x6c, 0x57, 0x1f, 0xf3, 0x84,
- 0x8f, 0x63, 0xfb, 0x8c, 0x94, 0x6c, 0x16, 0x68,
- 0x4b, 0xe1, 0xb5, 0xb5, 0x2a, 0x4e, 0x5f, 0xdf,
- 0x4b, 0x53, 0xb2, 0x35, 0xfc, 0x30, 0xf1, 0x36
- },
- { /* Hello 2 */
- 0xe6, 0x4f, 0x3a, 0x4f, 0xd7, 0xe0, 0x64, 0xd4,
- 0x69, 0x50, 0xe4, 0x8b, 0xba, 0xbc, 0x47, 0x74,
- 0xa7, 0x9b, 0x40, 0x91, 0x8f, 0xa8, 0x72, 0x22,
- 0x97, 0xad, 0x43, 0xa7, 0x11, 0x86, 0xb5, 0x72
- },
- { /* Finished 1 */
- 0x5f, 0xa6, 0x10, 0xe2, 0xa3, 0x99, 0x0b, 0x5e,
- 0x57, 0xee, 0xc3, 0x3a, 0x8e, 0x04, 0xf3, 0x0e,
- 0x58, 0x02, 0x09, 0xb2, 0x7e, 0x2d, 0xc6, 0xd2,
- 0x08, 0xae, 0x68, 0x0a, 0x55, 0xa5, 0xda, 0x51
- },
- { /* Finished 2 */
- 0xfc, 0x5b, 0xc0, 0x7e, 0x1b, 0xaa, 0xc0, 0xb4,
- 0x34, 0x85, 0x49, 0x8e, 0x16, 0x31, 0x98, 0xdf,
- 0x10, 0x54, 0x22, 0xda, 0x1e, 0x6b, 0x51, 0xf6,
- 0x97, 0x57, 0xa0, 0x7a, 0x92, 0xe7, 0x47, 0x52
- },
- {
- 0x80, 0xfa, 0x36, 0x30, 0xb8, 0x65, 0xb3, 0x2a, 0x1d, 0x68, 0x91, 0x06,
- 0x98, 0xa0, 0x17, 0x8f, 0xee, 0xb7, 0x9e, 0x3d, 0xd8, 0x84, 0x99, 0x30,
- 0xb9, 0xd6, 0x09, 0x25, 0x5e, 0xfb, 0x8f, 0xd3 },
- {
- 0xa9, 0x89, 0x29, 0x70, 0xe4, 0x55, 0xec, 0x97, 0xfb, 0x24, 0x5b, 0xf9,
- 0xf1, 0xa3, 0x19, 0x3d, 0xf1, 0x31, 0x14, 0xcd, 0x2a, 0xed, 0x21, 0xc8,
- 0xb1, 0x53, 0xad, 0x11, 0x0b, 0x9e, 0x5a, 0xee },
- {
- 0x72, 0xad, 0x8d, 0x7f, 0xfc, 0xb7, 0x68, 0xda, 0x27, 0x60, 0x37, 0xa3,
- 0x4a, 0x63, 0xe8, 0xa5, 0xc8, 0xcd, 0x36, 0x6a, 0x77, 0x99, 0x0d, 0xa9,
- 0xb1, 0x5b, 0x2f, 0x47, 0x2e, 0x22, 0xa7, 0x5e },
- {
- 0x95, 0x6e, 0x85, 0x09, 0xe5, 0x04, 0x88, 0x14, 0x28, 0x8d, 0xdf, 0xe6,
- 0x0d, 0x0f, 0x0d, 0x6b, 0x4e, 0x66, 0x1c, 0x03, 0xb9, 0xaa, 0x2d, 0x45,
- 0x56, 0x67, 0x5c, 0x55, 0x29, 0xd6, 0x89, 0xd0 },
- {
- 0xe8, 0xf2, 0x14, 0xf9, 0x9b, 0x2b, 0x9f, 0x24, 0x2b, 0x37, 0xbe, 0x86,
- 0xdb, 0x23, 0x4b, 0xbe, 0x39, 0x57, 0xe8, 0xa9, 0xa5, 0xee, 0x08, 0xf2,
- 0x75, 0x58, 0xdb, 0xd9, 0x51, 0xc1, 0x46, 0x02 },
- {
- 0x3d, 0x19, 0xaf, 0xa3, 0x0b, 0x21, 0xf7, 0x3d, 0xe7, 0x37, 0x6e, 0x32,
- 0x13, 0x48, 0x9d, 0xea, 0xe0, 0x90, 0xbf, 0x64, 0x48, 0xf7, 0x1e, 0xcc,
- 0xf0, 0xbc, 0x92, 0xd7, 0x8a, 0x4a, 0xa8, 0xc1 },
- {
- 0x16, 0x35, 0xb1, 0x66, 0x28, 0xa3, 0x3e, 0x19, 0xf5, 0x2d, 0x92, 0x22,
- 0x95, 0x48, 0xe8, 0x34, 0x7b, 0x30, 0x50, 0xa2, 0xa0, 0xd9, 0xc2, 0x59,
- 0x39, 0xf9, 0x8c, 0x69, 0xf2, 0x2a, 0xb9, 0xff },
- {
- 0x32, 0x71, 0xa6, 0x87, 0x0c, 0x97, 0x42, 0x07, 0xdd, 0x5f, 0xc9, 0x44,
- 0xa5, 0x7c, 0x50, 0x14, 0xfd, 0xe7, 0x5f, 0x8b, 0xd3, 0x2f, 0xdc, 0x9b,
- 0xa9, 0x93, 0x22, 0x19, 0xe6, 0xf2, 0x0c, 0xd8 }
- },
- #ifdef WOLFSSL_SHA384
- { /* 26 */
- WC_HASH_TYPE_SHA384, 35, 35,
- { /* PSK */
- 0x62, 0x83, 0x25, 0xc7, 0xcc, 0x08, 0x5e, 0x63,
- 0x64, 0x56, 0xf0, 0xc6, 0x88, 0x27, 0x5a, 0x5b,
- 0x68, 0x59, 0x0b, 0x14, 0x55, 0x13, 0x2e, 0xfd,
- 0x8f, 0x28, 0x5b, 0x3d, 0xe3, 0xad, 0x67, 0xe4,
- 0x68, 0xba, 0xf9
- },
- { /* DHE */
- 0xa8, 0xb1, 0xab, 0xd8, 0xc8, 0x5b, 0x52, 0xdf,
- 0x7f, 0x49, 0x10, 0xf4, 0xa1, 0x31, 0xd1, 0x91,
- 0x36, 0xc1, 0x87, 0x5d, 0x42, 0x2a, 0xe7, 0x1d,
- 0x2c, 0x29, 0x3d, 0x40, 0x64, 0x61, 0x63, 0x76,
- 0xd8, 0x66, 0xac
- },
- { /* Hello 1 */
- 0x6f, 0xc6, 0x4c, 0xe1, 0xc6, 0x68, 0x34, 0x8c,
- 0x0a, 0xe1, 0xf8, 0xb8, 0x3e, 0xd4, 0xf8, 0x0b,
- 0x54, 0x50, 0xe4, 0xc5, 0x4a, 0x33, 0x7d, 0xbd,
- 0x90, 0xd2, 0xa2, 0xb9, 0xb7, 0x92, 0xed, 0xab,
- 0x14, 0xf1, 0xe4, 0x86, 0x22, 0x67, 0xd7, 0x44,
- 0x03, 0x21, 0xdc, 0x51, 0x52, 0x7f, 0x35, 0x80
- },
- { /* Hello 2 */
- 0x3e, 0xcf, 0x2f, 0xc3, 0x87, 0xba, 0xc5, 0xbd,
- 0x7c, 0xe8, 0x35, 0x5b, 0x95, 0x51, 0x30, 0x3b,
- 0x08, 0xcc, 0x2a, 0x7d, 0xb5, 0x74, 0x7c, 0x16,
- 0xb3, 0x0b, 0xe7, 0x61, 0xa3, 0x7c, 0x6c, 0xbd,
- 0x39, 0x74, 0xfd, 0x1e, 0x4c, 0xff, 0xc8, 0xcc,
- 0xa0, 0xef, 0x29, 0x4d, 0x94, 0xaa, 0x55, 0x6f,
- },
- { /* Finished 1 */
- 0x06, 0xc1, 0x47, 0x78, 0x66, 0x53, 0x6f, 0x24,
- 0x94, 0x61, 0x69, 0xec, 0xd8, 0x60, 0x31, 0x2f,
- 0xbf, 0xd6, 0x8a, 0x29, 0x17, 0xff, 0xa3, 0x88,
- 0x13, 0x09, 0x8c, 0x9d, 0x6c, 0x64, 0x84, 0x48,
- 0x44, 0xdd, 0x2d, 0x29, 0x4d, 0xe6, 0x98, 0x2b,
- 0x45, 0x3b, 0x84, 0x33, 0x79, 0xb2, 0x75, 0x68
- },
- { /* Finished 2 */
- 0x28, 0x1e, 0x18, 0xf7, 0x9c, 0x32, 0xa9, 0xbf,
- 0x0c, 0x24, 0x58, 0x21, 0xce, 0xbc, 0xf2, 0x44,
- 0xb1, 0x18, 0xaf, 0x9d, 0xd9, 0x20, 0xf9, 0xf4,
- 0xed, 0xcc, 0x53, 0x82, 0x66, 0x5c, 0x46, 0x94,
- 0x8c, 0x36, 0x5e, 0xca, 0x9f, 0xd8, 0x9a, 0xd3,
- 0xf0, 0xe1, 0x53, 0x71, 0xdd, 0x19, 0x1e, 0x59
- },
- {
- 0xd0, 0xef, 0xa8, 0xcb, 0x5b, 0x14, 0x0f, 0x0a, 0x62, 0xba, 0x5a, 0xb1,
- 0xc5, 0xb5, 0x3f, 0x11, 0xda, 0xa1, 0x0c, 0x9c, 0xb4, 0x32, 0x48, 0x4e,
- 0xfa, 0x84, 0x4f, 0xe4, 0xe7, 0x91, 0x8f, 0x42, 0x3f, 0xc7, 0x4e, 0xd3,
- 0x83, 0x3d, 0x7f, 0x70, 0x12, 0xee, 0x9a, 0x37, 0x01, 0xbb, 0x14, 0xd3
- },
- {
- 0x48, 0x6f, 0x77, 0x1d, 0x39, 0x1b, 0xa5, 0x9a, 0x76, 0xd9, 0x1d, 0x7d,
- 0xb3, 0xd9, 0xb9, 0x78, 0x35, 0x0f, 0xd0, 0xe1, 0x07, 0x1f, 0x8d, 0xe5,
- 0x75, 0x00, 0xda, 0xc0, 0x19, 0x01, 0xfb, 0x08, 0x35, 0xe7, 0x18, 0x8f,
- 0xf0, 0x19, 0xfb, 0x46, 0xf6, 0xa5, 0x77, 0x0e, 0x90, 0x38, 0x8b, 0x15
- },
- {
- 0x80, 0x8c, 0xa7, 0x24, 0x97, 0xf9, 0xd3, 0x52, 0xb0, 0x69, 0x9d, 0x4b,
- 0xa4, 0x19, 0x4a, 0xb1, 0x46, 0x53, 0x3a, 0xc8, 0xe4, 0x02, 0x69, 0xf2,
- 0xe7, 0xb6, 0x1d, 0x33, 0x51, 0xcc, 0x14, 0x40, 0x4a, 0xb0, 0xe7, 0x58,
- 0x84, 0xba, 0xc2, 0x14, 0x58, 0x6b, 0xb9, 0xdc, 0x50, 0x98, 0x67, 0x01
- },
- {
- 0xb1, 0xa8, 0xc0, 0x06, 0xb3, 0x2e, 0xa7, 0x8a, 0x6a, 0x12, 0x88, 0x00,
- 0x65, 0x88, 0x9c, 0x5d, 0x35, 0xee, 0xe5, 0x51, 0x0b, 0x62, 0xf8, 0x67,
- 0xe5, 0xef, 0x15, 0x1f, 0x23, 0x02, 0x74, 0x08, 0x9c, 0xc8, 0xba, 0x27,
- 0x5d, 0x32, 0x19, 0x6f, 0x6d, 0x5d, 0x72, 0x5e, 0x15, 0xde, 0x30, 0xc3
- },
- {
- 0xfd, 0xce, 0xf5, 0x65, 0x45, 0x84, 0xfb, 0x8c, 0x79, 0xa4, 0x6c, 0x1b,
- 0x0e, 0x1b, 0xfd, 0x26, 0xa2, 0x53, 0xf4, 0x4e, 0x00, 0x4d, 0x4b, 0x0b,
- 0x24, 0x6d, 0x35, 0x35, 0xd9, 0x97, 0x70, 0xc5, 0xf4, 0xee, 0xe3, 0xba,
- 0x31, 0x1e, 0x2a, 0x42, 0xcb, 0xdf, 0x40, 0xb1, 0x14, 0xb8, 0x53, 0xce
- },
- {
- 0xbb, 0xb3, 0x26, 0x7c, 0x22, 0x21, 0x9b, 0x72, 0x32, 0xa1, 0x97, 0xfb,
- 0x78, 0x8c, 0xbe, 0x3d, 0x71, 0x45, 0xb8, 0xf5, 0x24, 0x8f, 0x0f, 0xac,
- 0x42, 0x5b, 0x81, 0xe8, 0xd0, 0x71, 0x4a, 0xcb, 0x32, 0x3f, 0x03, 0xfb,
- 0xec, 0x6a, 0x1f, 0x76, 0x80, 0x65, 0x01, 0x7a, 0x3d, 0xce, 0xc4, 0xdf
- },
- {
- 0x3f, 0xcf, 0x2f, 0x63, 0x94, 0x94, 0x99, 0xfd, 0x04, 0x3a, 0x89, 0x83,
- 0xcf, 0x06, 0x05, 0xec, 0x20, 0x3e, 0x5f, 0x51, 0x9d, 0x6e, 0x4a, 0xc6,
- 0xf1, 0x2b, 0x37, 0x17, 0x34, 0x72, 0x6e, 0x1d, 0x2a, 0xfd, 0xc7, 0x73,
- 0xb5, 0x07, 0x22, 0x81, 0x32, 0x2e, 0x21, 0x85, 0xaf, 0x10, 0xb2, 0x73
- },
- {
- 0x52, 0x0c, 0x3d, 0x2e, 0x2d, 0x4a, 0x11, 0xae, 0x96, 0x78, 0xe9, 0x5b,
- 0xd8, 0x0f, 0x6c, 0xf4, 0xbd, 0x96, 0x13, 0x55, 0x88, 0xdd, 0xa3, 0x67,
- 0x36, 0x86, 0x1e, 0x0b, 0x36, 0x41, 0xec, 0xf6, 0x04, 0xb2, 0xc4, 0x16,
- 0xbc, 0x2c, 0xdb, 0x30, 0x02, 0x94, 0xd4, 0x42, 0xbf, 0x38, 0xee, 0x9d
- }
- },
- { /* 36 */
- WC_HASH_TYPE_SHA384, 0, 33,
- { 0 }, /* PSK */
- { /* DHE */
- 0xd3, 0x00, 0x72, 0x9a, 0xa8, 0xc5, 0xf3, 0xc4,
- 0xf1, 0xa0, 0x26, 0x89, 0x65, 0x70, 0xc7, 0x0b,
- 0x77, 0xbb, 0xe1, 0x4b, 0x2b, 0xa8, 0x4f, 0xa6,
- 0x09, 0x4b, 0xba, 0x45, 0x36, 0x15, 0xee, 0x68,
- 0xfd
- },
- { /* Hello 1 */
- 0x10, 0x9d, 0x8b, 0xa2, 0x93, 0xe7, 0xd3, 0xb9,
- 0xb4, 0x0f, 0xeb, 0x6a, 0xb9, 0x69, 0xcb, 0x39,
- 0x16, 0x29, 0xcc, 0xd3, 0xcc, 0x1a, 0x4c, 0x1b,
- 0x53, 0x7c, 0x33, 0x88, 0x06, 0xbc, 0x0a, 0x02,
- 0xa0, 0xbe, 0x62, 0xc0, 0xe6, 0x5e, 0x97, 0x5b,
- 0x6a, 0xa1, 0x98, 0xf3, 0xd2, 0x1e, 0xcd, 0xc5
- },
- { /* Hello 2 */
- 0x74, 0xc0, 0x07, 0x2c, 0xc1, 0x63, 0xcc, 0x11,
- 0xad, 0x1a, 0x55, 0x63, 0xbc, 0x20, 0x77, 0x96,
- 0x30, 0x1c, 0x68, 0x45, 0x1e, 0x9b, 0xa7, 0xb4,
- 0xf3, 0x04, 0x45, 0x16, 0x76, 0x55, 0xf9, 0xdf,
- 0x4b, 0x2f, 0x1a, 0xdf, 0x5a, 0xb0, 0x93, 0xc9,
- 0xab, 0xf5, 0x32, 0x47, 0x79, 0x9c, 0x01, 0xeb
- },
- { /* Finished 1 */
- 0x27, 0x08, 0x8e, 0xa5, 0xf1, 0x30, 0xe1, 0xd6,
- 0x4f, 0xa2, 0x9e, 0x3b, 0x03, 0x2d, 0x2e, 0xa3,
- 0x84, 0x75, 0x51, 0x3a, 0xc3, 0xf6, 0xee, 0x2e,
- 0x37, 0x0c, 0xe3, 0x28, 0x46, 0xa5, 0x2d, 0xc7,
- 0xf0, 0x64, 0x78, 0x53, 0x66, 0x43, 0x02, 0xa4,
- 0x7a, 0x43, 0x66, 0x4b, 0xa7, 0xcb, 0x97, 0x16
- },
- { /* Finished 2 */
- 0x1d, 0x0d, 0xf8, 0xe1, 0x81, 0xa5, 0xbd, 0xa8,
- 0x6f, 0x9d, 0x01, 0xa4, 0x9a, 0x92, 0xe2, 0xef,
- 0x08, 0xab, 0xef, 0x3e, 0x2d, 0xd4, 0x82, 0xac,
- 0x68, 0x9d, 0xe0, 0x54, 0x17, 0xde, 0x1a, 0xed,
- 0x57, 0xcb, 0xd9, 0x2d, 0xc8, 0xbc, 0x93, 0xe6,
- 0xa3, 0xec, 0xde, 0xee, 0xa1, 0x1c, 0x41, 0x85
- },
- {
- 0x7f, 0x1f, 0xe6, 0x7b, 0xd8, 0xf5, 0x2b, 0x37, 0xbe, 0xb7, 0xd0, 0x37,
- 0xce, 0x46, 0xad, 0x04, 0x2f, 0xc7, 0xdb, 0xc9, 0x9a, 0xb6, 0x00, 0x3f,
- 0xc1, 0x97, 0xe9, 0x5c, 0x5e, 0x14, 0xd1, 0x38, 0x4d, 0x55, 0xe1, 0x07,
- 0xb5, 0x85, 0x6d, 0xfa, 0xa7, 0x66, 0xad, 0xfa, 0xb6, 0xad, 0x29, 0x44
- },
- {
- 0x4e, 0x6b, 0x20, 0x99, 0x55, 0x1b, 0x21, 0x89, 0xb6, 0x70, 0xdb, 0xe8,
- 0xa7, 0x16, 0x55, 0xf2, 0x93, 0x13, 0x90, 0x7d, 0xfa, 0x62, 0x65, 0x53,
- 0xa0, 0x97, 0xe9, 0xb4, 0xc0, 0xf1, 0xc9, 0x1a, 0x67, 0xdd, 0xca, 0x57,
- 0xbc, 0xca, 0x39, 0xe6, 0x39, 0x6b, 0x63, 0x47, 0x25, 0x08, 0x3a, 0xd7
- },
- {
- 0x35, 0x0d, 0xac, 0xd8, 0x10, 0x6a, 0x46, 0x50, 0x66, 0xae, 0x02, 0xc9,
- 0xde, 0x13, 0x48, 0xce, 0x53, 0xd4, 0x92, 0x62, 0xc5, 0x65, 0x10, 0x08,
- 0xc2, 0xc2, 0x82, 0xed, 0x9d, 0xc9, 0x6f, 0xa8, 0xc3, 0xc1, 0x0b, 0x7c,
- 0xe1, 0x97, 0x85, 0xd6, 0x46, 0x29, 0x0e, 0x42, 0x51, 0xc1, 0x35, 0xcf
- },
- {
- 0x3d, 0x5d, 0x84, 0xbd, 0x16, 0x46, 0x34, 0xb3, 0xf6, 0x31, 0x49, 0x3e,
- 0x8d, 0xdc, 0xcb, 0x8c, 0x6a, 0x42, 0xf4, 0x88, 0xfc, 0x19, 0xfa, 0xa2,
- 0x25, 0xc7, 0xa0, 0xa4, 0xca, 0xf0, 0xea, 0x2d, 0xe8, 0xc4, 0x02, 0x14,
- 0x63, 0xfb, 0xd3, 0x7b, 0x51, 0x1c, 0xce, 0xca, 0xa3, 0xc3, 0xe4, 0xa5
- },
- {
- 0x7c, 0x3a, 0x55, 0x92, 0x2e, 0xdd, 0x75, 0xdd, 0x76, 0x54, 0x4a, 0x9f,
- 0xd0, 0xa2, 0x88, 0x83, 0xe9, 0x27, 0xda, 0x30, 0xe9, 0x96, 0x58, 0xc5,
- 0xb7, 0x56, 0xfc, 0x4b, 0xb8, 0x5d, 0xee, 0x46, 0x70, 0x4e, 0x1b, 0x06,
- 0x86, 0xaf, 0x48, 0x5c, 0x17, 0x35, 0xfa, 0x69, 0xc2, 0x4d, 0xfb, 0x09
- },
- {
- 0x00, 0x0e, 0x28, 0x51, 0xc1, 0x7f, 0x41, 0x89, 0x6f, 0x9a, 0xca, 0x15,
- 0xee, 0xed, 0x43, 0xca, 0x6d, 0x65, 0x6f, 0x51, 0x18, 0x6c, 0x08, 0x4b,
- 0x77, 0xca, 0x75, 0xc4, 0xc3, 0xde, 0x29, 0x41, 0x8b, 0xaf, 0xa7, 0x1c,
- 0x28, 0x37, 0xa0, 0xa0, 0x74, 0x8e, 0x09, 0x42, 0x7a, 0x1b, 0x68, 0xdb
- },
- {
- 0x14, 0x8f, 0xab, 0x28, 0x64, 0xea, 0x45, 0x88, 0xdb, 0xc1, 0xc6, 0xa0,
- 0x48, 0xdf, 0x15, 0xd0, 0x28, 0x07, 0x2d, 0x6c, 0xb8, 0x42, 0xbb, 0x60,
- 0x02, 0x08, 0x9e, 0x29, 0x9b, 0x8d, 0xd6, 0x1c, 0xaf, 0xf2, 0x1a, 0xdc,
- 0xf0, 0x78, 0x0b, 0x4d, 0x90, 0xa1, 0x0c, 0xb3, 0x13, 0xde, 0xca, 0x5a
- },
- {
- 0x4d, 0x80, 0x7d, 0x0b, 0xb9, 0x00, 0x6f, 0x65, 0x51, 0x65, 0x23, 0xde,
- 0x72, 0xdc, 0x4f, 0x04, 0xa5, 0xa2, 0x90, 0x45, 0x51, 0x9e, 0xd0, 0x3a,
- 0xe4, 0xd7, 0x78, 0xa3, 0x0f, 0x2d, 0x65, 0x12, 0xad, 0xc8, 0x92, 0x30,
- 0x79, 0x9d, 0x9d, 0x08, 0x7a, 0x9c, 0x9f, 0x83, 0xb1, 0xca, 0x59, 0x56
- }
- },
- { /* 41 */
- WC_HASH_TYPE_SHA384, 33, 0,
- { /* PSK */
- 0xa4, 0x8b, 0x1b, 0x5f, 0xd0, 0xea, 0x75, 0x62,
- 0x06, 0x4d, 0x68, 0x40, 0x85, 0x20, 0x45, 0x95,
- 0x4a, 0x00, 0xca, 0x05, 0xeb, 0xd4, 0x1d, 0x48,
- 0x81, 0x89, 0xe8, 0x86, 0x43, 0xfa, 0x28, 0x17,
- 0x12
- },
- { 0 }, /* DHE */
- { /* Hello 1 */
- 0x03, 0x7c, 0x33, 0x75, 0xdc, 0xc5, 0x46, 0x3a,
- 0x0d, 0x56, 0xc6, 0xfb, 0xab, 0x1e, 0x1d, 0xda,
- 0x59, 0xc2, 0xb2, 0xb1, 0x7c, 0x48, 0x9b, 0x06,
- 0x0a, 0x5a, 0xbb, 0xf8, 0x98, 0x53, 0x78, 0x2d,
- 0xd2, 0xcc, 0x87, 0x68, 0x25, 0xdd, 0x88, 0x22,
- 0xcd, 0xb7, 0x74, 0x55, 0x21, 0xf9, 0x34, 0x98
- },
- { /* Hello 2 */
- 0x03, 0xb4, 0xfb, 0xcc, 0x28, 0x2c, 0xc1, 0x70,
- 0x42, 0x73, 0x57, 0xac, 0xdb, 0x47, 0x71, 0xf6,
- 0x2e, 0x11, 0x8a, 0x5b, 0x47, 0x2f, 0x02, 0x54,
- 0x95, 0x34, 0xed, 0x5f, 0x19, 0xc1, 0x75, 0xe0,
- 0x76, 0xad, 0xb0, 0x90, 0x57, 0xcd, 0xfd, 0xd7,
- 0x58, 0x1f, 0x0d, 0x6b, 0x9e, 0x51, 0x3c, 0x08
- },
- { /* Finished 1 */
- 0x2b, 0x50, 0xd9, 0xa7, 0x43, 0x24, 0xda, 0x2c,
- 0x7a, 0xaa, 0x0e, 0x37, 0xd7, 0x6b, 0x2c, 0xab,
- 0x8e, 0xb2, 0xfe, 0x31, 0x1b, 0xa8, 0x12, 0x59,
- 0x5b, 0x7b, 0xdc, 0x3e, 0xa7, 0x86, 0xa5, 0x48,
- 0xe4, 0x46, 0x2b, 0x4c, 0xc1, 0x66, 0x4b, 0xf3,
- 0x2a, 0x99, 0x93, 0x08, 0xbc, 0x3d, 0x08, 0x76
- },
- { /* Finished 2 */
- 0x7c, 0x34, 0xc8, 0x56, 0x17, 0xf1, 0x62, 0x1c,
- 0x9f, 0x0b, 0xeb, 0xfd, 0x69, 0x72, 0x51, 0xc5,
- 0xfa, 0x74, 0x87, 0xc9, 0xbd, 0x50, 0xe9, 0x48,
- 0xa7, 0x3c, 0x94, 0x3e, 0x06, 0x7d, 0xe8, 0x8e,
- 0xc1, 0xd1, 0x08, 0x1f, 0x5d, 0x48, 0x8a, 0x25,
- 0xfc, 0xea, 0xe7, 0xd9, 0xd4, 0xd0, 0xf9, 0xad
- },
- {
- 0x4b, 0x0b, 0xed, 0xb9, 0xc8, 0xb8, 0xa8, 0x1e, 0xb0, 0x81, 0x76, 0xd5,
- 0x33, 0x22, 0x71, 0x33, 0x3a, 0x85, 0x19, 0x67, 0x7e, 0x91, 0x37, 0xf2,
- 0xa6, 0x11, 0x22, 0xdf, 0x41, 0x04, 0x3d, 0xa9, 0x13, 0xb9, 0xb2, 0xb1,
- 0xbb, 0xd8, 0xef, 0x23, 0x7c, 0xc2, 0xab, 0x70, 0x1b, 0x51, 0x9f, 0xc9
- },
- {
- 0xeb, 0x96, 0x10, 0x8c, 0x7d, 0x92, 0xea, 0x80, 0x86, 0xb2, 0xf8, 0x27,
- 0xf2, 0x9a, 0x09, 0xc1, 0x7c, 0x09, 0x43, 0xbc, 0xfe, 0xc8, 0x75, 0xe0,
- 0x97, 0xe7, 0x6d, 0xd5, 0xb2, 0x3c, 0xed, 0x12, 0xb7, 0x74, 0x0e, 0xe3,
- 0xb6, 0xe0, 0xba, 0xe1, 0x8d, 0x89, 0xcf, 0x4f, 0x57, 0xf6, 0x6d, 0x90
- },
- {
- 0x22, 0xb0, 0x39, 0x34, 0xb6, 0x6c, 0x2d, 0x7a, 0x97, 0x1c, 0x5d, 0xcc,
- 0x78, 0x84, 0x71, 0xbb, 0xc6, 0x7b, 0xb6, 0xbc, 0xcc, 0x0b, 0xf8, 0xac,
- 0x8e, 0xd7, 0x20, 0xbd, 0xbe, 0x32, 0xf0, 0xd6, 0xe9, 0x69, 0x13, 0xf2,
- 0x9a, 0xce, 0xfe, 0x86, 0xd3, 0xee, 0xba, 0x69, 0x51, 0xb6, 0x77, 0x56
- },
- {
- 0x16, 0xfd, 0xda, 0xf3, 0x5e, 0xb9, 0xa6, 0x17, 0x24, 0xb2, 0x16, 0x9f,
- 0xb6, 0x59, 0x13, 0x0f, 0x25, 0x5a, 0xf1, 0x5b, 0x5f, 0xe4, 0x54, 0x2a,
- 0xa7, 0xbf, 0x29, 0xaf, 0x5a, 0x77, 0xf4, 0x4f, 0x25, 0xba, 0x94, 0xad,
- 0x6b, 0x91, 0x3b, 0xe7, 0xd5, 0x73, 0x0d, 0xff, 0xaa, 0xe3, 0x72, 0x2c
- },
- {
- 0x22, 0xb4, 0x94, 0xc0, 0x53, 0xd7, 0x82, 0x06, 0x38, 0x9d, 0x4a, 0xa0,
- 0x3f, 0xf1, 0x5f, 0x6e, 0x23, 0x8d, 0x09, 0x62, 0xbf, 0x6f, 0x7c, 0x84,
- 0xc6, 0x3e, 0x15, 0xad, 0x18, 0x37, 0x76, 0x29, 0xc7, 0xd6, 0x68, 0x0c,
- 0x1e, 0xc6, 0x93, 0x31, 0xef, 0x85, 0x69, 0x30, 0x68, 0xf0, 0x1e, 0x37
- },
- {
- 0x6d, 0x4d, 0x20, 0xaf, 0x47, 0xe8, 0x1b, 0xfa, 0xd0, 0xb6, 0xc8, 0x97,
- 0xd1, 0x03, 0xfc, 0x9d, 0x59, 0xa0, 0x68, 0x9d, 0xe9, 0x17, 0x8b, 0xce,
- 0x48, 0x2c, 0x77, 0x8a, 0x22, 0x4b, 0x5c, 0x54, 0x22, 0xa1, 0x15, 0x12,
- 0xe1, 0x07, 0x8e, 0x15, 0xd8, 0x7b, 0x16, 0x65, 0x99, 0x6b, 0xcb, 0x71
- },
- {
- 0x79, 0x64, 0x79, 0xdd, 0x75, 0x5c, 0x6f, 0x98, 0xac, 0x03, 0xe0, 0xcd,
- 0x92, 0xba, 0x0e, 0x2d, 0xb4, 0xd1, 0x8b, 0x97, 0xd0, 0x85, 0xbb, 0x2e,
- 0x4f, 0x26, 0x93, 0xf5, 0x1d, 0xf3, 0xd2, 0x43, 0x4f, 0xd2, 0x47, 0xaa,
- 0x91, 0x1e, 0xf3, 0x67, 0x10, 0x18, 0x2c, 0xb9, 0x01, 0xba, 0x10, 0x9f
- },
- {
- 0x79, 0xb6, 0x9c, 0xbe, 0xf1, 0x6a, 0xb0, 0x92, 0xa0, 0x29, 0x52, 0x61,
- 0xf1, 0xcd, 0x3a, 0x67, 0xe1, 0x6b, 0xb8, 0x9d, 0x0d, 0x95, 0xb6, 0x03,
- 0x80, 0x1f, 0xd5, 0x75, 0xb6, 0x1d, 0x79, 0x02, 0x93, 0x43, 0x77, 0xa7,
- 0x9d, 0x2f, 0xc3, 0x84, 0xc6, 0x83, 0x76, 0x16, 0x06, 0x98, 0x7b, 0x79
- }
- },
- #endif /* WOLFSSL_SHA384 */
- };
- static const char protocolLabel[] = "tls13 ";
- static const char ceTrafficLabel[] = "c e traffic";
- static const char eExpMasterLabel[] = "e exp master";
- static const char cHsTrafficLabel[] = "c hs traffic";
- static const char sHsTrafficLabel[] = "s hs traffic";
- static const char cAppTrafficLabel[] = "c ap traffic";
- static const char sAppTrafficLabel[] = "s ap traffic";
- static const char expMasterLabel[] = "exp master";
- static const char resMasterLabel[] = "res master";
- static const char derivedLabel[] = "derived";
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
- {
- wc_test_ret_t ret = 0;
- word32 i;
- word32 tc = sizeof(tls13KdfTestVectors)/sizeof(Tls13KdfTestVector);
- const Tls13KdfTestVector* tv = NULL;
- WOLFSSL_ENTER("tls13_kdf_test");
- for (i = 0, tv = tls13KdfTestVectors; i < tc; i++, tv++) {
- byte output[WC_MAX_DIGEST_SIZE];
- byte secret[WC_MAX_DIGEST_SIZE];
- byte salt[WC_MAX_DIGEST_SIZE];
- byte zeroes[WC_MAX_DIGEST_SIZE];
- byte hashZero[WC_MAX_DIGEST_SIZE];
- int hashAlgSz;
- XMEMSET(zeroes, 0, sizeof zeroes);
- hashAlgSz = wc_HashGetDigestSize(tv->hashAlg);
- if (hashAlgSz == BAD_FUNC_ARG) break;
- ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, (word32)hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, NULL, 0,
- (tv->pskSz == 0) ? zeroes : (byte*)tv->psk,
- tv->pskSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel),
- tv->hashHello1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel),
- tv->hashHello1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
- hashZero, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
- (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe,
- tv->dheSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel),
- tv->hashHello2, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientHandshakeTrafficSecret,
- output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel),
- tv->hashHello2, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
- hashZero, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
- zeroes, (word32)(word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel),
- tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel),
- tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel),
- tv->hashFinished1, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
- secret, (word32)hashAlgSz,
- (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
- (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel),
- tv->hashFinished2, (word32)hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- }
- return ret;
- }
- #endif /* WOLFSSL_TLS13 */
- static const int fiducial2 = WC_TEST_RET_LN; /* source code reference point --
- * see print_fiducials() below.
- */
- #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
- {
- wc_test_ret_t ret;
- byte kek[128];
- #ifndef NO_SHA
- /* SHA-1, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z[] = {
- 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
- 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
- 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
- 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
- };
- #endif
- #ifndef NO_SHA256
- /* SHA-256, COUNT = 3
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = {
- 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
- 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
- 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
- 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
- };
- #endif
- #ifdef WOLFSSL_SHA512
- /* SHA-512, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = {
- 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
- 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
- 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
- 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
- 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
- };
- /* SHA-512, COUNT = 0
- * shared secret length: 521
- * SharedInfo length: 128
- * key data length: 1024
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = {
- 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
- 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
- 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
- 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
- 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
- 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
- 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
- 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
- 0x5a, 0x2d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte info4[] = {
- 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
- 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
- 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
- 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
- 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
- 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
- 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
- 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
- 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
- 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
- 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
- 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
- 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
- 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
- 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
- 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
- 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
- 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
- };
- #endif
- WOLFSSL_ENTER("x963kdf_test");
- #ifndef NO_SHA
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
- kek, sizeof(verify));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifndef NO_SHA256
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
- kek, sizeof(verify2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
- kek, sizeof(verify3));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
- sizeof(info4), kek, sizeof(verify4));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
- return WC_TEST_RET_ENC_NC;
- #endif
- return 0;
- }
- #endif /* HAVE_X963_KDF */
- #if defined(HAVE_HPKE) && \
- (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \
- defined(HAVE_AESGCM)
- static wc_test_ret_t hpke_test_single(Hpke* hpke)
- {
- wc_test_ret_t ret = 0;
- int rngRet = 0;
- WC_RNG rng[1];
- const char* start_text = "this is a test";
- const char* info_text = "info";
- const char* aad_text = "aad";
- byte ciphertext[MAX_HPKE_LABEL_SZ];
- byte plaintext[MAX_HPKE_LABEL_SZ];
- void* receiverKey = NULL;
- void* ephemeralKey = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- byte *pubKey = NULL; /* public key */
- word16 pubKeySz = (word16)HPKE_Npk_MAX;
- #else
- byte pubKey[HPKE_Npk_MAX]; /* public key */
- word16 pubKeySz = (word16)sizeof(pubKey);
- #endif
- rngRet = ret = wc_InitRng(rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SMALL_STACK
- if (ret == 0) {
- pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pubKey == NULL)
- ret = WC_TEST_RET_ENC_EC(MEMORY_E);
- }
- #endif
- /* generate the keys */
- if (ret == 0) {
- ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* seal */
- if (ret == 0) {
- ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
- (byte*)info_text, (word32)XSTRLEN(info_text),
- (byte*)aad_text, (word32)XSTRLEN(aad_text),
- (byte*)start_text, (word32)XSTRLEN(start_text),
- ciphertext);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* export ephemeral key */
- if (ret == 0) {
- ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* open with exported ephemeral key */
- if (ret == 0) {
- ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
- (byte*)info_text, (word32)XSTRLEN(info_text),
- (byte*)aad_text, (word32)XSTRLEN(aad_text),
- ciphertext, (word32)XSTRLEN(start_text),
- plaintext);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
- if (ret != 0)
- ret = WC_TEST_RET_ENC_NC;
- }
- if (ephemeralKey != NULL)
- wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
- if (receiverKey != NULL)
- wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
- #ifdef WOLFSSL_SMALL_STACK
- if (pubKey != NULL)
- XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (rngRet == 0)
- wc_FreeRng(rng);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
- {
- wc_test_ret_t ret = 0;
- Hpke hpke[1];
- WOLFSSL_ENTER("hpke_test");
- #if defined(HAVE_ECC)
- #if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
- /* p256 */
- ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256,
- HPKE_AES_128_GCM, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SHA384) && \
- (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
- /* p384 */
- ret = wc_HpkeInit(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384,
- HPKE_AES_128_GCM, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- if (ret != 0)
- return ret;
- #endif
- #if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
- (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
- /* p521 */
- ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512,
- HPKE_AES_128_GCM, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- if (ret != 0)
- return ret;
- #endif
- #endif
- #if defined(HAVE_CURVE25519)
- /* test with curve25519 and aes256 */
- ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256,
- HPKE_AES_256_GCM, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- if (ret != 0)
- return ret;
- #endif
- #if defined(HAVE_CURVE448) && \
- (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
- /* test with curve448 and aes256 */
- ret = wc_HpkeInit(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512,
- HPKE_AES_256_GCM, NULL);
- /* HPKE does not support X448 yet, so expect failure */
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = hpke_test_single(hpke);
- /* HPKE does not support X448 yet, so expect failure */
- if (WC_TEST_RET_DEC_EC(ret) != BAD_FUNC_ARG)
- return ret;
- ret = 0; /* reset error code */
- #endif
- /* TODO: HPKE chacha20 is not implemented */
- return ret;
- }
- #endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM */
- #if defined(WC_SRTP_KDF)
- typedef struct Srtp_Kdf_Tv {
- const unsigned char* key;
- word32 keySz;
- const unsigned char* salt;
- word32 saltSz;
- int kdfIdx;
- const unsigned char* index;
- const unsigned char* ke;
- const unsigned char* ka;
- const unsigned char* ks;
- const unsigned char* index_c;
- const unsigned char* ke_c;
- const unsigned char* ka_c;
- const unsigned char* ks_c;
- word32 keSz;
- word32 kaSz;
- word32 ksSz;
- } Srtp_Kdf_Tv;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
- {
- wc_test_ret_t ret = 0;
- /* 128-bit key, kdrIdx = -1 */
- WOLFSSL_SMALL_STACK_STATIC const byte key_0[] = {
- 0xc4, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72,
- 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90
- };
- WOLFSSL_SMALL_STACK_STATIC const byte salt_0[] = {
- 0x0e, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56,
- 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_0[] = {
- 0x48, 0x71, 0x65, 0x64, 0x9c, 0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_0[] = {
- 0xdc, 0x38, 0x21, 0x92, 0xab, 0x65, 0x10, 0x8a,
- 0x86, 0xb2, 0x59, 0xb6, 0x1b, 0x3a, 0xf4, 0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_0[] = {
- 0xb8, 0x39, 0x37, 0xfb, 0x32, 0x17, 0x92, 0xee,
- 0x87, 0xb7, 0x88, 0x19, 0x3b, 0xe5, 0xa4, 0xe3,
- 0xbd, 0x32, 0x6e, 0xe4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_0[] = {
- 0xf1, 0xc0, 0x35, 0xc0, 0x0b, 0x5a, 0x54, 0xa6,
- 0x16, 0x92, 0xc0, 0x16, 0x27, 0x6c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_c_0[] = {
- 0x56, 0xf3, 0xf1, 0x97
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_c_0[] = {
- 0xab, 0x5b, 0xe0, 0xb4, 0x56, 0x23, 0x5d, 0xcf,
- 0x77, 0xd5, 0x08, 0x69, 0x29, 0xba, 0xfb, 0x38
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_c_0[] = {
- 0xc5, 0x2f, 0xde, 0x0b, 0x80, 0xb0, 0xf0, 0xba,
- 0xd8, 0xd1, 0x56, 0x45, 0xcb, 0x86, 0xe7, 0xc7,
- 0xc3, 0xd8, 0x77, 0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_c_0[] = {
- 0xde, 0xb5, 0xf8, 0x5f, 0x81, 0x33, 0x6a, 0x96,
- 0x5e, 0xd3, 0x2b, 0xb7, 0xed, 0xe8
- };
- /* 192-bit key, kdrIdx = 0 */
- WOLFSSL_SMALL_STACK_STATIC const byte key_1[] = {
- 0xbb, 0x04, 0x5b, 0x1f, 0x53, 0xc6, 0x93, 0x2c,
- 0x2b, 0xa6, 0x88, 0xf5, 0xe3, 0xf2, 0x24, 0x70,
- 0xe1, 0x7d, 0x7d, 0xec, 0x8a, 0x93, 0x4d, 0xf2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte salt_1[] = {
- 0xe7, 0x22, 0xab, 0x92, 0xfc, 0x7c, 0x89, 0xb6,
- 0x53, 0x8a, 0xf9, 0x3c, 0xb9, 0x52
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_1[] = {
- 0xd7, 0x87, 0x8f, 0x33, 0xb1, 0x76
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_1[] = {
- 0x2c, 0xc8, 0x3e, 0x54, 0xb2, 0x33, 0x89, 0xb3,
- 0x71, 0x65, 0x0f, 0x51, 0x61, 0x65, 0xe4, 0x93,
- 0x07, 0x4e, 0xb3, 0x47, 0xba, 0x2d, 0x60, 0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_1[] = {
- 0x2e, 0x80, 0xe4, 0x82, 0x55, 0xa2, 0xbe, 0x6d,
- 0xe0, 0x46, 0xcc, 0xc1, 0x75, 0x78, 0x6e, 0x78,
- 0xd1, 0xd1, 0x47, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_1[] = {
- 0xe0, 0xc1, 0xe6, 0xaf, 0x1e, 0x8d, 0x8c, 0xfe,
- 0xe5, 0x60, 0x70, 0xb5, 0xe6, 0xea
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_c_1[] = {
- 0x40, 0xbf, 0xd4, 0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_c_1[] = {
- 0x94, 0x0f, 0x55, 0xce, 0x58, 0xd8, 0x16, 0x65,
- 0xf0, 0xfa, 0x46, 0x40, 0x0c, 0xda, 0xb1, 0x11,
- 0x9e, 0x69, 0xa0, 0x93, 0x4e, 0xd7, 0xf2, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_c_1[] = {
- 0xf5, 0x41, 0x6f, 0xc2, 0x65, 0xc5, 0xb3, 0xef,
- 0xbb, 0x22, 0xc8, 0xfc, 0x6b, 0x00, 0x14, 0xb2,
- 0xf3, 0x3b, 0x8e, 0x29
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_c_1[] = {
- 0x35, 0xb7, 0x42, 0x43, 0xf0, 0x01, 0x01, 0xb4,
- 0x68, 0xa1, 0x28, 0x80, 0x37, 0xf0
- };
- /* 256-bit key, kdrIdx = 1 */
- WOLFSSL_SMALL_STACK_STATIC const byte key_2[] = {
- 0x10, 0x38, 0x0a, 0xcd, 0xd6, 0x47, 0xab, 0xee,
- 0xc0, 0xd4, 0x44, 0xf4, 0x7e, 0x51, 0x36, 0x02,
- 0x79, 0xa8, 0x94, 0x80, 0x35, 0x40, 0xed, 0x50,
- 0xf4, 0x45, 0x30, 0x3d, 0xb5, 0xf0, 0x2b, 0xbb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte salt_2[] = {
- 0xc7, 0x31, 0xf2, 0xc8, 0x40, 0x43, 0xb8, 0x74,
- 0x8a, 0x61, 0x84, 0x7a, 0x25, 0x8a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_2[] = {
- 0x82, 0xf1, 0x84, 0x8c, 0xac, 0x42
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_2[] = {
- 0xb2, 0x26, 0x60, 0xaf, 0x08, 0x23, 0x14, 0x98,
- 0x91, 0xde, 0x5d, 0x87, 0x95, 0x61, 0xca, 0x8f,
- 0x0e, 0xce, 0xfb, 0x68, 0x4d, 0xd6, 0x28, 0xcb,
- 0x28, 0xe2, 0x27, 0x20, 0x2d, 0xff, 0x64, 0xbb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_2[] = {
- 0x12, 0x6f, 0x52, 0xe8, 0x07, 0x7f, 0x07, 0x84,
- 0xa0, 0x61, 0x96, 0xf8, 0xee, 0x4d, 0x05, 0x57,
- 0x65, 0xc7, 0x50, 0xc1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_2[] = {
- 0x18, 0x5a, 0x59, 0xe5, 0x91, 0x4d, 0xc9, 0x6c,
- 0xfa, 0x5b, 0x36, 0x06, 0x8c, 0x9a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_c_2[] = {
- 0x31, 0x2d, 0x58, 0x15
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_c_2[] = {
- 0x14, 0xf2, 0xc8, 0x25, 0x02, 0x79, 0x22, 0xa1,
- 0x96, 0xb6, 0xf7, 0x07, 0x76, 0xa6, 0xa3, 0xc4,
- 0x37, 0xdf, 0xa0, 0xf8, 0x78, 0x93, 0x2c, 0xfa,
- 0xea, 0x35, 0xf0, 0xf3, 0x3f, 0x32, 0x6e, 0xfd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_c_2[] = {
- 0x6e, 0x3d, 0x4a, 0x99, 0xea, 0x2f, 0x9d, 0x13,
- 0x4a, 0x1e, 0x71, 0x2e, 0x15, 0xc0, 0xca, 0xb6,
- 0x35, 0x78, 0xdf, 0xa4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_c_2[] = {
- 0xae, 0xe4, 0xec, 0x18, 0x31, 0x70, 0x5d, 0x3f,
- 0xdc, 0x97, 0x89, 0x88, 0xfd, 0xff
- };
- /* 128-bit key, kdrIdx = 8 */
- WOLFSSL_SMALL_STACK_STATIC const byte key_3[] = {
- 0x36, 0xb4, 0xde, 0xcb, 0x2e, 0x51, 0x23, 0x76,
- 0xe0, 0x27, 0x7e, 0x3e, 0xc8, 0xf6, 0x54, 0x04
- };
- WOLFSSL_SMALL_STACK_STATIC const byte salt_3[] = {
- 0x73, 0x26, 0xf4, 0x3f, 0xc0, 0xd9, 0xc6, 0xe3,
- 0x2f, 0x92, 0x7d, 0x46, 0x12, 0x76
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_3[] = {
- 0x44, 0x73, 0xb2, 0x2d, 0xb2, 0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_3[] = {
- 0x79, 0x91, 0x3d, 0x7b, 0x20, 0x5d, 0xea, 0xe2,
- 0xeb, 0x46, 0x89, 0x68, 0x5a, 0x06, 0x73, 0x74
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_3[] = {
- 0x2d, 0x2e, 0x97, 0x4e, 0x76, 0x8c, 0x62, 0xa6,
- 0x57, 0x80, 0x13, 0x42, 0x0b, 0x51, 0xa7, 0x66,
- 0xea, 0x31, 0x24, 0xe6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_3[] = {
- 0xcc, 0xd7, 0x31, 0xf6, 0x3b, 0xf3, 0x89, 0x8a,
- 0x5b, 0x7b, 0xb5, 0x8b, 0x4c, 0x3f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte index_c_3[] = {
- 0x4a, 0x7d, 0xaa, 0x85
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ke_c_3[] = {
- 0x34, 0x99, 0x71, 0xfe, 0x12, 0x93, 0xae, 0x8c,
- 0x4a, 0xe9, 0x84, 0xe4, 0x93, 0x53, 0x63, 0x88
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ka_c_3[] = {
- 0xa4, 0x53, 0x5e, 0x0a, 0x9c, 0xf2, 0xce, 0x13,
- 0xef, 0x7a, 0x13, 0xee, 0x0a, 0xef, 0xba, 0x17,
- 0x05, 0x18, 0xe3, 0xed
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ks_c_3[] = {
- 0xe1, 0x29, 0x4f, 0x61, 0x30, 0x3c, 0x4d, 0x46,
- 0x5f, 0x5c, 0x81, 0x3c, 0x38, 0xb6
- };
- /* SRTCP w/ 48-bit idx - KDR 0 (-1) */
- WOLFSSL_SMALL_STACK_STATIC const byte mk48_1[] = {
- 0xFF, 0xB6, 0xCB, 0x09, 0x71, 0x3F, 0x63, 0x4D,
- 0x7F, 0x42, 0xED, 0xA8, 0x12, 0x81, 0x50, 0xE6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ms48_1[] = {
- 0x1F, 0x04, 0x76, 0xC8, 0x7F, 0x58, 0x23, 0xEF,
- 0xD3, 0x57, 0xB2, 0xBD, 0xF1, 0x32
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_1[] = {
- 0x00, 0x00, 0x08, 0x56, 0xBC, 0x39
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_1[] = {
- 0xD2, 0xC3, 0xF3, 0x49, 0x00, 0x1A, 0x18, 0x0F,
- 0xB6, 0x05, 0x5A, 0x5A, 0x67, 0x8E, 0xE5, 0xB2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_1[] = {
- 0x8D, 0x54, 0xBE, 0xB5, 0x7B, 0x7F, 0x7A, 0xAB,
- 0xF5, 0x46, 0xCE, 0x5B, 0x45, 0x69, 0x4A, 0x75,
- 0x81, 0x2A, 0xE2, 0xCB
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_1[] = {
- 0x76, 0x3C, 0x97, 0x6A, 0x45, 0x31, 0xA7, 0x79,
- 0x3C, 0x28, 0x4A, 0xA6, 0x82, 0x03
- };
- /* SRTCP w/ 48-bit idx - KDR 19 */
- WOLFSSL_SMALL_STACK_STATIC const byte mk48_2[] = {
- 0xBD, 0x1D, 0x71, 0x6B, 0xDA, 0x28, 0xE3, 0xFC,
- 0xA5, 0xA0, 0x66, 0x3F, 0x2E, 0x34, 0xA8, 0x58
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ms48_2[] = {
- 0x79, 0x06, 0xE5, 0xAB, 0x5C, 0x2B, 0x1B, 0x69,
- 0xFA, 0xEE, 0xD2, 0x29, 0x57, 0x3C
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_2[] = {
- 0x00, 0x00, 0x59, 0xD0, 0xC2, 0xE8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_2[] = {
- 0xB9, 0xD7, 0xAD, 0xD8, 0x90, 0x94, 0xC2, 0x92,
- 0xA5, 0x04, 0x87, 0xC4, 0x8C, 0xEF, 0xE2, 0xA3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_2[] = {
- 0x07, 0xD5, 0xC4, 0xD2, 0x06, 0xFB, 0x63, 0x15,
- 0xC2, 0x9C, 0x7F, 0x55, 0xD1, 0x16, 0x5C, 0xB5,
- 0xB7, 0x44, 0x54, 0xBD
- };
- WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_2[] = {
- 0x0C, 0x5E, 0x53, 0xC1, 0xD0, 0x75, 0xAD, 0x65,
- 0xBF, 0x51, 0x74, 0x50, 0x89, 0xD7
- };
- int kdr_48_1 = -1;
- int kdr_48_2 = 19;
- #define SRTP_TV_CNT 4
- Srtp_Kdf_Tv tv[SRTP_TV_CNT] = {
- { key_0, (word32)sizeof(key_0), salt_0, (word32)sizeof(salt_0), -1,
- index_0, ke_0, ka_0, ks_0, index_c_0, ke_c_0, ka_c_0, ks_c_0,
- 16, 20, 14 },
- { key_1, (word32)sizeof(key_1), salt_1, (word32)sizeof(salt_1), 0,
- index_1, ke_1, ka_1, ks_1, index_c_1, ke_c_1, ka_c_1, ks_c_1,
- 24, 20, 14 },
- { key_2, (word32)sizeof(key_2), salt_2, (word32)sizeof(salt_2), 1,
- index_2, ke_2, ka_2, ks_2, index_c_2, ke_c_2, ka_c_2, ks_c_2,
- 32, 20, 14 },
- { key_3, (word32)sizeof(key_3), salt_3, (word32)sizeof(salt_3), 8,
- index_3, ke_3, ka_3, ks_3, index_c_3, ke_c_3, ka_c_3, ks_c_3,
- 16, 20, 14 },
- };
- int i;
- int idx;
- unsigned char keyE[32];
- unsigned char keyA[20];
- unsigned char keyS[14];
- WOLFSSL_ENTER("srtpkdf_test");
- for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
- #ifndef WOLFSSL_AES_128
- if (tv[i].keySz == AES_128_KEY_SIZE) {
- continue;
- }
- #endif
- #ifndef WOLFSSL_AES_192
- if (tv[i].keySz == AES_192_KEY_SIZE) {
- continue;
- }
- #endif
- #ifndef WOLFSSL_AES_256
- if (tv[i].keySz == AES_256_KEY_SIZE) {
- continue;
- }
- #endif
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_ENCRYPTION,
- keyE, tv[i].keSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_MSG_AUTH,
- keyA, tv[i].kaSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_SALT, keyS,
- tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c,
- WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_MSG_AUTH,
- keyA, tv[i].kaSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
- tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_SALT,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef WOLFSSL_AES_128
- i = 0;
- #elif defined(WOLFSSL_AES_192)
- i = 1;
- #else
- i = 2;
- #endif
- ret = wc_SRTP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- 25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- 25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- -2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- -2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, NULL, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, NULL, tv[i].keSz, keyA, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, NULL, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, NULL, tv[i].kaSz,
- keyS, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- NULL, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
- tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
- NULL, tv[i].ksSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- idx = wc_SRTP_KDF_kdr_to_idx(0);
- if (idx != -1)
- return WC_TEST_RET_ENC_NC;
- for (i = 0; i < 32; i++) {
- word32 kdr = 1U << i;
- idx = wc_SRTP_KDF_kdr_to_idx(kdr);
- if (idx != i)
- return WC_TEST_RET_ENC_NC;
- }
- /* SRTCP w/ 48-bit IDX, 128-bit key test */
- if (i == 0) {
- ret = wc_SRTCP_KDF_ex(mk48_1, (word32)sizeof(mk48_1),
- ms48_1, (word32)sizeof(ms48_1),
- kdr_48_1, srtcp48idx_1, keyE, tv[i].keSz,
- keyA, tv[i].kaSz, keyS, tv[i].ksSz,
- WC_SRTCP_48BIT_IDX);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, srtcpKe_48_1, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyA, srtcpKa_48_1, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyS, srtcpKs_48_1, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SRTCP_KDF_ex(mk48_2, (word32)sizeof(mk48_2),
- ms48_2, (word32)sizeof(ms48_2),
- kdr_48_2, srtcp48idx_2, keyE, tv[i].keSz,
- keyA, tv[i].kaSz, keyS, tv[i].ksSz,
- WC_SRTCP_48BIT_IDX);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(keyE, srtcpKe_48_2, tv[i].keSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyA, srtcpKa_48_2, tv[i].kaSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(keyS, srtcpKs_48_2, tv[i].ksSz) != 0)
- return WC_TEST_RET_ENC_NC;
- }
- return 0;
- }
- #endif
- #ifdef HAVE_ECC
- /* size to use for ECC key gen tests */
- #ifndef ECC_KEYGEN_SIZE
- #if !defined(NO_ECC256) || defined(WOLFSSL_SM2)
- #define ECC_KEYGEN_SIZE 32
- #elif defined(HAVE_ECC384)
- #define ECC_KEYGEN_SIZE 48
- #elif defined(HAVE_ECC224)
- #define ECC_KEYGEN_SIZE 28
- #elif defined(HAVE_ECC521)
- #define ECC_KEYGEN_SIZE 66
- #else
- #error No ECC keygen size defined for test
- #endif
- #endif
- #ifdef BENCH_EMBEDDED
- #define ECC_SHARED_SIZE 128
- #else
- #define ECC_SHARED_SIZE MAX_ECC_BYTES
- #endif
- #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
- #define HAVE_ECC_DETERMINISTIC_K
- #define ECC_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
- #else
- #define ECC_DIGEST_SIZE MAX_ECC_BYTES
- #endif
- #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
- #ifdef NO_ECC_SECP
- #define NO_ECC_VECTOR_TEST
- #endif
- #ifndef NO_ECC_VECTOR_TEST
- #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
- !defined(NO_ECC256) || defined(HAVE_ECC384) ||\
- defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
- #define HAVE_ECC_VECTOR_TEST
- #endif
- #endif
- #ifdef HAVE_ECC_VECTOR_TEST
- typedef struct eccVector {
- const char* msg; /* SHA-1 Encoded Message */
- const char* Qx;
- const char* Qy;
- const char* d; /* Private Key */
- const char* R;
- const char* S;
- const char* curveName;
- word32 msgLen;
- word32 keySize;
- #ifndef NO_ASN
- const byte* r;
- word32 rSz;
- const byte* s;
- word32 sSz;
- #endif
- } eccVector;
- #if !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
- {
- wc_test_ret_t ret = 0;
- int verify = 0;
- word32 sigSz;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- #endif
- WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES;
- WC_DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
- #endif
- WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- WC_ALLOC_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
- WC_ALLOC_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (sig == NULL)
- ERROR_OUT(MEMORY_E, done);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- if (sigRaw == NULL || r == NULL || s == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
- vector->d, vector->curveName);
- if (ret != 0)
- goto done;
- XMEMSET(sig, 0, ECC_SIG_SIZE);
- sigSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
- if (ret != 0)
- goto done;
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
- sigRawSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
- sigRaw, &sigRawSz);
- if (ret != 0)
- goto done;
- if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
- if (ret != 0)
- goto done;
- if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
- sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- #endif
- #ifdef HAVE_ECC_VERIFY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
- vector->msgLen, &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- TEST_SLEEP();
- if (verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userA);
- #endif
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- WC_FREE_VAR(sigRaw, HEAP_HINT);
- WC_FREE_VAR(r, HEAP_HINT);
- WC_FREE_VAR(s, HEAP_HINT);
- #endif
- WC_FREE_VAR(sig, HEAP_HINT);
- return ret;
- }
- static wc_test_ret_t ecc_test_vector(int keySize)
- {
- wc_test_ret_t ret;
- eccVector vec;
- XMEMSET(&vec, 0, sizeof(vec));
- vec.keySize = (word32)keySize;
- switch(keySize) {
- #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
- case 14:
- return 0;
- #endif /* HAVE_ECC112 */
- #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
- case 16:
- return 0;
- #endif /* HAVE_ECC128 */
- #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
- case 20:
- return 0;
- #endif /* HAVE_ECC160 */
- #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
- case 24:
- /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
- "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
- "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
- "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
- "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
- "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
- "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
- "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
- vec.msgLen = 128;
- #endif
- vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
- vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
- vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
- vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
- vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
- vec.curveName = "SECP192R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
- "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
- vec.rSz = 24;
- vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
- "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
- vec.sSz = 24;
- #endif
- break;
- #endif /* HAVE_ECC192 */
- #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
- case 28:
- /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
- "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
- "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
- "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
- "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
- "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
- "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
- "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
- vec.msgLen = 128;
- #endif
- vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
- vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
- vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
- vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
- vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
- vec.curveName = "SECP224R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
- "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
- "\xbc\x16\x71\xa7";
- vec.rSz = 28;
- vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
- "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
- "\x6a\xf3\xad\x5b";
- vec.sSz = 28;
- #endif
- break;
- #endif /* HAVE_ECC224 */
- #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
- case 30:
- return 0;
- #endif /* HAVE_ECC239 */
- #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
- case 32:
- /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
- "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
- "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
- "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
- "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
- "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
- "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
- "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
- vec.msgLen = 128;
- #endif
- vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
- vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
- vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
- vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
- vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
- #ifndef NO_ASN
- vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
- "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
- "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
- vec.rSz = 32;
- vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
- "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
- "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
- vec.sSz = 32;
- #endif
- vec.curveName = "SECP256R1";
- break;
- #endif /* !NO_ECC256 */
- #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
- case 40:
- return 0;
- #endif /* HAVE_ECC320 */
- #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
- case 48:
- /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
- "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
- "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
- "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
- "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
- "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
- "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
- "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
- vec.msgLen = 128;
- #endif
- vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
- vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
- vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
- vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
- vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
- vec.curveName = "SECP384R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
- "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
- "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
- "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
- vec.rSz = 48;
- vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
- "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
- "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
- "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
- vec.sSz = 48;
- #endif
- break;
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
- case 64:
- return 0;
- #endif /* HAVE_ECC512 */
- #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
- case 66:
- /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
- "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
- "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
- "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
- "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
- "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
- "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
- "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
- vec.msgLen = 128;
- #endif
- vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
- vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
- vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
- vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
- vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
- vec.curveName = "SECP521R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
- "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
- "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
- "\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6"
- "\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a"
- "\xa3\xbb\x15\x21\xbe";
- vec.rSz = 65;
- vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23"
- "\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5"
- "\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b"
- "\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11"
- "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
- "\x3d\x22\xf2\x48\x0c";
- vec.sSz = 65;
- #endif
- break;
- #endif /* HAVE_ECC521 */
- default:
- return NOT_COMPILED_IN; /* Invalid key size / Not supported */
- }; /* Switch */
- ret = ecc_test_vector_item(&vec);
- if (ret < 0) {
- return ret;
- }
- return 0;
- }
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- #if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
- defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
- && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
- #if defined(HAVE_ECC256)
- static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = NULL;
- #else
- ecc_key key[1];
- #endif
- int key_inited = 0;
- byte sig[72];
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
- unsigned char hash[32];
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
- "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
- "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
- "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
- WOLFSSL_SMALL_STACK_STATIC const byte expSig[] = {
- 0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B,
- 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD,
- 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87,
- 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E,
- 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0x02, 0x21, 0x00,
- 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41,
- 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65,
- 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06,
- 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8
- };
- #ifdef WOLFSSL_SMALL_STACK
- key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL)
- return MEMORY_E;
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- goto done;
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(key, 1);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- if (sigSz != sizeof(expSig)) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- if (XMEMCMP(sig, expSig, sigSz) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- done:
- if (key_inited)
- wc_ecc_free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- #if defined(HAVE_ECC384)
- /* KAT from RFC6979 */
- static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key;
- mp_int *r, *s, *expR, *expS;
- #else
- ecc_key key[1];
- mp_int r[1], s[1], expR[1], expS[1];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
- unsigned char hash[32];
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
- "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
- "96D5724E4C70A825F872C9EA60D2EDF5";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
- "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64"
- "DEF8F0EA9055866064A254515480BC13";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
- "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
- "288B231C3AE0D4FE7344FD2533264720";
- WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
- "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
- "BDE1E888E63355D92FA2B3C36D8FB2CD";
- WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
- "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
- "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
- #ifdef WOLFSSL_SMALL_STACK
- key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((key == NULL) ||
- (r == NULL) ||
- (s == NULL) ||
- (expR == NULL) ||
- (expS == NULL))
- {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
- if (ret != MP_OKAY) {
- goto done;
- }
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- goto done;
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(key, 1);
- if (ret != 0) {
- goto done;
- }
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- mp_read_radix(expR, expRstr, MP_RADIX_HEX);
- mp_read_radix(expS, expSstr, MP_RADIX_HEX);
- if (mp_cmp(r, expR) != MP_EQ) {
- ret = WC_TEST_RET_ENC_NC;
- }
- done:
- if (key_inited)
- wc_ecc_free(key);
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (r != NULL)
- XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (s != NULL)
- XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (expR != NULL)
- XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (expS != NULL)
- XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC521)
- /* KAT from RFC6979 */
- static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key;
- mp_int *r, *s, *expR, *expS;
- #else
- ecc_key key[1];
- mp_int r[1], s[1], expR[1], expS[1];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
- unsigned char hash[32];
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
- "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C"
- "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83"
- "538";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
- "1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3"
- "71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502"
- "3A4";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
- "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2"
- "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF"
- "CF5";
- WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
- "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
- "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
- "1A7";
- WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
- "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
- "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
- "CFC";
- #ifdef WOLFSSL_SMALL_STACK
- key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((key == NULL) ||
- (r == NULL) ||
- (s == NULL) ||
- (expR == NULL) ||
- (expS == NULL))
- {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
- if (ret != MP_OKAY) {
- goto done;
- }
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(key, 1);
- if (ret != 0) {
- goto done;
- }
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- mp_read_radix(expR, expRstr, MP_RADIX_HEX);
- mp_read_radix(expS, expSstr, MP_RADIX_HEX);
- if (mp_cmp(r, expR) != MP_EQ) {
- ret = WC_TEST_RET_ENC_NC;
- }
- done:
- if (key_inited)
- wc_ecc_free(key);
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (r != NULL)
- XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (s != NULL)
- XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (expR != NULL)
- XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (expS != NULL)
- XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC521 */
- #endif /* WOLFSSL_PUBLIC_MP */
- #endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K ||
- WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
- && (!FIPS_VERSION_GE || FIPS_VERSION_GE(5,3)) */
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
- !defined(WOLFSSL_KCAPI_ECC)
- static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = NULL;
- #else
- ecc_key key[1];
- #endif
- int key_inited = 0;
- byte sig[72];
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char hash[32] = "test wolfSSL deterministic sign";
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- WOLFSSL_SMALL_STACK_STATIC const byte k[1] = { 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte expSig[71] = {
- 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18,
- 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03,
- 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2,
- 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc,
- 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8,
- 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53,
- 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f,
- 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf,
- 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return MEMORY_E;
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- goto done;
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0) {
- goto done;
- }
- #if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
- && (HAVE_FIPS_VERSION > 2)))
- wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
- #endif
- ret = wc_ecc_sign_set_k(k, sizeof(k), key);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- if (sigSz != sizeof(expSig)) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- if (XMEMCMP(sig, expSig, sigSz) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- done:
- if (key_inited)
- wc_ecc_free(key);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_DHE)
- static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key pub_key[1], priv_key[1];
- #endif
- byte sharedA[32] = {0}, sharedB[32] = {0};
- word32 x, z;
- WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
- WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((pub_key == NULL) ||
- (priv_key == NULL)) {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- XMEMSET(pub_key, 0, sizeof *pub_key);
- XMEMSET(priv_key, 0, sizeof *priv_key);
- /* setup private and public keys */
- ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
- ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0)
- goto done;
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(priv_key, rng);
- if (ret != 0)
- goto done;
- #else
- (void)rng;
- #endif
- /* compute ECC Cofactor shared secret */
- x = sizeof(sharedA);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- /* read in expected Z */
- z = sizeof(sharedB);
- ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
- if (ret != 0)
- goto done;
- /* compare results */
- if (x != z || XMEMCMP(sharedA, sharedB, x)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (priv_key) {
- wc_ecc_free(priv_key);
- XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub_key) {
- wc_ecc_free(pub_key);
- XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(priv_key);
- wc_ecc_free(pub_key);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_CDH && HAVE_ECC_DHE */
- #endif /* HAVE_ECC_VECTOR_TEST */
- #ifdef HAVE_ECC_KEY_IMPORT
- /* returns 0 on success */
- static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ecc_key pub[1];
- #endif
- byte exportBuf[ECC_BUFSIZE];
- byte tmp[ECC_BUFSIZE];
- #endif
- const byte* msg = (const byte*)"test wolfSSL ECC public gen";
- word32 x;
- word32 tmpSz;
- wc_test_ret_t ret = 0;
- ecc_point* pubPoint = NULL;
- #ifdef HAVE_ECC_VERIFY
- int verify = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((key == NULL) ||
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- (pub == NULL) ||
- #endif
- (exportBuf == NULL) ||
- (tmp == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- (void)msg;
- (void)verify;
- (void)exportBuf;
- (void)rng;
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- #ifndef NO_ECC256
- #if defined(USE_CERT_BUFFERS_256)
- {
- XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
- tmpSz = (size_t)sizeof_ecc_key_der_256;
- }
- #elif !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(eccKeyDerFile, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file);
- XFCLOSE(file);
- if (tmpSz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #else
- {
- WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(2)");
- ERROR_OUT(ASN_PARSE_E, done);
- }
- #endif /* USE_CERT_BUFFERS_256 */
- /* import private only then test with */
- ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- x = 0;
- ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_private_only(key, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* make private only key */
- wc_ecc_free(key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- ret = wc_ecc_make_pub(NULL, NULL);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- TEST_SLEEP();
- #ifndef WOLFSSL_NO_MALLOC
- pubPoint = wc_ecc_new_point_h(HEAP_HINT);
- if (pubPoint == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #if !defined(WOLFSSL_CRYPTOCELL)
- ret = wc_ecc_make_pub(key, pubPoint);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- TEST_SLEEP();
- #ifdef HAVE_ECC_KEY_EXPORT
- /* export should still fail, is private only key */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* !WOLFSSL_NO_MALLOC */
- #endif /* !NO_ECC256 */
- /* create a new key since above test for loading key is not supported */
- #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
- defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SE050) || \
- defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
- (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K)
- tmpSz = ECC_BUFSIZE;
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
- &tmpSz, rng, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- /* try verify with private only key */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
- (word32)XSTRLEN((const char*)msg), &verify, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- TEST_SLEEP();
- #ifdef HAVE_ECC_KEY_EXPORT
- /* exporting the public part should now work */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- /* now test private only key with creating a shared secret */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_private_only(key, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SE050)
- /* make private only key */
- wc_ecc_free(key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* check that public export fails with private only key */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* WOLFSSL_QNX_CAAM */
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- /* make public key for shared secret */
- wc_ecc_init_ex(pub, HEAP_HINT, devId);
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
- #ifdef HAVE_ECC_CDH
- wc_ecc_set_flags(key, WC_ECC_FLAG_COFACTOR);
- #endif
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(key, rng);
- if (ret != 0)
- goto done;
- #endif
- x = ECC_BUFSIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
- }
- } while (ret == WC_PENDING_E);
- wc_ecc_free(pub);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- ret = 0;
- done:
- wc_ecc_del_point_h(pubPoint, HEAP_HINT);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- if (pub != NULL)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (exportBuf != NULL)
- XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key eccKey[1];
- byte tmpBuf[ECC_BUFSIZE];
- #endif
- word32 tmpSz;
- word32 idx;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((eccKey == NULL) || (tmpBuf == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_make_key(rng, keySize, eccKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- goto done;
- }
- tmpSz = ECC_BUFSIZE;
- ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz);
- wc_ecc_free(eccKey);
- if (ret < 0) {
- goto done;
- }
- tmpSz = (word32)ret;
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- idx = 0;
- ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
- if (ret != 0) {
- goto done;
- }
- wc_ecc_free(eccKey);
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- idx = 0;
- ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
- if (ret != 0) {
- goto done;
- }
- ret = 0;
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (eccKey != NULL) {
- wc_ecc_free(eccKey);
- XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmpBuf != NULL)
- XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_ecc_free(eccKey);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize)
- {
- wc_test_ret_t ret = 0;
- int derSz;
- #ifdef HAVE_PKCS8
- word32 pkcs8Sz;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte der[ECC_BUFSIZE];
- ecc_key userA[1];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((der == NULL) || (userA == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done);
- #endif
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_make_key(rng, keySize, userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
- }
- ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
- ECC_PRIVATEKEY_TYPE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* test export of public key */
- derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
- }
- if (derSz == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #ifdef HAVE_COMP_KEY
- /* test export of compressed public key */
- derSz = wc_EccPublicKeyToDer_ex(userA, der, ECC_BUFSIZE, 1, 1);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
- }
- if (derSz == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_PKCS8
- /* test export of PKCS#8 unencrypted private key */
- pkcs8Sz = FOURK_BUF;
- derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz);
- if (derSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
- }
- if (derSz == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0);
- if (ret != 0) {
- goto done;
- }
- #endif /* HAVE_PKCS8 */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (der != NULL)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userA);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
- int curve_id, const ecc_set_type* dp)
- {
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- word32 y;
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
- WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- word32 x = 0;
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
- defined(HAVE_ECC_SIGN)
- WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- int i;
- #ifdef HAVE_ECC_VERIFY
- int verify;
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- ecc_key pubKey[1];
- #endif
- #ifndef WC_NO_RNG
- int curveSize;
- #endif
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
- defined(HAVE_ECC_SIGN)
- WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- if (sharedA == NULL || sharedB == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- if (exportBuf == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
- defined(HAVE_ECC_SIGN)
- if (sig == NULL || digest == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- (void)testVerifyCount;
- (void)dp;
- (void)x;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((userA == NULL) ||
- (userB == NULL) ||
- (pubKey == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- XMEMSET(pubKey, 0, sizeof *pubKey);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(userA, dp);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_custom_curve(userB, dp);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #ifdef WOLF_CRYPTO_CB_ONLY_ECC
- if (ret == NO_VALID_DEVID) {
- ret = 0;
- goto done; /* no software case */
- }
- #endif
- if (ret == ECC_CURVE_OID_E)
- goto done; /* catch case, where curve is not supported */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- if (wc_ecc_get_curve_idx(curve_id) != -1) {
- curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
- if (curveSize != userA->dp->size)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- /* ATECC508/608 configuration may not support more than one ECDH key */
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- /* only perform the below tests if the key size matches */
- if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
- /* Not an error, just not a key size match */
- WARNING_OUT(ECC_CURVE_OID_E, done);
- #ifdef HAVE_ECC_DHE
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(userA, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (y != x)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_CDH
- /* add cofactor flag */
- wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR);
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (y != x)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- /* remove cofactor flag */
- wc_ecc_set_flags(userA, 0);
- wc_ecc_set_flags(userB, 0);
- #endif /* HAVE_ECC_CDH */
- #endif /* HAVE_ECC_DHE */
- #endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_KEY_IMPORT
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(pubKey, dp);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_COMP_KEY
- /* try compressed export / import too */
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- wc_ecc_free(pubKey);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(pubKey, dp);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #endif /* HAVE_COMP_KEY */
- #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #endif /* HAVE_ECC_KEY_EXPORT */
- /* For KCAPI cannot sign using generated ECDH key */
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
- #ifdef HAVE_ECC_SIGN
- /* ECC w/out Shamir has issue with all 0 digest */
- /* WC_BIGINT doesn't have 0 len well on hardware */
- /* Cryptocell has issues with all 0 digest */
- #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
- !defined(WOLFSSL_CRYPTOCELL)
- /* test DSA sign hash with zeros */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = 0;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
- userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
- &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
- /* test DSA sign hash with sequence (0,1,2,3,4,...) */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = (byte)i;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT &&
- * !WC_NO_RNG && !WOLFSSL_KCAPI_ECC) */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_KCAPI_ECC)
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_private_only(userA, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #elif defined(HAVE_ECC_KEY_EXPORT)
- (void)exportBuf;
- #endif /* HAVE_ECC_KEY_EXPORT */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pubKey != NULL) {
- wc_ecc_free(pubKey);
- XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(pubKey);
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
- WC_FREE_VAR(sharedA, HEAP_HINT);
- WC_FREE_VAR(sharedB, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_FREE_VAR(exportBuf, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_FREE_VAR(sig, HEAP_HINT);
- WC_FREE_VAR(digest, HEAP_HINT);
- #endif
- (void)keySize;
- (void)curve_id;
- (void)rng;
- return ret;
- }
- #undef ECC_TEST_VERIFY_COUNT
- #define ECC_TEST_VERIFY_COUNT 2
- static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
- {
- wc_test_ret_t ret;
- WOLFSSL_MSG_EX("ecc_test_curve keySize = %d", keySize);
- #if FIPS_VERSION3_GE(6,0,0)
- #ifdef DEBUG_WOLFSSL
- printf("keySize is %d\n", keySize);
- #endif
- if (keySize < WC_ECC_FIPS_GEN_MIN) {
- goto skip_A;
- }
- #endif
- ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id,
- NULL);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- /* some curve sizes are only available with:
- HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
- and HAVE_ECC_KOBLITZ */
- }
- else {
- printf("ecc_test_curve_size %d failed!\n", keySize);
- return ret;
- }
- }
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- #if FIPS_VERSION3_GE(6,0,0)
- skip_A:
- #endif
- #ifdef HAVE_ECC_VECTOR_TEST
- ret = ecc_test_vector(keySize);
- if (ret < 0) {
- printf("ecc_test_vector %d failed!\n", keySize);
- return ret;
- }
- #endif
- #if FIPS_VERSION3_GE(6,0,0)
- if (keySize < WC_ECC_FIPS_GEN_MIN) {
- goto skip_B;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- ret = ecc_test_key_decode(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_decode %d failed!\n", keySize);
- return ret;
- }
- }
- #endif
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- ret = ecc_test_key_gen(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_gen %d failed!\n", keySize);
- return ret;
- }
- }
- #endif
- #if FIPS_VERSION3_GE(6,0,0)
- skip_B:
- #endif
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- return 0;
- }
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_point_test(void)
- {
- wc_test_ret_t ret;
- ecc_point* point;
- ecc_point* point2;
- #ifdef HAVE_COMP_KEY
- ecc_point* point3;
- ecc_point* point4;
- #endif
- word32 outLen;
- byte out[65];
- byte der[] = { 0x04, /* = Uncompressed */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- byte derComp0[] = { 0x02, /* = Compressed, y even */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- byte derComp1[] = { 0x03, /* = Compressed, y odd */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #endif
- byte altDer[] = { 0x04, /* = Uncompressed */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
- int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
- /* if curve P256 is not enabled then test should not fail */
- if (curve_idx == ECC_CURVE_INVALID)
- return 0;
- outLen = sizeof(out);
- point = wc_ecc_new_point();
- if (point == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- point2 = wc_ecc_new_point();
- if (point2 == NULL) {
- wc_ecc_del_point(point);
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef HAVE_COMP_KEY
- point3 = wc_ecc_new_point();
- if (point3 == NULL) {
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return WC_TEST_RET_ENC_NC;
- }
- point4 = wc_ecc_new_point();
- if (point4 == NULL) {
- wc_ecc_del_point(point3);
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return WC_TEST_RET_ENC_NC;
- }
- #endif
- /* Parameter Validation testing. */
- wc_ecc_del_point(NULL);
- ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_export_point_der(-1, point, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
- if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- outLen = 0;
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != BUFFER_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, point2);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_copy_point(point, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, point2);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Use API. */
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- outLen = sizeof(out);
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (outLen != sizeof(der)) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- if (XMEMCMP(out, der, outLen) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- goto done;
- }
- ret = wc_ecc_copy_point(point2, point);
- if (ret != MP_OKAY) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_EQ) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_GT) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point3, point4);
- if (ret != MP_EQ) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_cmp_point(point3, point4);
- if (ret != MP_EQ) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #endif
- done:
- #ifdef HAVE_COMP_KEY
- wc_ecc_del_point(point4);
- wc_ecc_del_point(point3);
- #endif
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return ret;
- }
- #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
- {
- wc_test_ret_t ret;
- word32 sigSz;
- int size;
- byte out[ECC_MAX_SIG_SIZE];
- byte in[] = TEST_STRING;
- WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- size = wc_ecc_sig_size(key);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
- if (ret != size)
- return WC_TEST_RET_ENC_NC;
- sigSz = (word32)ret;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- return 0;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
- {
- wc_test_ret_t ret;
- int curve_id;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key keyImp[1];
- #endif
- byte priv[32];
- word32 privLen;
- byte pub[65*2];
- word32 pubLen, pubLenX, pubLenY;
- const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
- "ce46cbc947616d0cbaa82323818a793d";
- const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
- "922f8b30ea6e8811742ac7238fe87308";
- const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
- "2e7a493ec1153b3a95feb8a4873f8d08";
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (keyImp == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #endif
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- privLen = sizeof(priv);
- ret = wc_ecc_export_private_only(key, priv, &privLen);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- pubLen = sizeof(pub);
- ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- curve_id = wc_ecc_get_curve_id(key->idx);
- if (curve_id < 0) {
- ret = WC_TEST_RET_ENC_EC(curve_id);
- goto done;
- }
- /* test import private only */
- ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
- curve_id);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- /* test export public raw */
- pubLenX = pubLenY = 32;
- ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of public */
- ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #endif
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- /* test export private and public raw */
- pubLenX = pubLenY = privLen = 32;
- ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
- priv, &privLen);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of private and public */
- ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #endif
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (keyImp != NULL) {
- wc_ecc_free(keyImp);
- XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(keyImp);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key2[1];
- ecc_key key3[1];
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- mp_int* priv;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((key2 == NULL) || (key3 == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- wc_ecc_init_ex(key2, HEAP_HINT, devId);
- wc_ecc_init_ex(key3, HEAP_HINT, devId);
- /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
- /* Need base point (Gx,Gy) and parameter A - load them as the public and
- * private key in key2.
- */
- ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
- ECC_SECP256R1);
- if (ret != 0)
- goto done;
- /* Need a point (Gx,Gy) and prime - load them as the public and private key
- * in key3.
- */
- ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy,
- key1->dp->prime, ECC_SECP256R1);
- if (ret != 0)
- goto done;
- ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
- wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
- 1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #ifdef WOLFSSL_PUBLIC_MP
- priv = wc_ecc_key_get_priv(key1);
- mp_zero(priv);
- ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
- wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
- 1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- if (!wc_ecc_point_is_at_infinity(&key3->pubkey)) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #endif
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key2 != NULL) {
- wc_ecc_free(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key3 != NULL) {
- wc_ecc_free(key3);
- XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key3);
- wc_ecc_free(key2);
- #endif
- return ret;
- }
- #endif
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
- !defined(WOLFSSL_CRYPTOCELL)
- static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- byte out[128];
- word32 outLen = sizeof(out);
- /* Parameter Validation testing. */
- ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(key, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- (void)rng;
- #endif
- /* Use API. */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- TEST_SLEEP();
- return 0;
- }
- #endif /* HAVE_ECC_DHE && !WC_NO_RNG */
- static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- #if !defined(NO_ECC_SECP) && \
- ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
- (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
- word32 idx = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- /* Use API */
- ret = wc_ecc_set_flags(NULL, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_ecc_set_flags(key, 0);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- goto done;
- }
- #ifndef NO_SIG_WRAPPER
- ret = ecc_sig_test(rng, key);
- if (ret < 0)
- goto done;
- #endif
- TEST_SLEEP();
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ret = ecc_ssh_test(key, rng);
- if (ret < 0)
- goto done;
- #endif
- wc_ecc_free(key);
- #else
- (void)rng;
- #endif /* !WC_NO_RNG */
- #if !defined(NO_ECC_SECP) && \
- ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
- (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
- /* Use test ECC key - ensure real private "d" exists */
- #if defined(USE_CERT_BUFFERS_256)
- {
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
- sizeof_ecc_key_der_256);
- }
- #elif !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(eccKeyDerFile, "rb");
- byte der[128];
- word32 derSz;
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- derSz = (word32)XFREAD(der, 1, sizeof(der), file);
- XFCLOSE(file);
- if (derSz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
- }
- #else
- {
- (void)idx;
- WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(3)");
- ERROR_OUT(ASN_PARSE_E, done);
- }
- #endif
- if (ret != 0) {
- goto done;
- }
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
- ret = ecc_exp_imp_test(key);
- if (ret < 0)
- goto done;
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
- !defined(WOLFSSL_CRYPTOCELL)
- ret = ecc_mulmod_test(key);
- if (ret < 0)
- goto done;
- #endif
- #endif
- #else
- (void)rng;
- (void)idx;
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- done:
- wc_ecc_free(key);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- return ret;
- }
- #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
- #if defined(WOLFSSL_CERT_EXT) && \
- (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- static wc_test_ret_t ecc_decode_test(void)
- {
- wc_test_ret_t ret;
- word32 inSz;
- word32 inOutIdx;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
- /* This is ecc_clikeypub_der_256. */
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = {
- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
- 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
- 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
- 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
- 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
- 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
- 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
- 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
- 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
- 0xb4 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
- 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
- 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
- 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x00, 0x04, 0x01 };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- XMEMSET(key, 0, sizeof *key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- inSz = sizeof(good);
- ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Change offset to produce bad input data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inOutIdx = 4;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- /* Bad data. */
- inSz = sizeof(badNoObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
- if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badOneObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
- if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badObjId1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badObj2d1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNotBitStr);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
- if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badBitStrLen);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badNoBitStrZero);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
- if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(badPoint);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
- if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_CUSTOM_CURVES
- static const byte eccKeyExplicitCurve[] = {
- 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
- 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
- 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
- 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
- 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
- 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
- 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
- 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
- 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
- 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
- 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
- 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
- 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
- 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
- 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
- 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
- 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
- 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
- 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
- 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
- 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
- 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
- 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
- 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
- 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
- };
- static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- word32 inOutIdx;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- /* test use of custom curve - using BRAINPOOLP256R1 for test */
- #if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
- };
- #define ecc_oid_brainpoolp256r1_sz \
- (sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t))
- #else
- #define ecc_oid_brainpoolp256r1 { \
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \
- }
- #define ecc_oid_brainpoolp256r1_sz 9
- #endif
- #define ecc_oid_brainpoolp256r1_sum 104
- WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = {
- 32, /* size/bytes */
- ECC_CURVE_CUSTOM, /* ID */
- "BRAINPOOLP256R1", /* curve name */
- "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
- "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
- "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
- "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
- "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
- "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
- ecc_oid_brainpoolp256r1, /* oid/oidSz */
- ecc_oid_brainpoolp256r1_sz,
- ecc_oid_brainpoolp256r1_sum, /* oid sum */
- 1, /* cofactor */
- };
- #endif /* HAVE_ECC_BRAINPOOL */
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (! key) {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- XMEMSET(key, 0, sizeof *key);
- #if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
- &ecc_dp_brainpool256r1);
- if (ret != 0) {
- printf("ECC test for custom curve failed!\n");
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
- {
- int curve_id;
- #ifdef HAVE_ECC_BRAINPOOL
- curve_id = ECC_BRAINPOOLP256R1;
- #else
- curve_id = ECC_SECP256K1;
- #endif
- /* Test and demonstrate use of non-SECP curve */
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
- if (ret < 0) {
- printf("ECC test for curve_id %d failed!\n", curve_id);
- goto done;
- }
- }
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto done;
- }
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
- sizeof(eccKeyExplicitCurve));
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- (void)rng;
- return ret;
- }
- #endif /* WOLFSSL_CUSTOM_CURVES */
- #ifdef WOLFSSL_SM2
- #ifdef HAVE_ECC_VERIFY
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
- #ifdef HAVE_OID_ENCODING
- #define CODED_SM2P256V1 {1,2,156,10197,1,301}
- #define CODED_SM2P256V1_SZ 6
- #else
- #define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D}
- #define CODED_SM2P256V1_SZ 10
- #endif
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1;
- #else
- #define ecc_oid_sm2p256v1 CODED_SM2P256V1
- #endif
- #define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ
- #define ECC_SM2P256V1_TEST 102
- static int test_sm2_verify_caseA2(void)
- {
- ecc_key key;
- int ret, res;
- mp_int r,s;
- /* test key values */
- const char qx[] = "0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A";
- const char qy[] = "7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857";
- const char d[] = "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263";
- const ecc_set_type ecc_sm2_A2 = {
- 32, /* size/bytes */
- ECC_SM2P256V1_TEST, /* ID */
- "SM2P256V1_TEST", /* curve name */
- /* from test case A.2 in draft-shen-sm2-ecdsa-02 */
- "8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", /* prime */
- "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", /* A */
- "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", /* B */
- "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", /* order n */
- "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", /* Gx */
- "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", /* Gy */
- ecc_oid_sm2p256v1, /* oid/oidSz */
- ecc_oid_sm2p256v1_sz,
- ECC_SM2P256V1_OID, /* oid sum */
- 1, /* cofactor */
- };
- /* use canned hash value hash = H(ZA||M) */
- const byte hash[] = {
- 0xB5,0x24,0xF5,0x52,0xCD,0x82,0xB8,0xB0,
- 0x28,0x47,0x6E,0x00,0x5C,0x37,0x7F,0xB1,
- 0x9A,0x87,0xE6,0xFC,0x68,0x2D,0x48,0xBB,
- 0x5D,0x42,0xE3,0xD9,0xB9,0xEF,0xFE,0x76
- };
- /* canned r and s */
- const byte rCan[] = {
- 0x40,0xF1,0xEC,0x59,0xF7,0x93,0xD9,0xF4,
- 0x9E,0x09,0xDC,0xEF,0x49,0x13,0x0D,0x41,
- 0x94,0xF7,0x9F,0xB1,0xEE,0xD2,0xCA,0xA5,
- 0x5B,0xAC,0xDB,0x49,0xC4,0xE7,0x55,0xD1
- };
- const byte sCan[] = {
- 0x6F,0xC6,0xDA,0xC3,0x2C,0x5D,0x5C,0xF1,
- 0x0C,0x77,0xDF,0xB2,0x0F,0x7C,0x2E,0xB6,
- 0x67,0xA4,0x57,0x87,0x2F,0xB0,0x9E,0xC5,
- 0x63,0x27,0xA6,0x7E,0xC7,0xDE,0xEB,0xE7
- };
- mp_init(&r);
- mp_init(&s);
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_custom_curve(&key, &ecc_sm2_A2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_import_raw_ex(&key, qx, qy, d, ECC_SM2P256V1_TEST);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- mp_read_unsigned_bin(&r, rCan, sizeof(rCan));
- mp_read_unsigned_bin(&s, sCan, sizeof(sCan));
- ret = wc_ecc_sm2_verify_hash_ex(&r, &s, hash, sizeof(hash), &res, &key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (res != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- done:
- mp_free(&r);
- mp_free(&s);
- wc_ecc_free(&key);
- return ret;
- }
- #endif /* WOLFSSL_PUBLIC_MP && WOLFSSL_CUSTOM_CURVES */
- static int test_sm2_verify_case(void)
- {
- ecc_key key;
- int ret, res;
- /* test key values */
- const char qx[] = "637F1B135036C933DC3F7A8EBB1B7B2FD1DFBD268D4F894B5AD47DBDBECD558F";
- const char qy[] = "E88101D08048E36CCBF61CA38DDF7ABA542B4486E99E49F3A7470A857A096433";
- /* use canned hash value hash = H(ZA||M) */
- const byte hash[] = {
- 0x3B,0xFA,0x5F,0xFB,0xC4,0x27,0x8C,0x9D,
- 0x02,0x3A,0x19,0xCB,0x1E,0xAA,0xD2,0xF1,
- 0x50,0x69,0x5B,0x20
- };
- const byte sig[] = {
- 0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3,
- 0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C,
- 0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5,
- 0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D,
- 0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D,
- 0xB5,0xB5,0xD9,0xD8,0xF1,0x20,0xDD,0x97,
- 0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B,
- 0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A,
- 0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC
- };
- const byte badSig[] = {
- 0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3,
- 0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C,
- 0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5,
- 0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D,
- 0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D,
- 0xB5,0xB5,0xE9,0xD8,0xF1,0x20,0xDD,0x97,
- 0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B,
- 0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A,
- 0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC
- };
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_import_raw(&key, qx, qy, NULL, "SM2P256V1");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), &res,
- &key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (res != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- /* now test a case that should fail */
- ret = wc_ecc_sm2_verify_hash(badSig, sizeof(badSig), hash, sizeof(hash),
- &res, &key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (res == 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- done:
- wc_ecc_free(&key);
- return ret;
- }
- static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
- {
- const ecc_set_type* dp = wc_ecc_get_curve_params(
- wc_ecc_get_curve_idx(ECC_SM2P256V1));
- int keySize = 32;
- int curve_id = ECC_SM2P256V1;
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
- WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
- WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- word32 x = 0;
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
- word32 y;
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- int i;
- int verify;
- #endif /* HAVE_ECC_SIGN */
- int ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- ecc_key pubKey[1];
- #endif
- #ifndef WC_NO_RNG
- int curveSize;
- #endif
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
- WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
- if (sharedA == NULL || sharedB == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- if (exportBuf == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- #ifdef HAVE_ECC_SIGN
- if (sig == NULL || digest == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
- (void)testVerifyCount;
- (void)dp;
- (void)x;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((userA == NULL) ||
- (userB == NULL) ||
- (pubKey == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- XMEMSET(pubKey, 0, sizeof *pubKey);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifndef WC_NO_RNG
- ret = wc_ecc_sm2_make_key(rng, userA, WC_ECC_FLAG_NONE);
- if (ret == ECC_CURVE_OID_E)
- goto done; /* catch case, where curve is not supported */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- if (wc_ecc_get_curve_idx(curve_id) != -1) {
- curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
- if (curveSize != userA->dp->size) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- }
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- ret = wc_ecc_sm2_make_key(rng, userB, WC_ECC_FLAG_NONE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- /* only perform the below tests if the key size matches */
- if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
- if (ret != 0) {
- ret = ECC_CURVE_OID_E;
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #ifdef HAVE_ECC_DHE
- #if defined(ECC_TIMING_RESISTANT)
- ret = wc_ecc_set_rng(userA, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- x = ECC_SHARED_SIZE;
- ret = wc_ecc_sm2_shared_secret(userA, userB, sharedA, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- y = ECC_SHARED_SIZE;
- ret = wc_ecc_sm2_shared_secret(userB, userA, sharedB, &y);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (y != x)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_KEY_IMPORT
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_COMP_KEY
- /* try compressed export / import too */
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- wc_ecc_free(pubKey);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif /* HAVE_ECC_DHE */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* !WC_NO_RNG */
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG))
- #ifdef HAVE_ECC_SIGN
- /* ECC w/out Shamir has issue with all 0 digest */
- /* WC_BIGINT doesn't have 0 len well on hardware */
- /* Cryptocell has issues with all 0 digest */
- #if defined(ECC_SHAMIR)
- /* test DSA sign hash with zeros */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = 0;
- }
- x = ECC_SIG_SIZE;
- ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- for (i = 0; i < testVerifyCount; i++) {
- verify = 0;
- ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
- userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* ECC_SHAMIR */
- /* test DSA sign hash with sequence (0,1,2,3,4,...) */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = (byte)i;
- }
- x = ECC_SIG_SIZE;
- ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- for (i = 0; i < testVerifyCount; i++) {
- verify = 0;
- ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
- userA);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif /* HAVE_ECC_SIGN */
- #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_private_only(userA, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #elif defined(HAVE_ECC_KEY_EXPORT)
- (void)exportBuf;
- #endif /* HAVE_ECC_KEY_EXPORT */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pubKey != NULL) {
- wc_ecc_free(pubKey);
- XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(pubKey);
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
- WC_FREE_VAR(sharedA, HEAP_HINT);
- WC_FREE_VAR(sharedB, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_FREE_VAR(exportBuf, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_FREE_VAR(sig, HEAP_HINT);
- WC_FREE_VAR(digest, HEAP_HINT);
- #endif
- (void)keySize;
- (void)curve_id;
- (void)rng;
- return ret;
- }
- #endif /* HAVE_ECC_VERIFY */
- static int test_sm2_create_digest(void)
- {
- const byte msg[] = "message to sign";
- const byte id[] = "0123456789";
- const byte badId[] = "0123556789";
- byte expected[] = {
- 0xdd, 0x4d, 0x65, 0x49, 0xa3, 0x64, 0x76, 0xc0,
- 0x73, 0x05, 0xdc, 0x05, 0x16, 0xb5, 0xee, 0x9f,
- 0x82, 0xf9, 0xe9, 0x7d, 0x01, 0x1a, 0xdc, 0x88,
- 0x5a, 0x59, 0x9c, 0x44, 0xcc, 0x47, 0xa4, 0x78
- };
- ecc_key key;
- int ret;
- /* test key values */
- const char qx[] =
- "af178b7b8740cc9d5b493fbd22049c12621bc27dcc5802e75ff4d045a4158baf";
- const char qy[] =
- "89933faf7a4798f48c5b9b4cd3a7693d54c9e05449946eb489c0dd50a5294805";
- const char d[] =
- "b3e66c2dbfb50c6ff6830c1fac4b51293a2562f9e667052b03df2d4b43c1f34a";
- byte digest[WC_SHA256_DIGEST_SIZE];
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_import_raw(&key, qx, qy, d, "SM2P256V1");
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_sm2_create_digest(id, (int)XSTRLEN((const char*)id),
- msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest,
- WC_SHA256_DIGEST_SIZE, &key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- ret = wc_ecc_sm2_create_digest(badId, (int)XSTRLEN((const char*)badId),
- msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest,
- WC_SHA256_DIGEST_SIZE, &key);
- if (ret != 0)
- goto done;
- /* should be different than the previous ID used */
- if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- done:
- wc_ecc_free(&key);
- return ret;
- }
- static int test_sm2_verify(void)
- {
- int ret = 0;
- #ifdef HAVE_ECC_VERIFY
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
- ret = test_sm2_verify_caseA2();
- if (ret != 0)
- return ret;
- #endif
- ret = test_sm2_verify_case();
- if (ret != 0)
- return ret;
- #endif /* HAVE_ECC_VERIFY */
- ret = test_sm2_create_digest();
- return ret;
- }
- #endif /* WOLFSSL_SM2 */
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
- /* Make Cert / Sign example for ECC cert and ECC CA */
- static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- Cert myCert[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- ecc_key caEccKey[1];
- ecc_key certPubKey[1];
- #endif
- int certSz;
- size_t bytes = 0;
- word32 idx = 0;
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* der = NULL;
- #else
- byte der[FOURK_BUF];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((myCert == NULL)
- #ifdef WOLFSSL_TEST_CERT
- || (decode == NULL)
- #endif
- || (caEccKey == NULL) || (certPubKey == NULL))
- ERROR_OUT(MEMORY_E, exit);
- #endif
- XMEMSET(caEccKey, 0, sizeof *caEccKey);
- XMEMSET(certPubKey, 0, sizeof *certPubKey);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- #endif
- /* Get cert private key */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Get Cert Key 384 */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
- bytes = sizeof_ca_ecc_key_der_384;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(eccCaKey384File, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- bytes = XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- (void)eccCaKeyFile;
- #else
- WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(4)");
- ERROR_OUT(ASN_PARSE_E, exit);
- #endif /* USE_CERT_BUFFERS_256 */
- /* end if ENABLE_ECC384_CERT_GEN_TEST */
- #else
- /* !ENABLE_ECC384_CERT_GEN_TEST */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
- bytes = sizeof_ca_ecc_key_der_256;
- #else
- file = XFOPEN(eccCaKeyFile, "rb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- bytes = XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaKey384File;
- #endif
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- /* Get CA Key */
- ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* Make a public key */
- ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- TEST_SLEEP();
- /* Setup Certificate */
- ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wECDSA;
- #else
- myCert->sigType = CTC_SHAwECDSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* add AKID from the Public Key */
- ret = wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- /* add Key Usage */
- ret = wc_SetKeyUsage(myCert, certKeyUsage);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
- sizeof_ca_ecc_cert_der_384);
- #elif !defined(NO_FILESYSTEM)
- ret = wc_SetIssuer(myCert, eccCaCert384File);
- (void)eccCaCertFile;
- #else
- /* not testing with embedded, no file system target */
- ERROR_OUT(ASN_PARSE_E, exit);
- #endif /* USE_CERT_BUFFERS_256 */
- #else
- /* not ENABLE_ECC384_CERT_GEN_TEST */
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
- sizeof_ca_ecc_cert_der_256);
- #else
- ret = wc_SetIssuer(myCert, eccCaCertFile);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaCert384File;
- #endif
- #endif
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng);
- if (certSz < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, NULL, caEccKey, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- certSz = (int)ret;
- TEST_SLEEP();
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
- CERT_TYPE);
- if (ret != 0) {
- goto exit;
- }
- exit:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (myCert != NULL)
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (caEccKey != NULL) {
- wc_ecc_free(caEccKey);
- XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (certPubKey != NULL) {
- wc_ecc_free(certPubKey);
- XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(certPubKey);
- wc_ecc_free(caEccKey);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
- (!defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES))
- /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
- static wc_test_ret_t ecc_test_allocator(WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- ecc_key* key;
- #ifdef WC_NO_RNG
- word32 idx = 0;
- #endif
- key = wc_ecc_key_new(HEAP_HINT);
- if (key == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- #else
- /* use test ECC key */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
- (word32)sizeof_ecc_key_der_256);
- (void)rng;
- #endif
- exit:
- wc_ecc_key_free(key);
- return ret;
- }
- #endif
- /* ECC Non-blocking tests for Sign and Verify */
- /* Requires SP math and supports P384 or P256 */
- /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC) && \
- defined(WOLFSSL_PUBLIC_MP)
- /* ECC Private Key "d" */
- static const byte p256PrivKey[] = {
- /* SECP256R1 */
- /* d */
- 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
- 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
- 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
- 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
- };
- #ifdef HAVE_ECC384
- static const byte p384PrivKey[] = {
- /* SECP384R1 */
- /* d */
- 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
- 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
- 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
- 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
- 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
- 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
- };
- #endif /* HAVE_ECC384 */
- #ifdef HAVE_ECC521
- static const byte p521PrivKey[] = {
- /* SECP521R1 */
- /* d */
- 0x01, 0x68, 0x91, 0x33, 0x53, 0xe2, 0x90, 0x68,
- 0x11, 0x8f, 0xaa, 0xa8, 0x76, 0x0c, 0xf7, 0x2a,
- 0x07, 0x1b, 0x92, 0x2a, 0xa7, 0x82, 0x3d, 0xfa,
- 0x83, 0xce, 0x70, 0xc8, 0xc2, 0x60, 0x82, 0xfe,
- 0x18, 0x88, 0x68, 0xda, 0x6a, 0x83, 0x46, 0x78,
- 0xe4, 0xe9, 0xe9, 0xcc, 0x51, 0x7f, 0xed, 0x81,
- 0x02, 0x32, 0xee, 0x26, 0x87, 0xcc, 0xed, 0x63,
- 0x3f, 0x39, 0x27, 0xf0, 0xd7, 0x17, 0x77, 0xa1,
- 0xa4, 0x36
- };
- #endif /* HAVE_ECC521 */
- /* ECC public key Qx/Qy */
- static const byte p256PubKey[] = {
- /* SECP256R1 */
- /* Qx */
- 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
- 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
- 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
- 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
- /* Qy */
- 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
- 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
- 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
- 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
- };
- #ifdef HAVE_ECC384
- static const byte p384PubKey[] = {
- /* SECP384R1 */
- /* Qx */
- 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
- 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
- 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
- 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
- 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
- 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
- /* Qy */
- 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
- 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
- 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
- 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
- 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
- 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
- };
- #endif
- #ifdef HAVE_ECC521
- static const byte p521PubKey[] = {
- /* SECP521R1 */
- /* Qx */
- 0x01, 0x62, 0x6e, 0xf1, 0x00, 0xec, 0xd8, 0x99,
- 0x58, 0x9b, 0x80, 0x6b, 0xfe, 0x2c, 0xf1, 0xb2,
- 0xf0, 0xc8, 0x48, 0xdf, 0xac, 0xd2, 0x3b, 0x71,
- 0x29, 0xab, 0xf0, 0x66, 0x63, 0xd8, 0x8e, 0xb5,
- 0xc8, 0xc2, 0xfc, 0x99, 0x44, 0xe2, 0x45, 0xb1,
- 0x5a, 0x7b, 0xb9, 0x73, 0x01, 0xda, 0x79, 0xec,
- 0x9c, 0x26, 0x27, 0x34, 0x45, 0x26, 0xd5, 0x89,
- 0x4b, 0x44, 0xfe, 0x69, 0x4e, 0x72, 0x14, 0xe3,
- 0x8b, 0xbc,
- /* Qy */
- 0x00, 0x0f, 0x09, 0xa2, 0x03, 0xc3, 0x5a, 0xdc,
- 0x95, 0x82, 0xf6, 0xf9, 0xf6, 0x9c, 0xff, 0xb5,
- 0x6b, 0x75, 0x95, 0x4b, 0xa4, 0x28, 0x5d, 0x9e,
- 0x90, 0x04, 0xd1, 0xc0, 0x1e, 0xd5, 0xfd, 0x43,
- 0x9e, 0x1e, 0x83, 0xc0, 0x11, 0x2b, 0x2b, 0x07,
- 0x6d, 0xa9, 0x7a, 0x10, 0xd7, 0x67, 0xe7, 0x51,
- 0x37, 0x24, 0xd8, 0xbf, 0x03, 0x0d, 0x8b, 0xb5,
- 0x40, 0x5c, 0x4f, 0xd6, 0x13, 0x73, 0x42, 0xbc,
- 0x91, 0xd9
- };
- /* perform verify of signature and hash using public key */
- /* key is public Qx + public Qy */
- /* sig is r + s */
- static wc_test_ret_t crypto_ecc_verify(const byte *key, uint32_t keySz,
- const byte *hash, uint32_t hashSz, const byte *sig, uint32_t sigSz,
- uint32_t curveSz, int curveId)
- {
- wc_test_ret_t ret;
- int verify_res = 0, count = 0;
- mp_int r, s;
- ecc_key ecc;
- ecc_nb_ctx_t nb_ctx;
- /* validate arguments */
- if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
- hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
- {
- return WC_TEST_RET_ENC_NC;
- }
- /* Setup the ECC key */
- ret = wc_ecc_init(&ecc);
- if (ret < 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Setup the signature r/s variables */
- ret = mp_init(&r);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = mp_init(&s);
- if (ret != MP_OKAY) {
- mp_clear(&r);
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Import public key x/y */
- ret = wc_ecc_import_unsigned(
- &ecc,
- (byte*)key, /* Public "x" Coordinate */
- (byte*)(key + curveSz), /* Public "y" Coordinate */
- NULL, /* Private "d" (optional) */
- curveId /* ECC Curve Id */
- );
- /* Make sure it was a public key imported */
- if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
- ret = WC_TEST_RET_ENC_NC; /* ECC_BAD_ARG_E */
- }
- /* Import signature r/s */
- if (ret == 0) {
- ret = mp_read_unsigned_bin(&r, sig, curveSz);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* Verify ECC Signature */
- if (ret == 0) {
- do {
- ret = wc_ecc_verify_hash_ex(
- &r, &s, /* r/s as mp_int */
- hash, hashSz, /* computed hash digest */
- &verify_res, /* verification result 1=success */
- &ecc
- );
- count++;
- /* This is where real-time work could be called */
- } while (ret == FP_WOULDBLOCK);
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("ECC non-block verify: %d times\n", count);
- #endif
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* check verify result */
- if (ret == 0 && verify_res == 0) {
- ret = WC_TEST_RET_ENC_NC /* SIG_VERIFY_E */;
- }
- mp_clear(&r);
- mp_clear(&s);
- wc_ecc_free(&ecc);
- (void)count;
- return ret;
- }
- /* perform signature operation against hash using private key */
- static wc_test_ret_t crypto_ecc_sign(const byte *key, uint32_t keySz,
- const byte *hash, uint32_t hashSz, byte *sig, uint32_t* sigSz,
- uint32_t curveSz, int curveId, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int count = 0;
- mp_int r, s;
- ecc_key ecc;
- ecc_nb_ctx_t nb_ctx;
- /* validate arguments */
- if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
- curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
- {
- return WC_TEST_RET_ENC_NC /* BAD_FUNC_ARG */;
- }
- /* Initialize signature result */
- memset(sig, 0, curveSz*2);
- /* Setup the ECC key */
- ret = wc_ecc_init(&ecc);
- if (ret < 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Setup the signature r/s variables */
- ret = mp_init(&r);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = mp_init(&s);
- if (ret != MP_OKAY) {
- mp_clear(&r);
- wc_ecc_free(&ecc);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Import private key "k" */
- ret = wc_ecc_import_private_key_ex(
- key, keySz, /* private key "d" */
- NULL, 0, /* public (optional) */
- &ecc,
- curveId /* ECC Curve Id */
- );
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- if (ret == 0) {
- do {
- /* Verify ECC Signature */
- ret = wc_ecc_sign_hash_ex(
- hash, hashSz, /* computed hash digest */
- rng, &ecc, /* random and key context */
- &r, &s /* r/s as mp_int */
- );
- count++;
- /* This is where real-time work could be called */
- } while (ret == FP_WOULDBLOCK);
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- printf("ECC non-block sign: %d times\n", count);
- #endif
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- /* export r/s */
- mp_to_unsigned_bin_len(&r, sig, curveSz);
- mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
- }
- mp_clear(&r);
- mp_clear(&s);
- wc_ecc_free(&ecc);
- (void)count;
- return ret;
- }
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- /*
- * This test doesn't work with WOLFSSL_VALIDATE_ECC_KEYGEN defined because we
- * don't have non-blocking versions of the key checking functions, yet.
- */
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
- static wc_test_ret_t ecc_test_nonblock_dhe(int curveId, word32 curveSz,
- const byte* privKey, const byte* pubKey, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- ecc_key keyA;
- ecc_key keyB;
- ecc_nb_ctx_t nbCtxA;
- ecc_nb_ctx_t nbCtxB;
- byte secretA[ECC_SHARED_SIZE];
- byte secretB[ECC_SHARED_SIZE];
- word32 secretSzA = ECC_SHARED_SIZE;
- word32 secretSzB = ECC_SHARED_SIZE;
- int count = 0;
- ret = wc_ecc_init(&keyA);
- if (ret == 0) {
- ret = wc_ecc_init(&keyB);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_ecc_set_nonblock(&keyA, &nbCtxA);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_ecc_set_nonblock(&keyB, &nbCtxB);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- do {
- ret = wc_ecc_make_key_ex(rng, curveSz, &keyA, curveId);
- count++;
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- fprintf(stderr, "ECC non-block key gen: %d times\n", count);
- #endif
- if (ret == 0) {
- ret = wc_ecc_check_key(&keyA);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_ecc_import_unsigned(&keyB, pubKey, pubKey + curveSz,
- privKey, curveId);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- count = 0;
- if (ret == 0) {
- do {
- ret = wc_ecc_shared_secret(&keyA, &keyB, secretA, &secretSzA);
- count++;
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- fprintf(stderr, "ECC non-block shared secret: %d times\n", count);
- #endif
- if (ret == 0) {
- do {
- ret = wc_ecc_shared_secret(&keyB, &keyA, secretB, &secretSzB);
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- if (secretSzA != secretSzB ||
- XMEMCMP(secretA, secretB, secretSzA) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- }
- }
- wc_ecc_free(&keyA);
- wc_ecc_free(&keyB);
- return ret;
- }
- #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
- #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- static wc_test_ret_t ecc_test_nonblock_ecdsa(int curveId, word32 curveSz,
- const byte* privKey, word32 privKeySz, const byte* pubKey, word32 pubKeySz,
- WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- byte* sig = NULL;
- word32 sigSz = curveSz * 2;
- static const byte hash[] = {
- 0x8d, 0x28, 0xa3, 0x8b, 0x0b, 0xa9, 0xfe, 0xd4, 0x0e, 0x54, 0xc4, 0x17,
- 0x3d, 0x54, 0x66, 0x34, 0xbf, 0x5d, 0x6f, 0x46, 0xc2, 0x20, 0xcb, 0xc3,
- 0x22, 0xe9, 0xb0, 0xdf, 0xe7, 0x64, 0x3f, 0xd9
- };
- sig = (byte*)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
- if (sig == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- if (ret == 0) {
- /* Sign hash using private key */
- /* Note: result of an ECC sign varies for each call even with same
- private key and hash. This is because a new random public key is
- used for each operation. */
- ret = crypto_ecc_sign(privKey, privKeySz, hash, sizeof(hash), sig,
- &sigSz, curveSz, curveId, rng);
- }
- if (ret == 0) {
- /* Verify generated signature is valid */
- ret = crypto_ecc_verify(pubKey, pubKeySz, hash, sizeof(hash), sig,
- sigSz, curveSz, curveId);
- }
- if (sig != NULL) {
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
- }
- return ret;
- }
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- static wc_test_ret_t ecc_test_nonblock(WC_RNG* rng)
- {
- wc_test_ret_t ret = 0;
- word32 i;
- int curveIds[3] = {0, 0, 0};
- word32 curveSzs[3] = {0, 0, 0};
- const byte* privKeys[3] = {NULL, NULL, NULL};
- word32 privKeySzs[3] = {0, 0, 0};
- const byte* pubKeys[3] = {NULL, NULL, NULL};
- word32 pubKeySzs[3] = {0, 0, 0};
- curveIds[0] = ECC_SECP256R1;
- curveSzs[0] = 32;
- privKeys[0] = p256PrivKey;
- privKeySzs[0] = sizeof(p256PrivKey);
- pubKeys[0] = p256PubKey;
- pubKeySzs[0] = sizeof(p256PubKey);
- #ifdef HAVE_ECC384
- curveIds[1] = ECC_SECP384R1;
- curveSzs[1] = 48;
- privKeys[1] = p384PrivKey;
- privKeySzs[1] = sizeof(p384PrivKey);
- pubKeys[1] = p384PubKey;
- pubKeySzs[1] = sizeof(p384PubKey);
- #endif
- #ifdef HAVE_ECC521
- curveIds[2] = ECC_SECP521R1;
- curveSzs[2] = 66;
- privKeys[2] = p521PrivKey;
- privKeySzs[2] = sizeof(p521PrivKey);
- pubKeys[2] = p521PubKey;
- pubKeySzs[2] = sizeof(p521PubKey);
- #endif
- for (i = 0; ret == 0 && i < sizeof(curveIds) / sizeof(curveIds[0]); ++i) {
- if (curveIds[i] == 0) {
- continue;
- }
- #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- ret = ecc_test_nonblock_ecdsa(curveIds[i], curveSzs[i], privKeys[i],
- privKeySzs[i], pubKeys[i], pubKeySzs[i], rng);
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
- if (ret == 0) {
- ret = ecc_test_nonblock_dhe(curveIds[i], curveSzs[i], privKeys[i],
- pubKeys[i], rng);
- }
- #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
- }
- return ret;
- }
- #endif /* WC_ECC_NONBLOCK && WOLFSSL_HAVE_SP_ECC && WOLFSSL_PUBLIC_MP */
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION > 2)))
- static int ecc_test_raw_enc_dec(void)
- {
- int ret;
- unsigned char r[1];
- word32 rSz;
- unsigned char s[1];
- word32 sSz;
- unsigned char rZero[] = { 0, 0, 0, 0 };
- unsigned char sOne[] = { 0, 0, 1 };
- unsigned char sigRaw[32];
- word32 sigRawSz;
- unsigned char expSig[] = { 0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01 };
- sigRawSz = sizeof(sigRaw);
- ret = wc_ecc_rs_raw_to_sig(rZero, sizeof(rZero), sOne, sizeof(sOne),
- sigRaw, &sigRawSz);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (sigRawSz != sizeof(expSig)) {
- return WC_TEST_RET_ENC_EC((int)sigRawSz);
- }
- if (XMEMCMP(sigRaw, expSig, sizeof(expSig)) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- rSz = sizeof(r);
- sSz = sizeof(s);
- ret = wc_ecc_sig_to_rs(sigRaw, sigRawSz, r, &rSz, s, &sSz);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (rSz != 1) {
- return WC_TEST_RET_ENC_EC((int)rSz);
- }
- if (sSz != 1) {
- return WC_TEST_RET_ENC_EC((int)sSz);
- }
- if (r[0] != 0) {
- return WC_TEST_RET_ENC_EC(r[0]);
- }
- if (s[0] != 1) {
- return WC_TEST_RET_ENC_EC(s[0]);
- }
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
- {
- wc_test_ret_t ret;
- WC_RNG rng;
- WOLFSSL_ENTER("ecc_test");
- #if defined(ECC_MIN_KEY_SZ)
- WOLFSSL_MSG_EX("ecc_test ECC_MIN_KEY_SZ = %d\n", ECC_MIN_KEY_SZ);
- #else
- WOLFSSL_MSG("ecc_test ECC_MIN_KEY_SZ not defined.");
- #endif
- #if defined(WOLFSSL_CERT_EXT) && \
- (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- ret = ecc_decode_test();
- if (ret < 0)
- return ret;
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- #ifndef WC_NO_RNG
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- (void)ret;
- #endif
- #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
- ret = ecc_test_curve(&rng, 14, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=14, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC112 */
- #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
- ret = ecc_test_curve(&rng, 16, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=16, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC128 */
- #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
- ret = ecc_test_curve(&rng, 20, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=20, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC160 */
- #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
- #if !FIPS_VERSION3_GE(6,0,0)
- ret = ecc_test_curve(&rng, 24, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=24, Default\n");
- goto done;
- }
- #endif
- #endif /* HAVE_ECC192 */
- #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
- ret = ecc_test_curve(&rng, 28, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=28, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC224 */
- #if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239
- ret = ecc_test_curve(&rng, 30, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=30, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC239 */
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- ret = ecc_test_curve(&rng, 32, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=32, Default\n");
- goto done;
- }
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ret = ecc_point_test();
- if (ret < 0) {
- goto done;
- }
- #endif
- #if !defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES)
- ret = ecc_def_curve_test(&rng);
- if (ret < 0) {
- printf("Default\n");
- goto done;
- }
- #endif
- #endif /* !NO_ECC256 */
- #if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320
- ret = ecc_test_curve(&rng, 40, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=40, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC320 */
- #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
- ret = ecc_test_curve(&rng, 48, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=48, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC384 */
- #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
- ret = ecc_test_curve(&rng, 64, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=64, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC512 */
- #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
- ret = ecc_test_curve(&rng, 66, ECC_CURVE_DEF);
- if (ret < 0) {
- printf("keySize=66, Default\n");
- goto done;
- }
- #endif /* HAVE_ECC521 */
- #ifdef WOLFSSL_SM2
- ret = ecc_test_curve(&rng, 32, ECC_SM2P256V1);
- if (ret < 0) {
- printf("SM2\n");
- goto done;
- }
- #endif
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION > 2)))
- ret = ecc_test_raw_enc_dec();
- if (ret != 0) {
- printf("raw sig encode/decode\n");
- goto done;
- }
- #endif
- #if defined(WOLFSSL_CUSTOM_CURVES)
- ret = ecc_test_custom_curves(&rng);
- if (ret != 0) {
- printf("Custom\n");
- goto done;
- }
- #endif
- #if defined(WOLFSSL_SM2)
- ret = test_sm2_verify();
- if (ret != 0) {
- printf("SM2 Verify\n");
- goto done;
- }
- ret = ecc_sm2_test_curve(&rng, ECC_TEST_VERIFY_COUNT);
- if (ret != 0) {
- printf("SM2 test\n");
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
- defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
- && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
- #ifdef HAVE_ECC256
- ret = ecc_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc_test_deterministic_k failed!\n");
- goto done;
- }
- #endif
- #ifdef WOLFSSL_PUBLIC_MP
- #if defined(HAVE_ECC384)
- ret = ecc384_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc384_test_deterministic_k failed!\n");
- goto done;
- }
- #endif
- #if defined(HAVE_ECC521)
- ret = ecc521_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc512_test_deterministic_k failed!\n");
- goto done;
- }
- #endif
- #endif
- #endif
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
- !defined(WOLFSSL_KCAPI_ECC)
- ret = ecc_test_sign_vectors(&rng);
- if (ret != 0) {
- printf("ecc_test_sign_vectors failed!\n");
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_VECTOR_TEST) && defined(HAVE_ECC_CDH) && \
- defined(HAVE_ECC_DHE)
- ret = ecc_test_cdh_vectors(&rng);
- if (ret != 0) {
- printf("ecc_test_cdh_vectors failed!\n");
- goto done;
- }
- #endif
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
- ret = ecc_test_make_pub(&rng);
- if (ret != 0) {
- printf("ecc_test_make_pub failed!\n");
- goto done;
- }
- #elif defined(HAVE_ECC_KEY_IMPORT)
- (void)ecc_test_make_pub; /* for compiler warning */
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
- ret = ecc_test_cert_gen(&rng);
- if (ret != 0) {
- printf("ecc_test_cert_gen failed!\n");
- goto done;
- }
- #endif
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && (!defined(NO_ECC_SECP) || \
- defined(WOLFSSL_CUSTOM_CURVES))
- ret = ecc_test_allocator(&rng);
- if (ret != 0) {
- printf("ecc_test_allocator failed!\n");
- goto done;
- }
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- ret = ecc_test_nonblock(&rng);
- if (ret != 0) {
- printf("ecc_test_nonblock failed!\n");
- goto done;
- }
- #endif
- done:
- wc_FreeRng(&rng);
- return ret;
- }
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3))
- static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte* plaintext;
- byte* encrypted;
- byte* decrypted;
- #else
- byte plaintext[128];
- byte encrypted[128];
- byte decrypted[128];
- #endif
- ecEncCtx* aCtx = NULL;
- ecEncCtx* bCtx = NULL;
- static const byte salt[16] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,
- 14, 15};
- wc_test_ret_t ret = 0;
- static const char message[] = "Hello wolfSSL!";
- word32 plaintextLen;
- word32 encryptLen = 128;
- word32 decryptLen = 128;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- plaintext = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- encrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- wc_ecc_free(a);
- wc_ecc_free(b);
- ret = wc_ecc_init(a);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- if (ret == 0) {
- ret = wc_ecc_init(b);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0)
- ret = wc_ecc_make_key(rng, 32, a);
- if (ret == 0)
- ret = wc_ecc_make_key(rng, 32, b);
- /* create context */
- if (ret == 0) {
- aCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
- if (aCtx == NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- if (ret == 0) {
- bCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
- if (bCtx == NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- /* set salt */
- if (ret == 0) {
- ret = wc_ecc_ctx_set_kdf_salt(aCtx, salt, sizeof(salt));
- if (ret != 0)
- ret = 10472;
- }
- if (ret == 0) {
- ret = wc_ecc_ctx_set_kdf_salt(bCtx, salt, sizeof(salt));
- if (ret != 0)
- ret = 10473;
- }
- XMEMSET(plaintext, 0, 128);
- XSTRLCPY((char *)plaintext, message, sizeof plaintext);
- plaintextLen = (((word32)XSTRLEN(message) + AES_BLOCK_SIZE - 1) /
- AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
- /* encrypt */
- if (ret == 0) {
- ret = wc_ecc_encrypt(a, b, plaintext, plaintextLen, encrypted,
- &encryptLen, aCtx);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* decrypt */
- if (ret == 0) {
- ret = wc_ecc_decrypt(b, a, encrypted, encryptLen, decrypted,
- &decryptLen, bCtx);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- /* compare */
- if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0)
- ret = WC_TEST_RET_ENC_NC;
- wc_ecc_free(a);
- wc_ecc_free(b);
- wc_ecc_ctx_free(aCtx);
- wc_ecc_ctx_free(bCtx);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(decrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
- /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in
- * wolfFIPS 5.3.
- * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test().
- */
- #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
- ECC_MIN_KEY_SZ <= 256 && defined(WOLFSSL_AES_128)
- static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
- {
- wc_test_ret_t ret = 0;
- #ifdef WOLFSSL_ECIES_OLD
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key* userA = NULL;
- #else
- ecc_key userA[1];
- #endif
- int userAInit = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key* userB = NULL;
- #else
- ecc_key userB[1];
- #endif
- int userBInit = 0;
- ecc_key* tmpKey;
- byte plain[48];
- word32 plainSz = sizeof(plain);
- WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = {
- 0x04, 0x80, 0xef, 0x1d, 0xbe, 0x02, 0x0c, 0x20,
- 0x5b, 0xab, 0x80, 0x35, 0x5b, 0x2a, 0x0f, 0x6d,
- 0xd3, 0xb0, 0x7f, 0x7e, 0x7f, 0x86, 0x8a, 0x49,
- 0xee, 0xb4, 0xaa, 0x09, 0x2d, 0x1e, 0x1d, 0x02
- };
- #if defined(WOLFSSL_ECIES_OLD) || defined(WOLFSSL_QNX_CAAM)
- WOLFSSL_SMALL_STACK_STATIC const byte pubKey[] = {
- 0x04,
- /* X */
- 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
- 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
- 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
- 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
- /* X */
- 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
- 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
- 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
- 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte enc_msg[] = {
- #ifdef WOLFSSL_ECIES_OLD
- 0x42, 0x70, 0xbf, 0xf9, 0xf4, 0x7e, 0x4b, 0x9b,
- 0xb5, 0x4c, 0xcc, 0xc5, 0x94, 0xa7, 0xef, 0xaa,
- 0xc3, 0x7c, 0x85, 0xa6, 0x51, 0x6e, 0xd3, 0xfa,
- 0x56, 0xc9, 0x10, 0x4d, 0x14, 0x32, 0x61, 0xb8,
- 0xbb, 0x66, 0x7a, 0xb5, 0xbc, 0x95, 0xf8, 0xca,
- 0xd1, 0x2a, 0x19, 0x51, 0x44, 0xd8, 0x0e, 0x57,
- 0x34, 0xed, 0x45, 0x89, 0x2e, 0x57, 0xbe, 0xd5,
- 0x06, 0x22, 0xd7, 0x13, 0x0a, 0x0e, 0x40, 0x36,
- 0x0d, 0x05, 0x0d, 0xb6, 0xae, 0x61, 0x37, 0x18,
- 0x83, 0x90, 0x0a, 0x27, 0x95, 0x41, 0x8c, 0x45
- #elif defined(WOLFSSL_ECIES_ISO18033)
- 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
- 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
- 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
- 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
- 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
- 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
- 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
- 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
- 0x28, 0xbb, 0x9f, 0xa8, 0x2d, 0xe1, 0xf1, 0x67,
- 0x45, 0x02, 0x19, 0xdc, 0xc8, 0x24, 0x8b, 0x20,
- 0x02, 0xa0, 0x8f, 0x95, 0x12, 0x55, 0x51, 0xf8,
- 0x03, 0xc4, 0x54, 0x13, 0x98, 0x2d, 0xf0, 0x31,
- 0x51, 0x80, 0x45, 0x24, 0xcb, 0x8b, 0x48, 0xa6,
- 0x8b, 0x8e, 0x97, 0x9c, 0x56, 0x4d, 0x70, 0x00,
- 0x53, 0xd3, 0x47, 0x00, 0x5a, 0x23, 0x8c, 0xf9,
- 0xfd, 0xd2, 0x33, 0x2c, 0x43, 0x6e, 0x9e, 0xb2,
- 0xf4, 0x95, 0xd4, 0xcf, 0x30, 0xd6, 0xa2, 0xc5,
- 0x35, 0x96, 0x6a, 0xd4, 0x36, 0x15, 0xa9, 0xbd,
- 0x7f
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- /* EC P-256 point */
- 0x04,
- /* X */
- 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
- 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
- 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
- 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
- /* Y */
- 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
- 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
- 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
- 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28,
- /* IV */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- /* Encrypted Msg */
- 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d, 0x50,
- 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c, 0x1f,
- 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc, 0x44,
- 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca, 0x65,
- 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61, 0xbd,
- 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1, 0xde,
- /* HMAC */
- 0x5a, 0x22, 0xc1, 0x5d, 0x99, 0x66, 0x3f, 0x24,
- 0x35, 0x96, 0xac, 0xf7, 0xf6, 0x28, 0x45, 0x16,
- 0x52, 0x19, 0x0d, 0xe4, 0xb2, 0xca, 0x5b, 0x28,
- 0x4e, 0xbb, 0xf3, 0x98, 0x57, 0xd7, 0x3b, 0xe2
- #else
- 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
- 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
- 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
- 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
- 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
- 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
- 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
- 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
- 0x28, 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d,
- 0x50, 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c,
- 0x1f, 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc,
- 0x44, 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca,
- 0x65, 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61,
- 0xbd, 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1,
- 0xde, 0xc7, 0x3f, 0x6f, 0xce, 0xbe, 0x49, 0x61,
- 0x48, 0x01, 0x77, 0x41, 0xd0, 0xd8, 0x5b, 0x48,
- 0xca, 0x4e, 0x47, 0x3e, 0x47, 0xbf, 0x1d, 0x28,
- 0x4c, 0x18, 0x1a, 0xfb, 0x96, 0x95, 0xda, 0xde,
- 0x55
- #endif
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- userB = (ecc_key *)XMALLOC(sizeof(*userB), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (userB == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (ret == 0) {
- userA = (ecc_key *)XMALLOC(sizeof(*userA), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (userA == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- }
- #endif
- #endif
- if (ret == 0) {
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- userBInit = 1;
- #ifdef WOLFSSL_ECIES_OLD
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- userAInit = 1;
- tmpKey = userA;
- #else
- tmpKey = NULL;
- #endif
- }
- if (ret == 0) {
- #ifdef WOLFSSL_QNX_CAAM
- ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), pubKey,
- sizeof(pubKey), userB, ECC_SECP256R1);
- #else
- ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), NULL, 0,
- userB, ECC_SECP256R1);
- #endif
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (ret == 0) {
- ret = wc_ecc_import_x963_ex(pubKey, sizeof(pubKey), userA,
- ECC_SECP256R1);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- if (ret == 0) {
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- }
- #else
- (void)rng;
- #endif
- if (ret == 0) {
- ret = wc_ecc_decrypt(userB, tmpKey, enc_msg, sizeof(enc_msg), plain,
- &plainSz, NULL);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC;
- }
- }
- if (userBInit)
- wc_ecc_free(userB);
- #ifdef WOLFSSL_ECIES_OLD
- if (userAInit)
- wc_ecc_free(userA);
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userB != NULL) {
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (userA != NULL) {
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #endif
- return ret;
- }
- #endif
- static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB,
- byte encAlgo, byte kdfAlgo, byte macAlgo)
- {
- wc_test_ret_t ret = 0;
- byte msg[48];
- byte plain[48];
- #ifdef WOLFSSL_ECIES_OLD
- byte out[80];
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- byte out[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
- #else
- byte out[1 + ECC_KEYGEN_SIZE * 2 + 80];
- #endif
- word32 outSz = sizeof(out);
- word32 plainSz = sizeof(plain);
- int i;
- ecEncCtx* cliCtx = NULL;
- ecEncCtx* srvCtx = NULL;
- byte cliSalt[EXCHANGE_SALT_SZ];
- byte srvSalt[EXCHANGE_SALT_SZ];
- const byte* tmpSalt;
- byte msg2[48];
- byte plain2[48];
- #ifdef WOLFSSL_ECIES_OLD
- byte out2[80];
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- byte out2[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
- #else
- byte out2[1 + ECC_KEYGEN_SIZE * 2 + 80];
- #endif
- word32 outSz2 = sizeof(out2);
- word32 plainSz2 = sizeof(plain2);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof(ecc_key), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key tmpKey[1];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (tmpKey == NULL) {
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- /* set message to incrementing 0,1,2,etc... */
- for (i = 0; i < (int)sizeof(msg); i++)
- msg[i] = i;
- /* encrypt msg to B */
- ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = userA->dp;
- ret = wc_ecc_copy_point(&userA->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #endif
- /* decrypt msg from A */
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, NULL);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- #ifndef WOLFSSL_ECIES_OLD
- /* A decrypts msg (response) from B */
- ret = wc_ecc_decrypt(userB, NULL, out, outSz, plain2, &plainSz2, NULL);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- #endif
- /* let's verify message exchange works, A is client, B is server */
- cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
- srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
- if (cliCtx == NULL || srvCtx == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO; goto done;
- }
- ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- /* get salt to send to peer */
- tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- if (tmpSalt == NULL) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
- tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
- if (tmpSalt == NULL) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
- /* in actual use, we'd get the peer's salt over the transport */
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- /* get encrypted msg (request) to send to B */
- outSz = sizeof(out);
- ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx);
- if (ret != 0)
- goto done;
- #ifndef WOLFSSL_ECIES_OLD
- wc_ecc_free(tmpKey);
- #endif
- /* B decrypts msg (request) from A */
- plainSz = sizeof(plain);
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- /* msg2 (response) from B to A */
- for (i = 0; i < (int)sizeof(msg2); i++)
- msg2[i] = i + sizeof(msg2);
- /* get encrypted msg (response) to send to B */
- ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2,
- &outSz2, srvCtx);
- if (ret != 0)
- goto done;
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = userB->dp;
- ret = wc_ecc_copy_point(&userB->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #else
- wc_ecc_free(tmpKey);
- #endif
- /* A decrypts msg (response) from B */
- ret = wc_ecc_decrypt(userA, tmpKey, out2, outSz2, plain2, &plainSz2,
- cliCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- #if defined(HAVE_COMP_KEY) && \
- (! defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- /* Create new client and server contexts. */
- wc_ecc_ctx_free(srvCtx);
- wc_ecc_ctx_free(cliCtx);
- /* let's verify message exchange works, A is client, B is server */
- cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
- srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
- if (cliCtx == NULL || srvCtx == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO; goto done;
- }
- ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- /* get salt to send to peer */
- tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- if (tmpSalt == NULL) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
- tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
- if (tmpSalt == NULL) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
- /* in actual use, we'd get the peer's salt over the transport */
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 12);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 12);
- if (ret != 0)
- goto done;
- /* get encrypted msg (request) to send to B - compressed public key */
- outSz = sizeof(out);
- ret = wc_ecc_encrypt_ex(userA, userB, msg, sizeof(msg), out, &outSz, cliCtx,
- 1);
- if (ret != 0)
- goto done;
- #ifndef WOLFSSL_ECIES_OLD
- wc_ecc_free(tmpKey);
- #endif
- /* B decrypts msg (request) from A - out has a compressed public key */
- plainSz = sizeof(plain);
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = WC_TEST_RET_ENC_NC; goto done;
- }
- #endif /* HAVE_COMP_KEY && (!FIPS || FIPS>=5.3) */
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
- (ECC_MIN_KEY_SZ <= 256) && defined(WOLFSSL_AES_128)
- ret = ecc_encrypt_kat(rng);
- #endif
- done:
- /* cleanup */
- wc_ecc_ctx_free(srvCtx);
- wc_ecc_ctx_free(cliCtx);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (tmpKey != NULL) {
- wc_ecc_free(tmpKey);
- XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(tmpKey);
- #endif
- return ret;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
- {
- WC_RNG rng;
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *userA;
- ecc_key *userB;
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- #endif
- WOLFSSL_ENTER("ecc_encrypt_test");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if ((userA == NULL) || (userB == NULL)) {
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(userA, &rng);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- ret = wc_ecc_set_rng(userB, &rng);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #endif
- #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CBC, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #ifdef HAVE_X963_KDF
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
- ecKDF_X963_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CBC, KDF_X963_SHA256, HMAC_SHA256\n");
- }
- }
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
- ecKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CBC, KDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CBC,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_256_CBC, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #endif
- #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
- #ifdef WOLFSSL_AES_128
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CTR, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CTR,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_256_CTR, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #endif /* !NO_AES && WOLFSSL_AES_COUNTER */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- if (ret == 0) {
- ret = ecc_ctx_kdf_salt_test(&rng, userA, userB);
- }
- #endif
- #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
- {
- size_t bytes;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof *tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key cliKey[1];
- ecc_key servKey[1];
- ecc_key tmpKey[1];
- #endif
- WC_RNG rng;
- word32 idx = 0;
- wc_test_ret_t ret;
- /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
- byte in[] = "Everyone gets Friday off. ecc p";
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[256];
- byte plain[256];
- int verify = 0;
- word32 x;
- WOLFSSL_ENTER("ecc_test_buffers");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- bytes = (size_t)sizeof_ecc_clikey_der_256;
- /* place client key into ecc_key struct cliKey */
- ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey,
- (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- idx = 0;
- bytes = (size_t)sizeof_ecc_key_der_256;
- /* place server key into ecc_key struct servKey */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey,
- (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(cliKey, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ecc_set_rng(servKey, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #endif /* !WC_NO_RNG */
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- {
- word32 y;
- /* test encrypt and decrypt if they're available */
- x = sizeof(out);
- ret = wc_ecc_encrypt(cliKey, servKey, in, sizeof(in), out, &x, NULL);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = cliKey->dp;
- ret = wc_ecc_copy_point(&cliKey->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret); goto done;
- }
- #endif
- y = sizeof(plain);
- ret = wc_ecc_decrypt(servKey, tmpKey, out, x, plain, &y, NULL);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (XMEMCMP(plain, in, inLen))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- x = sizeof(out);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- TEST_SLEEP();
- XMEMSET(plain, 0, sizeof(plain));
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
- cliKey);
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- TEST_SLEEP();
- #ifdef WOLFSSL_CERT_EXT
- idx = 0;
- bytes = sizeof_ecc_clikeypub_der_256;
- ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey,
- (word32) bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- ret = 0;
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (cliKey != NULL) {
- wc_ecc_free(cliKey);
- XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (servKey != NULL) {
- wc_ecc_free(servKey);
- XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmpKey != NULL) {
- wc_ecc_free(tmpKey);
- XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(cliKey);
- wc_ecc_free(servKey);
- wc_ecc_free(tmpKey);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */
- #endif /* HAVE_ECC */
- #ifdef HAVE_CURVE25519
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- #define X25519_TEST_CNT 5
- #else
- #define X25519_TEST_CNT 1
- #endif
- static wc_test_ret_t curve25519_overflow_test(void)
- {
- /* secret key for party a */
- byte sa[X25519_TEST_CNT][32] = {
- {
- 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
- 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
- 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
- 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
- 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
- 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
- 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- }
- #endif
- };
- /* public key for party b */
- byte pb[X25519_TEST_CNT][32] = {
- {
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- /* 0xff first byte in original - invalid! */
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- {
- 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
- 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
- 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
- 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
- },
- {
- 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
- 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
- 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
- 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
- },
- {
- 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
- 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
- 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
- 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
- }
- #endif
- };
- /* expected shared key */
- byte ss[X25519_TEST_CNT][32] = {
- {
- 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
- 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
- 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
- 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
- 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
- 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
- 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
- }
- #endif
- };
- wc_test_ret_t ret = 0;
- int i;
- word32 y;
- byte shared[32];
- curve25519_key userA;
- wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
- for (i = 0; i < X25519_TEST_CNT; i++) {
- if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
- sizeof(pb[i]), &userA) != 0) {
- ret = WC_TEST_RET_ENC_I(i); break;
- }
- /* test against known test vector */
- XMEMSET(shared, 0, sizeof(shared));
- y = sizeof(shared);
- if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) {
- ret = WC_TEST_RET_ENC_I(i); break;
- }
- if (XMEMCMP(ss[i], shared, y)) {
- ret = WC_TEST_RET_ENC_I(i); break;
- }
- }
- wc_curve25519_free(&userA);
- return ret;
- }
- /* Test the wc_curve25519_check_public API.
- *
- * returns 0 on success and -ve on failure.
- */
- static wc_test_ret_t curve25519_check_public_test(void)
- {
- wc_test_ret_t ret;
- /* Little-endian values that will fail */
- byte fail_le[][CURVE25519_KEYSIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81
- },
- };
- /* Big-endian values that will fail */
- byte fail_be[][CURVE25519_KEYSIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- {
- 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- };
- /* Good or valid public value */
- byte good[CURVE25519_KEYSIZE] = {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- int i;
- /* Parameter checks */
- /* NULL pointer */
- ret = wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN);
- if (ret != BAD_FUNC_ARG) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN);
- if (ret != BAD_FUNC_ARG) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Length of 0 treated differently to other invalid lengths for TLS */
- ret = wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- /* Length not CURVE25519_KEYSIZE */
- for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
- if (i == CURVE25519_KEYSIZE)
- continue;
- if (wc_curve25519_check_public(good, (word32)i, EC25519_LITTLE_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return WC_TEST_RET_ENC_I(i);
- }
- if (wc_curve25519_check_public(good, (word32)i, EC25519_BIG_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Little-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
- if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
- EC25519_LITTLE_ENDIAN) == 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Big-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
- if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
- EC25519_BIG_ENDIAN) == 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Check a valid public value works! */
- ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
- EC25519_LITTLE_ENDIAN);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
- EC25519_BIG_ENDIAN);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- return 0;
- }
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- static wc_test_ret_t curve255519_der_test(void)
- {
- wc_test_ret_t ret = 0;
- /* certs/statickeys/x25519.der */
- const byte kCurve25519PrivDer[] = {
- 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E,
- 0x04, 0x22, 0x04, 0x20, 0x78, 0x8E, 0x31, 0x5C, 0x33, 0xA9, 0x19, 0xC0,
- 0x5E, 0x36, 0x70, 0x1B, 0xA4, 0xE8, 0xEF, 0xC1, 0x89, 0x8C, 0xB3, 0x15,
- 0xC6, 0x79, 0xD3, 0xAC, 0x22, 0x00, 0xAE, 0xFA, 0xB3, 0xB7, 0x0F, 0x78
- };
- /* certs/statickeys/x25519-pub.der */
- const byte kCurve25519PubDer[] = {
- 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00,
- 0x09, 0xBC, 0x8C, 0xC7, 0x45, 0x0D, 0xC1, 0xC2, 0x02, 0x57, 0x9A, 0x68,
- 0x3A, 0xFD, 0x7A, 0xA8, 0xA5, 0x2F, 0xF0, 0x99, 0x39, 0x98, 0xEA, 0x26,
- 0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26
- };
- curve25519_key key;
- byte output[128];
- word32 outputSz = 128;
- word32 idx;
- ret = wc_curve25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Test decode / encode of Curve25519 private key only */
- if (ret == 0) {
- idx = 0;
- ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, &key,
- (word32)sizeof(kCurve25519PrivDer));
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- outputSz = (word32)sizeof(output);
- ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
- if (ret >= 0) {
- outputSz = (word32)ret;
- ret = 0;
- }
- else {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- }
- if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
- XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
- ret = WC_TEST_RET_ENC_NC;
- }
- /* Test decode / encode of Curve25519 public key only */
- if (ret == 0) {
- idx = 0;
- ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, &key,
- (word32)sizeof(kCurve25519PubDer));
- if (ret < 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- outputSz = (word32)sizeof(output);
- ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
- if (ret >= 0) {
- outputSz = (word32)ret;
- ret = 0;
- }
- else {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- }
- if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
- XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
- ret = WC_TEST_RET_ENC_NC;
- }
- wc_curve25519_free(&key);
- return ret;
- }
- #endif /* !NO_ASN && HAVE_CURVE25519_KEY_EXPORT && HAVE_CURVE25519_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
- {
- WC_RNG rng;
- wc_test_ret_t ret;
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- byte sharedA[32];
- byte sharedB[32];
- word32 y;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- byte exportBuf[32];
- #endif
- word32 x = 0;
- curve25519_key userA, userB, pubKey;
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
- */
- /* secret key for party a */
- byte sa[] = {
- 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
- 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
- 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
- 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
- };
- /* public key for party a */
- byte pa[] = {
- 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
- 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
- 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
- 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
- };
- /* secret key for party b */
- byte sb[] = {
- 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
- 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
- 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
- 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
- };
- /* public key for party b */
- byte pb[] = {
- 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
- 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
- 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
- 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
- };
- /* expected shared key */
- byte ss[] = {
- 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
- 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
- 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
- 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
- };
- #endif /* HAVE_CURVE25519_SHARED_SECRET */
- (void)x;
- WOLFSSL_ENTER("curve25519_test");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
- wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
- wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
- /* make curve25519 keys */
- ret = wc_curve25519_make_key(&rng, 32, &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve25519_make_key(&rng, 32, &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) {
- printf("wc_curve25519_shared_secret 1 failed\n");
- return WC_TEST_RET_ENC_EC(ret);
- }
- y = sizeof(sharedB);
- if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) {
- printf("wc_curve25519_shared_secret 2 failed\n");
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(sharedA, sharedB, x))
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- ret = wc_curve25519_export_public(&userA, exportBuf, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_CURVE25519_KEY_IMPORT
- ret = wc_curve25519_import_public(exportBuf, x, &pubKey);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #endif
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- if (XMEMCMP(sharedA, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* import RFC test vectors and compare shared key */
- ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
- &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb),
- &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve25519_shared_secret(&userA, &userB, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(ss, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* test swapping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(ss, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* test with 1 generated key and 1 from known test vector */
- ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
- &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_curve25519_free(&userB);
- wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
- ret = wc_curve25519_make_key(&rng, 32, &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- x = sizeof(sharedA);
- ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- y = sizeof(sharedB);
- ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(sharedA, sharedB, x))
- return WC_TEST_RET_ENC_NC;
- ret = curve25519_overflow_test();
- if (ret != 0)
- return ret;
- ret = curve25519_check_public_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- ret = curve255519_der_test();
- if (ret != 0)
- return ret;
- #endif
- /* clean up keys when done */
- wc_curve25519_free(&pubKey);
- wc_curve25519_free(&userB);
- wc_curve25519_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE25519 */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static wc_test_ret_t ed25519_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED25519_VERIFY
- ed25519_key key;
- ed25519_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- wc_test_ret_t ret;
- byte* tmp;
- size_t bytes;
- XFILE file;
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
- bytes = sizeof_ca_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(caEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
- bytes = sizeof_server_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(serverEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ED25519_VERIFY
- ret = wc_ed25519_init(&key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- pubKey = &key;
- ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
- pubKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey);
- if (ret < 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif /* HAVE_ED25519_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED25519_VERIFY
- wc_ed25519_free(pubKey);
- #endif /* HAVE_ED25519_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static wc_test_ret_t ed25519_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed25519_key key;
- ed25519_key* privKey = NULL;
- wc_test_ret_t ret = 0;
- byte* tmp = NULL;
- wc_InitCert_ex(&cert, HEAP_HINT, devId);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_ed25519_init(&key);
- privKey = &key;
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- cert.sigType = CTC_ED25519;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
- ED25519_TYPE, privKey, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed25519_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(HAVE_ED25519_KEY_IMPORT)
- static wc_test_ret_t ed25519_test_check_key(void)
- {
- /* Fails to find x-ordinate from this y-ordinate. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = {
- 0x40,
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
- /* Y-ordinate value larger than prime. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = {
- 0x40,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
- };
- /* Y-ordinate value equal to prime. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = {
- 0x40,
- 0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
- };
- /* Y-ordinate value equal to prime - 1. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = {
- 0x40,
- 0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
- };
- ed25519_key key;
- int ret;
- int res = 0;
- /* Initialize key for use. */
- ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- /* Load bad public key only and perform checks. */
- ret = wc_ed25519_import_public(key_bad_y, ED25519_PUB_KEY_SIZE + 1, &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- if (res == 0) {
- /* Load bad public key only and perform checks. */
- ret = wc_ed25519_import_public(key_bad_y_max, ED25519_PUB_KEY_SIZE + 1,
- &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- if (res == 0) {
- /* Load bad public key only and perform checks. */
- ret = wc_ed25519_import_public(key_bad_y_is_p, ED25519_PUB_KEY_SIZE + 1,
- &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- if (res == 0) {
- /* Load good public key only and perform checks. */
- ret = wc_ed25519_import_public(key_y_is_p_minus_1,
- ED25519_PUB_KEY_SIZE + 1, &key);
- if (ret != 0) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- /* Dispose of key. */
- wc_ed25519_free(&key);
- return res;
- }
- #endif
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- static wc_test_ret_t ed25519ctx_test(void)
- {
- wc_test_ret_t ret;
- byte out[ED25519_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify = 0;
- #endif /* HAVE_ED25519_VERIFY */
- ed25519_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
- 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f,
- 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57,
- 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95,
- 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
- 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f,
- 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae,
- 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb,
- 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = {
- 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04,
- 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b,
- 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76,
- 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a,
- 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22,
- 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5,
- 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2,
- 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = {
- 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3,
- 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a,
- 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5,
- 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4,
- 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d,
- 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54,
- 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68,
- 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
- 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49,
- 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return 10800;
- ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
- sizeof(pKeyCtx), &key);
- if (ret == 0)
- ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- contextCtx, sizeof(contextCtx));
- if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
- &verify, &key, contextCtx, sizeof(contextCtx));
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- if (ret == 0)
- ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- wc_ed25519_free(&key);
- return ret;
- }
- static wc_test_ret_t ed25519ph_test(void)
- {
- wc_test_ret_t ret = 0;
- byte out[ED25519_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify = 0;
- #endif /* HAVE_ED25519_VERIFY */
- ed25519_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
- 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
- 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
- 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
- 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
- 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
- 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
- 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
- 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
- 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a,
- 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80,
- 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76,
- 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41,
- 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35,
- 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa,
- 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a,
- 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
- 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6,
- 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29,
- 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34,
- 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08,
- 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5,
- 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6,
- 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4,
- 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
- 0x61,0x62,0x63
- };
- /* SHA-512 hash of msgPh */
- WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
- 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
- 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
- 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
- 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
- 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
- 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
- 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
- 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
- sizeof(pKeyPh), &key);
- if (ret == 0)
- ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
- &key, contextPh2, sizeof(contextPh2));
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- if (ret == 0)
- ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
- ret = WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- if (ret == 0)
- ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, contextPh2, sizeof(contextPh2));
- if (ret == 0 && verify != 1)
- ret = WC_TEST_RET_ENC_NC;
- #endif
- wc_ed25519_free(&key);
- return ret;
- }
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
- {
- wc_test_ret_t ret;
- WC_RNG rng;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- byte out[ED25519_SIG_SIZE];
- byte exportPKey[ED25519_KEY_SIZE];
- byte exportSKey[ED25519_KEY_SIZE];
- word32 exportPSz;
- word32 exportSSz;
- int i;
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
- int j;
- #endif
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- word32 keySz, sigSz;
- ed25519_key key;
- ed25519_key key2;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
- */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
- 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
- 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
- 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
- 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
- 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
- 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
- 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
- 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- /* compressed prefix test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
- 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
- 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
- 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
- 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
- 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
- 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
- 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
- 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
- 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
- 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
- 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
- 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
- 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
- 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
- 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
- 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
- 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
- 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
- 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
- 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
- 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
- 0xd7
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
- 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
- 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
- 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
- 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
- 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
- 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
- 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
- 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
- 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
- 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
- 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
- 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
- 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
- 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
- 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
- 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
- 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
- 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
- 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
- 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
- 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
- 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
- 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
- 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
- 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
- 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
- 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
- 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
- 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72};
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82};
- /* test of a 1024 byte long message */
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
- 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
- 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
- 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
- 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
- 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
- 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
- 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
- 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
- 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
- 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
- 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
- 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
- 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
- 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
- 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
- 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
- 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
- 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
- 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
- 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
- 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
- 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
- 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
- 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
- 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
- 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
- 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
- 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
- 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
- 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
- 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
- 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
- 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
- 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
- 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
- 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
- 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
- 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
- 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
- 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
- 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
- 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
- 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
- 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
- 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
- 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
- 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
- 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
- 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
- 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
- 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
- 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
- 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
- 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
- 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
- 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
- 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
- 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
- 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
- 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
- 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
- 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
- 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
- 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
- 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
- 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
- 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
- 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
- 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
- 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
- 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
- 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
- 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
- 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
- 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
- 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
- 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
- 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
- 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
- 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
- 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
- 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
- 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
- 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
- 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
- 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
- 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
- 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
- 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
- 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
- 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
- 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
- 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
- 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
- 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
- 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
- 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
- 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
- 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
- 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
- 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
- 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
- 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
- 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
- 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
- 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
- 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
- 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
- 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
- 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
- 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
- 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
- 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
- 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
- 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
- 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
- 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
- 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
- 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
- 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
- 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
- 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
- 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
- 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
- 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
- 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
- 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
- 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static const byte privateEd25519[] = {
- 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- static const byte badPrivateEd25519[] = {
- 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
- 0xa1,0x22,0x04,0x21,0xd7,0x5a,0x98,0x01, /* octet len 0x20 -> 0x21 */
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a,
- 0x00 /* add additional bytes to make the pubkey bigger */
- };
- static const byte publicEd25519[] = {
- 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
- 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a
- };
- /* size has been altered to catch if sanity check is done */
- static const byte badPublicEd25519[] = {
- 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
- 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a,
- 0x00 /* add an additional byte to make the pubkey appear bigger */
- };
- static const byte privPubEd25519[] = {
- 0x30,0x50,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
- 0x81,0x20,0xd7,0x5a,0x98,0x01,0x82,0xb1,
- 0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64,
- 0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6,
- 0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07,
- 0x51,0x1a
- };
- word32 idx;
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
- ed25519_key key3;
- #endif
- WOLFSSL_ENTER("ed25519_test");
- /* create ed25519 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
- #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
- wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
- #endif
- #ifdef HAVE_ED25519_MAKE_KEY
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
- #endif
- /* helper functions for signature and key size */
- keySz = (word32)wc_ed25519_size(&key);
- sigSz = (word32)wc_ed25519_sig_size(&key);
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
- pKeySz[i], &key) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(out, sigs[i], 64))
- return WC_TEST_RET_ENC_I(i);
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) != 0 || verify != 1)
- return WC_TEST_RET_ENC_I(i);
- #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
- /* test verify on good msg using streaming interface directly */
- if (wc_ed25519_verify_msg_init(out, outlen,
- &key, (byte)Ed25519, NULL, 0) != 0)
- return WC_TEST_RET_ENC_I(i);
- for (j = 0; j < msgSz[i]; j += i) {
- if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- if (wc_ed25519_verify_msg_final(out, outlen, &verify,
- &key) != 0 || verify != 1)
- return WC_TEST_RET_ENC_I(i);
- #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
- /* test verify on bad msg */
- out[outlen-1] = out[outlen-1] + 1;
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) == 0 || verify == 1)
- return WC_TEST_RET_ENC_I(i);
- #endif /* HAVE_ED25519_VERIFY */
- /* test api for import/exporting keys */
- exportPSz = sizeof(exportPKey);
- exportSSz = sizeof(exportSKey);
- if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
- return WC_TEST_RET_ENC_I(i);
- if (wc_ed25519_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, &key2) != 0)
- return WC_TEST_RET_ENC_I(i);
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
- return WC_TEST_RET_ENC_I(i);
- #if defined(HAVE_ED25519_VERIFY)
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key2) != 0 || verify != 1)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(out, sigs[i], 64))
- return WC_TEST_RET_ENC_I(i);
- #endif /* HAVE_ED25519_VERIFY */
- }
- {
- /* Run tests for some rare code paths */
- /* sig is exactly equal to the order */
- static const byte rareEd1[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
- };
- /* sig is larger than the order before we get to the low part */
- static const byte rareEd2[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x10
- };
- /* sig is larger than the order in the low part */
- static const byte rareEd3[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf9, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
- };
- /* sig is smaller than the order */
- static const byte rareEd4[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf1, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
- };
- ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE,
- pKeys[0], pKeySz[0], &key);
- if (ret != 0)
- return ret;
- ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0],
- &verify, &key);
- if (ret != BAD_FUNC_ARG)
- return ret;
- ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0],
- &verify, &key);
- if (ret != BAD_FUNC_ARG)
- return ret;
- ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0],
- &verify, &key);
- if (ret != BAD_FUNC_ARG)
- return ret;
- ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0],
- &verify, &key);
- if (ret != SIG_VERIFY_E)
- return ret;
- }
- ret = ed25519ctx_test();
- if (ret != 0)
- return ret;
- ret = ed25519ph_test();
- if (ret != 0)
- return ret;
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
- sizeof(privateEd25519));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3,
- sizeof(badPrivateEd25519)) == 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* try with a buffer size that is too large */
- idx = 0;
- if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
- sizeof(badPublicEd25519)) == 0)
- return WC_TEST_RET_ENC_NC;
- idx = 0;
- ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
- sizeof(publicEd25519));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigs[0], 64))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3);
- if (ret != 0 || verify != 1)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* HAVE_ED25519_VERIFY */
- wc_ed25519_free(&key3);
- wc_ed25519_init(&key3);
- idx = 0;
- ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
- sizeof(privPubEd25519));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigs[0], 64))
- return WC_TEST_RET_ENC_NC;
- wc_ed25519_free(&key3);
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- /* clean up keys when done */
- wc_ed25519_free(&key);
- wc_ed25519_free(&key2);
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- ret = ed25519_test_check_key();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed25519_test_cert();
- if (ret < 0)
- return ret;
- #if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
- ret = ed25519_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_CURVE448
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* Test the wc_curve448_check_public API.
- *
- * returns 0 on success and -ve on failure.
- */
- static wc_test_ret_t curve448_check_public_test(void)
- {
- /* Little-endian values that will fail */
- byte fail_le[][CURVE448_KEY_SIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- };
- /* Big-endian values that will fail */
- byte fail_be[][CURVE448_KEY_SIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- };
- /* Good or valid public value */
- byte good[CURVE448_KEY_SIZE] = {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- int i;
- wc_test_ret_t ret;
- /* Parameter checks */
- /* NULL pointer */
- ret = wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Length of 0 treated differently to other invalid lengths for TLS */
- ret = wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- /* Length not CURVE448_KEY_SIZE */
- for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
- if (i == CURVE448_KEY_SIZE)
- continue;
- if (wc_curve448_check_public(good, (word32)i, EC448_LITTLE_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return WC_TEST_RET_ENC_I(i);
- }
- if (wc_curve448_check_public(good, (word32)i, EC448_BIG_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Little-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
- if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE,
- EC448_LITTLE_ENDIAN) == 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Big-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
- if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE,
- EC448_BIG_ENDIAN) == 0) {
- return WC_TEST_RET_ENC_I(i);
- }
- }
- /* Check a valid public value works! */
- ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE,
- EC448_LITTLE_ENDIAN);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE, EC448_BIG_ENDIAN);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void)
- {
- WC_RNG rng;
- wc_test_ret_t ret;
- #ifdef HAVE_CURVE448_SHARED_SECRET
- byte sharedA[CURVE448_KEY_SIZE];
- byte sharedB[CURVE448_KEY_SIZE];
- word32 y;
- #endif
- #ifdef HAVE_CURVE448_KEY_EXPORT
- byte exportBuf[CURVE448_KEY_SIZE];
- #endif
- word32 x = 0;
- curve448_key userA, userB, pubKey;
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* test vectors from
- https://www.rfc-editor.org/rfc/rfc7748.html
- */
- /* secret key for party a */
- byte sa[] = {
- 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a,
- 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00,
- 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74,
- 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4,
- 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee,
- 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75,
- 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a,
- };
- /* public key for party a */
- byte pa[] = {
- 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17,
- 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c,
- 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8,
- 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa,
- 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27,
- 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d,
- 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b,
- };
- /* secret key for party b */
- byte sb[] = {
- 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36,
- 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37,
- 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb,
- 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f,
- 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6,
- 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99,
- 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c,
- };
- /* public key for party b */
- byte pb[] = {
- 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07,
- 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7,
- 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc,
- 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3,
- 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d,
- 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc,
- 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e,
- };
- /* expected shared key */
- byte ss[] = {
- 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44,
- 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52,
- 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd,
- 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28,
- 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d,
- 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec,
- 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07,
- };
- #endif /* HAVE_CURVE448_SHARED_SECRET */
- (void)x;
- WOLFSSL_ENTER("curve448_test");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_curve448_init(&userA);
- wc_curve448_init(&userB);
- wc_curve448_init(&pubKey);
- /* make curve448 keys */
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_CURVE448_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- ret = wc_curve448_shared_secret(&userA, &userB, sharedA, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(sharedA, sharedB, x))
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifdef HAVE_CURVE448_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- ret = wc_curve448_export_public(&userA, exportBuf, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef HAVE_CURVE448_KEY_IMPORT
- ret = wc_curve448_import_public(exportBuf, x, &pubKey);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #endif
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(sharedA, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* import RFC test vectors and compare shared key */
- ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userA, &userB, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(ss, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* test swapping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(ss, sharedB, y))
- return WC_TEST_RET_ENC_NC;
- /* test with 1 generated key and 1 from known test vector */
- ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_curve448_make_key(&rng, 56, &userB);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- x = sizeof(sharedA);
- ret = wc_curve448_shared_secret(&userA, &userB, sharedA, &x);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- y = sizeof(sharedB);
- ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(sharedA, sharedB, x))
- return WC_TEST_RET_ENC_NC;
- ret = curve448_check_public_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
- /* clean up keys when done */
- wc_curve448_free(&pubKey);
- wc_curve448_free(&userB);
- wc_curve448_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE448 */
- #ifdef HAVE_ED448
- #ifdef WOLFSSL_TEST_CERT
- static wc_test_ret_t ed448_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED448_VERIFY
- ed448_key key;
- ed448_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- wc_test_ret_t ret;
- byte* tmp;
- size_t bytes;
- XFILE file;
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert);
- bytes = sizeof_ca_ed448_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(caEd448Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert);
- bytes = sizeof_server_ed448_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(serverEd448Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- #else
- /* No certificate to use. */
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef HAVE_ED448_VERIFY
- ret = wc_ed448_init(&key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- pubKey = &key;
- ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey, NULL, 0);
- if (ret < 0 || verify != 1) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- }
- #endif /* HAVE_ED448_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED448_VERIFY
- wc_ed448_free(pubKey);
- #endif /* HAVE_ED448_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static wc_test_ret_t ed448_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed448_key key;
- ed448_key* privKey = NULL;
- wc_test_ret_t ret = 0;
- byte* tmp = NULL;
- wc_InitCert_ex(&cert, HEAP_HINT, devId);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_ed448_init(&key);
- privKey = &key;
- wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- cert.sigType = CTC_ED448;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE,
- privKey, &rng);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed448_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(HAVE_ED448_KEY_IMPORT)
- static wc_test_ret_t ed448_test_check_key(void)
- {
- /* Fails to find x-ordinate from this y-ordinate. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = {
- 0x40,
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00
- };
- /* Y-ordinate value larger than prime. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = {
- 0x40,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff
- };
- /* Y-ordinate value equal to prime. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = {
- 0x40,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff
- };
- /* Y-ordinate value equal to prime - 1. */
- WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = {
- 0x40,
- 0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff
- };
- ed448_key key;
- int ret;
- int res = 0;
- /* Initialize key for use. */
- ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- /* Load bad public key only and perform checks. */
- ret = wc_ed448_import_public(key_bad_y, ED448_PUB_KEY_SIZE + 1, &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- if (ret == 0) {
- /* Load bad public key only and perform checks. */
- ret = wc_ed448_import_public(key_bad_y_max, ED448_PUB_KEY_SIZE + 1,
- &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- if (res == 0) {
- /* Load bad public key only and perform checks. */
- ret = wc_ed448_import_public(key_bad_y_is_p, ED448_PUB_KEY_SIZE + 1,
- &key);
- if (ret != PUBLIC_KEY_E) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- if (res == 0) {
- /* Load good public key only and perform checks. */
- ret = wc_ed448_import_public(key_y_is_p_minus_1, ED448_PUB_KEY_SIZE + 1,
- &key);
- if (ret != 0) {
- res = WC_TEST_RET_ENC_NC;
- }
- }
- /* Dispose of key. */
- wc_ed448_free(&key);
- return res;
- }
- #endif
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(HAVE_ED448_KEY_IMPORT)
- static wc_test_ret_t ed448_ctx_test(void)
- {
- wc_test_ret_t ret;
- byte out[ED448_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- ed448_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
- 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
- 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
- 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
- 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
- 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
- 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
- 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
- 0x4e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
- 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
- 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
- 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
- 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
- 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
- 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
- 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = {
- 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46,
- 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55,
- 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab,
- 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2,
- 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2,
- 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21,
- 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea,
- 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda,
- 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d,
- 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24,
- 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f,
- 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d,
- 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98,
- 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c,
- 0x3c, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
- 0x03
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx,
- sizeof(pKeyCtx), &key);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- contextCtx, sizeof(contextCtx));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigCtx, sizeof(sigCtx)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- ret = wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key,
- contextCtx, sizeof(contextCtx));
- if (ret != 0 || verify != 1)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- wc_ed448_free(&key);
- return 0;
- }
- static wc_test_ret_t ed448ph_test(void)
- {
- wc_test_ret_t ret;
- byte out[ED448_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- ed448_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
- 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
- 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
- 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
- 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42,
- 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27,
- 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3,
- 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c,
- 0x49
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
- 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77,
- 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31,
- 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde,
- 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43,
- 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5,
- 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76,
- 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
- 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d,
- 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69,
- 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56,
- 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38,
- 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15,
- 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd,
- 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b,
- 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd,
- 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94,
- 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5,
- 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94,
- 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3,
- 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60,
- 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9,
- 0x0f, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
- 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02,
- 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9,
- 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49,
- 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48,
- 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92,
- 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda,
- 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2,
- 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3,
- 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23,
- 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30,
- 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb,
- 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28,
- 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a,
- 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13,
- 0x21, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
- 0x61,0x62,0x63
- };
- /* SHA-512 hash of msgPh */
- WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
- 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
- 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
- 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
- 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
- 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
- 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
- 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f,
- 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh,
- sizeof(pKeyPh), &key);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
- 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
- NULL, 0);
- if (ret != 0 || verify != 1) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
- contextPh2, sizeof(contextPh2));
- if (ret != 0 || verify != 1) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
- 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, NULL, 0);
- if (ret != 0 || verify != 1) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ED448_VERIFY)
- ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, contextPh2, sizeof(contextPh2));
- if (ret != 0 || verify != 1) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- #endif
- wc_ed448_free(&key);
- return 0;
- }
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
- {
- wc_test_ret_t ret;
- WC_RNG rng;
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
- defined(HAVE_ED448_KEY_IMPORT)
- byte out[ED448_SIG_SIZE];
- int i;
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- #ifdef WOLFSSL_ED448_STREAMING_VERIFY
- int j;
- #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- word32 keySz, sigSz;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ed448_key *key = NULL;
- ed448_key *key2 = NULL;
- #else
- ed448_key key[1];
- ed448_key key2[1];
- #endif
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(HAVE_ED448_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/rfc8032
- */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
- 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
- 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
- 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
- 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
- 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
- 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
- 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
- 0x4e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
- 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
- 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
- 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
- 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
- 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
- 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
- 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
- 0x1b
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- /* compressed prefix test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
- 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73,
- 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8,
- 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83,
- 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec,
- 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea,
- 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19,
- 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c,
- 0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
- 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
- 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
- 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
- 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
- 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
- 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
- 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
- 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
- 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
- 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
- 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
- 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
- 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
- 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
- 0x80
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
- 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94,
- 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb,
- 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14,
- 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d,
- 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c,
- 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd,
- 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4,
- 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
- 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89,
- 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77,
- 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35,
- 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35,
- 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7,
- 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33,
- 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79,
- 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb,
- 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36,
- 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36,
- 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29,
- 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f,
- 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf,
- 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0,
- 0x3a, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
- 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
- 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
- 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
- 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
- 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
- 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
- 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
- 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
- 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
- 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
- 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
- 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
- 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
- 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
- 0x3c, 0x00
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
- 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d,
- 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75,
- 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2,
- 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd,
- 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63,
- 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a,
- 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97,
- 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d,
- 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c,
- 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29,
- 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d,
- 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57,
- 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17,
- 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e,
- 0x1a, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- #define SIGSZ sizeof(sig1)
- PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { 0 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
- 0x66, 0x81, 0x1e, 0x29, 0x15 };
- /* test of a 1023 byte long message */
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
- 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86,
- 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35,
- 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c,
- 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12,
- 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51,
- 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50,
- 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4,
- 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd,
- 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6,
- 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa,
- 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36,
- 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc,
- 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc,
- 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76,
- 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf,
- 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9,
- 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69,
- 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e,
- 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23,
- 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9,
- 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47,
- 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60,
- 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6,
- 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21,
- 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad,
- 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77,
- 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17,
- 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17,
- 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78,
- 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e,
- 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3,
- 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13,
- 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93,
- 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25,
- 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5,
- 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0,
- 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb,
- 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b,
- 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed,
- 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20,
- 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97,
- 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73,
- 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22,
- 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1,
- 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5,
- 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9,
- 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c,
- 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98,
- 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25,
- 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1,
- 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6,
- 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee,
- 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13,
- 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7,
- 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d,
- 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6,
- 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f,
- 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42,
- 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8,
- 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4,
- 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6,
- 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68,
- 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00,
- 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9,
- 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c,
- 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40,
- 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6,
- 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41,
- 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c,
- 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84,
- 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2,
- 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56,
- 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63,
- 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa,
- 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99,
- 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab,
- 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c,
- 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2,
- 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42,
- 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3,
- 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17,
- 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26,
- 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20,
- 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35,
- 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e,
- 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72,
- 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a,
- 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14,
- 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53,
- 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc,
- 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c,
- 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67,
- 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01,
- 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa,
- 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65,
- 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05,
- 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde,
- 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37,
- 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07,
- 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63,
- 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd,
- 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64,
- 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a,
- 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d,
- 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6,
- 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c,
- 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2,
- 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c,
- 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7,
- 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56,
- 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1,
- 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e,
- 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9,
- 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15,
- 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd,
- 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd,
- 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d,
- 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b,
- 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56,
- 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4,
- 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b,
- 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69,
- 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4,
- 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95,
- 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff,
- 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e,
- 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1,
- 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static const byte privateEd448[] = {
- 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
- 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39,
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- static const byte publicEd448[] = {
- 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
- 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b,
- 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
- 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
- 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
- 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
- 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
- 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
- 0xaf, 0xe8, 0x25, 0x61, 0x80
- };
- static const byte privPubEd448[] = {
- 0x30, 0x81, 0x82, 0x02, 0x01, 0x00, 0x30, 0x05,
- 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04,
- 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d,
- 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e,
- 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c,
- 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48,
- 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04,
- 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f,
- 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98,
- 0xf9, 0x5b, 0x81, 0x39, 0x5f, 0xd7, 0x44, 0x9b,
- 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
- 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
- 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
- 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
- 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
- 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
- 0xaf, 0xe8, 0x25, 0x61, 0x80
- };
- word32 idx;
- #endif /* NO_ASN */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ed448_key *key3 = NULL;
- #else
- ed448_key key3[1];
- #endif
- #endif
- WOLFSSL_ENTER("ed448_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- key2 = (ed448_key *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- key3 = (ed448_key *)XMALLOC(sizeof(*key3), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- /* create ed448 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- XMEMSET(&rng, 0, sizeof(rng));
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_ed448_init(key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_init(key2);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- ret = wc_ed448_init(key3);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key2);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* helper functions for signature and key size */
- keySz = (word32)wc_ed448_size(key);
- sigSz = (word32)wc_ed448_sig_size(key);
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
- defined(HAVE_ED448_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i],
- pKeySz[i], key) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key, NULL,
- 0) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(out, sigs[i], 114))
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
- NULL, 0) != 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #ifdef WOLFSSL_ED448_STREAMING_VERIFY
- /* test verify on good msg using streaming interface directly */
- if (wc_ed448_verify_msg_init(out, outlen,
- key, (byte)Ed448, NULL, 0) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- for (j = 0; j < msgSz[i]; j += i) {
- if (wc_ed448_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- if (wc_ed448_verify_msg_final(out, outlen, &verify,
- key) != 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
- /* test verify on bad msg */
- out[outlen-2] = out[outlen-2] + 1;
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
- NULL, 0) == 0 || verify == 1)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #endif /* HAVE_ED448_VERIFY */
- /* test api for import/exporting keys */
- {
- byte *exportPKey = NULL;
- byte *exportSKey = NULL;
- word32 exportPSz = ED448_KEY_SIZE;
- word32 exportSSz = ED448_KEY_SIZE;
- exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((exportPKey == NULL) || (exportSKey == NULL))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = 0;
- do {
- if (wc_ed448_export_public(key, exportPKey, &exportPSz) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- if (wc_ed448_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- if (wc_ed448_export_private_only(key, exportSKey, &exportSSz) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- if (wc_ed448_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, key2) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key2, NULL,
- 0) != 0) {
- ret = WC_TEST_RET_ENC_I(i);
- break;
- }
- } while(0);
- XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (ret != 0)
- goto out;
- }
- #if defined(HAVE_ED448_VERIFY)
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2,
- NULL, 0) != 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(out, sigs[i], SIGSZ))
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- #endif /* HAVE_ED448_VERIFY */
- }
- ret = ed448_ctx_test();
- if (ret != 0)
- goto out;
- ret = ed448ph_test();
- if (ret != 0)
- goto out;
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- ret = wc_Ed448PrivateKeyDecode(privateEd448, &idx, key3,
- sizeof(privateEd448));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- idx = 0;
- ret = wc_Ed448PublicKeyDecode(publicEd448, &idx, key3, sizeof(publicEd448));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(out, sigs[0], SIGSZ))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- ret = wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3,
- NULL, 0);
- if (ret != 0 || verify != 1)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif /* HAVE_ED448_VERIFY */
- wc_ed448_free(key3);
- ret = wc_ed448_init(key3);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- idx = 0;
- ret = wc_Ed448PrivateKeyDecode(privPubEd448, &idx, key3,
- sizeof(privPubEd448));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(out, sigs[0], SIGSZ))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #endif /* NO_ASN */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key) {
- wc_ed448_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_ed448_free(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- if (key3) {
- wc_ed448_free(key3);
- XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else
- wc_ed448_free(key);
- wc_ed448_free(key2);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- wc_ed448_free(key3);
- #endif
- #endif
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- if (ret < 0)
- return ret;
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- ret = ed448_test_check_key();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed448_test_cert();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_CERT_GEN
- ret = ed448_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED448 */
- #ifdef WOLFSSL_HAVE_KYBER
- #ifdef WOLFSSL_WC_KYBER /* OQS and PQM4 do not support KATs */
- #ifdef WOLFSSL_KYBER512
- static wc_test_ret_t kyber512_kat(void)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- KyberKey *key = NULL;
- byte *priv = NULL;
- byte *pub = NULL;
- byte *ct = NULL;
- byte *ss = NULL;
- byte *ss_dec = NULL;
- #else
- KyberKey key[1];
- byte priv[KYBER512_PRIVATE_KEY_SIZE];
- byte pub[KYBER512_PUBLIC_KEY_SIZE];
- byte ct[KYBER512_CIPHER_TEXT_SIZE];
- byte ss[KYBER_SS_SZ];
- byte ss_dec[KYBER_SS_SZ];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = {
- 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
- 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
- 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
- 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512enc_rand[] = {
- 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
- 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
- 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
- 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = {
- 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
- 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
- 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
- 0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9,
- 0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98,
- 0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36,
- 0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6,
- 0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C,
- 0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07,
- 0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09,
- 0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A,
- 0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6,
- 0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5,
- 0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6,
- 0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63,
- 0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56,
- 0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91,
- 0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94,
- 0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97,
- 0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70,
- 0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F,
- 0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7,
- 0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73,
- 0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00,
- 0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7,
- 0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26,
- 0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11,
- 0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2,
- 0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD,
- 0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A,
- 0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28,
- 0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C,
- 0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA,
- 0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72,
- 0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47,
- 0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3,
- 0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8,
- 0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A,
- 0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A,
- 0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69,
- 0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91,
- 0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1,
- 0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5,
- 0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02,
- 0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC,
- 0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41,
- 0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B,
- 0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56,
- 0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3,
- 0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8,
- 0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA,
- 0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1,
- 0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E,
- 0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33,
- 0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85,
- 0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45,
- 0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10,
- 0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44,
- 0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74,
- 0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3,
- 0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51,
- 0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66,
- 0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13,
- 0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B,
- 0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36,
- 0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24,
- 0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04,
- 0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6,
- 0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF,
- 0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79,
- 0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23,
- 0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59,
- 0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15,
- 0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E,
- 0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE,
- 0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B,
- 0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC,
- 0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E,
- 0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC,
- 0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2,
- 0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A,
- 0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48,
- 0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58,
- 0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04,
- 0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0,
- 0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD,
- 0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB,
- 0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3,
- 0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02,
- 0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36,
- 0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70,
- 0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2,
- 0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A,
- 0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85,
- 0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38,
- 0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = {
- 0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64,
- 0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE,
- 0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33,
- 0x7E, 0xD7, 0x40, 0x46, 0xDC, 0xC7, 0x1B, 0xA0,
- 0x3F, 0x30, 0x96, 0x01, 0x03, 0x16, 0x1F, 0x7D,
- 0xEB, 0x53, 0xA7, 0x1B, 0x11, 0x61, 0x72, 0x63,
- 0xFE, 0x2A, 0x80, 0x97, 0x69, 0xCE, 0x6D, 0x70,
- 0xA8, 0x5F, 0xE6, 0x00, 0xEC, 0xE2, 0x9D, 0x7F,
- 0x36, 0xA1, 0x6D, 0x33, 0x1B, 0x8B, 0x2A, 0x9E,
- 0x1D, 0xB8, 0xC0, 0x90, 0x74, 0x2D, 0xF0, 0x73,
- 0x9F, 0xF0, 0x60, 0xCE, 0xB4, 0xEC, 0xC5, 0xAB,
- 0x1C, 0x5E, 0x55, 0xAC, 0x97, 0xBB, 0x66, 0xA7,
- 0xF8, 0x95, 0x10, 0x5D, 0x57, 0x78, 0x2B, 0x22,
- 0x95, 0x38, 0xE3, 0x42, 0x15, 0x44, 0xA3, 0x42,
- 0x14, 0x08, 0xDB, 0xF4, 0x49, 0x10, 0x93, 0x4C,
- 0xC4, 0x23, 0x77, 0x4F, 0x16, 0x76, 0xFF, 0x1C,
- 0x30, 0x6F, 0x97, 0x55, 0x5F, 0x57, 0xB4, 0xAE,
- 0xD7, 0xA6, 0xBA, 0xB9, 0x50, 0xA8, 0x16, 0x3C,
- 0x8D, 0x31, 0x8D, 0xEA, 0x62, 0x75, 0x1B, 0xD6,
- 0xAB, 0xC5, 0x06, 0x9C, 0x06, 0xC8, 0x8F, 0x33,
- 0x00, 0x26, 0xA1, 0x98, 0x06, 0xA0, 0x3B, 0x97,
- 0xA7, 0x69, 0x6B, 0x56, 0xDA, 0x21, 0x82, 0x7B,
- 0xB4, 0xE8, 0xDC, 0x03, 0x11, 0x52, 0xB4, 0x1B,
- 0x89, 0x2A, 0x9E, 0x99, 0xAD, 0xF6, 0xE1, 0x96,
- 0x3E, 0x96, 0x57, 0x88, 0x28, 0x15, 0x4F, 0x46,
- 0x70, 0x33, 0x84, 0x69, 0x20, 0xFB, 0xB4, 0xB8,
- 0x05, 0x44, 0xE7, 0xE8, 0xA8, 0x1A, 0xE9, 0x63,
- 0xCF, 0x36, 0x8C, 0x9B, 0xA0, 0x37, 0xA8, 0xC2,
- 0xAD, 0x62, 0xE3, 0x2B, 0x6E, 0x61, 0xC9, 0x1D,
- 0x75, 0xCE, 0x00, 0x5A, 0xB3, 0x0F, 0x80, 0x99,
- 0xA1, 0xF2, 0x9D, 0x7B, 0x63, 0x05, 0xB4, 0xDC,
- 0x06, 0xE2, 0x56, 0x80, 0xBB, 0x00, 0x99, 0x2F,
- 0x71, 0x7F, 0xE6, 0xC1, 0x15, 0xA8, 0x08, 0x42,
- 0x31, 0xCC, 0x79, 0xDD, 0x70, 0x0E, 0xA6, 0x91,
- 0x2A, 0xC7, 0xFA, 0x0D, 0x93, 0x7B, 0xB6, 0xA7,
- 0x56, 0x66, 0x22, 0x30, 0x47, 0x0C, 0x18, 0x9B,
- 0x5A, 0xA1, 0x65, 0x3D, 0xEB, 0x93, 0x7D, 0x5A,
- 0x9C, 0x25, 0xA2, 0x1D, 0x93, 0xB1, 0x90, 0x74,
- 0xFC, 0x23, 0x9D, 0x81, 0x53, 0x53, 0x97, 0x97,
- 0xC7, 0xD4, 0xAB, 0x62, 0x64, 0x9D, 0x76, 0xAA,
- 0x55, 0x37, 0x36, 0xA9, 0x49, 0x02, 0x2C, 0x22,
- 0xC5, 0x2B, 0xAE, 0xEC, 0x60, 0x5B, 0x32, 0xCE,
- 0x9E, 0x5B, 0x93, 0x84, 0x90, 0x35, 0x58, 0xCA,
- 0x9D, 0x6A, 0x3A, 0xBA, 0x90, 0x42, 0x3E, 0xED,
- 0xA0, 0x1C, 0x94, 0x19, 0x8B, 0x19, 0x2A, 0x8B,
- 0xA9, 0x06, 0x34, 0x97, 0xA0, 0xC5, 0x01, 0x33,
- 0x07, 0xDD, 0xD8, 0x63, 0x52, 0x64, 0x71, 0xA4,
- 0xD9, 0x95, 0x23, 0xEB, 0x41, 0x7F, 0x29, 0x1A,
- 0xAC, 0x0C, 0x3A, 0x58, 0x1B, 0x6D, 0xA0, 0x07,
- 0x32, 0xE5, 0xE8, 0x1B, 0x1F, 0x7C, 0x87, 0x9B,
- 0x16, 0x93, 0xC1, 0x3B, 0x6F, 0x9F, 0x79, 0x31,
- 0x62, 0x24, 0x29, 0xE5, 0x42, 0xAF, 0x40, 0x69,
- 0x22, 0x2F, 0x04, 0x55, 0x44, 0xE0, 0xCC, 0x4F,
- 0xB2, 0x4D, 0x44, 0x48, 0xCF, 0x2C, 0x65, 0x96,
- 0xF5, 0xCB, 0x08, 0x62, 0x4B, 0x11, 0x85, 0x01,
- 0x3B, 0x6B, 0x02, 0x08, 0x92, 0xF9, 0x6B, 0xDF,
- 0xD4, 0xAD, 0xA9, 0x17, 0x9D, 0xE7, 0x27, 0xB8,
- 0xD9, 0x42, 0x6E, 0x09, 0x96, 0xB5, 0xD3, 0x49,
- 0x48, 0xCE, 0x02, 0xD0, 0xC3, 0x69, 0xB3, 0x7C,
- 0xBB, 0x54, 0xD3, 0x47, 0x9E, 0xD8, 0xB5, 0x82,
- 0xE9, 0xE7, 0x28, 0x92, 0x9B, 0x4C, 0x71, 0xC9,
- 0xBE, 0x11, 0xD4, 0x5B, 0x20, 0xC4, 0xBD, 0xC3,
- 0xC7, 0x43, 0x13, 0x22, 0x3F, 0x58, 0x27, 0x4E,
- 0x8B, 0xA5, 0x24, 0x44, 0x47, 0xC4, 0x95, 0x95,
- 0x0B, 0x84, 0xCB, 0x0C, 0x3C, 0x27, 0x36, 0x40,
- 0x10, 0x8A, 0x33, 0x97, 0x94, 0x45, 0x73, 0x27,
- 0x93, 0x28, 0x99, 0x6C, 0xDC, 0x0C, 0x91, 0x3C,
- 0x95, 0x8A, 0xD6, 0x20, 0xBA, 0x8B, 0x5E, 0x5E,
- 0xCB, 0xBB, 0x7E, 0x13, 0xCB, 0x9C, 0x70, 0xBD,
- 0x5A, 0xB3, 0x0E, 0xB7, 0x48, 0x8C, 0x97, 0x00,
- 0x1C, 0x20, 0x49, 0x8F, 0x1D, 0x7C, 0xC0, 0x6D,
- 0xA7, 0x6B, 0xF5, 0x20, 0xC6, 0x58, 0xCC, 0xAD,
- 0xFA, 0x29, 0x56, 0x42, 0x45, 0x57, 0xAB, 0xEA,
- 0x8A, 0xB8, 0x92, 0x39, 0xC1, 0x78, 0x33, 0xDC,
- 0x3A, 0x49, 0xB3, 0x6A, 0x9A, 0xE9, 0xA4, 0x86,
- 0x94, 0x05, 0x40, 0xEB, 0x44, 0x4F, 0x97, 0x15,
- 0x23, 0x57, 0xE0, 0x20, 0x35, 0x93, 0x9D, 0x75,
- 0xA3, 0xC0, 0x25, 0xF4, 0x1A, 0x40, 0x08, 0x23,
- 0x82, 0xA0, 0x73, 0x3C, 0x39, 0xB0, 0x62, 0x2B,
- 0x74, 0x0E, 0x40, 0x75, 0x92, 0xC6, 0x2E, 0xCA,
- 0xEB, 0x14, 0x32, 0xC4, 0x45, 0xB3, 0x70, 0x3A,
- 0x86, 0xF6, 0x98, 0x1A, 0x27, 0x81, 0x57, 0xEA,
- 0x95, 0xA6, 0xE9, 0x2D, 0x55, 0xE4, 0xB9, 0x72,
- 0xF9, 0x36, 0xC2, 0xF0, 0xA6, 0x58, 0x28, 0x0E,
- 0xA2, 0xB0, 0x7A, 0x48, 0x99, 0x2D, 0xF8, 0x93,
- 0x7E, 0x0A, 0x2A, 0xC1, 0xDC, 0xC9, 0x74, 0xFE,
- 0x00, 0xAA, 0xE1, 0xF5, 0x61, 0xFA, 0x25, 0x8E,
- 0x2D, 0x25, 0x9C, 0x3E, 0x86, 0x1D, 0xCE, 0x23,
- 0x60, 0x39, 0x12, 0x76, 0x06, 0xFC, 0x1C, 0xE0,
- 0x09, 0x00, 0x3A, 0x7B, 0xAC, 0x94, 0x21, 0x01,
- 0xDC, 0xB8, 0x22, 0xB1, 0xF3, 0xC1, 0x2B, 0xF7,
- 0x32, 0x38, 0xF5, 0x46, 0xE0, 0x1C, 0x36, 0xB5,
- 0xA6, 0x93, 0x61, 0x92, 0x99, 0x5C, 0xC6, 0x9C,
- 0x63, 0x23, 0x74, 0x09, 0xCB, 0x53, 0xC2, 0xE3,
- 0x5D, 0x74, 0x89, 0x0D, 0x18, 0x88, 0x53, 0x76,
- 0xFA, 0x55, 0x03, 0xB1, 0x07, 0xA2, 0xA3, 0x92,
- 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
- 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
- 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
- 0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9,
- 0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98,
- 0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36,
- 0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6,
- 0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C,
- 0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07,
- 0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09,
- 0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A,
- 0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6,
- 0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5,
- 0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6,
- 0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63,
- 0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56,
- 0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91,
- 0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94,
- 0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97,
- 0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70,
- 0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F,
- 0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7,
- 0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73,
- 0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00,
- 0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7,
- 0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26,
- 0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11,
- 0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2,
- 0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD,
- 0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A,
- 0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28,
- 0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C,
- 0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA,
- 0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72,
- 0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47,
- 0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3,
- 0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8,
- 0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A,
- 0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A,
- 0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69,
- 0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91,
- 0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1,
- 0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5,
- 0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02,
- 0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC,
- 0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41,
- 0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B,
- 0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56,
- 0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3,
- 0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8,
- 0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA,
- 0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1,
- 0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E,
- 0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33,
- 0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85,
- 0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45,
- 0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10,
- 0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44,
- 0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74,
- 0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3,
- 0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51,
- 0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66,
- 0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13,
- 0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B,
- 0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36,
- 0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24,
- 0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04,
- 0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6,
- 0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF,
- 0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79,
- 0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23,
- 0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59,
- 0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15,
- 0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E,
- 0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE,
- 0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B,
- 0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC,
- 0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E,
- 0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC,
- 0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2,
- 0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A,
- 0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48,
- 0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58,
- 0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04,
- 0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0,
- 0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD,
- 0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB,
- 0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3,
- 0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02,
- 0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36,
- 0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70,
- 0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2,
- 0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A,
- 0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85,
- 0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38,
- 0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
- 0x7F, 0xFA, 0xD1, 0xBC, 0x8A, 0xF7, 0x3B, 0x7E,
- 0x87, 0x49, 0x56, 0xB8, 0x1C, 0x2A, 0x2E, 0xF0,
- 0xBF, 0xAB, 0xE8, 0xDC, 0x93, 0xD7, 0x7B, 0x2F,
- 0xBC, 0x9E, 0x0C, 0x64, 0xEF, 0xA0, 0x1E, 0x84,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = {
- 0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D,
- 0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA,
- 0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9,
- 0x0A, 0x15, 0xC8, 0x86, 0xAD, 0x3E, 0xD4, 0x89,
- 0x46, 0x26, 0x99, 0xE4, 0xAB, 0xED, 0x44, 0x35,
- 0x0B, 0xC3, 0x75, 0x7E, 0x26, 0x96, 0xFB, 0xFB,
- 0x25, 0x34, 0x41, 0x2E, 0x8D, 0xD2, 0x01, 0xF1,
- 0xE4, 0x54, 0x0A, 0x39, 0x70, 0xB0, 0x55, 0xFE,
- 0x3B, 0x0B, 0xEC, 0x3A, 0x71, 0xF9, 0xE1, 0x15,
- 0xB3, 0xF9, 0xF3, 0x91, 0x02, 0x06, 0x5B, 0x1C,
- 0xCA, 0x83, 0x14, 0xDC, 0xC7, 0x95, 0xE3, 0xC0,
- 0xE8, 0xFA, 0x98, 0xEE, 0x83, 0xCA, 0x66, 0x28,
- 0x45, 0x70, 0x28, 0xA4, 0xD0, 0x9E, 0x83, 0x9E,
- 0x55, 0x48, 0x62, 0xCF, 0x0B, 0x7B, 0xF5, 0x6C,
- 0x5C, 0x0A, 0x82, 0x9E, 0x86, 0x57, 0x94, 0x79,
- 0x45, 0xFE, 0x9C, 0x22, 0x56, 0x4F, 0xBA, 0xEB,
- 0xC1, 0xB3, 0xAF, 0x35, 0x0D, 0x79, 0x55, 0x50,
- 0x8A, 0x26, 0xD8, 0xA8, 0xEB, 0x54, 0x7B, 0x8B,
- 0x1A, 0x2C, 0xF0, 0x3C, 0xCA, 0x1A, 0xAB, 0xCE,
- 0x6C, 0x34, 0x97, 0x78, 0x3B, 0x64, 0x65, 0xBA,
- 0x0B, 0x6E, 0x7A, 0xCB, 0xA8, 0x21, 0x19, 0x51,
- 0x24, 0xAE, 0xF0, 0x9E, 0x62, 0x83, 0x82, 0xA1,
- 0xF9, 0x14, 0x04, 0x3B, 0xE7, 0x09, 0x6E, 0x95,
- 0x2C, 0xBC, 0x4F, 0xB4, 0xAF, 0xED, 0x13, 0x60,
- 0x90, 0x46, 0x11, 0x7C, 0x01, 0x1F, 0xD7, 0x41,
- 0xEE, 0x28, 0x6C, 0x83, 0x77, 0x16, 0x90, 0xF0,
- 0xAE, 0xB5, 0x0D, 0xA0, 0xD7, 0x12, 0x85, 0xA1,
- 0x79, 0xB2, 0x15, 0xC6, 0x03, 0x6D, 0xEB, 0x78,
- 0x0F, 0x4D, 0x16, 0x76, 0x9F, 0x72, 0xDE, 0x16,
- 0xFD, 0xAD, 0xAC, 0x73, 0xBE, 0xFA, 0x5B, 0xEF,
- 0x89, 0x43, 0x19, 0x7F, 0x44, 0xC5, 0x95, 0x89,
- 0xDC, 0x9F, 0x49, 0x73, 0xDE, 0x14, 0x50, 0xBA,
- 0x1D, 0x0C, 0x32, 0x90, 0xD6, 0xB1, 0xD6, 0x83,
- 0xF2, 0x94, 0xE7, 0x59, 0xC9, 0x54, 0xAB, 0xE8,
- 0xA7, 0xDA, 0x5B, 0x10, 0x54, 0xFD, 0x6D, 0x21,
- 0x32, 0x9B, 0x8E, 0x73, 0xD3, 0x75, 0x6A, 0xFD,
- 0xA0, 0xDC, 0xB1, 0xFC, 0x8B, 0x15, 0x82, 0xD1,
- 0xF9, 0x0C, 0xF2, 0x75, 0xA1, 0x02, 0xAB, 0xC6,
- 0xAC, 0x69, 0x9D, 0xF0, 0xC5, 0x87, 0x0E, 0x50,
- 0xA1, 0xF9, 0x89, 0xE4, 0xE6, 0x24, 0x1B, 0x60,
- 0xAA, 0xA2, 0xEC, 0xF9, 0xE8, 0xE3, 0x3E, 0x0F,
- 0xFC, 0xF4, 0x0F, 0xE8, 0x31, 0xE8, 0xFD, 0xC2,
- 0xE8, 0x3B, 0x52, 0xCA, 0x7A, 0xB6, 0xD9, 0x3F,
- 0x14, 0x6D, 0x29, 0xDC, 0xA5, 0x3C, 0x7D, 0xA1,
- 0xDB, 0x4A, 0xC4, 0xF2, 0xDB, 0x39, 0xEA, 0x12,
- 0x0D, 0x90, 0xFA, 0x60, 0xF4, 0xD4, 0x37, 0xC6,
- 0xD0, 0x0E, 0xF4, 0x83, 0xBC, 0x94, 0xA3, 0x17,
- 0x5C, 0xDA, 0x16, 0x3F, 0xC1, 0xC2, 0x82, 0x8B,
- 0xE4, 0xDB, 0xD6, 0x43, 0x05, 0x07, 0xB5, 0x84,
- 0xBB, 0x51, 0x77, 0xE1, 0x71, 0xB8, 0xDD, 0xA9,
- 0xA4, 0x29, 0x3C, 0x32, 0x00, 0x29, 0x5C, 0x80,
- 0x3A, 0x86, 0x5D, 0x6D, 0x21, 0x66, 0xF6, 0x6B,
- 0xA5, 0x40, 0x1F, 0xB7, 0xA0, 0xE8, 0x53, 0x16,
- 0x86, 0x00, 0xA2, 0x94, 0x84, 0x37, 0xE0, 0x36,
- 0xE3, 0xBF, 0x19, 0xE1, 0x2F, 0xD3, 0xF2, 0xA2,
- 0xB8, 0xB3, 0x43, 0xF7, 0x84, 0x24, 0x8E, 0x8D,
- 0x68, 0x5E, 0xB0, 0xAF, 0xDE, 0x63, 0x15, 0x33,
- 0x87, 0x30, 0xE7, 0xA1, 0x00, 0x1C, 0x27, 0xD8,
- 0xD2, 0xA7, 0x6F, 0xA6, 0x9D, 0x15, 0x7B, 0xA1,
- 0xAC, 0x7A, 0xD5, 0x6D, 0xA5, 0xA8, 0xC7, 0x0F,
- 0xE4, 0xB5, 0xB8, 0xD7, 0x86, 0xDC, 0x6F, 0xC0,
- 0x56, 0x6B, 0xA8, 0xE1, 0xB8, 0x81, 0x63, 0x34,
- 0xD3, 0x2A, 0x3F, 0xB1, 0xCE, 0x7D, 0x4D, 0x5E,
- 0x4C, 0x33, 0x2A, 0xF7, 0xB0, 0x03, 0xD0, 0x91,
- 0x74, 0x1A, 0x3D, 0x5C, 0x96, 0x52, 0x92, 0x25,
- 0x5D, 0xFF, 0x8E, 0xD2, 0xBB, 0xF1, 0xF9, 0x11,
- 0x6B, 0xE5, 0x0C, 0x17, 0xB8, 0xE5, 0x48, 0x74,
- 0x8A, 0xD4, 0xB2, 0xE9, 0x57, 0xBB, 0xD1, 0x95,
- 0x34, 0x82, 0xA2, 0xE1, 0x71, 0x8C, 0xEC, 0x66,
- 0xCD, 0x2C, 0x81, 0xF5, 0x72, 0xD5, 0x52, 0xB7,
- 0x18, 0x78, 0x85, 0xE6, 0xB8, 0x94, 0x3D, 0x64,
- 0x31, 0x41, 0x3C, 0x59, 0xEB, 0xB7, 0xE0, 0x36,
- 0x04, 0x84, 0x90, 0xBE, 0x52, 0x89, 0xE9, 0x5B,
- 0x20, 0xA8, 0x9E, 0x8B, 0x15, 0x9F, 0x61, 0xA9,
- 0xA9, 0x88, 0x6E, 0x14, 0x75, 0x68, 0xF4, 0xC9,
- 0x02, 0x1F, 0x36, 0x2F, 0x02, 0x68, 0x8A, 0x1C,
- 0x8C, 0x3B, 0xB0, 0xD2, 0x40, 0x86, 0x88, 0x0E,
- 0x55, 0xB6, 0xED, 0xB4, 0x3F, 0x37, 0x45, 0xD2,
- 0xC1, 0x66, 0xDC, 0x1C, 0xB7, 0x43, 0xC7, 0x6F,
- 0xE6, 0xBE, 0x52, 0x3A, 0x89, 0x3C, 0xC7, 0x64,
- 0xD1, 0x64, 0x35, 0xC3, 0x78, 0x51, 0x25, 0x2A,
- 0x81, 0xE2, 0xFF, 0xBA, 0x0F, 0x18, 0x97, 0x1A,
- 0x3D, 0xEE, 0x37, 0xD4, 0x87, 0x7C, 0xB9, 0x28,
- 0xE3, 0x6E, 0x52, 0x35, 0x03, 0x7A, 0x6B, 0x20,
- 0x57, 0x89, 0x7D, 0x51, 0x8A, 0x5F, 0x0E, 0x34,
- 0x8E, 0x3A, 0xB6, 0xD5, 0xB5, 0x2D, 0xFC, 0x60,
- 0x75, 0x7F, 0x3B, 0x41, 0xA4, 0xFE, 0xC7, 0x82,
- 0x8F, 0x1D, 0xEE, 0xAF, 0x45, 0x87, 0xCC, 0xC8,
- 0xEA, 0xDF, 0x64, 0x7F, 0x4D, 0x20, 0x3B, 0x2F,
- 0xAA, 0x05, 0xA6, 0x49, 0xB5, 0x82, 0x34, 0x0C,
- 0xB4, 0xCA, 0xCE, 0x57, 0xA3, 0x07, 0x11, 0xBE,
- 0x75, 0x2F, 0xAC, 0xF0, 0x22, 0x7D, 0x0A, 0x80,
- 0xC4, 0x12, 0x84, 0x42, 0xDD, 0xC5, 0x44, 0xBE,
- 0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23,
- 0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81,
- 0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = {
- 0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C,
- 0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC,
- 0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02,
- 0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F
- };
- #ifdef WOLFSSL_SMALL_STACK
- key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv = (byte *)XMALLOC(KYBER512_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub = (byte *)XMALLOC(KYBER512_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ct = (byte *)XMALLOC(KYBER512_CIPHER_TEXT_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (! (key && priv && pub && ct && ss && ss_dec))
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- key_inited = 1;
- ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand,
- sizeof(kyber512_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER512_PUBLIC_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER512_PRIVATE_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pub, kyber512_pk, sizeof(kyber512_pk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
- sizeof(kyber512enc_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ct, kyber512_ct, sizeof(kyber512_ct)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber512_ct));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- if (key_inited)
- wc_KyberKey_Free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_KYBER512 */
- #ifdef WOLFSSL_KYBER768
- static wc_test_ret_t kyber768_kat(void)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- KyberKey *key = NULL;
- byte *priv = NULL;
- byte *pub = NULL;
- byte *ct = NULL;
- byte *ss = NULL;
- byte *ss_dec = NULL;
- #else
- KyberKey key[1];
- byte priv[KYBER768_PRIVATE_KEY_SIZE];
- byte pub[KYBER768_PUBLIC_KEY_SIZE];
- byte ct[KYBER768_CIPHER_TEXT_SIZE];
- byte ss[KYBER_SS_SZ];
- byte ss_dec[KYBER_SS_SZ];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = {
- 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
- 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
- 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
- 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768enc_rand[] = {
- 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
- 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
- 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
- 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = {
- 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
- 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
- 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
- 0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C,
- 0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44,
- 0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67,
- 0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7,
- 0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27,
- 0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27,
- 0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15,
- 0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA,
- 0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4,
- 0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1,
- 0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB,
- 0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B,
- 0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0,
- 0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5,
- 0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5,
- 0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC,
- 0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD,
- 0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C,
- 0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B,
- 0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D,
- 0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71,
- 0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78,
- 0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8,
- 0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B,
- 0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B,
- 0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A,
- 0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C,
- 0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17,
- 0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4,
- 0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9,
- 0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7,
- 0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E,
- 0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C,
- 0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56,
- 0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2,
- 0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98,
- 0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5,
- 0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F,
- 0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F,
- 0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33,
- 0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7,
- 0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74,
- 0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92,
- 0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46,
- 0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80,
- 0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4,
- 0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA,
- 0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02,
- 0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02,
- 0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15,
- 0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9,
- 0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59,
- 0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A,
- 0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8,
- 0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC,
- 0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19,
- 0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91,
- 0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC,
- 0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6,
- 0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48,
- 0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A,
- 0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22,
- 0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C,
- 0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A,
- 0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14,
- 0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49,
- 0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5,
- 0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8,
- 0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74,
- 0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59,
- 0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5,
- 0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC,
- 0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8,
- 0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2,
- 0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C,
- 0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87,
- 0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E,
- 0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87,
- 0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B,
- 0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED,
- 0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52,
- 0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C,
- 0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68,
- 0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61,
- 0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC,
- 0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A,
- 0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34,
- 0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46,
- 0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9,
- 0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5,
- 0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C,
- 0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A,
- 0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11,
- 0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27,
- 0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B,
- 0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04,
- 0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5,
- 0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79,
- 0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22,
- 0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38,
- 0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D,
- 0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E,
- 0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25,
- 0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D,
- 0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C,
- 0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05,
- 0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5,
- 0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08,
- 0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A,
- 0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5,
- 0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73,
- 0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A,
- 0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B,
- 0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31,
- 0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A,
- 0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2,
- 0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2,
- 0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16,
- 0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3,
- 0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91,
- 0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16,
- 0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F,
- 0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC,
- 0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46,
- 0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84,
- 0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE,
- 0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99,
- 0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A,
- 0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04,
- 0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19,
- 0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E,
- 0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E,
- 0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA,
- 0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0,
- 0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3,
- 0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31,
- 0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5,
- 0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D,
- 0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8,
- 0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB,
- 0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = {
- 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
- 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
- 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
- 0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53,
- 0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95,
- 0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82,
- 0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8,
- 0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E,
- 0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C,
- 0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B,
- 0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9,
- 0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55,
- 0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2,
- 0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27,
- 0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26,
- 0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A,
- 0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F,
- 0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C,
- 0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6,
- 0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4,
- 0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B,
- 0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28,
- 0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D,
- 0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29,
- 0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66,
- 0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1,
- 0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F,
- 0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8,
- 0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20,
- 0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B,
- 0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA,
- 0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C,
- 0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14,
- 0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2,
- 0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA,
- 0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7,
- 0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC,
- 0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F,
- 0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C,
- 0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9,
- 0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF,
- 0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09,
- 0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03,
- 0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F,
- 0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C,
- 0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9,
- 0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A,
- 0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82,
- 0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11,
- 0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A,
- 0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A,
- 0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7,
- 0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0,
- 0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42,
- 0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89,
- 0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F,
- 0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19,
- 0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B,
- 0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43,
- 0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A,
- 0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2,
- 0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06,
- 0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9,
- 0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0,
- 0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F,
- 0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA,
- 0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89,
- 0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF,
- 0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3,
- 0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB,
- 0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21,
- 0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03,
- 0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8,
- 0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66,
- 0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE,
- 0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52,
- 0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05,
- 0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7,
- 0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00,
- 0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84,
- 0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C,
- 0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB,
- 0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C,
- 0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F,
- 0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10,
- 0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6,
- 0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F,
- 0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68,
- 0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08,
- 0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA,
- 0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04,
- 0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4,
- 0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4,
- 0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80,
- 0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B,
- 0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D,
- 0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1,
- 0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10,
- 0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72,
- 0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84,
- 0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83,
- 0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42,
- 0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C,
- 0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0,
- 0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B,
- 0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03,
- 0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B,
- 0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B,
- 0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33,
- 0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50,
- 0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C,
- 0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66,
- 0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52,
- 0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0,
- 0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B,
- 0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC,
- 0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33,
- 0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B,
- 0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6,
- 0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1,
- 0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9,
- 0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55,
- 0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47,
- 0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06,
- 0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6,
- 0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9,
- 0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C,
- 0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D,
- 0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54,
- 0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4,
- 0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63,
- 0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9,
- 0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58,
- 0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC,
- 0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25,
- 0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75,
- 0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A,
- 0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11,
- 0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A,
- 0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F,
- 0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D,
- 0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78,
- 0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B,
- 0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D,
- 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
- 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
- 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
- 0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C,
- 0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44,
- 0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67,
- 0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7,
- 0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27,
- 0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27,
- 0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15,
- 0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA,
- 0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4,
- 0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1,
- 0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB,
- 0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B,
- 0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0,
- 0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5,
- 0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5,
- 0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC,
- 0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD,
- 0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C,
- 0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B,
- 0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D,
- 0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71,
- 0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78,
- 0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8,
- 0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B,
- 0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B,
- 0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A,
- 0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C,
- 0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17,
- 0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4,
- 0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9,
- 0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7,
- 0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E,
- 0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C,
- 0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56,
- 0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2,
- 0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98,
- 0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5,
- 0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F,
- 0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F,
- 0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33,
- 0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7,
- 0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74,
- 0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92,
- 0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46,
- 0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80,
- 0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4,
- 0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA,
- 0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02,
- 0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02,
- 0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15,
- 0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9,
- 0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59,
- 0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A,
- 0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8,
- 0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC,
- 0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19,
- 0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91,
- 0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC,
- 0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6,
- 0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48,
- 0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A,
- 0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22,
- 0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C,
- 0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A,
- 0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14,
- 0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49,
- 0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5,
- 0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8,
- 0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74,
- 0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59,
- 0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5,
- 0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC,
- 0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8,
- 0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2,
- 0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C,
- 0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87,
- 0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E,
- 0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87,
- 0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B,
- 0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED,
- 0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52,
- 0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C,
- 0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68,
- 0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61,
- 0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC,
- 0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A,
- 0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34,
- 0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46,
- 0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9,
- 0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5,
- 0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C,
- 0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A,
- 0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11,
- 0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27,
- 0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B,
- 0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04,
- 0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5,
- 0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79,
- 0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22,
- 0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38,
- 0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D,
- 0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E,
- 0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25,
- 0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D,
- 0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C,
- 0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05,
- 0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5,
- 0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08,
- 0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A,
- 0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5,
- 0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73,
- 0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A,
- 0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B,
- 0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31,
- 0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A,
- 0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2,
- 0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2,
- 0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16,
- 0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3,
- 0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91,
- 0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16,
- 0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F,
- 0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC,
- 0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46,
- 0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84,
- 0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE,
- 0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99,
- 0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A,
- 0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04,
- 0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19,
- 0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E,
- 0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E,
- 0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA,
- 0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0,
- 0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3,
- 0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31,
- 0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5,
- 0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D,
- 0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8,
- 0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB,
- 0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
- 0xD4, 0xEC, 0x14, 0x3B, 0x50, 0xF0, 0x14, 0x23,
- 0xB1, 0x77, 0x89, 0x5E, 0xDE, 0xE2, 0x2B, 0xB7,
- 0x39, 0xF6, 0x47, 0xEC, 0xF8, 0x5F, 0x50, 0xBC,
- 0x25, 0xEF, 0x7B, 0x5A, 0x72, 0x5D, 0xEE, 0x86,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = {
- 0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9,
- 0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67,
- 0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A,
- 0x5B, 0x67, 0xCA, 0x15, 0xDB, 0x69, 0x4C, 0x9F,
- 0x11, 0xBD, 0x02, 0x7C, 0x30, 0xAE, 0x22, 0xEC,
- 0x92, 0x1A, 0x1D, 0x91, 0x15, 0x99, 0xAF, 0x05,
- 0x85, 0xE4, 0x8D, 0x20, 0xDA, 0x70, 0xDF, 0x9F,
- 0x39, 0xE3, 0x2E, 0xF9, 0x5D, 0x4C, 0x8F, 0x44,
- 0xBF, 0xEF, 0xDA, 0xA5, 0xDA, 0x64, 0xF1, 0x05,
- 0x46, 0x31, 0xD0, 0x4D, 0x6D, 0x3C, 0xFD, 0x0A,
- 0x54, 0x0D, 0xD7, 0xBA, 0x38, 0x86, 0xE4, 0xB5,
- 0xF1, 0x3E, 0x87, 0x87, 0x88, 0x60, 0x4C, 0x95,
- 0xC0, 0x96, 0xEA, 0xB3, 0x91, 0x9F, 0x42, 0x75,
- 0x21, 0x41, 0x9A, 0x94, 0x6C, 0x26, 0xCC, 0x04,
- 0x14, 0x75, 0xD7, 0x12, 0x4C, 0xDC, 0x01, 0xD0,
- 0x37, 0x3E, 0x5B, 0x09, 0xC7, 0xA7, 0x06, 0x03,
- 0xCF, 0xDB, 0x4F, 0xB3, 0x40, 0x50, 0x23, 0xF2,
- 0x26, 0x4D, 0xC3, 0xF9, 0x83, 0xC4, 0xFC, 0x02,
- 0xA2, 0xD1, 0xB2, 0x68, 0xF2, 0x20, 0x8A, 0x1F,
- 0x6E, 0x2A, 0x62, 0x09, 0xBF, 0xF1, 0x2F, 0x6F,
- 0x46, 0x5F, 0x0B, 0x06, 0x9C, 0x3A, 0x7F, 0x84,
- 0xF6, 0x06, 0xD8, 0xA9, 0x40, 0x64, 0x00, 0x3D,
- 0x6E, 0xC1, 0x14, 0xC8, 0xE8, 0x08, 0xD3, 0x05,
- 0x38, 0x84, 0xC1, 0xD5, 0xA1, 0x42, 0xFB, 0xF2,
- 0x01, 0x12, 0xEB, 0x36, 0x0F, 0xDA, 0x3F, 0x0F,
- 0x28, 0xB1, 0x72, 0xAE, 0x50, 0xF5, 0xE7, 0xD8,
- 0x38, 0x01, 0xFB, 0x3F, 0x00, 0x64, 0xB6, 0x87,
- 0x18, 0x70, 0x74, 0xBD, 0x7F, 0xE3, 0x0E, 0xDD,
- 0xAA, 0x33, 0x4C, 0xF8, 0xFC, 0x04, 0xFA, 0x8C,
- 0xED, 0x89, 0x9C, 0xEA, 0xDE, 0x4B, 0x4F, 0x28,
- 0xB6, 0x83, 0x72, 0xBA, 0xF9, 0x8F, 0xF4, 0x82,
- 0xA4, 0x15, 0xB7, 0x31, 0x15, 0x5B, 0x75, 0xCE,
- 0xB9, 0x76, 0xBE, 0x0E, 0xA0, 0x28, 0x5B, 0xA0,
- 0x1A, 0x27, 0xF1, 0x85, 0x7A, 0x8F, 0xB3, 0x77,
- 0xA3, 0xAE, 0x0C, 0x23, 0xB2, 0xAA, 0x9A, 0x07,
- 0x9B, 0xFA, 0xBF, 0xF0, 0xD5, 0xB2, 0xF1, 0xCD,
- 0x9B, 0x71, 0x8B, 0xEA, 0x03, 0xC4, 0x2F, 0x34,
- 0x3A, 0x39, 0xB4, 0xF1, 0x42, 0xD0, 0x1A, 0xD8,
- 0xAC, 0xBB, 0x50, 0xE3, 0x88, 0x53, 0xCF, 0x9A,
- 0x50, 0xC8, 0xB4, 0x4C, 0x3C, 0xF6, 0x71, 0xA4,
- 0xA9, 0x04, 0x3B, 0x26, 0xDD, 0xBB, 0x24, 0x95,
- 0x9A, 0xD6, 0x71, 0x5C, 0x08, 0x52, 0x18, 0x55,
- 0xC7, 0x9A, 0x23, 0xB9, 0xC3, 0xD6, 0x47, 0x17,
- 0x49, 0xC4, 0x07, 0x25, 0xBD, 0xD5, 0xC2, 0x77,
- 0x6D, 0x43, 0xAE, 0xD2, 0x02, 0x04, 0xBA, 0xA1,
- 0x41, 0xEF, 0xB3, 0x30, 0x49, 0x17, 0x47, 0x4B,
- 0x7F, 0x9F, 0x7A, 0x4B, 0x08, 0xB1, 0xA9, 0x3D,
- 0xAE, 0xD9, 0x8C, 0x67, 0x49, 0x53, 0x59, 0xD3,
- 0x7D, 0x67, 0xF7, 0x43, 0x8B, 0xEE, 0x5E, 0x43,
- 0x58, 0x56, 0x34, 0xB2, 0x6C, 0x6B, 0x38, 0x10,
- 0xD7, 0xCD, 0xCB, 0xC0, 0xF6, 0xEB, 0x87, 0x7A,
- 0x60, 0x87, 0xE6, 0x8A, 0xCB, 0x84, 0x80, 0xD3,
- 0xA8, 0xCF, 0x69, 0x00, 0x44, 0x7E, 0x49, 0xB4,
- 0x17, 0xF1, 0x5A, 0x53, 0xB6, 0x07, 0xA0, 0xE2,
- 0x16, 0xB8, 0x55, 0x97, 0x0D, 0x37, 0x40, 0x68,
- 0x70, 0xB4, 0x56, 0x87, 0x22, 0xDA, 0x77, 0xA4,
- 0x08, 0x47, 0x03, 0x81, 0x67, 0x84, 0xE2, 0xF1,
- 0x6B, 0xED, 0x18, 0x99, 0x65, 0x32, 0xC5, 0xD8,
- 0xB7, 0xF5, 0xD2, 0x14, 0x46, 0x4E, 0x5F, 0x3F,
- 0x6E, 0x90, 0x58, 0x67, 0xB0, 0xCE, 0x11, 0x9E,
- 0x25, 0x2A, 0x66, 0x71, 0x32, 0x53, 0x54, 0x46,
- 0x85, 0xD2, 0x08, 0xE1, 0x72, 0x39, 0x08, 0xA0,
- 0xCE, 0x97, 0x83, 0x46, 0x52, 0xE0, 0x8A, 0xE7,
- 0xBD, 0xC8, 0x81, 0xA1, 0x31, 0xB7, 0x3C, 0x71,
- 0xE8, 0x4D, 0x20, 0xD6, 0x8F, 0xDE, 0xFF, 0x4F,
- 0x5D, 0x70, 0xCD, 0x1A, 0xF5, 0x7B, 0x78, 0xE3,
- 0x49, 0x1A, 0x98, 0x65, 0x94, 0x23, 0x21, 0x80,
- 0x0A, 0x20, 0x3C, 0x05, 0xED, 0x1F, 0xEE, 0xB5,
- 0xA2, 0x8E, 0x58, 0x4E, 0x19, 0xF6, 0x53, 0x5E,
- 0x7F, 0x84, 0xE4, 0xA2, 0x4F, 0x84, 0xA7, 0x2D,
- 0xCA, 0xF5, 0x64, 0x8B, 0x4A, 0x42, 0x35, 0xDD,
- 0x66, 0x44, 0x64, 0x48, 0x2F, 0x03, 0x17, 0x6E,
- 0x88, 0x8C, 0x28, 0xBF, 0xC6, 0xC1, 0xCB, 0x23,
- 0x8C, 0xFF, 0xA3, 0x5A, 0x32, 0x1E, 0x71, 0x79,
- 0x1D, 0x9E, 0xA8, 0xED, 0x08, 0x78, 0xC6, 0x11,
- 0x21, 0xBF, 0x8D, 0x2A, 0x4A, 0xB2, 0xC1, 0xA5,
- 0xE1, 0x20, 0xBC, 0x40, 0xAB, 0xB1, 0x89, 0x2D,
- 0x17, 0x15, 0x09, 0x0A, 0x0E, 0xE4, 0x82, 0x52,
- 0xCA, 0x29, 0x7A, 0x99, 0xAA, 0x0E, 0x51, 0x0C,
- 0xF2, 0x6B, 0x1A, 0xDD, 0x06, 0xCA, 0x54, 0x3E,
- 0x1C, 0x5D, 0x6B, 0xDC, 0xD3, 0xB9, 0xC5, 0x85,
- 0xC8, 0x53, 0x80, 0x45, 0xDB, 0x5C, 0x25, 0x2E,
- 0xC3, 0xC8, 0xC3, 0xC9, 0x54, 0xD9, 0xBE, 0x59,
- 0x07, 0x09, 0x4A, 0x89, 0x4E, 0x60, 0xEA, 0xB4,
- 0x35, 0x38, 0xCF, 0xEE, 0x82, 0xE8, 0xFF, 0xC0,
- 0x79, 0x1B, 0x0D, 0x0F, 0x43, 0xAC, 0x16, 0x27,
- 0x83, 0x0A, 0x61, 0xD5, 0x6D, 0xAD, 0x96, 0xC6,
- 0x29, 0x58, 0xB0, 0xDE, 0x78, 0x0B, 0x78, 0xBD,
- 0x47, 0xA6, 0x04, 0x55, 0x0D, 0xAB, 0x83, 0xFF,
- 0xF2, 0x27, 0xC3, 0x24, 0x04, 0x94, 0x71, 0xF3,
- 0x52, 0x48, 0xCF, 0xB8, 0x49, 0xB2, 0x57, 0x24,
- 0xFF, 0x70, 0x4D, 0x52, 0x77, 0xAA, 0x35, 0x2D,
- 0x55, 0x09, 0x58, 0xBE, 0x3B, 0x23, 0x7D, 0xFF,
- 0x47, 0x3E, 0xC2, 0xAD, 0xBA, 0xEA, 0x48, 0xCA,
- 0x26, 0x58, 0xAE, 0xFC, 0xC7, 0x7B, 0xBD, 0x42,
- 0x64, 0xAB, 0x37, 0x4D, 0x70, 0xEA, 0xE5, 0xB9,
- 0x64, 0x41, 0x6C, 0xE8, 0x22, 0x6A, 0x7E, 0x32,
- 0x55, 0xA0, 0xF8, 0xD7, 0xE2, 0xAD, 0xCA, 0x06,
- 0x2B, 0xCD, 0x6D, 0x78, 0xD6, 0x0D, 0x1B, 0x32,
- 0xE1, 0x14, 0x05, 0xBE, 0x54, 0xB6, 0x6E, 0xF0,
- 0xFD, 0xDD, 0x56, 0x77, 0x02, 0xA3, 0xBC, 0xCF,
- 0xED, 0xE3, 0xC5, 0x84, 0x70, 0x12, 0x69, 0xED,
- 0x14, 0x80, 0x9F, 0x06, 0xF8, 0x96, 0x83, 0x56,
- 0xBB, 0x92, 0x67, 0xFE, 0x86, 0xE5, 0x14, 0x25,
- 0x2E, 0x88, 0xBB, 0x5C, 0x30, 0xA7, 0xEC, 0xB3,
- 0xD0, 0xE6, 0x21, 0x02, 0x1E, 0xE0, 0xFB, 0xF7,
- 0x87, 0x1B, 0x09, 0x34, 0x2B, 0xF8, 0x4F, 0x55,
- 0xC9, 0x7E, 0xAF, 0x86, 0xC4, 0x81, 0x89, 0xC7,
- 0xFF, 0x4D, 0xF3, 0x89, 0xF0, 0x77, 0xE2, 0x80,
- 0x6E, 0x5F, 0xA7, 0x3B, 0x3E, 0x94, 0x58, 0xA1,
- 0x6C, 0x7E, 0x27, 0x5F, 0x4F, 0x60, 0x22, 0x75,
- 0x58, 0x0E, 0xB7, 0xB7, 0x13, 0x5F, 0xB5, 0x37,
- 0xFA, 0x0C, 0xD9, 0x5D, 0x6E, 0xA5, 0x8C, 0x10,
- 0x8C, 0xD8, 0x94, 0x3D, 0x70, 0xC1, 0x64, 0x31,
- 0x11, 0xF4, 0xF0, 0x1C, 0xA8, 0xA8, 0x27, 0x6A,
- 0x90, 0x26, 0x66, 0xED, 0x81, 0xB7, 0x8D, 0x16,
- 0x8B, 0x00, 0x6F, 0x16, 0xAA, 0xA3, 0xD8, 0xE4,
- 0xCE, 0x4F, 0x4D, 0x0F, 0xB0, 0x99, 0x7E, 0x41,
- 0xAE, 0xFF, 0xB5, 0xB3, 0xDA, 0xA8, 0x38, 0x73,
- 0x2F, 0x35, 0x73, 0x49, 0x44, 0x7F, 0x38, 0x77,
- 0x76, 0xC7, 0x93, 0xC0, 0x47, 0x9D, 0xE9, 0xE9,
- 0x94, 0x98, 0xCC, 0x35, 0x6F, 0xDB, 0x00, 0x75,
- 0xA7, 0x03, 0xF2, 0x3C, 0x55, 0xD4, 0x7B, 0x55,
- 0x0E, 0xC8, 0x9B, 0x02, 0xAD, 0xE8, 0x93, 0x29,
- 0x08, 0x6A, 0x50, 0x84, 0x34, 0x56, 0xFE, 0xDC,
- 0x37, 0x88, 0xAC, 0x8D, 0x97, 0x23, 0x3C, 0x54,
- 0x56, 0x04, 0x67, 0xEE, 0x1D, 0x0F, 0x02, 0x4B,
- 0x18, 0x42, 0x8F, 0x0D, 0x73, 0xB3, 0x0E, 0x19,
- 0xF5, 0xC6, 0x3B, 0x9A, 0xBF, 0x11, 0x41, 0x5B,
- 0xEA, 0x4D, 0x01, 0x70, 0x13, 0x0B, 0xAA, 0xBD,
- 0x33, 0xC0, 0x5E, 0x65, 0x24, 0xE5, 0xFB, 0x55,
- 0x81, 0xB2, 0x2B, 0x04, 0x33, 0x34, 0x22, 0x48,
- 0x26, 0x6D, 0x0F, 0x10, 0x53, 0xB2, 0x45, 0xCC,
- 0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10,
- 0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D,
- 0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = {
- 0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73,
- 0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28,
- 0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7,
- 0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29
- };
- #ifdef WOLFSSL_SMALL_STACK
- key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv = (byte *)XMALLOC(KYBER768_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub = (byte *)XMALLOC(KYBER768_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ct = (byte *)XMALLOC(KYBER768_CIPHER_TEXT_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (! (key && priv && pub && ct && ss && ss_dec))
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- key_inited = 1;
- ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand,
- sizeof(kyber768_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER768_PUBLIC_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER768_PRIVATE_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pub, kyber768_pk, sizeof(kyber768_pk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
- sizeof(kyber768enc_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ct, kyber768_ct, sizeof(kyber768_ct)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber768_ct));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- if (key_inited)
- wc_KyberKey_Free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_KYBER768 */
- #ifdef WOLFSSL_KYBER1024
- static wc_test_ret_t kyber1024_kat(void)
- {
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SMALL_STACK
- KyberKey *key = NULL;
- byte *priv = NULL;
- byte *pub = NULL;
- byte *ct = NULL;
- byte *ss = NULL;
- byte *ss_dec = NULL;
- #else
- KyberKey key[1];
- byte priv[KYBER1024_PRIVATE_KEY_SIZE];
- byte pub[KYBER1024_PUBLIC_KEY_SIZE];
- byte ct[KYBER1024_CIPHER_TEXT_SIZE];
- byte ss[KYBER_SS_SZ];
- byte ss_dec[KYBER_SS_SZ];
- #endif
- int key_inited = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = {
- 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
- 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
- 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
- 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024enc_rand[] = {
- 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
- 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
- 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
- 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = {
- 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
- 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
- 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
- 0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C,
- 0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D,
- 0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25,
- 0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52,
- 0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37,
- 0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08,
- 0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20,
- 0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C,
- 0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83,
- 0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6,
- 0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB,
- 0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91,
- 0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5,
- 0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8,
- 0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C,
- 0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A,
- 0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34,
- 0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90,
- 0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C,
- 0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4,
- 0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B,
- 0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23,
- 0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98,
- 0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C,
- 0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6,
- 0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B,
- 0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2,
- 0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B,
- 0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26,
- 0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03,
- 0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16,
- 0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3,
- 0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20,
- 0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76,
- 0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D,
- 0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E,
- 0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75,
- 0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F,
- 0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76,
- 0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB,
- 0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA,
- 0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59,
- 0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11,
- 0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE,
- 0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23,
- 0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35,
- 0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB,
- 0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7,
- 0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52,
- 0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8,
- 0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F,
- 0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3,
- 0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2,
- 0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77,
- 0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A,
- 0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8,
- 0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34,
- 0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18,
- 0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A,
- 0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56,
- 0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3,
- 0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0,
- 0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89,
- 0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84,
- 0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F,
- 0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54,
- 0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9,
- 0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B,
- 0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6,
- 0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53,
- 0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A,
- 0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B,
- 0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68,
- 0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8,
- 0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82,
- 0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C,
- 0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B,
- 0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A,
- 0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61,
- 0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51,
- 0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE,
- 0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6,
- 0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5,
- 0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E,
- 0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4,
- 0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D,
- 0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E,
- 0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7,
- 0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20,
- 0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2,
- 0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B,
- 0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9,
- 0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69,
- 0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B,
- 0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4,
- 0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97,
- 0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15,
- 0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37,
- 0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41,
- 0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85,
- 0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48,
- 0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C,
- 0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58,
- 0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53,
- 0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6,
- 0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4,
- 0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A,
- 0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8,
- 0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21,
- 0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8,
- 0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06,
- 0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0,
- 0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8,
- 0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F,
- 0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55,
- 0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98,
- 0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00,
- 0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5,
- 0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06,
- 0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F,
- 0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77,
- 0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99,
- 0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88,
- 0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59,
- 0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03,
- 0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B,
- 0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A,
- 0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD,
- 0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD,
- 0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1,
- 0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56,
- 0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43,
- 0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55,
- 0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC,
- 0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19,
- 0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86,
- 0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88,
- 0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64,
- 0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87,
- 0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2,
- 0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05,
- 0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA,
- 0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F,
- 0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57,
- 0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA,
- 0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A,
- 0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC,
- 0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29,
- 0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3,
- 0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D,
- 0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9,
- 0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E,
- 0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46,
- 0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3,
- 0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E,
- 0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B,
- 0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34,
- 0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26,
- 0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12,
- 0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B,
- 0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF,
- 0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57,
- 0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1,
- 0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5,
- 0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C,
- 0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3,
- 0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA,
- 0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD,
- 0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12,
- 0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82,
- 0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92,
- 0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55,
- 0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A,
- 0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF,
- 0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4,
- 0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22,
- 0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85,
- 0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0,
- 0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15,
- 0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E,
- 0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32,
- 0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99,
- 0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66,
- 0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78,
- 0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28,
- 0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F,
- 0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B,
- 0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE,
- 0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = {
- 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
- 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
- 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
- 0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53,
- 0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95,
- 0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82,
- 0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8,
- 0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E,
- 0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C,
- 0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B,
- 0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9,
- 0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55,
- 0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2,
- 0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27,
- 0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26,
- 0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A,
- 0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F,
- 0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C,
- 0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6,
- 0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4,
- 0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B,
- 0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28,
- 0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D,
- 0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29,
- 0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66,
- 0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1,
- 0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F,
- 0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8,
- 0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20,
- 0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B,
- 0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA,
- 0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C,
- 0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14,
- 0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2,
- 0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA,
- 0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7,
- 0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC,
- 0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F,
- 0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C,
- 0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9,
- 0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF,
- 0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09,
- 0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03,
- 0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F,
- 0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C,
- 0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9,
- 0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A,
- 0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82,
- 0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11,
- 0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A,
- 0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A,
- 0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7,
- 0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0,
- 0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42,
- 0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89,
- 0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F,
- 0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19,
- 0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B,
- 0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43,
- 0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A,
- 0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2,
- 0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06,
- 0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9,
- 0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0,
- 0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F,
- 0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA,
- 0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89,
- 0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF,
- 0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3,
- 0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB,
- 0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21,
- 0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03,
- 0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8,
- 0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66,
- 0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE,
- 0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52,
- 0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05,
- 0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7,
- 0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00,
- 0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84,
- 0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C,
- 0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB,
- 0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C,
- 0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F,
- 0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10,
- 0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6,
- 0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F,
- 0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68,
- 0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08,
- 0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA,
- 0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04,
- 0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4,
- 0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4,
- 0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80,
- 0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B,
- 0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D,
- 0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1,
- 0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10,
- 0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72,
- 0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84,
- 0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83,
- 0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42,
- 0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C,
- 0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0,
- 0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B,
- 0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03,
- 0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B,
- 0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B,
- 0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33,
- 0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50,
- 0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C,
- 0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66,
- 0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52,
- 0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0,
- 0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B,
- 0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC,
- 0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33,
- 0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B,
- 0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6,
- 0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1,
- 0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9,
- 0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55,
- 0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47,
- 0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06,
- 0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6,
- 0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9,
- 0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C,
- 0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D,
- 0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54,
- 0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4,
- 0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63,
- 0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9,
- 0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58,
- 0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC,
- 0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25,
- 0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75,
- 0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A,
- 0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11,
- 0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A,
- 0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F,
- 0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D,
- 0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78,
- 0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B,
- 0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D,
- 0x85, 0xA4, 0xC1, 0xA1, 0xAB, 0x9B, 0x6A, 0xEB,
- 0x49, 0xCC, 0xE1, 0xC2, 0xF8, 0xA9, 0x7C, 0x35,
- 0x16, 0xC7, 0x2A, 0x00, 0xA4, 0x62, 0x63, 0xBA,
- 0xA6, 0x96, 0xBF, 0x25, 0x72, 0x77, 0x19, 0xC3,
- 0x21, 0x64, 0x23, 0x61, 0x8F, 0xF3, 0x33, 0x80,
- 0x93, 0x4A, 0x6C, 0x10, 0x54, 0x5C, 0x4C, 0x5C,
- 0x51, 0x55, 0xB1, 0x24, 0x86, 0x18, 0x1F, 0xC7,
- 0xA2, 0x31, 0x98, 0x73, 0x97, 0x8B, 0x6A, 0x2A,
- 0x67, 0x49, 0x0F, 0x82, 0x56, 0xBD, 0x21, 0x96,
- 0xFE, 0x17, 0x92, 0xA4, 0xC0, 0x00, 0x77, 0xB8,
- 0x12, 0xEA, 0xE8, 0xBE, 0xD3, 0x57, 0x24, 0x99,
- 0x68, 0x4A, 0xB3, 0x37, 0x18, 0x76, 0x76, 0x1E,
- 0x45, 0x0C, 0x9F, 0x9D, 0x27, 0x68, 0xA3, 0x68,
- 0x06, 0xD7, 0xAB, 0x20, 0x46, 0xC9, 0x1F, 0x17,
- 0x59, 0x9E, 0x9A, 0xC5, 0x92, 0x99, 0x08, 0x08,
- 0xDC, 0xD7, 0xB4, 0xD0, 0x91, 0x90, 0x72, 0xF1,
- 0x4E, 0xC3, 0x61, 0x77, 0x3B, 0x72, 0x52, 0x44,
- 0x4C, 0x32, 0x3C, 0x30, 0x83, 0x26, 0xF4, 0xA3,
- 0x0F, 0x86, 0x80, 0xD2, 0xF7, 0x48, 0xF5, 0x6A,
- 0x13, 0x2B, 0x82, 0x67, 0x4E, 0xD0, 0x18, 0x46,
- 0x20, 0xB8, 0x2A, 0xD2, 0xCB, 0x18, 0x2C, 0x97,
- 0xB4, 0x81, 0x62, 0x66, 0x47, 0x49, 0x12, 0x90,
- 0xA0, 0x11, 0xCC, 0x73, 0x82, 0x86, 0x85, 0xA8,
- 0xC3, 0x67, 0xA5, 0xB9, 0xCF, 0x8D, 0x62, 0x1B,
- 0x0D, 0x5C, 0x1E, 0xFF, 0x03, 0x17, 0x27, 0x58,
- 0xBD, 0x00, 0x49, 0x78, 0xC2, 0x51, 0xCD, 0x51,
- 0x34, 0x22, 0x28, 0x98, 0x9C, 0xAE, 0x63, 0x32,
- 0xAC, 0x48, 0x64, 0x37, 0xCB, 0x5C, 0x57, 0xD4,
- 0x30, 0x74, 0x62, 0x86, 0x52, 0x53, 0xBE, 0x21,
- 0x7B, 0x35, 0x15, 0xC7, 0x3D, 0xF4, 0x05, 0xB7,
- 0xF2, 0x82, 0x17, 0xAD, 0x0B, 0x8C, 0xF6, 0x0C,
- 0x2F, 0xFF, 0xAA, 0x0A, 0x00, 0x48, 0xB1, 0xFB,
- 0x4A, 0xCD, 0xCD, 0xC3, 0x8B, 0x52, 0x50, 0xCF,
- 0xEC, 0x35, 0x6A, 0x6D, 0xE2, 0x6C, 0xFA, 0x7A,
- 0x58, 0x8F, 0xDC, 0x86, 0xF9, 0x8C, 0x85, 0x4A,
- 0xC6, 0x4C, 0x7B, 0xFA, 0xA9, 0x6F, 0x5A, 0x32,
- 0xCC, 0x06, 0x10, 0x93, 0x4B, 0xAA, 0x6A, 0x58,
- 0x6B, 0x9A, 0x20, 0x54, 0xF1, 0x3B, 0xA2, 0x74,
- 0x17, 0x4A, 0xA0, 0xD2, 0xB3, 0xA8, 0x1B, 0x96,
- 0xA9, 0x40, 0x66, 0x6F, 0x78, 0x9B, 0x5A, 0x6B,
- 0xCD, 0xC0, 0xA6, 0xA0, 0x17, 0x8A, 0x0C, 0x9A,
- 0x02, 0x57, 0x8A, 0x49, 0x3F, 0x6E, 0xEA, 0x0D,
- 0x2E, 0x6C, 0x13, 0x95, 0x1C, 0x9F, 0x24, 0x9A,
- 0x5E, 0x8D, 0xD7, 0x1D, 0xD4, 0x9A, 0x74, 0x2D,
- 0x45, 0x1F, 0x1A, 0xBB, 0xA1, 0x9A, 0xF8, 0xC5,
- 0x47, 0x85, 0x5E, 0x0A, 0xFC, 0x72, 0x8E, 0x90,
- 0xAB, 0xB4, 0x99, 0xC9, 0xBE, 0xEB, 0x76, 0x6F,
- 0x47, 0x29, 0xCD, 0xA2, 0x22, 0x63, 0xE3, 0x24,
- 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
- 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
- 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
- 0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C,
- 0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D,
- 0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25,
- 0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52,
- 0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37,
- 0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08,
- 0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20,
- 0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C,
- 0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83,
- 0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6,
- 0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB,
- 0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91,
- 0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5,
- 0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8,
- 0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C,
- 0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A,
- 0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34,
- 0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90,
- 0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C,
- 0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4,
- 0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B,
- 0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23,
- 0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98,
- 0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C,
- 0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6,
- 0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B,
- 0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2,
- 0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B,
- 0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26,
- 0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03,
- 0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16,
- 0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3,
- 0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20,
- 0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76,
- 0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D,
- 0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E,
- 0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75,
- 0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F,
- 0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76,
- 0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB,
- 0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA,
- 0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59,
- 0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11,
- 0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE,
- 0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23,
- 0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35,
- 0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB,
- 0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7,
- 0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52,
- 0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8,
- 0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F,
- 0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3,
- 0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2,
- 0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77,
- 0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A,
- 0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8,
- 0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34,
- 0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18,
- 0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A,
- 0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56,
- 0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3,
- 0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0,
- 0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89,
- 0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84,
- 0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F,
- 0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54,
- 0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9,
- 0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B,
- 0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6,
- 0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53,
- 0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A,
- 0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B,
- 0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68,
- 0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8,
- 0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82,
- 0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C,
- 0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B,
- 0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A,
- 0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61,
- 0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51,
- 0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE,
- 0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6,
- 0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5,
- 0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E,
- 0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4,
- 0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D,
- 0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E,
- 0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7,
- 0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20,
- 0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2,
- 0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B,
- 0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9,
- 0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69,
- 0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B,
- 0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4,
- 0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97,
- 0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15,
- 0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37,
- 0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41,
- 0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85,
- 0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48,
- 0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C,
- 0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58,
- 0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53,
- 0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6,
- 0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4,
- 0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A,
- 0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8,
- 0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21,
- 0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8,
- 0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06,
- 0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0,
- 0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8,
- 0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F,
- 0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55,
- 0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98,
- 0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00,
- 0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5,
- 0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06,
- 0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F,
- 0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77,
- 0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99,
- 0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88,
- 0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59,
- 0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03,
- 0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B,
- 0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A,
- 0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD,
- 0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD,
- 0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1,
- 0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56,
- 0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43,
- 0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55,
- 0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC,
- 0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19,
- 0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86,
- 0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88,
- 0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64,
- 0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87,
- 0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2,
- 0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05,
- 0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA,
- 0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F,
- 0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57,
- 0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA,
- 0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A,
- 0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC,
- 0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29,
- 0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3,
- 0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D,
- 0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9,
- 0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E,
- 0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46,
- 0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3,
- 0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E,
- 0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B,
- 0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34,
- 0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26,
- 0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12,
- 0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B,
- 0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF,
- 0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57,
- 0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1,
- 0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5,
- 0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C,
- 0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3,
- 0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA,
- 0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD,
- 0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12,
- 0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82,
- 0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92,
- 0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55,
- 0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A,
- 0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF,
- 0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4,
- 0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22,
- 0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85,
- 0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0,
- 0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15,
- 0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E,
- 0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32,
- 0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99,
- 0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66,
- 0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78,
- 0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28,
- 0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F,
- 0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B,
- 0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE,
- 0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31,
- 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
- 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
- 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
- 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
- 0x8A, 0x39, 0xE8, 0x7D, 0x53, 0x1F, 0x35, 0x27,
- 0xC2, 0x07, 0xED, 0xCC, 0x1D, 0xB7, 0xFA, 0xDD,
- 0xCF, 0x96, 0x28, 0x39, 0x18, 0x79, 0xB3, 0x35,
- 0xC7, 0x07, 0x83, 0x9A, 0x0D, 0xB0, 0x51, 0xA8,
- 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
- 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
- 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
- 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = {
- 0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1,
- 0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1,
- 0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE,
- 0x45, 0x19, 0x79, 0xEB, 0xFA, 0x5E, 0x4E, 0x31,
- 0x12, 0xC7, 0xC0, 0xAD, 0xF9, 0x98, 0x24, 0xBB,
- 0x52, 0x6F, 0x2C, 0x35, 0x50, 0x74, 0x8E, 0xD0,
- 0xE1, 0x34, 0xF0, 0x45, 0x7A, 0x7C, 0x61, 0xF9,
- 0xF5, 0x26, 0xF0, 0x02, 0xBA, 0xAD, 0xC0, 0x3F,
- 0xC1, 0x3E, 0x38, 0x13, 0x12, 0x19, 0x51, 0x3C,
- 0x3E, 0xDE, 0x06, 0x16, 0x61, 0xE7, 0x4F, 0x60,
- 0x3C, 0x4F, 0xCF, 0x79, 0x51, 0xC8, 0xE5, 0x2C,
- 0x9C, 0x21, 0x3B, 0x0D, 0x22, 0xD9, 0x29, 0x36,
- 0x63, 0xD6, 0x69, 0xA6, 0xB5, 0x8E, 0xD8, 0xFC,
- 0xEF, 0xCF, 0x82, 0x49, 0xD7, 0xBB, 0x52, 0x98,
- 0xF5, 0x57, 0x61, 0x44, 0x5B, 0x2B, 0x83, 0xCE,
- 0x7F, 0x00, 0x5C, 0xB0, 0x42, 0x48, 0xAE, 0xC8,
- 0xBD, 0xA2, 0x2F, 0xD2, 0xD4, 0x2A, 0xA7, 0x66,
- 0x32, 0x20, 0x14, 0xEA, 0x03, 0x8C, 0xC3, 0x2C,
- 0x55, 0xC8, 0xE4, 0xB9, 0xE2, 0x8E, 0xC9, 0x11,
- 0x9F, 0x52, 0x73, 0x41, 0xE4, 0xF6, 0x6A, 0x03,
- 0x51, 0x21, 0x07, 0x3B, 0x85, 0xDE, 0x67, 0x06,
- 0xDA, 0x19, 0xE0, 0x83, 0x8A, 0x9F, 0x33, 0xB7,
- 0x19, 0xA6, 0x8F, 0x03, 0x9B, 0x66, 0x4D, 0xC0,
- 0x02, 0x65, 0x9E, 0xAB, 0xFC, 0x39, 0x86, 0x79,
- 0xAA, 0x70, 0x09, 0xCE, 0x0C, 0xD0, 0x1C, 0xDA,
- 0xFB, 0x6C, 0xD2, 0xA2, 0x6F, 0xE4, 0x10, 0x16,
- 0x72, 0xC9, 0x8F, 0xF5, 0x8F, 0x7C, 0x47, 0xD5,
- 0xBD, 0xA2, 0x90, 0x66, 0x53, 0xB3, 0xA6, 0xF9,
- 0x65, 0x1F, 0x7A, 0x12, 0x1E, 0xA7, 0x7E, 0xA7,
- 0x47, 0x23, 0xFA, 0xE5, 0xB8, 0x73, 0xF9, 0xBB,
- 0x7B, 0x66, 0x4F, 0x0C, 0x8A, 0x93, 0x83, 0x1E,
- 0xF9, 0xD5, 0x1C, 0x7C, 0xC1, 0xEF, 0x44, 0xAC,
- 0x0E, 0x55, 0xA5, 0x5C, 0xA7, 0x6D, 0x13, 0x7F,
- 0xE9, 0xB7, 0x5F, 0x40, 0x50, 0x9C, 0xEF, 0x15,
- 0x6E, 0x5A, 0xD1, 0x8F, 0x9F, 0xB9, 0x99, 0x68,
- 0x00, 0x08, 0xE5, 0x47, 0xD5, 0x5E, 0xEC, 0xD5,
- 0xB4, 0xD1, 0xCB, 0x1D, 0x9F, 0x07, 0x6C, 0xEC,
- 0x21, 0x50, 0x1C, 0x74, 0x02, 0x50, 0x9E, 0xCB,
- 0x77, 0xAF, 0xB2, 0xCB, 0x9A, 0x61, 0x34, 0x0A,
- 0x8B, 0xD1, 0x51, 0x4C, 0x6E, 0x71, 0xB4, 0xAA,
- 0x45, 0xE4, 0x7E, 0xC3, 0x75, 0x12, 0x27, 0x1B,
- 0x91, 0x1F, 0x8F, 0xB4, 0x6C, 0x90, 0x82, 0xC9,
- 0xDF, 0x07, 0x20, 0x4A, 0xBB, 0x5A, 0x50, 0xE6,
- 0xE3, 0x64, 0x7A, 0x8A, 0xD4, 0xD8, 0xD5, 0xD7,
- 0xBF, 0xF1, 0x9C, 0x8A, 0x50, 0x93, 0x08, 0xBC,
- 0xFB, 0x89, 0x55, 0x36, 0xD0, 0x45, 0xCA, 0x2B,
- 0x97, 0xCB, 0x16, 0xA2, 0x9B, 0xB7, 0x18, 0x1C,
- 0xAD, 0x05, 0x09, 0xDD, 0xB9, 0x17, 0x35, 0x02,
- 0x8E, 0xBA, 0x8C, 0x31, 0xD7, 0x4B, 0xD2, 0x75,
- 0xEA, 0xA6, 0x5B, 0x53, 0x40, 0xB3, 0xA4, 0x3F,
- 0xBF, 0xE0, 0xB3, 0x06, 0x1D, 0x6B, 0xAE, 0x7E,
- 0x75, 0xB7, 0x09, 0x8C, 0xDA, 0xBE, 0x91, 0xD4,
- 0xB3, 0x1E, 0x36, 0xC9, 0xAA, 0x7A, 0x82, 0x98,
- 0x86, 0x2A, 0xD6, 0x3C, 0x8F, 0xD2, 0x82, 0xE0,
- 0x3B, 0x46, 0x0B, 0x3A, 0xB4, 0x64, 0xCE, 0x0F,
- 0x27, 0xB1, 0xC3, 0xD1, 0x11, 0x55, 0xAC, 0xAA,
- 0x01, 0x1E, 0xB9, 0xE2, 0xAE, 0x3E, 0x6D, 0xDA,
- 0x07, 0xD6, 0xF4, 0x91, 0x73, 0x7C, 0xBC, 0xE9,
- 0xB0, 0x5F, 0x9B, 0xC5, 0x6B, 0xE2, 0x0E, 0x8D,
- 0x32, 0x6B, 0xA1, 0x32, 0xC5, 0x7F, 0xB2, 0x35,
- 0x16, 0x11, 0x44, 0x51, 0x9C, 0xDF, 0x40, 0x56,
- 0x0F, 0xBE, 0x27, 0x9B, 0xDE, 0x41, 0x1E, 0x11,
- 0x25, 0x31, 0xF8, 0x26, 0xD6, 0xAB, 0x10, 0xD4,
- 0x54, 0x73, 0x50, 0xAD, 0xD2, 0xA9, 0xDE, 0x8D,
- 0x62, 0xC2, 0xAC, 0x82, 0xCA, 0xBE, 0x68, 0x15,
- 0x64, 0x6F, 0x4D, 0xC9, 0x74, 0x2B, 0xB0, 0xC2,
- 0xA3, 0xF7, 0x7E, 0xC7, 0xB4, 0x6C, 0x6B, 0x53,
- 0x76, 0x05, 0xFA, 0x31, 0x79, 0x8C, 0xD8, 0x92,
- 0x81, 0x22, 0x1A, 0x33, 0xDF, 0xB9, 0x79, 0x6E,
- 0x64, 0x43, 0x05, 0x63, 0x03, 0x32, 0xC2, 0xCB,
- 0x93, 0x14, 0x08, 0xAB, 0x48, 0x1A, 0x16, 0xD9,
- 0x53, 0xF6, 0xBE, 0xAE, 0x38, 0x91, 0xD6, 0xD9,
- 0xAC, 0x1F, 0xAB, 0x38, 0x22, 0x2D, 0x92, 0x71,
- 0x87, 0x2D, 0x9D, 0x0C, 0xAD, 0xB9, 0x1A, 0xBE,
- 0x9B, 0x4E, 0x26, 0x5F, 0x75, 0xC6, 0xE5, 0xE8,
- 0x29, 0xE1, 0x46, 0xC3, 0xD8, 0xCE, 0x1E, 0x9D,
- 0x12, 0xE0, 0xD1, 0x29, 0x80, 0x19, 0x57, 0xF4,
- 0x6B, 0x0D, 0x2D, 0xBE, 0x1F, 0x74, 0x9B, 0x1D,
- 0x08, 0xE2, 0x34, 0x5F, 0x62, 0x39, 0xA7, 0x31,
- 0x34, 0x2E, 0xB7, 0x5B, 0x0C, 0xF1, 0xBF, 0x41,
- 0x17, 0x49, 0xBC, 0x2C, 0xAF, 0x28, 0x10, 0xB7,
- 0x88, 0xC6, 0xB7, 0x23, 0x8B, 0x4D, 0x3D, 0xA2,
- 0xD6, 0x31, 0x5C, 0xE9, 0x54, 0x2E, 0x24, 0x40,
- 0x4F, 0x14, 0x57, 0x55, 0xA3, 0x0A, 0xB8, 0x51,
- 0xE4, 0x44, 0x58, 0x41, 0xBD, 0x33, 0xF7, 0x16,
- 0xA5, 0x86, 0x88, 0x48, 0x88, 0xEC, 0xC6, 0xBC,
- 0x64, 0x98, 0xAA, 0x32, 0x91, 0x9A, 0xE8, 0x1D,
- 0x20, 0xC2, 0x69, 0x73, 0xC2, 0xBD, 0x54, 0x58,
- 0x2A, 0x0F, 0x6A, 0xD9, 0x8A, 0xBF, 0xD2, 0x62,
- 0x7E, 0x15, 0x69, 0x0A, 0x72, 0x7E, 0x69, 0xF5,
- 0x81, 0xDD, 0x2A, 0x71, 0x27, 0x98, 0x2A, 0x90,
- 0xE3, 0x3E, 0x2D, 0x4A, 0x03, 0xFE, 0x33, 0x91,
- 0x42, 0xC7, 0xE4, 0x4C, 0x32, 0x6A, 0xC4, 0x6E,
- 0xD3, 0x95, 0xA2, 0x25, 0xD3, 0x03, 0x33, 0x89,
- 0x91, 0x73, 0x28, 0xB4, 0x53, 0x16, 0xB1, 0x58,
- 0x5A, 0x01, 0xB2, 0xC3, 0x04, 0xB2, 0x94, 0x4E,
- 0x90, 0x3A, 0xBB, 0xB3, 0xEC, 0x56, 0x19, 0x44,
- 0x1C, 0xFC, 0x89, 0x65, 0xA4, 0x46, 0xDF, 0x75,
- 0xDE, 0xFA, 0x80, 0xC6, 0xE1, 0x5A, 0xDB, 0xD5,
- 0x06, 0xB7, 0xAB, 0x2D, 0xE1, 0x2D, 0xDA, 0x9B,
- 0xC8, 0x14, 0x41, 0xCF, 0xC8, 0x90, 0x52, 0xE2,
- 0xE5, 0x80, 0x8F, 0x71, 0x26, 0xC6, 0xFD, 0x3A,
- 0xC6, 0xAC, 0x80, 0x81, 0x25, 0x8A, 0x84, 0xA0,
- 0x9A, 0xE5, 0x0F, 0x6C, 0xD7, 0xCC, 0x0F, 0x4A,
- 0xF3, 0x36, 0xFD, 0x1D, 0x64, 0x3E, 0x99, 0x07,
- 0x99, 0x96, 0x26, 0x8C, 0x2D, 0x32, 0xD9, 0x09,
- 0xF2, 0x2E, 0x35, 0x04, 0xF0, 0x7F, 0xBB, 0x56,
- 0x31, 0x96, 0xD4, 0x31, 0x2F, 0xDD, 0xB9, 0x33,
- 0x5D, 0x5C, 0x1D, 0x36, 0xE8, 0xC5, 0xEE, 0xA2,
- 0x27, 0x8D, 0xBA, 0x23, 0xB9, 0x4D, 0x19, 0x3C,
- 0x94, 0x7C, 0xC4, 0x1C, 0xA9, 0x93, 0xDC, 0x7D,
- 0xB1, 0x39, 0x63, 0x40, 0xAD, 0x9C, 0x4F, 0xE6,
- 0x87, 0xDD, 0x7B, 0x8D, 0x0C, 0x7A, 0x51, 0x20,
- 0xAE, 0x02, 0x04, 0xF2, 0xC6, 0x65, 0xBD, 0x5F,
- 0x47, 0x3D, 0x64, 0x4C, 0x7F, 0xF2, 0x6B, 0xFF,
- 0xBA, 0x7A, 0x36, 0x98, 0x08, 0x30, 0x70, 0x21,
- 0x28, 0xA7, 0xE6, 0x61, 0xD6, 0x77, 0xA0, 0x92,
- 0xA3, 0x6E, 0x74, 0x28, 0xA4, 0x13, 0x9F, 0xB2,
- 0x9B, 0x00, 0x95, 0xCC, 0x11, 0x08, 0x6F, 0x44,
- 0x7D, 0x2A, 0x9E, 0xF6, 0xC9, 0xB1, 0x61, 0xF1,
- 0x89, 0xC6, 0x29, 0x9E, 0x08, 0x4C, 0xB7, 0xAA,
- 0x00, 0xFA, 0xF7, 0x87, 0x79, 0x7B, 0xFB, 0x06,
- 0x9F, 0xBC, 0x08, 0x7F, 0xDE, 0x26, 0x25, 0x2A,
- 0x16, 0x64, 0xF1, 0x9C, 0x5A, 0x8A, 0x22, 0xEC,
- 0x5E, 0xE1, 0xAE, 0xB0, 0x76, 0x35, 0x7B, 0x7D,
- 0xC3, 0x7E, 0x6B, 0x0F, 0x15, 0x20, 0xF9, 0x58,
- 0xF7, 0x85, 0x1B, 0xAC, 0xB9, 0x2C, 0x89, 0xFD,
- 0x11, 0x4A, 0x72, 0xFE, 0xAC, 0x54, 0x65, 0x2D,
- 0x45, 0xB0, 0x9E, 0x1A, 0xE7, 0x65, 0x1A, 0xBD,
- 0x16, 0x4B, 0xCD, 0x53, 0x7D, 0x58, 0xFA, 0x39,
- 0xD3, 0xEC, 0x8A, 0xCD, 0xCD, 0xF9, 0x84, 0x25,
- 0x00, 0x58, 0x62, 0xFA, 0x59, 0x69, 0x2D, 0xE1,
- 0x62, 0xB7, 0x7E, 0x62, 0x97, 0xC6, 0x62, 0x33,
- 0x34, 0x84, 0x08, 0xA8, 0xAB, 0x69, 0x5C, 0xE2,
- 0xF2, 0x72, 0x8D, 0xB9, 0xFB, 0xE2, 0x7E, 0x95,
- 0x89, 0x67, 0xEC, 0x59, 0x74, 0x76, 0x7C, 0x5A,
- 0x66, 0x02, 0x30, 0x74, 0xB4, 0xA7, 0x1A, 0xFD,
- 0x26, 0x4A, 0xD2, 0x89, 0x0E, 0x97, 0x0A, 0x1F,
- 0x31, 0xD6, 0xE3, 0x31, 0x1B, 0x73, 0x6F, 0x9F,
- 0x94, 0x88, 0x79, 0x3D, 0xDC, 0x88, 0xF2, 0x34,
- 0x58, 0x06, 0x42, 0x54, 0xC8, 0x2A, 0x1D, 0x9E,
- 0x59, 0xEA, 0xD2, 0xFC, 0xEC, 0x40, 0xB4, 0x30,
- 0x68, 0x7C, 0x4B, 0x7E, 0x28, 0x96, 0x09, 0x26,
- 0xAF, 0xCA, 0xCC, 0x9B, 0xD7, 0x56, 0xA7, 0x10,
- 0x88, 0xC7, 0x84, 0x50, 0xE2, 0x0A, 0x2E, 0x98,
- 0x0A, 0xED, 0xE9, 0xEB, 0xED, 0xFE, 0x7F, 0xAB,
- 0xD6, 0xAB, 0xFE, 0x96, 0xF9, 0x34, 0xC4, 0xB0,
- 0x2C, 0x01, 0xCA, 0x19, 0x4D, 0x01, 0xB7, 0x3C,
- 0x25, 0xD5, 0x99, 0x70, 0x39, 0xD3, 0xFC, 0xD0,
- 0xF0, 0x99, 0x52, 0x1F, 0x70, 0xCA, 0xEE, 0x69,
- 0x11, 0x0A, 0xC1, 0xFC, 0x5A, 0x99, 0x91, 0x7A,
- 0xD7, 0x52, 0xFC, 0x96, 0xAD, 0xFA, 0xD7, 0x18,
- 0x6D, 0x0A, 0x7C, 0x9C, 0xFE, 0x56, 0x01, 0xC0,
- 0x75, 0x14, 0xEA, 0x64, 0x48, 0xD6, 0x61, 0xC5,
- 0x7A, 0xA2, 0x02, 0x42, 0x10, 0x3C, 0x42, 0x76,
- 0xA0, 0x70, 0xA4, 0x89, 0xA4, 0xCB, 0x6B, 0xCA,
- 0x0F, 0x9E, 0xCC, 0x43, 0x79, 0xFB, 0x22, 0x02,
- 0x15, 0xFD, 0x91, 0xF8, 0x10, 0x19, 0xD5, 0xB0,
- 0xAE, 0x61, 0x93, 0x58, 0xB5, 0x24, 0x68, 0xF2,
- 0x72, 0xC1, 0x78, 0xE3, 0xA7, 0x4C, 0xF6, 0x77,
- 0x5A, 0xA9, 0x24, 0xFE, 0x32, 0x9C, 0x31, 0x75,
- 0xD9, 0xE4, 0xC3, 0xE2, 0x1A, 0xB9, 0xEC, 0x83,
- 0x6E, 0xDC, 0x3A, 0xCA, 0xB2, 0xE3, 0x89, 0x1E,
- 0xE8, 0xDE, 0xDA, 0x51, 0x5D, 0x39, 0xAF, 0x9B,
- 0x8D, 0xDD, 0x0E, 0xE7, 0xB0, 0x16, 0x4F, 0x80,
- 0x5C, 0x38, 0x35, 0xF6, 0xD2, 0xBA, 0xBD, 0xB3,
- 0x0E, 0xAB, 0x47, 0x56, 0xE7, 0xEC, 0x7F, 0x82,
- 0x9E, 0xCE, 0x01, 0xE8, 0xEA, 0xDF, 0xBB, 0xED,
- 0x12, 0xFC, 0x28, 0x3B, 0x3D, 0x4C, 0x69, 0xF5,
- 0x75, 0xE7, 0xF8, 0x04, 0x17, 0x68, 0x9F, 0xDF,
- 0xCF, 0xC7, 0xBE, 0x27, 0xEE, 0x3B, 0x8C, 0xDF,
- 0x57, 0xAA, 0xEB, 0xEC, 0x4A, 0x95, 0xB7, 0xE5,
- 0xBB, 0x58, 0x5B, 0x85, 0x22, 0x7F, 0x7C, 0x32,
- 0xBE, 0x30, 0xDB, 0x3E, 0x65, 0xE4, 0x2E, 0x30,
- 0xDC, 0xF5, 0xA5, 0xFA, 0x07, 0x3D, 0xBA, 0x39,
- 0x9D, 0x94, 0x2F, 0x22, 0x22, 0xAD, 0xB9, 0xB9,
- 0x89, 0x81, 0x02, 0xAF, 0xE5, 0x43, 0x2E, 0xDC,
- 0x7F, 0x04, 0xAE, 0x34, 0xA8, 0xFE, 0xC2, 0xD8,
- 0x1C, 0xB4, 0x9A, 0x9A, 0x9B, 0x43, 0x81, 0x4C,
- 0xE7, 0x1D, 0x97, 0xF7, 0x26, 0xE2, 0xB1, 0xE8,
- 0xF6, 0x4B, 0x50, 0xE6, 0x5D, 0xFB, 0x48, 0x16,
- 0xE1, 0x2E, 0x82, 0xA3, 0x19, 0x74, 0x84, 0xA4,
- 0xE9, 0xBB, 0xA4, 0xD2, 0xD6, 0x9E, 0x3F, 0x19,
- 0xD0, 0xB7, 0x5C, 0x21, 0xE2, 0xBF, 0xFE, 0x9F,
- 0xC0, 0xC9, 0x8C, 0xF4, 0x8A, 0x3A, 0xAF, 0x08,
- 0xD4, 0x67, 0xF7, 0x26, 0x87, 0xDF, 0x01, 0x78,
- 0x17, 0x4B, 0x78, 0x97, 0xF7, 0x34, 0x34, 0x9B,
- 0x18, 0x1E, 0xCA, 0x86, 0xA5, 0x98, 0xA0, 0xC5,
- 0xE8, 0xC2, 0x59, 0x46, 0xF2, 0x4D, 0xC5, 0x57,
- 0x2B, 0xD3, 0x24, 0xA4, 0x04, 0x58, 0xA7, 0x88,
- 0xE5, 0x13, 0x7F, 0x3C, 0x7A, 0x7C, 0x97, 0xFC,
- 0x9F, 0x12, 0xA3, 0xC4, 0x63, 0xA8, 0xFE, 0x94,
- 0x49, 0x10, 0x1C, 0xCE, 0x96, 0x6D, 0x7C, 0x00,
- 0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4,
- 0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7,
- 0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13
- };
- WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = {
- 0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4,
- 0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5,
- 0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55,
- 0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19
- };
- #ifdef WOLFSSL_SMALL_STACK
- key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv = (byte *)XMALLOC(KYBER1024_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub = (byte *)XMALLOC(KYBER1024_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ct = (byte *)XMALLOC(KYBER1024_CIPHER_TEXT_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (! (key && priv && pub && ct && ss && ss_dec))
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- else
- key_inited = 1;
- ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand,
- sizeof(kyber1024_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER_MAX_PUBLIC_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER_MAX_PRIVATE_KEY_SIZE);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(pub, kyber1024_pk, sizeof(kyber1024_pk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
- sizeof(kyber1024enc_rand));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ct, kyber1024_ct, sizeof(kyber1024_ct)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, sizeof(kyber1024_ct));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- out:
- if (key_inited)
- wc_KyberKey_Free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_KYBER1024 */
- #endif /* WOLFSSL_WC_KYBER */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
- {
- wc_test_ret_t ret;
- WC_RNG rng;
- int i;
- #ifdef WOLFSSL_SMALL_STACK
- KyberKey *key = NULL;
- byte *priv = NULL;
- byte *pub = NULL;
- byte *priv2 = NULL;
- byte *pub2 = NULL;
- byte *ct = NULL;
- byte *ss = NULL;
- byte *ss_dec = NULL;
- #else
- KyberKey key[1];
- byte priv[KYBER_MAX_PRIVATE_KEY_SIZE];
- byte pub[KYBER_MAX_PUBLIC_KEY_SIZE];
- byte priv2[KYBER_MAX_PRIVATE_KEY_SIZE];
- byte pub2[KYBER_MAX_PUBLIC_KEY_SIZE];
- byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
- byte ss[KYBER_SS_SZ];
- byte ss_dec[KYBER_SS_SZ];
- #endif
- int key_inited = 0;
- static const int testData[][4] = {
- #ifdef WOLFSSL_KYBER512
- { KYBER512, KYBER512_PRIVATE_KEY_SIZE, KYBER512_PUBLIC_KEY_SIZE,
- KYBER512_CIPHER_TEXT_SIZE },
- #endif
- #ifdef WOLFSSL_KYBER768
- { KYBER768, KYBER768_PRIVATE_KEY_SIZE, KYBER768_PUBLIC_KEY_SIZE,
- KYBER768_CIPHER_TEXT_SIZE },
- #endif
- #ifdef WOLFSSL_KYBER1024
- { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE,
- KYBER1024_CIPHER_TEXT_SIZE },
- #endif
- };
- WOLFSSL_ENTER("kyber_test");
- #ifdef WOLFSSL_SMALL_STACK
- key = (KyberKey *)XMALLOC(sizeof(KyberKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- priv2 = (byte *)XMALLOC(KYBER_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- pub2 = (byte *)XMALLOC(KYBER_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ct = (byte *)XMALLOC(KYBER_MAX_CIPHER_TEXT_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- ss_dec = (byte *)XMALLOC(KYBER_SS_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (! (key && priv && pub && priv2 && pub2 && ct && ss && ss_dec))
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
- ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- else
- key_inited = 1;
- ret = wc_KyberKey_MakeKey(key, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub, testData[i][2]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv, testData[i][1]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_DecodePublicKey(key, pub, testData[i][2]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_Encapsulate(key, ct, ss, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_EncodePublicKey(key, pub2, testData[i][2]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(pub, pub2, testData[i][2]) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_Init(testData[i][0], key, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_DecodePrivateKey(key, priv, testData[i][1]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_Decapsulate(key, ss_dec, ct, testData[i][3]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(ss, ss_dec, KYBER_SS_SZ) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- ret = wc_KyberKey_EncodePrivateKey(key, priv2, testData[i][1]);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- if (XMEMCMP(priv, priv2, testData[i][2]) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
- }
- wc_FreeRng(&rng);
- #ifdef WOLFSSL_WC_KYBER
- #ifdef WOLFSSL_KYBER512
- ret = kyber512_kat();
- if (ret != 0)
- goto out;
- #endif
- #ifdef WOLFSSL_KYBER768
- ret = kyber768_kat();
- if (ret != 0)
- goto out;
- #endif
- #ifdef WOLFSSL_KYBER1024
- ret = kyber1024_kat();
- if (ret != 0)
- goto out;
- #endif
- #endif /* WOLFSSL_WC_KYBER */
- out:
- if (key_inited)
- wc_KyberKey_Free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_HAVE_KYBER */
- #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
- static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz,
- void *context)
- {
- /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
- * BE USED FOR TESTING PURPOSES! Production applications should
- * write only to non-volatile storage. */
- XMEMCPY(context, priv, privSz);
- return WC_XMSS_RC_SAVED_TO_NV_MEMORY;
- }
- static enum wc_XmssRc xmss_read_key_mem(byte * priv, word32 privSz,
- void *context)
- {
- /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
- * BE USED FOR TESTING PURPOSES! */
- XMEMCPY(priv, context, privSz);
- return WC_XMSS_RC_READ_TO_MEMORY;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
- {
- int i = 0;
- int j = 0;
- XmssKey signingKey;
- XmssKey verifyKey;
- WC_RNG rng;
- word32 pkSz = 0;
- word32 skSz = 0;
- word32 sigSz = 0;
- word32 bufSz = 0;
- unsigned char * sk = NULL;
- unsigned char * old_sk = NULL;
- const char * msg = "XMSS post quantum signature test";
- word32 msgSz = (word32) XSTRLEN(msg);
- #if WOLFSSL_XMSS_MIN_HEIGHT <= 10
- const char * param = "XMSS-SHA2_10_256";
- #elif WOLFSSL_XMSS_MIN_HEIGHT <= 20
- const char * param = "XMSSMT-SHA2_20/4_256";
- #elif WOLFSSL_XMSS_MIN_HEIGHT <= 40
- const char * param = "XMSSMT-SHA2_40/8_256";
- #else
- const char * param = "XMSSMT-SHA2_60/12_256";
- #endif
- byte * sig = NULL;
- int ret2 = -1;
- int ret = WC_TEST_RET_ENC_NC;
- WOLFSSL_ENTER("xmss_test");
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_Init(&signingKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Set the parameter string to the signing key, and
- * get sizes for secret key, pub key, and signature. */
- ret = wc_XmssKey_SetParamStr(&signingKey, param);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_GetPubLen(&signingKey, &pkSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (pkSz != XMSS_SHA256_PUBLEN) {
- return WC_TEST_RET_ENC_EC(pkSz);
- }
- ret = wc_XmssKey_GetPrivLen(&signingKey, &skSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_GetSigLen(&signingKey, &sigSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Allocate signature array. */
- sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (sig == NULL) { return WC_TEST_RET_ENC_ERRNO; }
- bufSz = sigSz;
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- fprintf(stderr, "param: %s\n", param);
- fprintf(stderr, "pkSz: %d\n", pkSz);
- fprintf(stderr, "skSz: %d\n", skSz);
- fprintf(stderr, "sigSz: %d\n", sigSz);
- #endif
- /* Allocate current and old secret keys.*/
- sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
- old_sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (old_sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
- XMEMSET(sk, 0, skSz);
- XMEMSET(old_sk, 0, skSz);
- XMEMSET(sig, 0, sigSz);
- ret = wc_XmssKey_SetWriteCb(&signingKey, xmss_write_key_mem);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_SetReadCb(&signingKey, xmss_read_key_mem);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_SetContext(&signingKey, (void *) sk);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_MakeKey(&signingKey, &rng);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Export the pub to a verify key. */
- ret = wc_XmssKey_ExportPub(&verifyKey, &signingKey);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Repeat a few times to check that:
- * 1. The secret key is mutated on each sign.
- * 2. We can verify each new signature.
- * Only do a few times, because the full signature space
- * for this parameter set is huge. */
- for (i = 0; i < 10; ++i) {
- XMEMCPY(old_sk, sk, skSz);
- ret = wc_XmssKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
- if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
- if (sigSz != bufSz) { return WC_TEST_RET_ENC_I(i); }
- /* Old secret key and current secret key should not match. */
- ret = XMEMCMP(old_sk, sk, skSz);
- if (ret == 0) { return WC_TEST_RET_ENC_I(i); }
- ret = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
- if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
- /* Flip bits in a few places throughout the signature, stepping in multiple
- * of hash size. These should all fail with -1. */
- for (j = 0; j < (int) sigSz; j+= 4 * 32) {
- sig[j] ^= 1;
- ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
- msgSz);
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- /* Verify passed when it should have failed. */
- return WC_TEST_RET_ENC_I(j);
- }
- /* Flip this spot back. */
- sig[j] ^= 1;
- }
- }
- /* Cleanup everything. */
- if (sig != NULL) {
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- sig = NULL;
- }
- if (sk != NULL) {
- XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- sk = NULL;
- }
- if (old_sk != NULL) {
- XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- old_sk = NULL;
- }
- wc_XmssKey_Free(&signingKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /*if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)*/
- #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_SMALL_STACK) && \
- WOLFSSL_XMSS_MIN_HEIGHT <= 10
- /* A simple xmss verify only test using:
- * XMSS-SHA2_10_256
- * pub len: 68
- * msg len: 32
- * sig len: 2500
- *
- * These were generated with the test xmss_fast, from the unpatched
- * xmss-reference repository:
- * https://github.com/XMSS/xmss-reference
- * */
- static const byte xmss_pub[XMSS_SHA256_PUBLEN] =
- {
- 0x00,0x00,0x00,0x01,0xA5,0x41,0x31,0x96,
- 0x0A,0xF9,0xF3,0xB2,0x4B,0x2E,0x5B,0x3E,
- 0xCA,0x74,0xAD,0x6C,0xA5,0x89,0xAD,0x2C,
- 0x0E,0x96,0xB3,0x54,0xFB,0x5B,0x63,0x50,
- 0x96,0x81,0xE2,0x59,0x72,0x10,0x09,0x54,
- 0xBB,0x39,0xAC,0xEE,0x78,0xEF,0x95,0xEC,
- 0x01,0x1D,0xF0,0x36,0x68,0xE2,0xC4,0xA5,
- 0x2F,0x60,0x42,0x7E,0xD3,0x8E,0xAA,0x27,
- 0xC9,0xB7,0x39,0x4E
- };
- static /* not const */ byte xmss_msg[32] =
- {
- 0x07,0x9F,0x80,0x86,0xDB,0x76,0x27,0xDF,
- 0xED,0x5B,0x2A,0x81,0x60,0x60,0x7D,0xB4,
- 0xE8,0x7A,0x69,0x45,0x20,0x6B,0xA2,0x96,
- 0xC0,0x21,0xA5,0x46,0x29,0x63,0x9B,0x37
- };
- /* This was actually the 5th signature produced from
- * xmss_fast test in xmss-reference. */
- static /* not const */ byte xmss_sig[2500] =
- {
- 0x00,0x00,0x00,0x05,0xF0,0x15,0x34,0xBA,
- 0x92,0x03,0x6A,0xB9,0xA5,0x23,0x86,0x11,
- 0xAE,0x65,0x0A,0x5C,0x78,0x2C,0xC9,0xBE,
- 0x7E,0xA6,0xDC,0xA2,0x8B,0xA9,0x9C,0x50,
- 0xF6,0x61,0x8D,0x9D,0xD7,0xE9,0xC0,0xF8,
- 0x67,0xCD,0x8A,0xC4,0x9B,0x74,0x96,0x07,
- 0x5D,0xF2,0xC9,0xCC,0x28,0x05,0xB1,0xBE,
- 0x5E,0xA4,0xBA,0xBE,0xAB,0xD8,0x21,0x6B,
- 0x21,0x5F,0xAB,0xB7,0x6C,0xEC,0x2F,0xC8,
- 0xC6,0x74,0x3E,0x97,0x1B,0xC3,0x45,0x57,
- 0xAF,0xAA,0x1E,0xA8,0xF2,0x86,0xA8,0xAA,
- 0x43,0x6D,0x66,0xE9,0x81,0x14,0xDE,0x09,
- 0x39,0xD2,0xAF,0xD1,0x4C,0xE7,0x75,0x18,
- 0x0D,0xAA,0x29,0xA1,0x92,0x53,0xCC,0xE9,
- 0xF3,0x0B,0x1E,0x3B,0xE2,0xAE,0x80,0x0C,
- 0xE7,0x7A,0x7C,0x13,0x8A,0x28,0xC6,0x5F,
- 0x0A,0xA4,0xA3,0x73,0x0A,0x3A,0xC2,0xA6,
- 0x3B,0xB4,0x30,0x67,0xC0,0x36,0x18,0xA1,
- 0x58,0xCD,0xAD,0x54,0x36,0x64,0xCE,0xFD,
- 0x52,0xFF,0x70,0x7E,0x09,0xFB,0x13,0xA2,
- 0xEA,0xDF,0x67,0x8D,0x6C,0x42,0xB2,0x78,
- 0xF5,0x7D,0x5C,0x4B,0xF7,0x8E,0xCF,0x3E,
- 0xB7,0xC6,0xC1,0x23,0xFA,0x65,0xDE,0xD2,
- 0xFA,0x40,0x51,0x97,0x0D,0x52,0x32,0x76,
- 0x7E,0x82,0x8D,0xD0,0xB9,0x1E,0x62,0xD9,
- 0x1E,0xC1,0xDB,0x40,0x43,0x37,0x4A,0x23,
- 0x8A,0x1D,0x35,0xFA,0xF4,0x53,0x11,0x5A,
- 0xB5,0x6D,0x1E,0x8B,0x22,0xC8,0x7D,0x2A,
- 0xE4,0x94,0xAA,0x25,0x20,0x40,0x96,0xDB,
- 0x82,0x62,0xBA,0x8F,0x8B,0x45,0xCB,0x4F,
- 0x35,0x88,0x33,0xEB,0xEF,0xB3,0xBA,0xA7,
- 0x09,0x72,0xB3,0x4C,0xEC,0xF2,0xC3,0xC7,
- 0x5E,0x02,0x6C,0x41,0x93,0xCB,0x3C,0x89,
- 0x12,0x09,0x68,0x54,0x8E,0xEC,0x6A,0x7E,
- 0x20,0xE1,0x70,0x3D,0x8C,0xEB,0xB4,0x36,
- 0xBE,0x91,0xBE,0x97,0xB5,0xA6,0x34,0x16,
- 0x95,0x0F,0x10,0x26,0xA9,0x13,0x80,0x88,
- 0x9C,0xAA,0x68,0xEC,0x34,0x70,0x4A,0x15,
- 0x9B,0x5E,0x57,0x05,0x87,0x1C,0xF8,0x35,
- 0x45,0x29,0xE9,0x6E,0xF2,0x70,0x13,0x42,
- 0x89,0x4E,0x77,0xC0,0x18,0xC7,0x55,0x6D,
- 0xE7,0xFA,0x0D,0x63,0x83,0x16,0x19,0x01,
- 0x2D,0xFD,0x31,0x14,0x94,0xCA,0x3E,0x0E,
- 0xD6,0x11,0x34,0x81,0x57,0x58,0xEC,0x24,
- 0xA4,0x17,0x63,0xD3,0x25,0x00,0xBF,0x7D,
- 0x78,0x5D,0xC5,0xD8,0xC6,0xC1,0xBD,0x8C,
- 0xD0,0x94,0x0A,0xB1,0x33,0xA5,0x4B,0x31,
- 0x25,0xF5,0xAF,0xE7,0x84,0x26,0xAA,0x05,
- 0xBB,0xF3,0x9A,0xAF,0x58,0x36,0x40,0xEF,
- 0x3D,0xA2,0xBD,0xCA,0xA1,0x8D,0x2F,0x6D,
- 0x54,0xD2,0x62,0x33,0x09,0xAE,0xE6,0x73,
- 0xD6,0x44,0xE8,0x7C,0x5C,0x39,0x2B,0x78,
- 0x94,0x14,0xC7,0xC9,0xAF,0xEC,0x77,0x36,
- 0xA1,0x61,0x61,0xF1,0xD0,0x09,0xA2,0xEE,
- 0xE7,0x55,0xD7,0x35,0x89,0x89,0x9B,0xCF,
- 0xFA,0xA6,0x09,0x1E,0x3B,0xBD,0x5D,0xD9,
- 0x25,0xE7,0xED,0xDD,0x7C,0xF0,0x1C,0x57,
- 0xE0,0x06,0xBB,0x08,0x39,0x59,0xDF,0xD7,
- 0xAF,0x4B,0x88,0x0D,0x87,0x8F,0x4A,0xF3,
- 0x1C,0xD4,0x4B,0xB3,0xE2,0xF3,0x1B,0x86,
- 0x4F,0xCD,0x35,0x75,0xE2,0x03,0xF9,0x1D,
- 0xBF,0x3E,0xD1,0x7B,0xC7,0x23,0x11,0x75,
- 0x5F,0x92,0x0D,0x98,0xEE,0x14,0xE1,0xDA,
- 0x7A,0x02,0x17,0x47,0x6B,0x41,0xEA,0x47,
- 0xA1,0xAF,0x06,0x79,0x1A,0x52,0x6F,0x19,
- 0x31,0x70,0x71,0xBD,0xC2,0x61,0x8D,0xB7,
- 0xEE,0x6B,0x69,0x2A,0xE8,0x21,0x7A,0x95,
- 0xBE,0x86,0x2A,0xA1,0xF4,0xE2,0x2F,0x17,
- 0x02,0xFD,0xAD,0x17,0x9F,0x0A,0x0A,0x78,
- 0xA9,0x92,0x30,0x21,0x72,0x2B,0x28,0xF8,
- 0xF2,0x3E,0x05,0xD5,0xAC,0xC0,0x82,0xF8,
- 0xD2,0xDA,0xD0,0xA3,0xBC,0x93,0xDB,0xA5,
- 0x46,0xDE,0x14,0x1E,0xD4,0x3A,0x5D,0x79,
- 0x3D,0x31,0x4B,0x06,0xCE,0x22,0x29,0x3C,
- 0x98,0xB6,0x18,0x8A,0xAE,0xF7,0xBA,0x22,
- 0x88,0xA1,0xEE,0xC0,0x14,0x4C,0x4A,0xA0,
- 0x57,0x0A,0xD3,0x18,0xA2,0x3D,0xDD,0xC7,
- 0x83,0x73,0xFC,0x38,0x9B,0x31,0xA3,0xE1,
- 0x17,0x76,0xA1,0xA2,0x69,0xFC,0xAB,0x08,
- 0x80,0x72,0x8D,0xF5,0xE4,0x14,0xB7,0x6B,
- 0x03,0xFF,0xE8,0x11,0x4B,0x06,0x55,0x7E,
- 0x36,0x21,0x2F,0xD7,0x54,0x82,0xC9,0x31,
- 0xB4,0x85,0x68,0x41,0xEF,0x75,0xB0,0x3A,
- 0xEA,0x4F,0xE0,0xEC,0x72,0xCC,0x33,0x96,
- 0xCE,0x7D,0xAD,0xDD,0x0D,0x27,0x05,0x6E,
- 0xA2,0xD4,0x11,0x07,0xD8,0x7D,0x27,0xD4,
- 0x80,0x8F,0x00,0x22,0xE4,0xFC,0x2C,0x9D,
- 0xD5,0xD8,0x18,0x7F,0x4E,0xF4,0xB9,0x7F,
- 0xEF,0xD6,0x00,0x08,0x5C,0x05,0x04,0x1E,
- 0x9A,0xC6,0x8D,0xCC,0x19,0xD9,0x0B,0x06,
- 0xCC,0x6A,0x17,0xE2,0x03,0x23,0xDB,0x1C,
- 0xBC,0xA2,0xB9,0xA2,0x95,0x3C,0x73,0xD8,
- 0xFF,0xE6,0x0E,0xAE,0x04,0xB2,0xFC,0x91,
- 0x4F,0xEF,0x8A,0x58,0xB7,0x31,0x68,0x4C,
- 0x1E,0xD0,0x5B,0x85,0xCC,0x03,0xDC,0xF4,
- 0xAC,0xDB,0x03,0x9B,0x35,0x33,0x08,0x71,
- 0xD0,0x50,0x8D,0xDC,0xE3,0x3A,0x98,0x40,
- 0x41,0x80,0xDD,0x35,0xE1,0xA2,0xAF,0x14,
- 0x9A,0xDB,0xD3,0x68,0x14,0xE2,0x50,0x7A,
- 0x76,0x3F,0xE4,0xA4,0x1B,0xAA,0xC1,0x06,
- 0x87,0x9A,0x92,0xF9,0xBE,0x9E,0x86,0x8C,
- 0x92,0x1D,0x74,0xB1,0x7F,0x27,0x43,0xC0,
- 0xEE,0x2E,0xC2,0x6C,0x6D,0xAA,0x0C,0x0E,
- 0x71,0xC9,0x56,0xD6,0x3A,0x56,0xCB,0x90,
- 0xD1,0x7E,0x6E,0x1C,0x6A,0x00,0x2D,0x02,
- 0x2C,0x96,0xF0,0x2A,0x37,0x37,0x18,0x07,
- 0x0B,0xF4,0xB4,0x8C,0x30,0xF2,0xA4,0xAB,
- 0x66,0xFB,0x8B,0x22,0xC0,0x00,0x7E,0x05,
- 0xB6,0xF9,0x95,0x49,0x33,0xA1,0xDC,0x97,
- 0x0C,0x5C,0x61,0x46,0xE2,0xD7,0x87,0x4B,
- 0xC4,0xC7,0x5F,0x26,0x06,0x84,0xD7,0x47,
- 0x05,0xF1,0x33,0xFF,0x85,0x85,0xB2,0xBD,
- 0x1F,0x44,0xC6,0xC2,0x7D,0x51,0xBE,0x0E,
- 0xB5,0xC4,0x44,0x2F,0xFE,0x73,0x5F,0xF4,
- 0xA4,0xEF,0xE2,0xF1,0x73,0x0B,0xEF,0x3E,
- 0x2B,0xD7,0xCC,0x9F,0xDA,0x1A,0x7E,0x92,
- 0x39,0xA1,0x55,0xBF,0x60,0x0A,0xDB,0x23,
- 0x74,0xFE,0xE7,0x05,0x63,0xA9,0x85,0x52,
- 0x9F,0xCC,0xC3,0xFF,0xF6,0x6C,0x1B,0x4E,
- 0x4F,0x01,0xBD,0xC3,0xEB,0x37,0xEC,0x29,
- 0x21,0x3B,0x2C,0xC9,0x2E,0x93,0x20,0x3E,
- 0x19,0xC0,0x8B,0xE8,0x33,0xCD,0xC6,0x6A,
- 0x6E,0x72,0x13,0x15,0xA1,0x90,0x20,0x0C,
- 0x14,0x66,0xED,0xCC,0xA4,0xDD,0x7F,0x58,
- 0x53,0xBC,0x4A,0x68,0xFC,0x86,0x3E,0xAA,
- 0xF1,0x17,0x0F,0x3E,0x20,0x54,0x93,0xF4,
- 0x98,0xBF,0xB4,0x07,0x05,0xBD,0x70,0xE7,
- 0xD7,0x34,0xFD,0xE3,0x69,0xDF,0xCD,0xF5,
- 0x1A,0x73,0x6E,0xC9,0x2B,0x21,0xFB,0xB8,
- 0x7E,0x44,0x10,0x83,0x56,0xCE,0xD5,0x15,
- 0x9A,0x75,0xFC,0x91,0x8E,0x6B,0x9E,0x1A,
- 0x3A,0x33,0x39,0x35,0xB4,0x0D,0x74,0xF4,
- 0xFB,0x4C,0x0E,0x37,0xFE,0x82,0x95,0x46,
- 0x6B,0xD2,0x6E,0xEE,0xCD,0x4D,0x38,0xAF,
- 0x0A,0xAA,0xF1,0xD5,0xA4,0x7C,0x04,0xD8,
- 0xB9,0xDB,0x11,0x68,0x88,0x35,0x41,0xDE,
- 0x31,0x33,0x0C,0xDC,0x2D,0x4C,0xA8,0x20,
- 0xCC,0x2C,0x4C,0x63,0xAB,0xBA,0xDF,0x48,
- 0x84,0xD5,0x25,0xBC,0x70,0xE3,0x49,0xAA,
- 0x43,0xCA,0x8B,0xE7,0x9F,0xDD,0x20,0x76,
- 0x9B,0x38,0xF4,0xBA,0x4D,0x4E,0x34,0x4A,
- 0xAF,0x81,0xE7,0x0B,0xEC,0xE9,0x59,0xC1,
- 0x35,0x22,0x7F,0x69,0x46,0x62,0xD2,0x18,
- 0x6E,0x1F,0x79,0xD1,0xAD,0xC3,0x84,0x95,
- 0x96,0xB2,0x18,0x58,0x5E,0x7E,0x0C,0x25,
- 0x0A,0x0F,0x69,0xA3,0x1D,0xEC,0x29,0xCB,
- 0xDA,0xA2,0xD1,0x1A,0x10,0xA5,0x52,0xC3,
- 0x62,0x1E,0xC5,0x83,0xFF,0xA3,0x56,0xC2,
- 0xFD,0x87,0x3B,0x57,0x52,0x98,0x36,0x95,
- 0x77,0x6B,0xE5,0x49,0x10,0x8E,0x39,0xDD,
- 0xCA,0x4B,0xB3,0x9F,0x4C,0x0C,0x11,0x62,
- 0xF3,0x22,0x78,0xDB,0x48,0xEB,0x68,0xFE,
- 0xE4,0x2A,0xE9,0xAA,0x8F,0x7A,0x2F,0x69,
- 0xA5,0xC5,0x03,0x2D,0xEF,0x62,0xA8,0x71,
- 0x65,0x06,0x40,0x84,0x10,0x0F,0xF2,0xED,
- 0xBC,0x70,0x71,0x69,0x24,0xA2,0xBF,0x83,
- 0x39,0xDD,0xFA,0xA2,0x7B,0xE5,0xEC,0x3D,
- 0xFE,0x3B,0x52,0x6E,0x3D,0x82,0xA6,0x2A,
- 0x86,0x01,0x61,0x51,0x63,0xBF,0xF9,0x0A,
- 0x06,0x72,0xF1,0xD5,0x39,0x0C,0xBA,0xC9,
- 0x78,0xC6,0x77,0x22,0xE4,0x96,0x6E,0xB1,
- 0x48,0x62,0x84,0x62,0x2D,0xEA,0x49,0x56,
- 0x50,0x86,0x3F,0x90,0xC3,0x01,0x42,0x45,
- 0xED,0xE6,0x9A,0x65,0x19,0x93,0x7F,0x48,
- 0x16,0xF2,0x50,0xA7,0x70,0xB3,0xF5,0xDB,
- 0x0E,0x5E,0x22,0x9E,0x64,0x04,0x26,0x69,
- 0xC1,0x16,0xEE,0x65,0x08,0x82,0x27,0x65,
- 0xEC,0x3D,0xDF,0x51,0x5E,0x2D,0xE8,0x76,
- 0xF2,0xE3,0xE4,0x24,0x04,0x88,0x06,0x0F,
- 0xB2,0x7B,0x9B,0x72,0x3D,0x4C,0x7D,0x6A,
- 0x1F,0xB2,0xA2,0xD2,0x35,0xD6,0x40,0x25,
- 0xC2,0x0B,0x25,0xF9,0xDF,0x26,0xE4,0xDC,
- 0xFB,0xB1,0x84,0x84,0x77,0x1B,0x45,0x51,
- 0x60,0xD5,0xF0,0xB6,0x09,0xE6,0xBC,0xE3,
- 0x1C,0x70,0x96,0x2C,0xD3,0x9D,0x7D,0x7F,
- 0xB1,0x70,0xDA,0x79,0xB8,0x74,0x99,0xBF,
- 0x84,0x95,0xCC,0x93,0xD7,0x51,0xDD,0x66,
- 0xD3,0x70,0x0C,0x75,0x86,0x09,0x06,0xFD,
- 0x66,0x14,0x80,0xCD,0xF3,0x59,0xB4,0x92,
- 0x5F,0xE4,0xEE,0x00,0xA8,0xB0,0x8B,0x5C,
- 0x3E,0xDB,0x8A,0x9C,0x0B,0xB5,0x99,0xC2,
- 0x0D,0x81,0x09,0x06,0x6C,0x28,0xC0,0x7E,
- 0xA5,0x07,0x70,0x64,0xD7,0x41,0xF4,0xC3,
- 0x66,0x61,0x1C,0xA8,0x51,0xF6,0x3C,0xBA,
- 0xE0,0x94,0xA3,0x11,0x8C,0x2E,0xBA,0x13,
- 0xB2,0x47,0x48,0x93,0xB4,0x1A,0x2C,0x9A,
- 0x6E,0x8E,0x30,0x66,0x7B,0xD3,0xBB,0x3B,
- 0x5D,0x97,0x0D,0xE4,0xEA,0x24,0x28,0x9E,
- 0xB4,0x88,0xCE,0x1D,0x7D,0x6F,0x39,0xB3,
- 0x87,0x21,0xE5,0x08,0x93,0xF0,0xD4,0x9D,
- 0x2D,0x91,0xC9,0xFD,0x0C,0x74,0x34,0xB4,
- 0x1F,0xFE,0xDA,0xDC,0x10,0x5B,0x8D,0x2B,
- 0x87,0xD3,0x42,0xB4,0xAE,0x32,0x9C,0xAE,
- 0x4C,0x99,0xD8,0xED,0x44,0x41,0x07,0xE0,
- 0x8F,0xBD,0xA5,0x7C,0x5A,0xDF,0x91,0x29,
- 0x00,0xB5,0x4B,0xC3,0x3A,0x40,0x6C,0x48,
- 0xAB,0x2A,0xF3,0x02,0xCB,0xB3,0x69,0xDA,
- 0x06,0x0C,0x4D,0x5C,0x45,0xC3,0x28,0xAC,
- 0x7A,0x01,0xD4,0xF8,0xCB,0x07,0x63,0x89,
- 0x09,0x34,0x78,0xA7,0x14,0x39,0xCF,0x2D,
- 0x94,0x8D,0x7A,0x4E,0x4E,0xBD,0xC4,0x32,
- 0xAB,0x21,0xC9,0xDA,0x3F,0x5F,0x04,0x6B,
- 0x14,0x40,0x18,0x18,0x2F,0xF9,0x46,0x17,
- 0x57,0x54,0x9B,0x28,0x7B,0xBD,0xF9,0xA2,
- 0x13,0xAC,0x69,0x24,0xB1,0x31,0x39,0xBF,
- 0x8D,0x75,0xC3,0xFD,0x03,0x54,0x5A,0xFD,
- 0xD4,0x7A,0xB7,0x56,0x4F,0x66,0x43,0x57,
- 0x1B,0xFB,0xF9,0x92,0x7A,0x83,0xE6,0xFF,
- 0xB4,0xBA,0x83,0xD2,0x61,0x8E,0x4A,0x82,
- 0x82,0xA8,0xF5,0x0C,0xD2,0x43,0x53,0xA8,
- 0x85,0x0A,0xD4,0x69,0x7B,0x04,0x71,0x3B,
- 0x80,0x49,0x27,0x47,0x12,0xB6,0xB0,0xEA,
- 0x90,0x0A,0xFA,0xA8,0xC8,0x78,0x61,0xDE,
- 0x30,0x12,0xBB,0xDC,0xA6,0x57,0x56,0x30,
- 0x6E,0xF1,0xA8,0x3B,0xF6,0x09,0x07,0xEA,
- 0x31,0xE2,0x08,0x23,0x31,0x0F,0xD4,0x34,
- 0xE3,0x60,0xC2,0x2B,0xDB,0x5A,0x99,0xCF,
- 0xD4,0x6B,0x4E,0x75,0x65,0x35,0xE8,0x8B,
- 0x93,0x7D,0xCA,0x11,0x47,0xF0,0x3E,0x11,
- 0x5C,0xD1,0xEE,0x4B,0x11,0xB4,0x65,0x2B,
- 0x6B,0x79,0xC0,0x86,0x60,0xA4,0x4B,0x24,
- 0xA0,0x5C,0x70,0x34,0xC3,0x7C,0xE7,0x4F,
- 0x97,0x89,0x4D,0xFE,0x22,0x89,0x3A,0xE9,
- 0x07,0xB9,0x1A,0x86,0xB8,0x7A,0x12,0x38,
- 0xE1,0x24,0x46,0xBC,0x9B,0x21,0xCD,0xAC,
- 0x30,0xAB,0x98,0x21,0x31,0xC5,0x17,0x3F,
- 0x1E,0x56,0xC3,0x18,0xCE,0xF0,0xA1,0xCC,
- 0xFF,0x9D,0xA8,0x53,0xAF,0x74,0x77,0x54,
- 0x02,0x9A,0x8F,0xA4,0xD4,0xBD,0xB2,0x1A,
- 0xBA,0x52,0x2E,0x19,0xBE,0x49,0x11,0x45,
- 0x02,0x01,0x7A,0xBF,0x28,0xD6,0x18,0xED,
- 0xBD,0xCE,0xE4,0xDE,0xB5,0xF1,0x53,0x5D,
- 0x65,0xF9,0x5F,0x83,0x8F,0x2D,0xF2,0x82,
- 0xA0,0x2D,0x28,0xD3,0x0A,0x9E,0x0F,0x7F,
- 0xC7,0xC4,0x43,0x7F,0xC3,0x0E,0x06,0xEB,
- 0x4E,0xB4,0x2D,0xFA,0xDD,0x48,0xAB,0xF4,
- 0x7D,0x41,0x48,0x33,0x5A,0xE6,0x70,0x02,
- 0xE7,0x71,0x8D,0xD9,0x6B,0x0C,0x5A,0x8F,
- 0xA4,0xC1,0xB7,0x4E,0x96,0x83,0xD6,0xA7,
- 0x1D,0xF1,0x88,0xB3,0x6E,0xF4,0x12,0xA9,
- 0xF6,0x31,0x69,0x66,0xFE,0xFE,0x02,0xF2,
- 0x86,0x6D,0xBB,0x57,0x51,0x8C,0x4C,0xE9,
- 0x7C,0x92,0x3E,0x3A,0xD3,0x2D,0xA8,0x82,
- 0x53,0x84,0x26,0x89,0xBB,0xCC,0x13,0x12,
- 0x3D,0x94,0xBB,0xDF,0x3D,0x4C,0xDF,0x27,
- 0x9B,0x1F,0xB8,0xB6,0xE4,0xEA,0xA2,0x07,
- 0xF8,0x4D,0x42,0x8F,0x29,0x90,0xFE,0x21,
- 0x20,0xE9,0x55,0x02,0xAD,0x90,0xA7,0x77,
- 0x4E,0x29,0xB6,0xD9,0x14,0x94,0xB2,0x25,
- 0xA4,0xB2,0x0E,0x96,0x31,0xAB,0x9E,0x93,
- 0x49,0xAC,0xA9,0xCB,0x68,0x22,0xBA,0xB8,
- 0x57,0x5C,0x9D,0x65,0xC1,0xF1,0xFC,0x99,
- 0x7C,0x3C,0xE9,0xEA,0x4B,0x29,0x22,0x2F,
- 0xDB,0x17,0x21,0x8D,0xB0,0x13,0xBF,0xEE,
- 0x7D,0xE4,0x8B,0x6D,0x17,0xE0,0x53,0x92,
- 0x0B,0x32,0x6B,0xB1,0x65,0x2E,0xA7,0x83,
- 0xFD,0x62,0x62,0xE3,0xAA,0x81,0xE8,0xD6,
- 0xF7,0xB1,0x30,0x65,0x80,0x9F,0x77,0x1E,
- 0x4A,0xEA,0xE8,0x45,0x32,0x12,0x3A,0xFB,
- 0x22,0xE9,0xA9,0xF6,0xCB,0xAB,0xA8,0x0C,
- 0x20,0xA8,0x7C,0xF9,0xF7,0x53,0xC1,0xB4,
- 0xC0,0x5D,0x06,0x45,0xDD,0x7E,0xA7,0x34,
- 0xA1,0x21,0xC2,0x62,0xAB,0x22,0x45,0x3D,
- 0x73,0x4C,0x26,0xD1,0x1A,0xB2,0xF0,0xB2,
- 0x6D,0x11,0x70,0x58,0xAA,0xF5,0xA4,0xF5,
- 0xF8,0x0B,0x3D,0xC1,0xF6,0x17,0x70,0x15,
- 0xCD,0x72,0x02,0x7E,0x4E,0x94,0x96,0x0A,
- 0x56,0xCC,0xA5,0xA3,0xB3,0x7E,0xDD,0x5A,
- 0x72,0xD2,0xFB,0xAC,0x3D,0x0E,0x66,0x65,
- 0xE9,0x08,0x6C,0xB0,0x1C,0xE2,0x1A,0x82,
- 0xF6,0xF3,0x34,0x89,0x73,0x02,0x5B,0x42,
- 0x6D,0x40,0x61,0xB6,0xE0,0xE6,0x53,0x32,
- 0xA5,0x72,0x17,0x4F,0x3B,0x51,0x4F,0xBC,
- 0x00,0xE0,0x69,0x26,0xA9,0xAE,0x83,0xE3,
- 0x73,0x7F,0x71,0x97,0xE0,0xDC,0x7C,0x63,
- 0x9C,0x85,0x5F,0xDF,0x7D,0xE4,0x6C,0xD8,
- 0xA9,0x3A,0x6F,0x5E,0x4A,0x2E,0xB0,0xE7,
- 0x8B,0x45,0xE2,0x90,0x05,0x37,0xE8,0xAB,
- 0x49,0x48,0x4C,0xC0,0x59,0x1D,0x8C,0x46,
- 0x5B,0x84,0xE0,0x83,0xCE,0xEA,0x4B,0xF9,
- 0xD4,0xDC,0x63,0xDF,0x79,0xB7,0x5C,0x11,
- 0x25,0x7F,0x90,0x2E,0x0A,0x38,0x03,0xEA,
- 0xEA,0xA1,0x26,0x52,0x20,0x19,0xA3,0xBE,
- 0xFC,0x9D,0xB7,0x6E,0xA6,0x58,0x8E,0x6D,
- 0xC5,0x58,0xE9,0xED,0x2F,0x55,0x43,0x8B,
- 0x03,0x8B,0xE6,0xA4,0xC2,0x25,0x4B,0x36,
- 0xBA,0xD3,0x27,0x48,0x40,0x2E,0x87,0xA2,
- 0xD4,0x12,0xC6,0x05,0x36,0x03,0x11,0x51,
- 0xD1,0xF2,0xAC,0x71,0x2C,0xB6,0xC3,0xA5,
- 0x57,0x0F,0xAF,0x4B,0xBD,0xCD,0x47,0x4C,
- 0x3A,0x52,0x6F,0x47,0xE7,0x0B,0xB7,0xD5,
- 0xF7,0xA6,0x39,0x63,0x82,0x08,0x4C,0x41,
- 0x0E,0x2A,0x52,0x42,0x5A,0xEA,0x59,0xC7,
- 0x94,0xFB,0xD0,0x88,0x47,0x27,0xF6,0x97,
- 0x03,0x9E,0x29,0xB8,0x3A,0x67,0xE6,0xF3,
- 0x95,0xA7,0x42,0xC1,0x96,0xD1,0x9A,0xA6,
- 0xF0,0x09,0x0C,0xEA,0xE0,0xAB,0x0F,0x15,
- 0xE9,0xC3,0xEB,0xA5,0x89,0x86,0x98,0x32,
- 0x83,0xAB,0x30,0x33,0xAE,0x90,0x8D,0x2E,
- 0xB3,0xAA,0x91,0xA6,0xD9,0xA4,0x4A,0x54,
- 0xE0,0xD3,0x08,0xCC,0x79,0xCE,0xE4,0x15,
- 0x31,0xA6,0xCE,0x61,0xCF,0x03,0x06,0xEE,
- 0x8E,0xE2,0x64,0x29,0xD1,0x54,0x9B,0xD0,
- 0x5F,0x09,0x2B,0x8B,0xD5,0xF8,0xD4,0x7D,
- 0xF1,0x97,0x32,0xD9,0xEA,0x5A,0x0E,0x10,
- 0x8C,0x4D,0xFB,0x55,0xE6,0x27,0x0C,0xBA,
- 0xC1,0x73,0xC1,0x73,0xE3,0x1C,0x09,0xB3,
- 0x6F,0xB4,0x12,0xFA,0xF3,0x29,0xDC,0x23,
- 0x32,0xED,0x80,0x87,0x83,0xC2,0xF6,0x07,
- 0xB5,0xA9,0x22,0xDE,0x66,0x1A,0xA7,0x4A,
- 0x86,0xF1,0x39,0x9B,0xF4,0xE7,0x50,0x15,
- 0x4A,0x55,0x3C,0x93,0xB9,0xF9,0xFD,0xDC,
- 0xB3,0x5D,0x73,0x52
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
- {
- XmssKey verifyKey;
- unsigned char pub_raw[XMSS_SHA256_PUBLEN];
- word32 pub_len = sizeof(pub_raw);
- word32 pkSz = 0;
- word32 sigSz = 0;
- const char * param = "XMSS-SHA2_10_256";
- int j = 0;
- int ret2 = WC_TEST_RET_ENC_NC;
- int ret = WC_TEST_RET_ENC_NC;
- int n_diff = 0;
- WOLFSSL_ENTER("xmss_test_verify_only");
- XMEMSET(pub_raw, 0, sizeof(pub_raw));
- ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_SetParamStr(&verifyKey, param);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_GetPubLen(&verifyKey, &pkSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (pkSz != XMSS_SHA256_PUBLEN) {
- return WC_TEST_RET_ENC_EC(pkSz);
- }
- ret = wc_XmssKey_GetSigLen(&verifyKey, &sigSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
- fprintf(stderr, "param: %s\n", param);
- fprintf(stderr, "pkSz: %d\n", pkSz);
- fprintf(stderr, "sigSz: %d\n", sigSz);
- #endif
- if (sigSz != sizeof(xmss_sig)) {
- return WC_TEST_RET_ENC_EC(sigSz);
- }
- ret = wc_XmssKey_ImportPubRaw(&verifyKey, xmss_pub, XMSS_SHA256_PUBLEN);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
- (byte *) xmss_msg, sizeof(xmss_msg));
- if (ret != 0) {
- printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Now test the ExportPubRaw API, verify we recover the original pub. */
- ret = wc_XmssKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
- if (ret != 0) {
- printf("error: wc_XmssKey_ExportPubRaw returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (pub_len != XMSS_SHA256_PUBLEN) {
- printf("error: xmss pub len %u, expected %d\n", pub_len,
- XMSS_SHA256_PUBLEN);
- return WC_TEST_RET_ENC_EC(pub_len);
- }
- n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub));
- if (n_diff != 0) {
- printf("error: exported and imported pub raw do not match: %d\n",
- n_diff);
- return WC_TEST_RET_ENC_EC(n_diff);
- }
- /* Flip bits in message. This should fail. */
- xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
- ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
- (byte *) xmss_msg, sizeof(xmss_msg));
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2);
- return WC_TEST_RET_ENC_EC(ret2);
- }
- /* Flip it back. This should pass again. */
- xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
- ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
- (byte *) xmss_msg, sizeof(xmss_msg));
- if (ret != 0) {
- printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Flip bits in a few places throughout the signature, stepping in multiple
- * of hash size. These should all fail with -1. */
- for (j = 0; j < (int) sizeof(xmss_sig); j+= 4 * 32) {
- xmss_sig[j] ^= 1;
- ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
- (byte *) xmss_msg, sizeof(xmss_msg));
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- /* Verify passed when it should have failed. */
- return WC_TEST_RET_ENC_I(j);
- }
- /* Flip this spot back. */
- xmss_sig[j] ^= 1;
- }
- /* Cleanup everything. */
- wc_XmssKey_Free(&verifyKey);
- return ret;
- }
- #endif /* WOLFSSL_HAVE_XMSS && !WOLFSSL_SMALL_STACK &&
- * WOLFSSL_XMSS_MIN_HEIGHT <= 10 */
- #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
- static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
- {
- /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
- * BE USED FOR TESTING PURPOSES! Production applications should
- * write only to non-volatile storage. */
- XMEMCPY(context, priv, privSz);
- return WC_LMS_RC_SAVED_TO_NV_MEMORY;
- }
- static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
- {
- /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
- * BE USED FOR TESTING PURPOSES! */
- XMEMCPY(priv, context, privSz);
- return WC_LMS_RC_READ_TO_MEMORY;
- }
- /* LMS signature sizes are a function of their parameters. This
- * test has a signature of 8688 bytes. */
- #define WC_TEST_LMS_SIG_LEN (8688)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
- {
- int i = 0;
- int j = 0;
- int ret = WC_TEST_RET_ENC_NC;
- int ret2 = WC_TEST_RET_ENC_NC;
- int sigsLeft = 0;
- LmsKey signingKey;
- LmsKey verifyKey;
- WC_RNG rng;
- word32 sigSz = 0;
- const char * msg = "LMS HSS post quantum signature test";
- word32 msgSz = (word32) XSTRLEN(msg);
- unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN];
- unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte * sig = XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sig == NULL) {
- return WC_TEST_RET_ENC_ERRNO;
- }
- #else
- byte sig[WC_TEST_LMS_SIG_LEN];
- #endif
- WOLFSSL_ENTER("lms_test");
- XMEMSET(priv, 0, sizeof(priv));
- XMEMSET(old_priv, 0, sizeof(old_priv));
- XMEMSET(sig, 0, WC_TEST_LMS_SIG_LEN);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* This test:
- * levels: 1
- * height: 5
- * winternitz: 1
- *
- * max sigs: 2 ** (1 * 5) = 32
- * signature length: 8688
- */
- ret = wc_LmsKey_Init(&signingKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetParameters(&signingKey, 1, 5, 1);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetWriteCb(&signingKey, lms_write_key_mem);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetReadCb(&signingKey, lms_read_key_mem);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetContext(&signingKey, (void *) priv);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_MakeKey(&signingKey, &rng);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- XMEMCPY(old_priv, priv, sizeof(priv));
- ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (sigSz != WC_TEST_LMS_SIG_LEN) {
- printf("error: got %u, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
- return WC_TEST_RET_ENC_EC(sigSz);
- }
- /* 2 ** 5 should be the max number of signatures */
- for (i = 0; i < 32; ++i) {
- /* We should have remaining signstures. */
- sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
- if (sigsLeft == 0) {
- return WC_TEST_RET_ENC_EC(sigsLeft);
- }
- /* Sign with key. The private key will be updated on every signature. */
- ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
- if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
- /* The updated private key should not match the old one. */
- if (XMEMCMP(old_priv, priv, sizeof(priv)) == 0) {
- printf("error: current priv key should not match old: %d\n", i);
- return WC_TEST_RET_ENC_I(i);
- }
- XMEMCPY(old_priv, priv, sizeof(priv));
- ret = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
- if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
- /* Flip bits in a few places throughout the signature, stepping in multiple
- * of hash size. These should all fail with -1. */
- for (j = 0; j < (int) sigSz; j+= 4 * 32) {
- sig[j] ^= 1;
- ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
- msgSz);
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- /* Verify passed when it should have failed. */
- return WC_TEST_RET_ENC_I(j);
- }
- /* Flip this spot back. */
- sig[j] ^= 1;
- }
- }
- /* This should be the last signature. */
- sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
- if (sigsLeft != 0) {
- return WC_TEST_RET_ENC_EC(sigsLeft);
- }
- wc_LmsKey_Free(&signingKey);
- wc_LmsKey_Free(&verifyKey);
- wc_FreeRng(&rng);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
- #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK)
- #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \
- defined(HAVE_LIBLMS)
- /* A simple LMS verify only test.
- *
- * Note: LMS signature sizes are a function of their parameters. This
- * test has a signature of 1456 bytes:
- * levels: 1
- * height: 10
- * winternitz: 8
- * max sigs: 2 ** (1 * 10) = 1024
- * signature length: 1456
- * */
- /* "wolfSSL LMS example message!" without null terminator. */
- static byte lms_msg[28] =
- {
- 0x77,0x6F,0x6C,0x66,0x53,0x53,0x4C,0x20,
- 0x4C,0x4D,0x53,0x20,0x65,0x78,0x61,0x6D,
- 0x70,0x6C,0x65,0x20,0x6D,0x65,0x73,0x73,
- 0x61,0x67,0x65,0x21
- };
- static const byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] =
- {
- 0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x06,
- 0x00,0x00,0x00,0x04,0xA1,0x26,0x76,0xF8,
- 0xBB,0x0B,0xC0,0x82,0x21,0x71,0x0B,0x2E,
- 0x8C,0xA6,0xEF,0x12,0xED,0x41,0x0E,0x8C,
- 0xAF,0x11,0x93,0x34,0x7B,0x49,0x79,0xB7,
- 0xDE,0x63,0x1C,0xFE,0x1F,0xD1,0x17,0x49,
- 0xCD,0x5C,0xD4,0x26,0xA0,0x53,0x26,0x1A,
- 0xC5,0xB4,0x8F,0x23
- };
- #define LMS_L1H10W8_SIGLEN (1456)
- static byte lms_L1H10W8_sig[LMS_L1H10W8_SIGLEN] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x04,0x18,0x70,0x09,0x2E,
- 0x21,0xC9,0x6A,0xC9,0x5C,0xB6,0xB0,0xAA,
- 0xC3,0xED,0x6E,0x66,0x2F,0xCC,0x45,0x81,
- 0xBC,0xBA,0x44,0x96,0x1C,0xBF,0x4E,0xFB,
- 0x7A,0x46,0xFB,0xBE,0x9A,0x0C,0xE4,0x50,
- 0x90,0xC7,0x92,0xAC,0x53,0xAE,0x53,0x76,
- 0x29,0xA6,0x65,0xF1,0x09,0xED,0x1A,0x8E,
- 0x03,0x2E,0x5A,0x06,0x51,0xE3,0x1E,0xE6,
- 0xF6,0xFE,0x3A,0x6E,0xD1,0x92,0x31,0x1D,
- 0xA1,0x6A,0x5C,0x30,0x3A,0xC7,0xFD,0x5B,
- 0xFE,0x71,0x2C,0x5C,0x2F,0x5B,0x5B,0xCF,
- 0xBC,0x7F,0xBF,0x6C,0xAF,0x44,0x8A,0xAE,
- 0x14,0x60,0xAB,0x88,0xED,0x0E,0x4F,0xF8,
- 0xC7,0x1B,0x74,0x28,0x72,0xB3,0x96,0xA6,
- 0xE6,0x46,0x22,0x82,0xCF,0x1F,0x4D,0xA6,
- 0xEA,0x22,0x06,0x07,0x52,0xF5,0x26,0x16,
- 0x0B,0x90,0xE3,0xFF,0x64,0xA9,0xE4,0x61,
- 0x1E,0x9C,0x12,0x9C,0xF6,0xD4,0x63,0x29,
- 0xEA,0x02,0xF7,0x18,0x52,0x79,0x6C,0x43,
- 0xDC,0xCF,0x43,0x23,0xB9,0xCC,0x4A,0x25,
- 0x9D,0x10,0xAF,0xA3,0xE6,0x47,0x5A,0x1C,
- 0xFE,0x68,0x89,0xAF,0x1B,0x2D,0x88,0x3E,
- 0xCA,0xDC,0x70,0xEA,0xAC,0x11,0x00,0x8A,
- 0x6E,0xE0,0xC7,0xD0,0xD2,0x1A,0x36,0x18,
- 0x97,0xB3,0x5F,0x0E,0x75,0x48,0x28,0xF8,
- 0xA8,0xF5,0x90,0xD1,0xA1,0x84,0xFB,0xA4,
- 0xAD,0x50,0xBE,0xE9,0x39,0x8C,0xC5,0xA1,
- 0x67,0x51,0xA1,0x8C,0xD6,0x6B,0x97,0x1F,
- 0x47,0x99,0xEE,0xE0,0x70,0x01,0xC7,0x07,
- 0x50,0xF3,0x5E,0x3F,0xE7,0x06,0xD6,0x8D,
- 0x26,0xD6,0x5A,0x59,0x18,0x72,0x6B,0x12,
- 0xD2,0xAF,0x9B,0xB4,0x2B,0xD0,0xB2,0xF2,
- 0x96,0x2F,0x40,0xEA,0xBE,0xE6,0xAC,0x1F,
- 0xB8,0x33,0xC2,0x76,0xDC,0x8C,0xAC,0xC1,
- 0x46,0x5E,0x04,0x84,0x1B,0xC8,0xB9,0x65,
- 0x8D,0xAD,0x96,0xB5,0xB1,0xF6,0x17,0x4A,
- 0x19,0x87,0xE7,0xBF,0x29,0xC7,0x9B,0xB9,
- 0xD6,0x11,0x2C,0x92,0x2F,0xB7,0x24,0xD5,
- 0x01,0x1D,0x80,0x37,0x54,0xED,0x33,0x32,
- 0xAB,0x7A,0x12,0xD4,0x02,0x1D,0x27,0x52,
- 0x89,0xDB,0x32,0xBF,0x61,0xD4,0xBB,0xB4,
- 0x46,0x78,0x1B,0x64,0x17,0x84,0x4B,0x8A,
- 0xBA,0xC6,0xC1,0xCF,0xC7,0x5D,0x8F,0x93,
- 0xC5,0x9A,0x27,0x90,0xAC,0x17,0x98,0xFF,
- 0xC8,0x22,0x59,0x55,0x90,0xB2,0x29,0x39,
- 0xA0,0xBE,0x00,0x23,0x55,0x6B,0xDA,0x83,
- 0xD8,0x5B,0x57,0x7C,0x67,0x1B,0xC3,0x6B,
- 0x6D,0xC7,0x9B,0x2B,0x9E,0xB7,0x95,0xB3,
- 0xF0,0x1B,0x89,0x5A,0xD7,0x4B,0x67,0xAF,
- 0xDC,0x9E,0xCF,0x7E,0x1A,0xBA,0x1B,0xB9,
- 0x3B,0x7A,0xDD,0x3F,0x0D,0xEE,0x4C,0x0B,
- 0xD1,0x4F,0x34,0xF2,0x93,0xF7,0x21,0x64,
- 0x2C,0x07,0x00,0x15,0x4F,0xE3,0x6A,0x9F,
- 0x08,0x52,0xC2,0x65,0x47,0x1F,0x34,0x64,
- 0x66,0x07,0xBC,0xEA,0xAF,0x9B,0xAA,0x39,
- 0x15,0x8B,0x08,0x8C,0x24,0x41,0x9B,0x46,
- 0x1B,0x5B,0x91,0x11,0xC4,0xFD,0xA9,0x88,
- 0x35,0x0E,0x7D,0xAF,0xFD,0xB7,0x90,0x7E,
- 0xD7,0x29,0x02,0x0A,0xDC,0xC8,0x3F,0xC0,
- 0xFD,0x97,0xAF,0x50,0x49,0xA6,0x5E,0x12,
- 0xC1,0xCD,0xEC,0x52,0xC5,0x51,0xF2,0x80,
- 0x17,0x61,0xC7,0x7E,0xBE,0xD1,0x1B,0x65,
- 0xA4,0xAB,0x92,0x8D,0x89,0xB2,0xC5,0x8F,
- 0xFF,0xA5,0x6F,0xFA,0x62,0x75,0xE4,0xA1,
- 0xD4,0x22,0xA8,0x9E,0x40,0x04,0x27,0x1F,
- 0xCC,0x81,0xBA,0x28,0x67,0xA0,0x1C,0x80,
- 0xEB,0xCA,0xB0,0x61,0xA5,0x48,0xD0,0x8A,
- 0x25,0xEB,0x9E,0x67,0x8C,0x8E,0x9B,0xD1,
- 0xAD,0xBB,0xC3,0xEA,0xD3,0xD4,0xC5,0x12,
- 0x7B,0xDD,0x00,0x57,0x7F,0xF6,0xF7,0xF6,
- 0x3C,0x05,0xCF,0xFC,0x12,0xE1,0x93,0x05,
- 0xE5,0x9B,0x79,0x87,0x69,0xD8,0x82,0xD9,
- 0xD7,0x1D,0x41,0x73,0xE4,0x52,0x1D,0x3E,
- 0xE5,0x8C,0x8D,0x34,0xE1,0x75,0xA9,0xF1,
- 0x9D,0x09,0xA2,0x5B,0xEF,0xDA,0x96,0x6E,
- 0x76,0x3D,0xEA,0x50,0xD9,0xCF,0x4F,0xAC,
- 0xAD,0x1D,0x35,0x72,0x1B,0x88,0x8B,0xCD,
- 0x8C,0x8A,0x8A,0xE0,0x96,0x04,0xD8,0xBB,
- 0x28,0x43,0x16,0x77,0x60,0x98,0x63,0xF9,
- 0xB9,0x71,0x46,0xB7,0xE1,0xA7,0xA9,0x84,
- 0xC3,0x65,0x82,0xE1,0x1B,0x67,0x04,0x2D,
- 0x55,0x6B,0xF9,0xC0,0x79,0x09,0x09,0xE7,
- 0xFD,0x06,0x4D,0x09,0x9B,0x1A,0xCE,0x35,
- 0xFA,0x27,0x6F,0x2F,0x01,0x65,0x0D,0xA0,
- 0x97,0x59,0x11,0xF0,0x48,0xD2,0xE7,0x46,
- 0xBE,0xB4,0x0A,0xA3,0xE2,0x75,0x0E,0x09,
- 0x94,0xD9,0x69,0x28,0xD4,0xDA,0x64,0xBA,
- 0xFE,0xA4,0xB9,0xF0,0xBA,0xEB,0xBA,0xAC,
- 0xA8,0xF9,0xD3,0x82,0x4C,0x36,0x80,0xFA,
- 0xE5,0xF6,0x76,0xC3,0x80,0xFA,0x90,0x29,
- 0xF4,0x85,0xA4,0xC6,0x25,0x22,0x79,0x7E,
- 0x39,0x1E,0x30,0xB8,0x65,0x72,0xCF,0xE1,
- 0x99,0xF0,0x75,0xE8,0x09,0xB4,0x92,0x96,
- 0x1B,0x68,0x50,0x88,0xF1,0x2C,0x97,0xE3,
- 0x2D,0x26,0x8F,0xC5,0x30,0xCF,0x24,0xCB,
- 0xB2,0x60,0x77,0xDC,0x02,0x72,0x0D,0xD9,
- 0x2E,0xF2,0x52,0xEA,0x00,0xF6,0x32,0x65,
- 0xA5,0xC6,0x43,0x29,0x29,0x69,0xAB,0x27,
- 0x0C,0x39,0xDF,0x76,0x3E,0x93,0x95,0xB1,
- 0x2C,0xA2,0x0D,0x18,0xCE,0xA0,0x97,0x10,
- 0x3C,0x90,0xC0,0xEF,0x0E,0x04,0xA6,0xC8,
- 0xA0,0x21,0x3C,0x0B,0x22,0x77,0x7A,0x66,
- 0xA5,0x90,0x25,0xA4,0x09,0x3E,0xD5,0x27,
- 0x1F,0x6C,0x99,0x85,0x5C,0xA2,0x99,0x7A,
- 0x25,0xEE,0x8D,0x32,0x3D,0xD3,0xDC,0xF5,
- 0x00,0x5A,0x34,0x61,0xB6,0xCD,0x4E,0xBC,
- 0x26,0x36,0xFB,0x44,0x97,0x35,0xBD,0x06,
- 0x7D,0x2E,0x4A,0xA2,0xDC,0x24,0xFE,0x70,
- 0x0A,0xF9,0x57,0xE3,0xEE,0xAB,0xD1,0x17,
- 0xF3,0x7C,0xD6,0x37,0x26,0xFA,0x83,0x9F,
- 0xDD,0xB2,0xE1,0xD7,0xF9,0xC7,0x0E,0x15,
- 0x01,0xA6,0x58,0x32,0x98,0x04,0x32,0xD4,
- 0xDE,0xB9,0xEF,0x09,0xFA,0xE4,0x5A,0xD7,
- 0xDD,0x09,0x1C,0xC9,0xAC,0xB8,0x6A,0xF5,
- 0x00,0x5D,0x6B,0x95,0x12,0x8C,0x2F,0xCC,
- 0xD8,0xB9,0x50,0x3A,0xEB,0x74,0x86,0xD2,
- 0x3F,0xA1,0x05,0x8F,0x6E,0xEF,0xF5,0xA4,
- 0xD6,0x6E,0x53,0xFA,0x9E,0xFA,0xCE,0xDB,
- 0x99,0x46,0xE7,0xC5,0xDA,0x92,0x51,0x4F,
- 0x22,0x07,0xF3,0xA5,0x38,0x26,0xD3,0xEC,
- 0xD6,0x01,0xDD,0x31,0x3A,0x48,0x93,0xF6,
- 0x69,0x4F,0xD8,0xF6,0xC2,0x91,0xA5,0x7C,
- 0xDF,0x51,0x64,0xF1,0x3B,0x79,0xBC,0x0A,
- 0x2C,0xDC,0x33,0x5A,0x29,0xF6,0xB2,0x09,
- 0x66,0xCA,0x24,0x9F,0x1A,0x18,0xF3,0x76,
- 0x4C,0x5E,0x0B,0x81,0x7F,0x29,0x84,0xD8,
- 0x7A,0xA8,0xD6,0x11,0xAC,0xEC,0xD9,0x07,
- 0x91,0xEC,0xB6,0x6D,0xEC,0xDB,0xBE,0x6F,
- 0x9F,0xC5,0x19,0x5E,0x56,0x87,0x20,0x80,
- 0x75,0xD5,0x64,0xE9,0x80,0xBF,0x2D,0xD5,
- 0x94,0x9F,0x8C,0xA4,0x54,0x41,0xAB,0xB1,
- 0x8E,0xAD,0x51,0xE4,0x3C,0x24,0xF7,0x1D,
- 0xFE,0x02,0x48,0x7C,0x6D,0xED,0xF1,0xAC,
- 0xD9,0x79,0x42,0xE5,0x3A,0xCF,0x6A,0x4C,
- 0x6D,0xE2,0x13,0xD2,0x2B,0x9D,0xAB,0x1F,
- 0x70,0xD3,0xC0,0x6F,0x81,0xE9,0x9A,0x86,
- 0x33,0x39,0x60,0xE7,0x6A,0x00,0x1F,0x97,
- 0xEB,0xE5,0x1D,0x0D,0x66,0x15,0xC9,0xA2,
- 0xB1,0xC0,0xF0,0x2E,0xF4,0x07,0xA2,0x2E,
- 0x49,0x92,0x95,0x13,0xA3,0x18,0x46,0x25,
- 0xB9,0x3C,0xA1,0x4B,0x00,0x00,0x00,0x06,
- 0xAB,0xAA,0xF9,0x3F,0x7E,0x21,0xF4,0x0E,
- 0xCE,0xFD,0xE0,0x44,0xAC,0xC7,0x1A,0x30,
- 0x22,0x9D,0x0A,0xD7,0x96,0x2D,0x8F,0x9A,
- 0x99,0x1F,0x40,0x75,0x7F,0x62,0xF9,0xC1,
- 0x81,0x7B,0x4A,0x1B,0xFA,0xD6,0x87,0xB9,
- 0xEF,0x58,0x48,0xE4,0x5C,0x79,0xE5,0xB1,
- 0x2C,0x59,0xA4,0x42,0xDB,0xA6,0x53,0x70,
- 0x80,0x61,0x17,0xD4,0xD3,0x77,0xBD,0x53,
- 0x26,0x7C,0x0E,0x0E,0xFF,0x30,0x4B,0xD0,
- 0x86,0xFC,0x02,0x20,0x24,0x46,0x5B,0xF5,
- 0xE3,0x99,0x73,0x85,0x60,0x00,0x36,0x47,
- 0x17,0xEE,0x0C,0xD2,0x80,0x71,0x46,0x0E,
- 0x2B,0xB0,0xEF,0x7F,0xFE,0x3B,0xE5,0xE1,
- 0x87,0xC2,0xAF,0x1A,0x6F,0x63,0xF4,0x5A,
- 0xC4,0x16,0xF7,0xAD,0x07,0x70,0x71,0x85,
- 0x7D,0x3D,0x67,0x08,0xB8,0xD8,0xE2,0xF0,
- 0xA1,0xAC,0xD2,0x94,0x7D,0x93,0x03,0xDD,
- 0x54,0xF9,0x64,0x19,0xB3,0xED,0x24,0x22,
- 0x01,0xD7,0x12,0x5E,0xC1,0x2B,0x39,0x10,
- 0x13,0xE2,0x56,0x1C,0xEE,0xF4,0x2A,0x49,
- 0x7B,0xFB,0x36,0x8D,0xF8,0xAF,0x60,0xDF,
- 0x10,0xF0,0x72,0xA2,0xED,0xB6,0x53,0x88,
- 0xA9,0x0C,0xED,0x9C,0x18,0x33,0x7D,0x65,
- 0x9B,0xB2,0x9C,0x3E,0xE9,0x1E,0x43,0x51,
- 0x7E,0xBE,0x01,0x95,0xF6,0x60,0x65,0xBE,
- 0xD1,0xF4,0xE2,0x83,0x6B,0xCA,0x7A,0x70,
- 0x41,0x83,0x72,0xC0,0x23,0x51,0x13,0x11,
- 0x2D,0xF9,0xC0,0x0D,0x7D,0x73,0x76,0xA5,
- 0x30,0x83,0x68,0x10,0x35,0xA2,0x18,0x22,
- 0x4E,0x21,0x93,0x27,0x6A,0x19,0x28,0x83,
- 0x7F,0xDD,0xDD,0xFF,0xC3,0x8A,0x64,0x00,
- 0x5F,0x1C,0x0D,0xF8,0xBB,0xD7,0x15,0xB9,
- 0xEF,0xE0,0x07,0x62,0x05,0x9E,0xCF,0xFC,
- 0x08,0x52,0x1E,0x65,0x41,0x56,0x6A,0xEB,
- 0x81,0x53,0x30,0x7B,0xF2,0xFD,0x65,0xFF,
- 0xA2,0x14,0xF5,0x62,0x1E,0x24,0x48,0x47,
- 0xA5,0x41,0x80,0xB4,0xC5,0xDC,0xB2,0xB4,
- 0x2D,0x17,0xE7,0xBE,0x49,0x53,0x7A,0x25,
- 0xC5,0x0D,0x19,0x59,0xF4,0x88,0x59,0xED,
- 0x92,0x13,0xEE,0x7A,0x4F,0x12,0x98,0x4C
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
- {
- LmsKey verifyKey;
- unsigned char pub_raw[HSS_MAX_PUBLIC_KEY_LEN];
- word32 pub_len = sizeof(pub_raw);
- word32 sigSz = 0;
- word32 msgSz = sizeof(lms_msg);
- word32 pubSz = 0;
- int levels = 0;
- int height = 0;
- int winternitz = 0;
- int ret = WC_TEST_RET_ENC_NC;
- int ret2 = WC_TEST_RET_ENC_NC;
- int j = 0;
- int n_diff = 0;
- WOLFSSL_ENTER("lms_test_verify_only");
- XMEMSET(pub_raw, 0, sizeof(pub_raw));
- ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_SetParameters(&verifyKey, 1, 10, 8);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- ret = wc_LmsKey_ImportPubRaw(&verifyKey, lms_L1H10W8_pub,
- HSS_MAX_PUBLIC_KEY_LEN);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- /* Verify parameters, pub length, and sig length are correct. */
- ret = wc_LmsKey_GetParameters(&verifyKey, &levels, &height, &winternitz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (levels != 1 || height != 10 || winternitz != 8) {
- printf("error: invalid LMS parameters: L%d-H%d-W%d\n", levels, height,
- winternitz);
- return WC_TEST_RET_ENC_NC;
- }
- ret = wc_LmsKey_GetPubLen(&verifyKey, &pubSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (pubSz != HSS_MAX_PUBLIC_KEY_LEN) {
- printf("error: got %u, expected %d\n", pubSz, HSS_MAX_PUBLIC_KEY_LEN);
- return WC_TEST_RET_ENC_EC(pubSz);
- }
- ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
- if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
- if (sigSz != LMS_L1H10W8_SIGLEN) {
- printf("error: got %u, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN);
- return WC_TEST_RET_ENC_EC(sigSz);
- }
- ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
- (byte *) lms_msg, msgSz);
- if (ret != 0) {
- printf("error: wc_LmsKey_Verify returned %d\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Now test the ExportPubRaw API, verify we recover the original pub. */
- ret = wc_LmsKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
- if (ret != 0) {
- printf("error: wc_LmsKey_ExportPubRaw returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
- printf("error: LMS pub len %u, expected %d\n", pub_len,
- HSS_MAX_PUBLIC_KEY_LEN);
- return WC_TEST_RET_ENC_EC(pub_len);
- }
- n_diff = XMEMCMP(pub_raw, lms_L1H10W8_pub, sizeof(lms_L1H10W8_pub));
- if (n_diff != 0) {
- printf("error: exported and imported pub raw do not match: %d\n",
- n_diff);
- return WC_TEST_RET_ENC_EC(n_diff);
- }
- /* Flip bits in message. This should fail. */
- lms_msg[msgSz / 2] ^= 1;
- ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
- (byte *) lms_msg, msgSz);
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Flip it back. This should pass again. */
- lms_msg[msgSz / 2] ^= 1;
- ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
- (byte *) lms_msg, msgSz);
- if (ret != 0) {
- printf("error: wc_LmsKey_Verify returned %d, expected 0\n", ret);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* Flip bits in a few places throughout the signature, stepping in multiple
- * of hash size. These should all fail with -1. */
- for (j = 0; j < (int) sigSz; j+= 4 * 32) {
- lms_L1H10W8_sig[j] ^= 1;
- ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig,
- LMS_L1H10W8_SIGLEN,
- (byte *) lms_msg, msgSz);
- if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
- /* Verify passed when it should have failed. */
- return WC_TEST_RET_ENC_I(j);
- }
- /* Flip this spot back. */
- lms_L1H10W8_sig[j] ^= 1;
- }
- wc_LmsKey_Free(&verifyKey);
- return ret;
- }
- #endif
- #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */
- static const int fiducial3 = WC_TEST_RET_LN; /* source code reference point --
- * see print_fiducials() below.
- */
- #ifdef WOLFCRYPT_HAVE_ECCSI
- static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
- ecc_point* pvt)
- {
- wc_test_ret_t ret;
- byte id[1] = { 0x00 };
- int valid;
- word32 sz;
- byte data[256];
- byte hash[WC_MAX_DIGEST_SIZE];
- byte hashSz;
- byte sig[257];
- word32 sigSz;
- ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeEccsiKey(NULL);
- /* Create a valid key. */
- ret = wc_InitEccsiKey(key, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiKey(NULL, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key set */
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key set */
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- &valid);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(key, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(key, pvt, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(key, NULL, &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key created so no curve information. */
- ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiKey(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key to export */
- ret = wc_ExportEccsiKey(key, NULL, &sz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiKey(key, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiKey(NULL, data, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPrivateKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key to export */
- ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* No key to export */
- ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
- &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiHash(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiHash(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiHash(NULL, hash, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(key, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(NULL, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(NULL, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(key, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(key, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(NULL, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Key not set. */
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
- &sigSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
- &valid);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(key, ssk, pvt);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Identity hash not set. */
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
- &sigSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeEccsiKey(key);
- return 0;
- }
- /* RFC 6507: Appendix A */
- static wc_test_ret_t eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt)
- {
- wc_test_ret_t ret;
- int verified;
- const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 };
- word32 msgSz = sizeof(msg);
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashSz = WC_SHA256_DIGEST_SIZE;
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- word32 idSz = sizeof(id);
- static const byte sig[] = {
- 0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74,
- 0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D,
- 0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93,
- 0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81,
- 0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF,
- 0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC,
- 0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67,
- 0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD,
- 0x04,
- 0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8,
- 0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75,
- 0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3,
- 0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9,
- 0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3,
- 0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74,
- 0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52,
- 0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79
- };
- word32 sigSz = sizeof(sig);
- static const byte pubData[] = {
- 0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F,
- 0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A,
- 0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8,
- 0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93,
- 0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B,
- 0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A,
- 0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03,
- 0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4
- };
- static const byte expHash[] = {
- 0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f,
- 0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79,
- 0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38,
- 0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1
- };
- ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash,
- &hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (hashSz != sizeof(expHash))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(hash, expHash, hashSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetEccsiHash(key, hash, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
- {
- wc_test_ret_t ret;
- byte data[32 * 3];
- word32 sz;
- ecc_point* decPvt = NULL;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- mp_int *decSsk = (mp_int *)XMALLOC(sizeof(*decSsk), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (decSsk == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #else
- mp_int decSsk[1];
- #endif
- ret = mp_init(decSsk);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- decPvt = wc_ecc_new_point();
- if (decPvt == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32 * 3)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32* 3)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_DecodeEccsiPair(priv, data, sz, decSsk, decPvt);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = mp_cmp(ssk, decSsk);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_ecc_cmp_point(pvt, decPvt);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_DecodeEccsiSsk(priv, data, sz, decSsk);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = mp_cmp(ssk, decSsk);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32 * 2)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32 * 2)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ecc_cmp_point(pvt, decPvt);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- sz = sizeof(data);
- ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (sz != 32 * 2 + 1)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_ecc_cmp_point(pvt, decPvt);
- if (ret != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- wc_ecc_del_point(decPvt);
- out:
- mp_free(decSsk);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(decSsk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
- {
- wc_test_ret_t ret;
- byte data[32 * 3];
- byte out[32 * 3];
- word32 sz;
- ret = wc_ExportEccsiKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 3)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiKey(priv, data, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiKey(priv, data, sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 3)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiKey(priv, out, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 3)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(data, out, sz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiPrivateKey(priv, data, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPrivateKey(priv, data, sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiPrivateKey(priv, out, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(data, out, sz) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
- {
- wc_test_ret_t ret;
- byte data[32 * 2 + 1];
- byte pubData[32 * 2 + 1];
- word32 sz;
- ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 2)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportEccsiPublicKey(key2, data, sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- sz = sizeof(pubData);
- ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 2)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(data, pubData, sz) != 0)
- return WC_TEST_RET_ENC_NC;
- sz = sizeof(pubData);
- ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 32 * 2 + 1)
- return WC_TEST_RET_ENC_NC;
- if (pubData[0] != 0x04)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(pubData + 1, data, sz - 1) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- static wc_test_ret_t eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
- mp_int* ssk, ecc_point* pvt)
- {
- wc_test_ret_t ret;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32) XSTRLEN(mail);
- int valid;
- ret = wc_MakeEccsiKey(priv, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = eccsi_imp_exp_key_test(priv);
- if (ret < 0)
- return ret;
- ret = eccsi_imp_exp_pubkey_test(priv, pub);
- if (ret < 0)
- return ret;
- ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
- &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!valid)
- return WC_TEST_RET_ENC_NC;
- ret = eccsi_enc_dec_pair_test(priv, ssk, pvt);
- if (ret != 0)
- return ret;
- return 0;
- }
- static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
- mp_int* ssk, ecc_point* pvt)
- {
- wc_test_ret_t ret;
- byte hashPriv[WC_MAX_DIGEST_SIZE];
- byte hashPub[WC_MAX_DIGEST_SIZE];
- byte hashSz;
- byte sig[144];
- word32 sigSz;
- int verified, valid;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32) XSTRLEN(mail);
- byte msg[] = { 0x00 };
- word32 msgSz = sizeof(msg);
- #ifdef WOLFSSL_SHA384
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
- &hashSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
- &hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (hashSz != 32)
- return WC_TEST_RET_ENC_NC;
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub,
- &hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (hashSz != 32)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(hashPriv, hashPub, hashSz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetEccsiHash(priv, hashPriv, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiPair(priv, ssk, pvt);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
- &sigSz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sigSz != 129)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig,
- &sigSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that changing HS results in verification failure. */
- hashPub[0] ^= 0x80;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (verified)
- return WC_TEST_RET_ENC_NC;
- hashPub[0] ^= 0x80;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Check that changing msg results in verification failure. */
- msg[0] ^= 0x80;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (verified)
- return WC_TEST_RET_ENC_NC;
- msg[0] ^= 0x80;
- /* Check that changing signature results in verification failure. */
- sig[0] ^= 0x80;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (verified)
- return WC_TEST_RET_ENC_NC;
- sig[0] ^= 0x80;
- /* Check that key state hasn't been invalidated. */
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that verifying with the private key works. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that the KPAK is converted from montgomery form. */
- ret = eccsi_imp_exp_key_test(priv);
- if (ret != 0)
- return ret;
- /* Check that KPAK can converted to Montgomery form again. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that the KPAK is converted from montgomery form. */
- ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
- &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!valid)
- return WC_TEST_RET_ENC_NC;
- /* Check that KPAK can converted to Montgomery form again. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!verified)
- return WC_TEST_RET_ENC_NC;
- /* Check that the KPAK is converted from montgomery form. */
- ret = eccsi_imp_exp_pubkey_test(priv, pub);
- if (ret != 0)
- return ret;
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void)
- {
- wc_test_ret_t ret = 0;
- WC_RNG rng;
- int rng_inited = 0;
- EccsiKey* priv = NULL;
- EccsiKey* pub = NULL;
- mp_int* ssk = NULL;
- ecc_point* pvt = NULL;
- WOLFSSL_ENTER("eccsi_test");
- priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(priv, 0, sizeof(*priv));
- if (ret == 0) {
- pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(pub, 0, sizeof(*pub));
- }
- if (ret == 0) {
- ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ssk == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(ssk, 0, sizeof(*ssk));
- }
- if (ret == 0) {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- else
- rng_inited = 1;
- }
- if (ret == 0) {
- pvt = wc_ecc_new_point();
- if (pvt == NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- if (ret == 0) {
- ret = mp_init(ssk);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = eccsi_api_test(&rng, priv, ssk, pvt);
- }
- if (ret == 0) {
- ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = eccsi_kat_verify_test(pub, pvt);
- }
- if (ret == 0) {
- ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
- }
- if (ret == 0) {
- ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
- }
- if (pvt != NULL)
- wc_ecc_del_point(pvt);
- if (rng_inited)
- wc_FreeRng(&rng);
- if (ssk != NULL) {
- mp_free(ssk);
- XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub != NULL) {
- wc_FreeEccsiKey(pub);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (priv != NULL) {
- wc_FreeEccsiKey(priv);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_ECCSI */
- #ifdef WOLFCRYPT_HAVE_SAKKE
- static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
- {
- wc_test_ret_t ret;
- byte id[1] = { 0x00 };
- int valid;
- byte data[256];
- word32 sz;
- byte auth[257];
- word16 authSz;
- byte ssv[256];
- word16 ssvSz;
- word32 len;
- ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeSakkeKey(NULL);
- XMEMSET(key, 0, sizeof(*key));
- wc_FreeSakkeKey(key);
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeKey(NULL, rng);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePublicKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePublicKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePublicKey(NULL, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeRsk(key, id, 1, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkeKey(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkeKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkeKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeKey(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeKey(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeKey(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePrivateKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePrivateKey(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePrivateKey(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- sz = sizeof(data);
- ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeRsk(NULL, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeRsk(key, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeRsk(NULL, data, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkeRsk(key, data, 1);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- len--;
- ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkeAuthSize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkeAuthSize(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkeAuthSize(NULL, &authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePointI(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkePointITable(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkePointITable(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkePointITable(NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkePointITable(key, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- len--;
- ret = wc_GenerateSakkePointITable(key, data, &len);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointITable(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointITable(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointITable(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointITable(key, data, 1);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ClearSakkePointITable(NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkePointI(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkePointI(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GetSakkePointI(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- sz = 1;
- ret = wc_GetSakkePointI(key, data, &sz);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- sz = 256;
- ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ssvSz = sizeof(ssv);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeRsk(key, NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ssvSz = sizeof(ssv);
- authSz = sizeof(auth);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, id, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, id, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeRsk(key, rsk, data, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeSakkeKey(key);
- return 0;
- }
- static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte pubData[] = {
- 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
- 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
- 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
- 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
- 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
- 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
- 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
- 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
- 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
- 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
- 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
- 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
- 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
- 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
- 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
- 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
- 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
- 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
- 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
- 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
- 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
- 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
- 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
- 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
- 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
- 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
- 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
- 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
- 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
- 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
- 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
- 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
- };
- WOLFSSL_SMALL_STACK_STATIC const byte rskData[] = {
- 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
- 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
- 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
- 0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C,
- 0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62,
- 0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C,
- 0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA,
- 0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93,
- 0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79,
- 0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C,
- 0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0,
- 0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94,
- 0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93,
- 0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78,
- 0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53,
- 0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B,
- 0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0,
- 0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A,
- 0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03,
- 0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D,
- 0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18,
- 0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C,
- 0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C,
- 0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F,
- 0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB,
- 0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D,
- 0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A,
- 0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B,
- 0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA,
- 0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40,
- 0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C,
- 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
- };
- WOLFSSL_SMALL_STACK_STATIC const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ssv[] = {
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte auth[] = {
- 0x04,
- 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
- 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
- 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
- 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
- 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
- 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
- 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
- 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
- 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
- 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
- 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
- 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
- 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
- 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
- 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
- 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
- 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
- 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
- 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
- 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
- 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
- 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
- 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
- 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
- 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
- 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
- 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
- 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
- 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
- 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
- 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
- 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
- };
- WOLFSSL_SMALL_STACK_STATIC const byte encSsv[] = {
- 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
- 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
- };
- wc_test_ret_t ret;
- int valid;
- byte pubKey[sizeof(pubData) + 1];
- word32 sz = sizeof(pubKey);
- byte tmpSsv[sizeof(encSsv)];
- byte* iTable = NULL;
- word32 iTableLen;
- byte* table = NULL;
- word32 len;
- ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (valid != 1)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetSakkeRsk(key, rsk, NULL, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, id, sizeof(id));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
- auth, sizeof(auth));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_MakeSakkePointI(key, id, sizeof(id));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- iTableLen = 0;
- ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (iTableLen != 0) {
- iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (iTable == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- len = 0;
- ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (len > 0) {
- table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (table == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_SetSakkeRsk(key, rsk, table, len);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
- auth, sizeof(auth));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* Don't reference table that is about to be freed. */
- ret = wc_ClearSakkePointITable(key);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Dispose of tables */
- if (iTable != NULL)
- XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (table != NULL)
- XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- /* Make sure the key public key is exportable - convert to Montgomery form
- * in Validation.
- */
- ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != sizeof(pubData))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0)
- return WC_TEST_RET_ENC_NC;
- sz = sizeof(pubData) + 1;
- ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != sizeof(pubData) + 1)
- return WC_TEST_RET_ENC_NC;
- if (pubKey[0] != 0x04)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t sakke_kat_encapsulate_test(SakkeKey* key)
- {
- static const byte pubData[] = {
- 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
- 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
- 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
- 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
- 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
- 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
- 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
- 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
- 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
- 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
- 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
- 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
- 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
- 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
- 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
- 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
- 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
- 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
- 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
- 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
- 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
- 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
- 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
- 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
- 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
- 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
- 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
- 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
- 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
- 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
- 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
- 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
- };
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- static const word32 idSz = sizeof(id);
- byte ssv[] = {
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
- };
- static const word16 ssvSz = sizeof(ssv);
- static const byte expAuth[] = {
- 0x04,
- 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
- 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
- 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
- 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
- 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
- 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
- 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
- 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
- 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
- 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
- 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
- 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
- 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
- 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
- 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
- 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
- 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
- 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
- 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
- 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
- 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
- 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
- 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
- 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
- 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
- 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
- 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
- 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
- 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
- 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
- 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
- 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
- };
- static const byte encSsv[] = {
- 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
- 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
- };
- wc_test_ret_t ret;
- byte auth[257];
- word16 authSz = sizeof(auth);
- ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(key, id, idSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (authSz != 257)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(ssv, encSsv, ssvSz) != 0)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(auth, expAuth, authSz) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key,
- WC_RNG* rng, ecc_point* rsk)
- {
- wc_test_ret_t ret;
- byte data[440];
- byte pubData[257];
- word32 sz;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32)XSTRLEN(mail);
- int valid;
- ecc_point* pubKey = rsk;
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeKey(priv, rng);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkeKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 384)
- return WC_TEST_RET_ENC_NC;
- sz--;
- ret = wc_ExportSakkeKey(priv, data, &sz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- sz++;
- ret = wc_ExportSakkeKey(priv, data, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 384)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkeKey(key, data, sz - 1);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkeKey(key, data, sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeSakkeKey(key);
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 128)
- return WC_TEST_RET_ENC_NC;
- sz--;
- ret = wc_ExportSakkePrivateKey(priv, data, &sz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- sz++;
- ret = wc_ExportSakkePrivateKey(priv, data, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 128)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkePrivateKey(key, data, sz - 1);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkePrivateKey(key, data, sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkePublicKey(key, pubKey);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- sz--;
- ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- sz++;
- ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ImportSakkePublicKey(pub, data, sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(data, pubData, sz) != 0)
- return WC_TEST_RET_ENC_NC;
- ret = wc_MakeSakkeRsk(priv, id, idSz, rsk);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (valid != 1)
- return WC_TEST_RET_ENC_NC;
- ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (valid != 1)
- return WC_TEST_RET_ENC_NC;
- sz = sizeof(data);
- ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- ret = wc_DecodeSakkeRsk(priv, data, sz, rsk);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- sz = sizeof(pubData);
- ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != sizeof(pubData))
- return WC_TEST_RET_ENC_NC;
- ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- wc_FreeSakkeKey(key);
- return 0;
- }
- static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
- ecc_point* rsk)
- {
- wc_test_ret_t ret;
- byte ssv[16];
- word16 ssvSz;
- byte auth[257];
- word16 authSz;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32)XSTRLEN(mail);
- byte pointI[256];
- word32 sz;
- ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (ssvSz != 16)
- return WC_TEST_RET_ENC_NC;
- ssvSz += 128;
- ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- ssvSz -= 128;
- ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (ssvSz != 16)
- return WC_TEST_RET_ENC_NC;
- ret = wc_GetSakkeAuthSize(pub, &authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(pub, id, idSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- NULL, &authSz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (authSz != 257)
- return WC_TEST_RET_ENC_NC;
- authSz--;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- authSz++;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (authSz != 257)
- return WC_TEST_RET_ENC_NC;
- ret = wc_GetSakkePointI(pub, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- ret = wc_GetSakkePointI(pub, pointI, &sz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (sz != 256)
- return WC_TEST_RET_ENC_NC;
- /* Bogus identity - make it check and regenerate I. */
- ret = wc_MakeSakkePointI(pub, ssv, ssvSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (authSz != 257)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetSakkeRsk(priv, rsk, NULL, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SetSakkeIdentity(priv, id, idSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- authSz--;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret == 0)
- return WC_TEST_RET_ENC_NC;
- authSz++;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ssv[0] ^= 0x80;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != SAKKE_VERIFY_FAIL_E)
- return WC_TEST_RET_ENC_EC(ret);
- ssv[0] ^= 0x80;
- /* Bogus identity - make it check and regenerate I. */
- ret = wc_MakeSakkePointI(pub, ssv, idSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void)
- {
- wc_test_ret_t ret = 0;
- WC_RNG rng;
- int rng_inited = 0;
- SakkeKey* priv = NULL;
- SakkeKey* pub = NULL;
- SakkeKey* key = NULL;
- ecc_point* rsk = NULL;
- WOLFSSL_ENTER("sakke_test");
- priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(priv, 0, sizeof(*priv));
- if (ret == 0) {
- pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(pub, 0, sizeof(*pub));
- }
- if (ret == 0) {
- key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL)
- ret = WC_TEST_RET_ENC_NC;
- else
- XMEMSET(key, 0, sizeof(*key));
- }
- if (ret == 0) {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret == 0)
- rng_inited = 1;
- else
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- rsk = wc_ecc_new_point();
- if (rsk == NULL)
- ret = WC_TEST_RET_ENC_NC;
- }
- if (ret == 0) {
- ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = sakke_api_test(&rng, key, rsk);
- }
- if (ret == 0) {
- ret = sakke_kat_derive_test(pub, rsk);
- }
- if (ret == 0) {
- ret = sakke_kat_encapsulate_test(pub);
- }
- if (ret == 0) {
- ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
- }
- if (ret == 0) {
- ret = sakke_op_test(priv, pub, &rng, rsk);
- }
- if (rsk != NULL) {
- wc_ecc_forcezero_point(rsk);
- wc_ecc_del_point(rsk);
- }
- if (rng_inited)
- wc_FreeRng(&rng);
- if (key != NULL)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub != NULL) {
- wc_FreeSakkeKey(pub);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (priv != NULL) {
- wc_FreeSakkeKey(priv);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_SAKKE */
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- typedef struct CMAC_Test_Case {
- int type;
- int partial;
- const byte* m;
- word32 mSz;
- const byte* k;
- word32 kSz;
- const byte* t;
- word32 tSz;
- } CMAC_Test_Case;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
- {
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte k128[] =
- {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- #define KLEN_128 (sizeof(k128))
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte k192[] =
- {
- 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
- 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
- 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
- };
- #define KLEN_192 (sizeof(k192))
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte k256[] =
- {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
- };
- #define KLEN_256 (sizeof(k256))
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte m[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
- };
- #define MLEN_0 (0)
- #define MLEN_128 (128/8)
- #define MLEN_320 (320/8)
- #define MLEN_319 (MLEN_320 - 1)
- #define MLEN_512 (512/8)
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] =
- {
- 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
- 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] =
- {
- 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
- 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] =
- {
- 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
- 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] =
- {
- 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
- 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] =
- {
- 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
- 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
- };
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] =
- {
- 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
- 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] =
- {
- 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
- 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] =
- {
- 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
- 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] =
- {
- 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
- 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] =
- {
- 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
- 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] =
- {
- 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
- 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] =
- {
- 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
- 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] =
- {
- 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
- 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
- };
- #endif
- const CMAC_Test_Case testCases[] =
- {
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_192
- {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_256
- {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
- #endif
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Cmac *cmac;
- #else
- Cmac cmac[1];
- #endif
- byte tag[AES_BLOCK_SIZE];
- const CMAC_Test_Case* tc;
- word32 i, tagSz;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("cmac_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif
- for (i = 0, tc = testCases;
- i < sizeof(testCases)/sizeof(CMAC_Test_Case);
- i++, tc++) {
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = AES_BLOCK_SIZE;
- #if !defined(HAVE_FIPS) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
- ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
- #else
- ret = wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL);
- #endif
- if (ret != 0)
- {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- if (tc->partial) {
- ret = wc_CmacUpdate(cmac, tc->m,
- tc->mSz/2 - tc->partial);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial,
- tc->mSz/2 + tc->partial);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- else {
- ret = wc_CmacUpdate(cmac, tc->m, tc->mSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_CmacFinal(cmac, tag, &tagSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = sizeof(tag);
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
- ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
- tc->k, tc->kSz, NULL, devId);
- #else
- ret = wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
- tc->k, tc->kSz);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
- ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
- tc->k, tc->kSz, HEAP_HINT, devId);
- #else
- ret = wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
- tc->k, tc->kSz);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
- /* Test that keyless generate with init is the same */
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = sizeof(tag);
- ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
- NULL, 0, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- #endif
- }
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (cmac)
- XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
- #endif
- return ret;
- }
- #endif /* NO_AES && WOLFSSL_CMAC */
- #if defined(WOLFSSL_SIPHASH)
- #if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
- /* Test vectors from:
- * https://github.com/veorq/SipHash/blob/master/vectors.h
- */
- static const unsigned char siphash_key[SIPHASH_KEY_SIZE] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- static const unsigned char siphash_msg[64] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
- };
- static const unsigned char siphash_r8[64][SIPHASH_MAC_SIZE_8] = {
- { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
- { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
- { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
- { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
- { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
- { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
- { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
- { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
- { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
- { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
- { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
- { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
- { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
- { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
- { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
- { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
- { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
- { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
- { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
- { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
- { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
- { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
- { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
- { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
- { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
- { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
- { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
- { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
- { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
- { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
- { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
- { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
- { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
- { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
- { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
- { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
- { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
- { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
- { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
- { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
- { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
- { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
- { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
- { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
- { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
- { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
- { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
- { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
- { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
- { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
- { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
- { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
- { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
- { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
- { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
- { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
- { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
- { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
- { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
- { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
- { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
- { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
- { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
- { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, },
- };
- static const unsigned char siphash_r16[64][SIPHASH_MAC_SIZE_16] = {
- { 0xa3, 0x81, 0x7f, 0x04, 0xba, 0x25, 0xa8, 0xe6,
- 0x6d, 0xf6, 0x72, 0x14, 0xc7, 0x55, 0x02, 0x93, },
- { 0xda, 0x87, 0xc1, 0xd8, 0x6b, 0x99, 0xaf, 0x44,
- 0x34, 0x76, 0x59, 0x11, 0x9b, 0x22, 0xfc, 0x45, },
- { 0x81, 0x77, 0x22, 0x8d, 0xa4, 0xa4, 0x5d, 0xc7,
- 0xfc, 0xa3, 0x8b, 0xde, 0xf6, 0x0a, 0xff, 0xe4, },
- { 0x9c, 0x70, 0xb6, 0x0c, 0x52, 0x67, 0xa9, 0x4e,
- 0x5f, 0x33, 0xb6, 0xb0, 0x29, 0x85, 0xed, 0x51, },
- { 0xf8, 0x81, 0x64, 0xc1, 0x2d, 0x9c, 0x8f, 0xaf,
- 0x7d, 0x0f, 0x6e, 0x7c, 0x7b, 0xcd, 0x55, 0x79, },
- { 0x13, 0x68, 0x87, 0x59, 0x80, 0x77, 0x6f, 0x88,
- 0x54, 0x52, 0x7a, 0x07, 0x69, 0x0e, 0x96, 0x27, },
- { 0x14, 0xee, 0xca, 0x33, 0x8b, 0x20, 0x86, 0x13,
- 0x48, 0x5e, 0xa0, 0x30, 0x8f, 0xd7, 0xa1, 0x5e, },
- { 0xa1, 0xf1, 0xeb, 0xbe, 0xd8, 0xdb, 0xc1, 0x53,
- 0xc0, 0xb8, 0x4a, 0xa6, 0x1f, 0xf0, 0x82, 0x39, },
- { 0x3b, 0x62, 0xa9, 0xba, 0x62, 0x58, 0xf5, 0x61,
- 0x0f, 0x83, 0xe2, 0x64, 0xf3, 0x14, 0x97, 0xb4, },
- { 0x26, 0x44, 0x99, 0x06, 0x0a, 0xd9, 0xba, 0xab,
- 0xc4, 0x7f, 0x8b, 0x02, 0xbb, 0x6d, 0x71, 0xed, },
- { 0x00, 0x11, 0x0d, 0xc3, 0x78, 0x14, 0x69, 0x56,
- 0xc9, 0x54, 0x47, 0xd3, 0xf3, 0xd0, 0xfb, 0xba, },
- { 0x01, 0x51, 0xc5, 0x68, 0x38, 0x6b, 0x66, 0x77,
- 0xa2, 0xb4, 0xdc, 0x6f, 0x81, 0xe5, 0xdc, 0x18, },
- { 0xd6, 0x26, 0xb2, 0x66, 0x90, 0x5e, 0xf3, 0x58,
- 0x82, 0x63, 0x4d, 0xf6, 0x85, 0x32, 0xc1, 0x25, },
- { 0x98, 0x69, 0xe2, 0x47, 0xe9, 0xc0, 0x8b, 0x10,
- 0xd0, 0x29, 0x93, 0x4f, 0xc4, 0xb9, 0x52, 0xf7, },
- { 0x31, 0xfc, 0xef, 0xac, 0x66, 0xd7, 0xde, 0x9c,
- 0x7e, 0xc7, 0x48, 0x5f, 0xe4, 0x49, 0x49, 0x02, },
- { 0x54, 0x93, 0xe9, 0x99, 0x33, 0xb0, 0xa8, 0x11,
- 0x7e, 0x08, 0xec, 0x0f, 0x97, 0xcf, 0xc3, 0xd9, },
- { 0x6e, 0xe2, 0xa4, 0xca, 0x67, 0xb0, 0x54, 0xbb,
- 0xfd, 0x33, 0x15, 0xbf, 0x85, 0x23, 0x05, 0x77, },
- { 0x47, 0x3d, 0x06, 0xe8, 0x73, 0x8d, 0xb8, 0x98,
- 0x54, 0xc0, 0x66, 0xc4, 0x7a, 0xe4, 0x77, 0x40, },
- { 0xa4, 0x26, 0xe5, 0xe4, 0x23, 0xbf, 0x48, 0x85,
- 0x29, 0x4d, 0xa4, 0x81, 0xfe, 0xae, 0xf7, 0x23, },
- { 0x78, 0x01, 0x77, 0x31, 0xcf, 0x65, 0xfa, 0xb0,
- 0x74, 0xd5, 0x20, 0x89, 0x52, 0x51, 0x2e, 0xb1, },
- { 0x9e, 0x25, 0xfc, 0x83, 0x3f, 0x22, 0x90, 0x73,
- 0x3e, 0x93, 0x44, 0xa5, 0xe8, 0x38, 0x39, 0xeb, },
- { 0x56, 0x8e, 0x49, 0x5a, 0xbe, 0x52, 0x5a, 0x21,
- 0x8a, 0x22, 0x14, 0xcd, 0x3e, 0x07, 0x1d, 0x12, },
- { 0x4a, 0x29, 0xb5, 0x45, 0x52, 0xd1, 0x6b, 0x9a,
- 0x46, 0x9c, 0x10, 0x52, 0x8e, 0xff, 0x0a, 0xae, },
- { 0xc9, 0xd1, 0x84, 0xdd, 0xd5, 0xa9, 0xf5, 0xe0,
- 0xcf, 0x8c, 0xe2, 0x9a, 0x9a, 0xbf, 0x69, 0x1c, },
- { 0x2d, 0xb4, 0x79, 0xae, 0x78, 0xbd, 0x50, 0xd8,
- 0x88, 0x2a, 0x8a, 0x17, 0x8a, 0x61, 0x32, 0xad, },
- { 0x8e, 0xce, 0x5f, 0x04, 0x2d, 0x5e, 0x44, 0x7b,
- 0x50, 0x51, 0xb9, 0xea, 0xcb, 0x8d, 0x8f, 0x6f, },
- { 0x9c, 0x0b, 0x53, 0xb4, 0xb3, 0xc3, 0x07, 0xe8,
- 0x7e, 0xae, 0xe0, 0x86, 0x78, 0x14, 0x1f, 0x66, },
- { 0xab, 0xf2, 0x48, 0xaf, 0x69, 0xa6, 0xea, 0xe4,
- 0xbf, 0xd3, 0xeb, 0x2f, 0x12, 0x9e, 0xeb, 0x94, },
- { 0x06, 0x64, 0xda, 0x16, 0x68, 0x57, 0x4b, 0x88,
- 0xb9, 0x35, 0xf3, 0x02, 0x73, 0x58, 0xae, 0xf4, },
- { 0xaa, 0x4b, 0x9d, 0xc4, 0xbf, 0x33, 0x7d, 0xe9,
- 0x0c, 0xd4, 0xfd, 0x3c, 0x46, 0x7c, 0x6a, 0xb7, },
- { 0xea, 0x5c, 0x7f, 0x47, 0x1f, 0xaf, 0x6b, 0xde,
- 0x2b, 0x1a, 0xd7, 0xd4, 0x68, 0x6d, 0x22, 0x87, },
- { 0x29, 0x39, 0xb0, 0x18, 0x32, 0x23, 0xfa, 0xfc,
- 0x17, 0x23, 0xde, 0x4f, 0x52, 0xc4, 0x3d, 0x35, },
- { 0x7c, 0x39, 0x56, 0xca, 0x5e, 0xea, 0xfc, 0x3e,
- 0x36, 0x3e, 0x9d, 0x55, 0x65, 0x46, 0xeb, 0x68, },
- { 0x77, 0xc6, 0x07, 0x71, 0x46, 0xf0, 0x1c, 0x32,
- 0xb6, 0xb6, 0x9d, 0x5f, 0x4e, 0xa9, 0xff, 0xcf, },
- { 0x37, 0xa6, 0x98, 0x6c, 0xb8, 0x84, 0x7e, 0xdf,
- 0x09, 0x25, 0xf0, 0xf1, 0x30, 0x9b, 0x54, 0xde, },
- { 0xa7, 0x05, 0xf0, 0xe6, 0x9d, 0xa9, 0xa8, 0xf9,
- 0x07, 0x24, 0x1a, 0x2e, 0x92, 0x3c, 0x8c, 0xc8, },
- { 0x3d, 0xc4, 0x7d, 0x1f, 0x29, 0xc4, 0x48, 0x46,
- 0x1e, 0x9e, 0x76, 0xed, 0x90, 0x4f, 0x67, 0x11, },
- { 0x0d, 0x62, 0xbf, 0x01, 0xe6, 0xfc, 0x0e, 0x1a,
- 0x0d, 0x3c, 0x47, 0x51, 0xc5, 0xd3, 0x69, 0x2b, },
- { 0x8c, 0x03, 0x46, 0x8b, 0xca, 0x7c, 0x66, 0x9e,
- 0xe4, 0xfd, 0x5e, 0x08, 0x4b, 0xbe, 0xe7, 0xb5, },
- { 0x52, 0x8a, 0x5b, 0xb9, 0x3b, 0xaf, 0x2c, 0x9c,
- 0x44, 0x73, 0xcc, 0xe5, 0xd0, 0xd2, 0x2b, 0xd9, },
- { 0xdf, 0x6a, 0x30, 0x1e, 0x95, 0xc9, 0x5d, 0xad,
- 0x97, 0xae, 0x0c, 0xc8, 0xc6, 0x91, 0x3b, 0xd8, },
- { 0x80, 0x11, 0x89, 0x90, 0x2c, 0x85, 0x7f, 0x39,
- 0xe7, 0x35, 0x91, 0x28, 0x5e, 0x70, 0xb6, 0xdb, },
- { 0xe6, 0x17, 0x34, 0x6a, 0xc9, 0xc2, 0x31, 0xbb,
- 0x36, 0x50, 0xae, 0x34, 0xcc, 0xca, 0x0c, 0x5b, },
- { 0x27, 0xd9, 0x34, 0x37, 0xef, 0xb7, 0x21, 0xaa,
- 0x40, 0x18, 0x21, 0xdc, 0xec, 0x5a, 0xdf, 0x89, },
- { 0x89, 0x23, 0x7d, 0x9d, 0xed, 0x9c, 0x5e, 0x78,
- 0xd8, 0xb1, 0xc9, 0xb1, 0x66, 0xcc, 0x73, 0x42, },
- { 0x4a, 0x6d, 0x80, 0x91, 0xbf, 0x5e, 0x7d, 0x65,
- 0x11, 0x89, 0xfa, 0x94, 0xa2, 0x50, 0xb1, 0x4c, },
- { 0x0e, 0x33, 0xf9, 0x60, 0x55, 0xe7, 0xae, 0x89,
- 0x3f, 0xfc, 0x0e, 0x3d, 0xcf, 0x49, 0x29, 0x02, },
- { 0xe6, 0x1c, 0x43, 0x2b, 0x72, 0x0b, 0x19, 0xd1,
- 0x8e, 0xc8, 0xd8, 0x4b, 0xdc, 0x63, 0x15, 0x1b, },
- { 0xf7, 0xe5, 0xae, 0xf5, 0x49, 0xf7, 0x82, 0xcf,
- 0x37, 0x90, 0x55, 0xa6, 0x08, 0x26, 0x9b, 0x16, },
- { 0x43, 0x8d, 0x03, 0x0f, 0xd0, 0xb7, 0xa5, 0x4f,
- 0xa8, 0x37, 0xf2, 0xad, 0x20, 0x1a, 0x64, 0x03, },
- { 0xa5, 0x90, 0xd3, 0xee, 0x4f, 0xbf, 0x04, 0xe3,
- 0x24, 0x7e, 0x0d, 0x27, 0xf2, 0x86, 0x42, 0x3f, },
- { 0x5f, 0xe2, 0xc1, 0xa1, 0x72, 0xfe, 0x93, 0xc4,
- 0xb1, 0x5c, 0xd3, 0x7c, 0xae, 0xf9, 0xf5, 0x38, },
- { 0x2c, 0x97, 0x32, 0x5c, 0xbd, 0x06, 0xb3, 0x6e,
- 0xb2, 0x13, 0x3d, 0xd0, 0x8b, 0x3a, 0x01, 0x7c, },
- { 0x92, 0xc8, 0x14, 0x22, 0x7a, 0x6b, 0xca, 0x94,
- 0x9f, 0xf0, 0x65, 0x9f, 0x00, 0x2a, 0xd3, 0x9e, },
- { 0xdc, 0xe8, 0x50, 0x11, 0x0b, 0xd8, 0x32, 0x8c,
- 0xfb, 0xd5, 0x08, 0x41, 0xd6, 0x91, 0x1d, 0x87, },
- { 0x67, 0xf1, 0x49, 0x84, 0xc7, 0xda, 0x79, 0x12,
- 0x48, 0xe3, 0x2b, 0xb5, 0x92, 0x25, 0x83, 0xda, },
- { 0x19, 0x38, 0xf2, 0xcf, 0x72, 0xd5, 0x4e, 0xe9,
- 0x7e, 0x94, 0x16, 0x6f, 0xa9, 0x1d, 0x2a, 0x36, },
- { 0x74, 0x48, 0x1e, 0x96, 0x46, 0xed, 0x49, 0xfe,
- 0x0f, 0x62, 0x24, 0x30, 0x16, 0x04, 0x69, 0x8e, },
- { 0x57, 0xfc, 0xa5, 0xde, 0x98, 0xa9, 0xd6, 0xd8,
- 0x00, 0x64, 0x38, 0xd0, 0x58, 0x3d, 0x8a, 0x1d, },
- { 0x9f, 0xec, 0xde, 0x1c, 0xef, 0xdc, 0x1c, 0xbe,
- 0xd4, 0x76, 0x36, 0x74, 0xd9, 0x57, 0x53, 0x59, },
- { 0xe3, 0x04, 0x0c, 0x00, 0xeb, 0x28, 0xf1, 0x53,
- 0x66, 0xca, 0x73, 0xcb, 0xd8, 0x72, 0xe7, 0x40, },
- { 0x76, 0x97, 0x00, 0x9a, 0x6a, 0x83, 0x1d, 0xfe,
- 0xcc, 0xa9, 0x1c, 0x59, 0x93, 0x67, 0x0f, 0x7a, },
- { 0x58, 0x53, 0x54, 0x23, 0x21, 0xf5, 0x67, 0xa0,
- 0x05, 0xd5, 0x47, 0xa4, 0xf0, 0x47, 0x59, 0xbd, },
- { 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a,
- 0x50, 0x3e, 0x06, 0x9a, 0x97, 0x3f, 0xbd, 0x7c, },
- };
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
- {
- wc_test_ret_t ret = 0;
- int i;
- #if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
- unsigned char res[SIPHASH_MAC_SIZE_16];
- unsigned char tmp[SIPHASH_MAC_SIZE_8];
- SipHash siphash;
- WOLFSSL_ENTER("siphash_test (1)");
- for (i = 0; i < 64; i++) {
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- for (i = 0; i < 64; i++) {
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
- return WC_TEST_RET_ENC_I(i);
- ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
- return WC_TEST_RET_ENC_I(i);
- }
- #else
- WOLFSSL_ENTER("siphash_test (1)");
- #endif
- /* Testing bad parameters. */
- ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(&siphash, siphash_key, 7);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(&siphash, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(siphash_key, NULL, 0, res, 15);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- /* Test cache with multiple non blocksize bytes */
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(&siphash, siphash_msg, 5);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(&siphash, siphash_msg + 5, 4);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashUpdate(&siphash, siphash_msg, 9);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_SipHashFinal(&siphash, tmp, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(res, tmp, SIPHASH_MAC_SIZE_8) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif /* WOLFSSL_SIPHASH */
- #ifdef HAVE_LIBZ
- static const byte sample_text[] =
- "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
- "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
- "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
- "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
- "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
- "small batch meggings kogi dolore food truck bespoke gastropub.\n"
- "\n"
- "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
- "four loko you probably haven't heard of them high life. Messenger bag\n"
- "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
- "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
- "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
- "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
- "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
- "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
- "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
- "four loko whatever street art yr farm-to-table.\n"
- "\n"
- "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
- "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
- "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
- "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
- "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
- "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
- "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
- "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
- "locavore.\n"
- "\n"
- "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
- "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
- "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
- "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
- "small batch american apparel. Put a bird on it cosby sweater before they\n"
- "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
- "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
- "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
- "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
- "neutra PBR selvage.\n"
- "\n"
- "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
- "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
- "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
- "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
- "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
- "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
- "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
- "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
- "mollit magna, sriracha sartorial helvetica.\n"
- "\n"
- "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
- "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
- "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
- "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
- "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
- "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
- "Veniam sunt food truck leggings, sint vinyl fap.\n"
- "\n"
- "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
- "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
- "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
- "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
- "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
- "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
- "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
- "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
- "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
- "\n"
- "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
- "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
- "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
- "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
- "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
- "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
- "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
- "bag dolor terry richardson sapiente.\n";
- static const byte sample_text_gz[] = {
- 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70,
- 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D,
- 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9,
- 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0,
- 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE,
- 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78,
- 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69,
- 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A,
- 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64,
- 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72,
- 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B,
- 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37,
- 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C,
- 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68,
- 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5,
- 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE,
- 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC,
- 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF,
- 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF,
- 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F,
- 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A,
- 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2,
- 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F,
- 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD,
- 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F,
- 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF,
- 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88,
- 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB,
- 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD,
- 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4,
- 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B,
- 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F,
- 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD,
- 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39,
- 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E,
- 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E,
- 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B,
- 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF,
- 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30,
- 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D,
- 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9,
- 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34,
- 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02,
- 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00,
- 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96,
- 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F,
- 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38,
- 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20,
- 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4,
- 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99,
- 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6,
- 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74,
- 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3,
- 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20,
- 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79,
- 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A,
- 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29,
- 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4,
- 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3,
- 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7,
- 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58,
- 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4,
- 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58,
- 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86,
- 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39,
- 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47,
- 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97,
- 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3,
- 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8,
- 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71,
- 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84,
- 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29,
- 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A,
- 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6,
- 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A,
- 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD,
- 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A,
- 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46,
- 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3,
- 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D,
- 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03,
- 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E,
- 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6,
- 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73,
- 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52,
- 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2,
- 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1,
- 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B,
- 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1,
- 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24,
- 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A,
- 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3,
- 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E,
- 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C,
- 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D,
- 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15,
- 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F,
- 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5,
- 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F,
- 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35,
- 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD,
- 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C,
- 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56,
- 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD,
- 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88,
- 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B,
- 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48,
- 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44,
- 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D,
- 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE,
- 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C,
- 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10,
- 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84,
- 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA,
- 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41,
- 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96,
- 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49,
- 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09,
- 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20,
- 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C,
- 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46,
- 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95,
- 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13,
- 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26,
- 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB,
- 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28,
- 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E,
- 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA,
- 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0,
- 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7,
- 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0,
- 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34,
- 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2,
- 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4,
- 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C,
- 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43,
- 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53,
- 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0,
- 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D,
- 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F,
- 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73,
- 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD,
- 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59,
- 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C,
- 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B,
- 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15,
- 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39,
- 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92,
- 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF,
- 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00
- };
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void)
- {
- wc_test_ret_t ret = 0;
- word32 dSz = sizeof(sample_text);
- word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
- byte *c;
- byte *d;
- WOLFSSL_ENTER("compress_test");
- c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (c == NULL || d == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
- }
- /* follow calloc and initialize to 0 */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- cSz = (word32)ret;
- if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- }
- dSz = (word32)ret;
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- /* GZIP tests */
- cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- cSz = (word32)ret;
- ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- /* Try with gzip generated output */
- XMEMSET(d, 0, dSz);
- ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz),
- LIBZ_WINBITS_GZIP);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
- dSz = (word32)ret;
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
- }
- ret = 0; /* success */
- exit:
- if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_LIBZ */
- #ifdef HAVE_PKCS7
- /* External Debugging/Testing Note:
- *
- * PKCS#7 test functions can output generated PKCS#7/CMS bundles for
- * additional testing. To dump bundles to files DER encoded files, please
- * define:
- *
- * #define PKCS7_OUTPUT_TEST_BUNDLES
- */
- /* Loads certs and keys for use with PKCS7 tests, from either files
- * or buffers.
- *
- * rsaClientCertBuf - output buffer for RSA client cert
- * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert
- * rsaClientPrivKeyBuf - output buffer for RSA client private key
- * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key
- *
- * rsaServerCertBuf - output buffer for RSA server cert
- * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert
- * rsaServerPrivKeyBuf - output buffer for RSA server private key
- * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key
- *
- * rsaCaCertBuf - output buffer for RSA CA cert
- * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert
- * rsaCaPrivKeyBuf - output buffer for RSA CA private key
- * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key
- *
- * eccClientCertBuf - output buffer for ECC cert
- * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert
- * eccClientPrivKeyBuf - output buffer for ECC private key
- * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key
- *
- * Returns 0 on success, negative on error
- */
- static wc_test_ret_t pkcs7_load_certs_keys(
- byte* rsaClientCertBuf, word32* rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32* rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32* rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32* eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz)
- {
- #ifndef NO_FILESYSTEM
- XFILE certFile;
- XFILE keyFile;
- (void)certFile;
- (void)keyFile;
- #endif
- #ifndef NO_RSA
- if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL ||
- rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL)
- return BAD_FUNC_ARG;
- #endif
- #ifdef HAVE_ECC
- if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL ||
- eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL)
- return BAD_FUNC_ARG;
- #endif
- /* RSA */
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaClientCertBuf, client_cert_der_1024,
- sizeof_client_cert_der_1024);
- *rsaClientCertBufSz = sizeof_client_cert_der_1024;
- if (rsaServerCertBuf != NULL) {
- if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaServerCertBuf, server_cert_der_1024,
- sizeof_server_cert_der_1024);
- *rsaServerCertBufSz = sizeof_server_cert_der_1024;
- }
- if (rsaCaCertBuf != NULL) {
- if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- *rsaCaCertBufSz = sizeof_ca_cert_der_1024;
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaClientCertBuf, client_cert_der_2048,
- sizeof_client_cert_der_2048);
- *rsaClientCertBufSz = sizeof_client_cert_der_2048;
- if (rsaServerCertBuf != NULL) {
- if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaServerCertBuf, server_cert_der_2048,
- sizeof_server_cert_der_2048);
- *rsaServerCertBufSz = sizeof_server_cert_der_2048;
- }
- if (rsaCaCertBuf != NULL) {
- if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- *rsaCaCertBufSz = sizeof_ca_cert_der_2048;
- }
- #else
- certFile = XFOPEN(clientCert, "rb");
- if (!certFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1,
- *rsaClientCertBufSz, certFile);
- XFCLOSE(certFile);
- if (*rsaClientCertBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- if (rsaServerCertBuf != NULL) {
- certFile = XFOPEN(rsaServerCertDerFile, "rb");
- if (!certFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1,
- *rsaServerCertBufSz, certFile);
- XFCLOSE(certFile);
- if (*rsaServerCertBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- }
- if (rsaCaCertBuf != NULL) {
- certFile = XFOPEN(rsaCaCertDerFile, "rb");
- if (!certFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz,
- certFile);
- XFCLOSE(certFile);
- if (*rsaCaCertBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- }
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024,
- sizeof_client_key_der_1024);
- *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024;
- if (rsaServerPrivKeyBuf != NULL) {
- if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024,
- sizeof_server_key_der_1024);
- *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024);
- *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024;
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048,
- sizeof_client_key_der_2048);
- *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048;
- if (rsaServerPrivKeyBuf != NULL) {
- if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048,
- sizeof_server_key_der_2048);
- *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048);
- *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048;
- }
- #else
- keyFile = XFOPEN(clientKey, "rb");
- if (!keyFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1,
- *rsaClientPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (*rsaClientPrivKeyBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- if (rsaServerPrivKeyBuf != NULL) {
- keyFile = XFOPEN(rsaServerKeyDerFile, "rb");
- if (!keyFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1,
- *rsaServerPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (*rsaServerPrivKeyBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- keyFile = XFOPEN(rsaCaKeyFile, "rb");
- if (!keyFile)
- return WC_TEST_RET_ENC_ERRNO;
- *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1,
- *rsaCaPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (*rsaCaPrivKeyBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- }
- #endif /* USE_CERT_BUFFERS */
- #endif /* NO_RSA */
- /* ECC */
- #ifdef HAVE_ECC
- #ifdef USE_CERT_BUFFERS_256
- if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- *eccClientCertBufSz = sizeof_cliecc_cert_der_256;
- #else
- certFile = XFOPEN(eccClientCert, "rb");
- if (!certFile)
- return WC_TEST_RET_ENC_ERRNO;
- *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1,
- *eccClientCertBufSz, certFile);
- XFCLOSE(certFile);
- if (*eccClientCertBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- #endif /* USE_CERT_BUFFERS_256 */
- #ifdef USE_CERT_BUFFERS_256
- if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256)
- return WC_TEST_RET_ENC_NC;
- XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256;
- #else
- keyFile = XFOPEN(eccClientKey, "rb");
- if (!keyFile)
- return WC_TEST_RET_ENC_ERRNO;
- *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1,
- *eccClientPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (*eccClientPrivKeyBufSz == 0)
- return WC_TEST_RET_ENC_ERRNO;
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* HAVE_ECC */
- #ifdef NO_RSA
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- #endif
- #ifndef HAVE_ECC
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- #endif
- #ifndef NO_FILESYSTEM
- (void)certFile;
- (void)keyFile;
- #endif
- return 0;
- }
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- byte* optionalUkm;
- word32 optionalUkmSz;
- int ktriOptions; /* KTRI options flags */
- int kariOptions; /* KARI options flags */
- /* KEKRI specific */
- const byte* secretKey; /* key, only for kekri RecipientInfo types */
- word32 secretKeySz; /* size of secretKey, bytes */
- const byte* secretKeyId; /* key identifier */
- word32 secretKeyIdSz; /* size of key identifier, bytes */
- void* timePtr; /* time_t pointer */
- byte* otherAttrOID; /* OPTIONAL, other attribute OID */
- word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
- byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
- word32 otherAttrSz; /* size of otherAttr, bytes */
- int kekriOptions; /* KEKRI options flags */
- /* PWRI specific */
- const char* password;
- word32 passwordSz;
- const byte* salt;
- word32 saltSz;
- int kdfOID;
- int hashOID;
- int kdfIterations;
- int pwriOptions; /* PWRI options flags */
- /* ORI specific */
- int isOri;
- int oriOptions; /* ORI options flags */
- const char* outFileName;
- } pkcs7EnvelopedVector;
- static const byte asnDataOid[] = {
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
- };
- /* ORI encrypt callback, responsible for encrypting content-encryption key (CEK)
- * and giving wolfCrypt the value for oriOID and oriValue to place in
- * OtherRecipientInfo.
- *
- * Returns 0 on success, negative upon error. */
- static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
- word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
- void* ctx)
- {
- int i;
- /* make sure buffers are large enough */
- if (*oriValueSz < (2 + cekSz))
- return WC_TEST_RET_ENC_NC;
- if (*oriTypeSz < sizeof(asnDataOid))
- return WC_TEST_RET_ENC_NC;
- /* our simple encryption algorithm will be take the bitwise complement */
- oriValue[0] = 0x04; /*ASN OCTET STRING */
- oriValue[1] = (byte)cekSz; /* length */
- for (i = 0; i < (int)cekSz; i++) {
- oriValue[2 + i] = ~cek[i];
- }
- *oriValueSz = 2 + cekSz;
- /* set oriType to ASN.1 encoded data OID */
- XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid));
- *oriTypeSz = sizeof(asnDataOid);
- (void)pkcs7;
- (void)ctx;
- return 0;
- }
- /* ORI decrypt callback, responsible for providing a decrypted content
- * encryption key (CEK) placed into decryptedKey and size placed into
- * decryptedKeySz. oriOID and oriValue are given to the callback to help
- * in decrypting the encrypted CEK.
- *
- * Returns 0 on success, negative upon error. */
- static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
- byte* oriValue, word32 oriValueSz, byte* decryptedKey,
- word32* decryptedKeySz, void* ctx)
- {
- int i;
- /* make sure oriType matches what we expect */
- if (oriTypeSz != sizeof(asnDataOid))
- return WC_TEST_RET_ENC_NC;
- if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0)
- return WC_TEST_RET_ENC_NC;
- /* make sure decrypted buffer is large enough */
- if (*decryptedKeySz < oriValueSz)
- return WC_TEST_RET_ENC_NC;
- /* decrypt encrypted CEK using simple bitwise complement,
- only for example */
- for (i = 0; i < (int)oriValueSz - 2; i++) {
- decryptedKey[i] = ~oriValue[2 + i];
- }
- *decryptedKeySz = oriValueSz - 2;
- (void)pkcs7;
- (void)ctx;
- return 0;
- }
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- /* returns 0 on success */
- static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
- byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
- byte* in, int inSz, byte* out, void* usrCtx)
- {
- wc_test_ret_t ret;
- int keyId = -1, keySz;
- word32 keyIdSz = 8;
- const byte* key;
- byte keyIdRaw[8];
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- Aes *aes;
- #else
- Aes aes[1];
- #endif
- /* looking for KEY ID
- * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37
- */
- WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = {
- /* 0x06, 0x0B do not pass in tag and length */
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x25
- };
- WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- /* test user context passed in */
- if (usrCtx == NULL || *(int*)usrCtx != 1) {
- return WC_TEST_RET_ENC_NC;
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- #endif
- /* if needing to find keyIdSz can call with NULL */
- ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
- &keyIdSz);
- if (ret != LENGTH_ONLY_E) {
- printf("Unexpected error %d when getting keyIdSz\n", ret);
- printf("Possibly no KEY ID attribute set\n");
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- else {
- XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw));
- ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw,
- &keyIdSz);
- if (ret < 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- if (keyIdSz < 3) {
- printf("keyIdSz is smaller than expected\n");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- if (keyIdSz > 2 + sizeof(int)) {
- printf("example case was only expecting a keyId of int size\n");
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* keyIdRaw[0] OCTET TAG */
- /* keyIdRaw[1] Length */
- #ifdef BIG_ENDIAN_ORDER
- if (keyIdRaw[1] == 0x01) {
- keyId = 1;
- }
- #else
- XMEMCPY(&keyId, keyIdRaw + 2, sizeof(keyId));
- #endif
- }
- /* Use keyID here if found to select key and decrypt in HSM or in this
- * example just select key and do software decryption */
- if (keyId == 1) {
- key = altKey;
- keySz = sizeof(altKey);
- }
- else {
- key = defKey;
- keySz = sizeof(defKey);
- }
- switch (encryptOID) {
- #ifdef WOLFSSL_AES_256
- case AES256CBCb:
- if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
- WARNING_OUT(BAD_FUNC_ARG, out);
- break;
- #endif
- #ifdef WOLFSSL_AES_128
- case AES128CBCb:
- if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
- ERROR_OUT(BAD_FUNC_ARG, out);
- break;
- #endif
- default:
- printf("Unsupported content cipher type for example");
- ERROR_OUT(ALGO_ID_E, out);
- };
- ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID);
- if (ret == 0) {
- ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION);
- if (ret == 0)
- ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz);
- wc_AesFree(aes);
- }
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- (void)aad;
- (void)aadSz;
- (void)authTag;
- (void)authTagSz;
- return (int)ret;
- }
- #endif /* !NO_AES && HAVE_AES_CBC */
- #define PKCS7_BUF_SIZE 2048
- static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- wc_test_ret_t ret = 0;
- int testSz = 0, i;
- int envelopedSz, decodedSz;
- byte *enveloped = NULL;
- byte *decoded = NULL;
- PKCS7* pkcs7 = NULL;
- #ifdef ECC_TIMING_RESISTANT
- WC_RNG rng;
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
- defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
- byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
- !defined(NO_SHA)
- /* encryption key for kekri recipient types */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- /* encryption key identifier */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
- 0x02,0x02,0x03,0x04
- };
- #endif
- #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
- !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */
- #else
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
- 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
- };
- #endif
- #define MAX_TESTVECTORS_LEN 13
- #define ADD_PKCS7ENVELOPEDVECTOR(...) { \
- pkcs7EnvelopedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = WC_TEST_RET_ENC_NC; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
- }
- pkcs7EnvelopedVector *testVectors = NULL;
- #ifdef ECC_TIMING_RESISTANT
- XMEMSET(&rng, 0, sizeof(rng));
- #endif
- testVectors = (pkcs7EnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto out;
- }
- {
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #ifndef NO_DES3
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataDES3.der");
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC.der");
- #endif
- #ifdef WOLFSSL_AES_192
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES192CBC.der");
- #endif
- #ifdef WOLFSSL_AES_256
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC.der");
- /* explicitly using SKID for SubjectKeyIdentifier */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL,
- NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_SKID.der");
- /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
- 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der");
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der");
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der");
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der");
- /* with optional user keying material (ukm) */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der");
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* !NO_AES && HAVE_AES_CBC */
- #endif
- /* kekri (KEKRecipientInfo) recipient types */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
- secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC_KEKRI.der");
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- /* pwri (PasswordRecipientInfo) recipient types */
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
- (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
- 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der");
- #endif
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
- /* ori (OtherRecipientInfo) recipient types */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
- NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
- NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der");
- #endif
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7ENVELOPEDVECTOR
- enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enveloped) || (! decoded)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef ECC_TIMING_RESISTANT
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #endif
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- if (testVectors[i].secretKey != NULL) {
- /* KEKRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
- (byte *)testVectors[i].secretKey, testVectors[i].secretKeySz,
- (byte *)testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
- testVectors[i].timePtr, testVectors[i].otherAttrOID,
- testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
- testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set key, for decryption */
- ret = wc_PKCS7_SetKey(pkcs7, (byte *)testVectors[i].secretKey,
- testVectors[i].secretKeySz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else if (testVectors[i].password != NULL) {
- #if !defined(NO_PWDBASED) && !defined(NO_SHA)
- /* PWRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
- (byte *)testVectors[i].password, testVectors[i].passwordSz,
- (byte *)testVectors[i].salt, testVectors[i].saltSz,
- testVectors[i].kdfOID,
- testVectors[i].hashOID, testVectors[i].kdfIterations,
- testVectors[i].encryptOID, testVectors[i].pwriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set password, for decryption */
- ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
- testVectors[i].passwordSz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- #endif /* ! NO_PWDBASED && ! NO_SHA */
- } else if (testVectors[i].isOri == 1) {
- /* ORI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
- testVectors[i].oriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set decrypt callback for decryption */
- ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else {
- /* KTRI or KARI recipient types */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- /* set SubjectIdentifier type for KTRI types */
- if (testVectors[i].ktriOptions & CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else if (testVectors[i].ktriOptions &
- CMS_ISSUER_AND_SERIAL_NUMBER) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
- CMS_ISSUER_AND_SERIAL_NUMBER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- }
- }
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
- PKCS7_BUF_SIZE);
- if (envelopedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out);
- }
- /* decode envelopedData */
- pkcs7->contentOID = 0;
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, (word32)envelopedSz,
- decoded, PKCS7_BUF_SIZE);
- if (pkcs7->contentOID != testVectors[i].contentOID ||
- decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < envelopedSz; z++) {
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read compare failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- } else {
- /* reset ret to 0 for success */
- ret = 0;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- #ifdef ECC_TIMING_RESISTANT
- wc_FreeRng(&rng);
- #endif
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- out:
- if (testVectors)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (enveloped)
- XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void)
- {
- wc_test_ret_t ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- WOLFSSL_ENTER("pkcs7enveloped_test");
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return WC_TEST_RET_ENC_NC;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- PKCS7Attrib* authAttribs;
- word32 authAttribsSz;
- PKCS7Attrib* unauthAttribs;
- word32 unauthAttribsSz;
- /* KARI / KTRI specific */
- byte* optionalUkm;
- word32 optionalUkmSz;
- int ktriOptions; /* KTRI options flags */
- int kariOptions; /* KARI options flags */
- /* KEKRI specific */
- byte* secretKey; /* key, only for kekri RecipientInfo types */
- word32 secretKeySz; /* size of secretKey, bytes */
- byte* secretKeyId; /* key identifier */
- word32 secretKeyIdSz; /* size of key identifier, bytes */
- void* timePtr; /* time_t pointer */
- byte* otherAttrOID; /* OPTIONAL, other attribute OID */
- word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
- byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
- word32 otherAttrSz; /* size of otherAttr, bytes */
- int kekriOptions; /* KEKRI options flags */
- /* PWRI specific */
- char* password; /* password */
- word32 passwordSz; /* password size, bytes */
- byte* salt; /* KDF salt */
- word32 saltSz; /* KDF salt size, bytes */
- int kdfOID; /* KDF OID */
- int hashOID; /* KDF hash algorithm OID */
- int kdfIterations; /* KDF iterations */
- int kekEncryptOID; /* KEK encryption algorithm OID */
- int pwriOptions; /* PWRI options flags */
- /* ORI specific */
- int isOri;
- int oriOptions; /* ORI options flags */
- const char* outFileName;
- } pkcs7AuthEnvelopedVector;
- static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- wc_test_ret_t ret = 0;
- int testSz = 0, i;
- int envelopedSz, decodedSz;
- byte *enveloped = NULL;
- byte *decoded = NULL;
- WC_RNG rng;
- PKCS7* pkcs7;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- byte senderNonce[PKCS7_NONCE_SZ + 2];
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- PKCS7Attrib attribs[] =
- {
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- #endif
- #endif
- #endif
- #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
- defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM)
- WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- /* encryption key for kekri recipient types */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- /* encryption key identifier */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
- 0x02,0x02,0x03,0x04
- };
- #endif
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
- #else
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
- 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
- };
- #endif
- #define MAX_TESTVECTORS_LEN 20
- #define ADD_PKCS7AUTHENVELOPEDVECTOR(...) { \
- pkcs7AuthEnvelopedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = WC_TEST_RET_ENC_NC; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, \
- sizeof _this_vector); \
- }
- pkcs7AuthEnvelopedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7AuthEnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto out;
- }
- {
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_AES_128
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES128GCM.der");
- #endif
- #ifdef WOLFSSL_AES_192
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES192GCM.der");
- #endif
- #ifdef WOLFSSL_AES_256
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES256GCM.der");
- /* test with contentType set to FirmwarePkgData */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0,
- rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL,
- 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL,
- 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der");
- /* explicitly using SKID for SubjectKeyIdentifier */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
- 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der");
- /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0,
- CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
- NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_IANDS.der");
- #endif
- #else /* NO_AES || !HAVE_AESGCM */
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif /* NO_AES || !HAVE_AESGCM */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der");
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der");
- /* with authenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
- 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der");
- /* with unauthenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, attribs,
- (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
- 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der");
- /* with authenticated AND unauthenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der");
- /* with authenticated AND unauthenticated attributes AND
- * contentType of FirmwarePkgData */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der");
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL,
- NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der");
- /* with optional user keying material (ukm) */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0,
- 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* NO_AES */
- #endif
- /* kekri (KEKRecipientInfo) recipient types */
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0,
- (byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId),
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES128GCM_KEKRI.der");
- #endif
- #endif
- /* pwri (PasswordRecipientInfo) recipient types */
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password,
- (word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
- AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der");
- #endif
- #endif
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_AES_128
- /* ori (OtherRecipientInfo) recipient types */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
- NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
- "pkcs7authEnvelopedDataAES128GCM_ORI.der");
- #endif
- #endif
- }
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7AUTHENVELOPEDVECTOR
- enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enveloped) || (! decoded)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* generate senderNonce */
- {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0) {
- wc_FreeRng(&rng);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- }
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- if (testVectors[i].secretKey != NULL) {
- /* KEKRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
- testVectors[i].secretKey, testVectors[i].secretKeySz,
- testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
- testVectors[i].timePtr, testVectors[i].otherAttrOID,
- testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
- testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set key, for decryption */
- ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
- testVectors[i].secretKeySz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else if (testVectors[i].password != NULL) {
- #if !defined(NO_PWDBASED) && !defined(NO_SHA)
- /* PWRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
- (byte*)testVectors[i].password,
- testVectors[i].passwordSz, testVectors[i].salt,
- testVectors[i].saltSz, testVectors[i].kdfOID,
- testVectors[i].hashOID, testVectors[i].kdfIterations,
- testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set password, for decryption */
- ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
- testVectors[i].passwordSz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- #endif /* ! NO_PWDBASED && ! NO_SHA */
- } else if (testVectors[i].isOri == 1) {
- /* ORI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
- testVectors[i].oriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set decrypt callback for decryption */
- ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else {
- /* KTRI or KARI recipient types */
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- /* set SubjectIdentifier type for KTRI types */
- if (testVectors[i].ktriOptions & CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- } else if (testVectors[i].ktriOptions &
- CMS_ISSUER_AND_SERIAL_NUMBER) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
- CMS_ISSUER_AND_SERIAL_NUMBER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- }
- }
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
- PKCS7_BUF_SIZE);
- if (envelopedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out);
- }
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < envelopedSz; z++) {
- decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
- enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read compare failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- #endif
- /* decode envelopedData */
- decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
- (word32)envelopedSz, decoded,
- PKCS7_BUF_SIZE);
- if (decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- } else {
- /* reset ret to 0 for success */
- ret = 0;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- wc_FreeRng(&rng);
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- (void)secretKey;
- (void)secretKeyId;
- #endif
- #ifdef NO_RSA
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif
- out:
- if (testVectors)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (enveloped)
- XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
- {
- wc_test_ret_t ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- WOLFSSL_ENTER("pkcs7authenveloped_test");
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return WC_TEST_RET_ENC_NC;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return WC_TEST_RET_ENC_NC;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_AESGCM || HAVE_AESCCM */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- static const byte p7DefKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static const byte p7AltKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
- word32 keyIdSz, byte* orginKey, word32 orginKeySz,
- byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
- {
- wc_test_ret_t ret;
- if (cek == NULL || out == NULL)
- return BAD_FUNC_ARG;
- /* test case sanity checks */
- if (keyIdSz != 1) {
- return WC_TEST_RET_ENC_NC;
- }
- if (keyId[0] != 0x00) {
- return WC_TEST_RET_ENC_NC;
- }
- if (type != (int)PKCS7_KEKRI) {
- return WC_TEST_RET_ENC_NC;
- }
- switch (keyWrapAlgo) {
- case AES256_WRAP:
- ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz,
- out, outSz, NULL);
- if (ret <= 0)
- return (int)ret;
- break;
- default:
- WOLFSSL_MSG("Unsupported key wrap algorithm in example");
- return BAD_KEYWRAP_ALG_E;
- };
- (void)pkcs7;
- (void)direction;
- (void)orginKey; /* used with KAKRI */
- (void)orginKeySz;
- return (int)ret;
- }
- /* returns key size on success */
- static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
- {
- wc_test_ret_t ret;
- word32 atrSz;
- byte atr[256];
- /* Additionally can look for fwWrappedFirmwareKey
- * 1.2.840.113529.1.9.16.1.16 */
- const unsigned char fwWrappedFirmwareKey[] = {
- /* 0x06, 0x0B */
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x27
- };
- /* find keyID in fwWrappedFirmwareKey */
- ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
- sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
- if (ret == LENGTH_ONLY_E) {
- XMEMSET(atr, 0, sizeof(atr));
- ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
- sizeof(fwWrappedFirmwareKey), atr, &atrSz);
- /* keyIdRaw[0] OCTET TAG */
- /* keyIdRaw[1] Length */
- if (ret > 0) {
- PKCS7* envPkcs7;
- envPkcs7 = wc_PKCS7_New(NULL, 0);
- if (envPkcs7 == NULL) {
- return MEMORY_E;
- }
- wc_PKCS7_Init(envPkcs7, NULL, 0);
- ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc);
- if (ret == 0) {
- /* expecting FIRMWARE_PKG_DATA content */
- envPkcs7->contentOID = FIRMWARE_PKG_DATA;
- ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
- key, keySz);
- if (envPkcs7->contentOID != FIRMWARE_PKG_DATA) {
- /* the contentOID should have been set to the inner
- * FIRMWARE_PKG_DATA content */
- ret = BAD_STATE_E;
- }
- }
- wc_PKCS7_Free(envPkcs7);
- }
- }
- return ret;
- }
- /* create a KEKRI enveloped data
- * return size on success */
- static wc_test_ret_t envelopedData_encrypt(byte* in, word32 inSz, byte* out,
- word32 outSz)
- {
- wc_test_ret_t ret;
- PKCS7* pkcs7;
- WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
- pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
- if (pkcs7 == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- pkcs7->content = in;
- pkcs7->contentSz = inSz;
- pkcs7->contentOID = FIRMWARE_PKG_DATA;
- pkcs7->encryptOID = AES256CBCb;
- pkcs7->ukm = NULL;
- pkcs7->ukmSz = 0;
- /* add recipient (KEKRI type) */
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey,
- sizeof(p7DefKey), (byte*)keyId,
- sizeof(keyId), NULL, NULL, 0, NULL, 0, 0);
- if (ret < 0) {
- printf("wc_PKCS7_AddRecipient_KEKRI() failed\n");
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* encode envelopedData, returns size */
- ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz);
- if (ret <= 0) {
- printf("wc_PKCS7_EncodeEnvelopedData() failed\n");
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- }
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /*
- * keyHint is the KeyID to be set in the fwDecryptKeyID attribute
- * returns size of buffer output on success
- */
- static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryptKey,
- word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz,
- byte* key, word32 keySz)
- {
- wc_test_ret_t ret;
- int attribNum = 1;
- PKCS7* pkcs7;
- /* KEY ID
- * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
- */
- const unsigned char fwDecryptKeyID[] = {
- 0x06, 0x0B,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x25
- };
- /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */
- const unsigned char fwWrappedFirmwareKey[] = {
- 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x27
- };
- byte keyID[] = { 0x04, 0x01, 0x00 };
- byte env[256];
- char data[] = "Test of wolfSSL PKCS7 decrypt callback";
- PKCS7Attrib attribs[] =
- {
- { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) },
- { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 }
- };
- keyID[2] = keyHint;
- /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */
- if (keyHint == 0) {
- ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env,
- sizeof(env));
- if (ret <= 0) {
- return ret;
- }
- attribs[1].valueSz = (word32)ret;
- attribNum++;
- }
- /* init PKCS7 */
- pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
- if (pkcs7 == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
- if (ret != 0) {
- printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- }
- /* encode Signed Encrypted FirmwarePkgData */
- if (encryptKeySz == 16) {
- ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
- encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
- (byte*)data, sizeof(data), NULL, 0,
- attribs, (word32)attribNum, out, *outSz);
- }
- else {
- ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
- encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
- (byte*)data, sizeof(data), NULL, 0,
- attribs, (word32)attribNum, out, *outSz);
- }
- if (ret <= 0) {
- printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
- "ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return WC_TEST_RET_ENC_EC(ret);
- } else {
- *outSz = (word32)ret;
- }
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /* test verification and decryption of PKCS7 bundle
- * return 0 on success
- */
- static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
- {
- wc_test_ret_t ret = 0;
- int usrCtx = 1; /* test value to pass as user context to callback */
- PKCS7* pkcs7 = NULL;
- byte* sid = NULL;
- word32 sidSz;
- byte key[256];
- word32 keySz = sizeof(key);
- byte *decoded = NULL;
- int decodedSz = FOURK_BUF/2;
- WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
- #ifdef NO_SHA
- #ifdef USE_CERT_BUFFERS_1024
- 0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9,
- 0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2,
- 0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06,
- 0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9
- #else
- 0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36,
- 0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e,
- 0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4,
- 0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71
- #endif
- #else /* !NO_SHA */
- #ifdef USE_CERT_BUFFERS_1024
- 0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34,
- 0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75,
- 0x10, 0x69, 0x59, 0xec,
- #else
- 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
- 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
- 0xD7, 0x85, 0x65, 0xC0
- #endif
- #endif /* !NO_SHA */
- };
- decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
- if (pkcs7 == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- /* Test verify */
- ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz);
- if (ret != 0)
- goto out;
- /* Get size of SID and print it out */
- ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
- if (ret != LENGTH_ONLY_E)
- goto out;
- sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (sid == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz);
- if (ret != 0)
- goto out;
- ret = XMEMCMP(sid, expectedSid, sidSz);
- if (ret != 0) {
- ret = PKCS7_NO_SIGNER_E; /* close enough */
- goto out;
- }
- /* get expected fwWrappedFirmwareKey */
- if (keyHint == 0) {
- ret = getFirmwareKey(pkcs7, key, keySz);
- if (ret < 0)
- goto out;
- pkcs7->encryptionKey = key;
- pkcs7->encryptionKeySz = (word32)ret;
- }
- else {
- decodedSz = PKCS7_BUF_SIZE;
- ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx);
- if (ret != 0)
- goto out;
- }
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, decoded, (word32)decodedSz);
- if (decodedSz < 0) {
- ret = decodedSz;
- goto out;
- }
- ret = 0;
- out:
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- if (sid)
- XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz)
- {
- wc_test_ret_t ret = 0;
- word32 derSz;
- byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_ENTER("pkcs7callback_test");
- if (! derBuf)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* Doing default generation and verify */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert,
- certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- ret = verifyBundle(derBuf, derSz, 0);
- if (ret != 0)
- ERROR_OUT(ret, out);
- /* test choosing other key with keyID */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1,
- cert, certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(ret, out);
- }
- ret = verifyBundle(derBuf, derSz, 1);
- if (ret != 0)
- ERROR_OUT(ret, out);
- /* test fail case with wrong keyID */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1,
- cert, certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(ret, out);
- }
- ret = verifyBundle(derBuf, derSz, 1);
- if (ret == 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- ret = 0;
- out:
- if (derBuf)
- XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* !NO_AES && HAVE_AES_CBC */
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- byte* encryptionKey;
- word32 encryptionKeySz;
- PKCS7Attrib* attribs;
- word32 attribsSz;
- const char* outFileName;
- } pkcs7EncryptedVector;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
- {
- wc_test_ret_t ret = 0;
- int i, testSz;
- int encryptedSz, decodedSz, attribIdx;
- PKCS7* pkcs7;
- byte *encrypted;
- byte *decoded;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- PKCS7Attrib* expectedAttrib;
- PKCS7DecodedAttrib* decodedAttrib;
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_DES3
- byte desKey[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- byte des3Key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- byte aes128Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte aes192Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Attribute example from RFC 4134, Section 7.2
- * OID = 1.2.5555
- * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
- static const byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
- static const byte genAttr[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
- static const byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
- static const byte genAttr2[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
- PKCS7Attrib attribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
- };
- PKCS7Attrib multiAttribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
- { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
- };
- #endif
- #endif /* NO_AES */
- const pkcs7EncryptedVector testVectors[] =
- {
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
- NULL, 0, "pkcs7encryptedDataDES3.der"},
- {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
- NULL, 0, "pkcs7encryptedDataDES.der"},
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
- sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
- sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
- /* test with optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_attribs.der"},
- /* test with multiple optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), multiAttribs,
- (sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_multi_attribs.der"},
- /* test with contentType set to FirmwarePkgData */
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0,
- "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- };
- WOLFSSL_ENTER("pkcs7encrypted_test");
- encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! encrypted) || (! decoded)) {
- ERROR_OUT(MEMORY_E, out);
- }
- testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->encryptionKey = testVectors[i].encryptionKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
- pkcs7->unprotectedAttribs = testVectors[i].attribs;
- pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
- /* encode encryptedData */
- encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- PKCS7_BUF_SIZE);
- if (encryptedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(encryptedSz), out);
- }
- /* decode encryptedData */
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < encryptedSz; z++) {
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- #endif
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* verify decoded unprotected attributes */
- if (pkcs7->decodedAttrib != NULL) {
- decodedAttrib = pkcs7->decodedAttrib;
- attribIdx = 1;
- while (decodedAttrib != NULL) {
- /* expected attribute, stored list is reversed */
- expectedAttrib = &(pkcs7->unprotectedAttribs
- [pkcs7->unprotectedAttribsSz - attribIdx]);
- /* verify oid */
- if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
- decodedAttrib->oidSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* verify value */
- if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
- decodedAttrib->valueSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- decodedAttrib = decodedAttrib->next;
- attribIdx++;
- }
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_ERRNO;
- else
- ret = 0;
- XFCLOSE(pkcs7File);
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- out:
- if (encrypted)
- XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- const char* outFileName;
- } pkcs7CompressedVector;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
- {
- wc_test_ret_t ret = 0;
- int i, testSz;
- int compressedSz, decodedSz;
- PKCS7* pkcs7;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *compressed;
- byte *decoded;
- #else
- byte compressed[PKCS7_BUF_SIZE];
- byte decoded[PKCS7_BUF_SIZE];
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- const pkcs7CompressedVector testVectors[] =
- {
- {data, (word32)sizeof(data), DATA,
- "pkcs7compressedData_data_zlib.der"},
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA,
- "pkcs7compressedData_firmwarePkgData_zlib.der"},
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! compressed) || (! decoded)) {
- ERROR_OUT(MEMORY_E, out);
- }
- #endif
- WOLFSSL_ENTER("pkcs7compressed_test");
- testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- /* encode compressedData */
- compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed,
- PKCS7_BUF_SIZE);
- if (compressedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(compressedSz), out);
- }
- /* decode compressedData */
- decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed,
- compressedSz, decoded,
- PKCS7_BUF_SIZE);
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, testVectors[i].content,
- testVectors[i].contentSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- /* make sure content type is the same */
- if (testVectors[i].contentOID != pkcs7->contentOID) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 compressedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_ERRNO;
- else
- ret = 0;
- XFCLOSE(pkcs7File);
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (compressed)
- XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- } /* pkcs7compressed_test() */
- #undef PKCS7_BUF_SIZE
- #endif /* HAVE_LIBZ */
- typedef struct {
- const byte* content;
- word32 contentSz;
- int hashOID;
- int signOID;
- byte* privateKey;
- word32 privateKeySz;
- byte* cert;
- size_t certSz;
- byte* caCert;
- size_t caCertSz;
- PKCS7Attrib* signedAttribs;
- word32 signedAttribsSz;
- const char* outFileName;
- int contentOID;
- const byte* contentType;
- word32 contentTypeSz;
- int sidType;
- int encryptOID; /* for single-shot encrypt alg OID */
- int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
- const byte* encryptKey; /* for single-shot, encryptedData */
- word32 encryptKeySz; /* for single-shot, encryptedData */
- PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
- word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
- word16 detachedSignature; /* generate detached signature (0:1) */
- } pkcs7SignedVector;
- static wc_test_ret_t pkcs7signed_run_vectors(
- byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32 eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
- {
- wc_test_ret_t ret;
- int testSz = 0, i;
- int encodedSz;
- byte* out = NULL;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7 = NULL;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE file;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- static const byte transIdOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x07 };
- static const byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static const byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- #ifndef NO_SHA
- byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- static const byte messageType[] = { 0x13, 2, '1', '9' };
- byte senderNonce[PKCS7_NONCE_SZ + 2];
- PKCS7Attrib attribs[] =
- {
- { transIdOid, sizeof(transIdOid), transId,
- sizeof(transId) - 1 }, /* take off the null */
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- /* for testing custom contentType, FirmwarePkgData */
- static const byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
- 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x01, 0x10 };
- #define MAX_TESTVECTORS_LEN 20
- #define ADD_PKCS7SIGNEDVECTOR(...) { \
- const pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = WC_TEST_RET_ENC_NC; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, \
- sizeof _this_vector); \
- }
- pkcs7SignedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto out;
- }
- {
- #ifndef NO_RSA
- #ifndef NO_SHA
- /* RSA with SHA */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
- 0, 0);
- /* RSA with SHA, no signed attributes */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
- NULL, 0, NULL, 0,
- "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA224
- /* RSA with SHA224 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifndef NO_SHA256
- /* RSA with SHA256 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* RSA with SHA256, detached signature */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 1);
- /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* RSA with SHA256 and custom contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
- customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* RSA with SHA256 and FirmwarePkgData contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
- FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* RSA with SHA256 using server cert and ca cert */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
- rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
- rsaCaCertBuf, rsaCaCertBufSz,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 0);
- #endif
- #if defined(WOLFSSL_SHA384)
- /* RSA with SHA384 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #if defined(WOLFSSL_SHA512)
- /* RSA with SHA512 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- /* ECDSA with SHA */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA, no signed attributes */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
- NULL, 0, NULL, 0,
- "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA224
- /* ECDSA with SHA224 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifndef NO_SHA256
- /* ECDSA with SHA256 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* ECDSA with SHA256 and custom contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
- customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA256 and FirmwarePkgData contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
- FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA384
- /* ECDSA with SHA384 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA512
- /* ECDSA with SHA512 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #endif /* HAVE_ECC */
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7SIGNEDVECTOR
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- XMEMSET(out, 0, outSz);
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < testSz; i++) {
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* load CA certificate, if present */
- if (testVectors[i].caCert != NULL) {
- ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
- (word32)testVectors[i].caCertSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- pkcs7->rng = &rng;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->hashOID = testVectors[i].hashOID;
- pkcs7->encryptOID = testVectors[i].signOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->signedAttribs = testVectors[i].signedAttribs;
- pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
- /* optional custom contentType, default is DATA,
- overrides contentOID if set */
- if (testVectors[i].contentType != NULL) {
- ret = wc_PKCS7_SetContentType(pkcs7,
- (byte *)testVectors[i].contentType,
- testVectors[i].contentTypeSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
- default is IssuerAndSerialNumber */
- if (testVectors[i].sidType == CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* generate senderNonce */
- {
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* generate transactionID (used with SCEP) */
- {
- #ifndef NO_SHA
- wc_Sha sha;
- byte digest[WC_SHA_DIGEST_SIZE];
- #else
- wc_Sha256 sha;
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- int j,k;
- transId[0] = 0x13;
- transId[1] = sizeof(digest) * 2;
- #ifndef NO_SHA
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_ShaFinal(&sha, digest);
- wc_ShaFree(&sha);
- #else
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_Sha256Final(&sha, digest);
- wc_Sha256Free(&sha);
- #endif
- for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
- #if defined(WOLF_C89)
- XSPRINTF((char*)&transId[k], "%02x", digest[j]);
- #else
- (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
- #endif
- }
- }
- /* enable detached signature generation, if set */
- if (testVectors[i].detachedSignature == 1) {
- ret = wc_PKCS7_SetDetached(pkcs7, 1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
- if (encodedSz < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = XFOPEN(testVectors[i].outFileName, "wb");
- if (!file) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- }
- ret = (int)XFWRITE(out, 1, encodedSz, file);
- XFCLOSE(file);
- if (ret != (int)encodedSz)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- if (testVectors[i].detachedSignature == 1) {
- /* set content for verifying detached signatures */
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- }
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* verify contentType extracted successfully for custom content types */
- if (testVectors[i].contentTypeSz > 0) {
- if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
- pkcs7->contentTypeSz) != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- {
- /* check getting signed attributes */
- #ifndef NO_SHA
- byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- const byte* oidPt = transIdOid + 2; /* skip object id tag and size */
- int oidSz = (int)sizeof(transIdOid) - 2;
- int bufSz = 0;
- if (testVectors[i].signedAttribs != NULL) {
- ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
- NULL, (word32*)&bufSz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- ret = 0;
- }
- if (bufSz > (int)sizeof(buf))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
- buf, (word32*)&bufSz);
- if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
- (testVectors[i].signedAttribs == NULL && bufSz > 0))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- file = XFOPEN("./pkcs7cert.der", "wb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
- if (ret < 0)
- ret = WC_TEST_RET_ENC_ERRNO;
- else
- ret = 0;
- XFCLOSE(file);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- }
- out:
- if (pkcs7 != NULL)
- wc_PKCS7_Free(pkcs7);
- if (out != NULL)
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors != NULL)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- return ret;
- }
- static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
- byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32 eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
- {
- wc_test_ret_t ret;
- int testSz = 0, i;
- int encodedSz;
- byte* out = NULL;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7 = NULL;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE file;
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
- !defined(NO_PKCS7_ENCRYPTED_DATA)
- byte* encryptedTmp = NULL;
- int encryptedTmpSz;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- static const byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- static const byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static const byte messageType[] = { 0x13, 2, '1', '9' };
- PKCS7Attrib attribs[] =
- {
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- };
- #define MAX_TESTVECTORS_LEN 19
- #define ADD_PKCS7SIGNEDVECTOR(...) { \
- pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = WC_TEST_RET_ENC_NC; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, \
- sizeof _this_vector); \
- }
- pkcs7SignedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- goto out;
- }
- {
- #ifndef NO_RSA
- #ifndef NO_SHA256
- /* Signed FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
- 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, RSA, SHA256, attrs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
- 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
- rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
- rsaCaCertBuf, rsaCaCertBufSz,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
- NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
- /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
- NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
- NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
- NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
- no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
- 0, 0);
- /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
- attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* !NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- #endif /* NO_SHA256 */
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA256
- /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
- 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
- /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
- no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
- 0, 0);
- /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
- attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* !NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- #endif /* NO_SHA256 */
- #endif /* HAVE_ECC */
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7SIGNEDVECTOR
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- XMEMSET(out, 0, outSz);
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- for (i = 0; i < testSz; i++) {
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* load CA certificate, if present */
- if (testVectors[i].caCert != NULL) {
- ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
- (word32)testVectors[i].caCertSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
- default is IssuerAndSerialNumber */
- if (testVectors[i].sidType == CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- if (testVectors[i].encCompFlag == 0) {
- /* encode Signed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].signOID, testVectors[i].hashOID,
- (byte*)testVectors[i].content, testVectors[i].contentSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- } else if (testVectors[i].encCompFlag == 1) {
- /* encode Signed Encrypted FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
- (byte *)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].encryptOID, testVectors[i].signOID,
- testVectors[i].hashOID, (byte*)testVectors[i].content,
- testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
- testVectors[i].unprotectedAttribsSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- } else if (testVectors[i].encCompFlag == 2) {
- /* encode Signed Compressed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].signOID, testVectors[i].hashOID,
- (byte*)testVectors[i].content, testVectors[i].contentSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- } else if (testVectors[i].encCompFlag == 3) {
- /* encode Signed Encrypted Compressed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
- (byte*)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].encryptOID, testVectors[i].signOID,
- testVectors[i].hashOID, (byte*)testVectors[i].content,
- testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
- testVectors[i].unprotectedAttribsSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- } else {
- /* unsupported SignedData single-shot combination */
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = XFOPEN(testVectors[i].outFileName, "wb");
- if (!file)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- ret = (int)XFWRITE(out, 1, encodedSz, file);
- XFCLOSE(file);
- file = NULL;
- if (ret != (int)encodedSz)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- #ifndef NO_PKCS7_STREAM
- {
- word32 z;
- for (z = 0; z < outSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
- if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", ret);
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- }
- }
- }
- #endif
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- if (testVectors[i].encCompFlag == 0) {
- /* verify decoded content matches expected */
- if ((pkcs7->contentSz != testVectors[i].contentSz) ||
- XMEMCMP(pkcs7->content, testVectors[i].content,
- pkcs7->contentSz)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- else if (testVectors[i].encCompFlag == 1) {
- /* decrypt inner encryptedData */
- pkcs7->encryptionKey = (byte *)testVectors[i].encryptKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
- ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* compare decrypted to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- else if (testVectors[i].encCompFlag == 2) {
- /* decompress inner compressedData */
- ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* compare decompressed to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- else if (testVectors[i].encCompFlag == 3) {
- encryptedTmpSz = FOURK_BUF;
- encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encryptedTmp == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
- XMEMSET(encryptedTmp, 0, encryptedTmpSz);
- /* decrypt inner encryptedData */
- pkcs7->encryptionKey = (byte*)testVectors[i].encryptKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
- encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, encryptedTmp,
- encryptedTmpSz);
- if (encryptedTmpSz < 0 || pkcs7->contentOID != COMPRESSED_DATA)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* decompress inner compressedData */
- ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp,
- encryptedTmpSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* compare decompressed to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- }
- out:
- if (pkcs7 != NULL)
- wc_PKCS7_Free(pkcs7);
- if (out != NULL)
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
- !defined(NO_PKCS7_ENCRYPTED_DATA)
- if (encryptedTmp != NULL)
- XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (testVectors != NULL)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
- {
- wc_test_ret_t ret = 0;
- byte* rsaClientCertBuf = NULL;
- byte* rsaServerCertBuf = NULL;
- byte* rsaCaCertBuf = NULL;
- byte* eccClientCertBuf = NULL;
- byte* rsaClientPrivKeyBuf = NULL;
- byte* rsaServerPrivKeyBuf = NULL;
- byte* rsaCaPrivKeyBuf = NULL;
- byte* eccClientPrivKeyBuf = NULL;
- word32 rsaClientCertBufSz = 0;
- word32 rsaServerCertBufSz = 0;
- word32 rsaCaCertBufSz = 0;
- word32 eccClientCertBufSz = 0;
- word32 rsaClientPrivKeyBufSz = 0;
- word32 rsaServerPrivKeyBufSz = 0;
- word32 rsaCaPrivKeyBufSz = 0;
- word32 eccClientPrivKeyBufSz = 0;
- WOLFSSL_ENTER("pkcs7signed_test");
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaClientCertBuf == NULL)
- ret = WC_TEST_RET_ENC_NC;
- rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaClientPrivKeyBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- rsaClientCertBufSz = FOURK_BUF;
- rsaClientPrivKeyBufSz = FOURK_BUF;
- /* read server RSA cert and key in DER format */
- rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaServerCertBuf == NULL)
- ret = WC_TEST_RET_ENC_NC;
- rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaServerPrivKeyBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- rsaServerCertBufSz = FOURK_BUF;
- rsaServerPrivKeyBufSz = FOURK_BUF;
- /* read CA RSA cert and key in DER format, for use with server cert */
- rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaCaCertBuf == NULL)
- ret = WC_TEST_RET_ENC_NC;
- rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaCaPrivKeyBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- rsaCaCertBufSz = FOURK_BUF;
- rsaCaPrivKeyBufSz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && eccClientCertBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && eccClientPrivKeyBuf == NULL) {
- ret = WC_TEST_RET_ENC_ERRNO;
- }
- eccClientCertBufSz = FOURK_BUF;
- eccClientPrivKeyBufSz = FOURK_BUF;
- #endif /* HAVE_ECC */
- if (ret >= 0)
- ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz,
- rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz,
- rsaServerCertBuf, &rsaServerCertBufSz,
- rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz,
- rsaCaCertBuf, &rsaCaCertBufSz,
- rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz,
- eccClientCertBuf, &eccClientCertBufSz,
- eccClientPrivKeyBuf, &eccClientPrivKeyBufSz);
- if (ret < 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret >= 0)
- ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
- rsaServerCertBuf, (word32)rsaServerCertBufSz,
- rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
- rsaCaCertBuf, (word32)rsaCaCertBufSz,
- rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
- eccClientCertBuf, (word32)eccClientCertBufSz,
- eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
- if (ret >= 0)
- ret = pkcs7signed_run_SingleShotVectors(
- rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
- rsaServerCertBuf, (word32)rsaServerCertBufSz,
- rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
- rsaCaCertBuf, (word32)rsaCaCertBufSz,
- rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
- eccClientCertBuf, (word32)eccClientCertBufSz,
- eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
- #if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC)
- if (ret >= 0)
- ret = pkcs7callback_test(
- rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz);
- #endif
- XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_PKCS7 */
- #if defined(WOLFSSL_PUBLIC_MP) && \
- ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(USE_FAST_MATH))
- /* Maximum number of bytes in a number to test. */
- #define MP_MAX_TEST_BYTE_LEN 32
- static wc_test_ret_t randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
- {
- byte d[MP_MAX_TEST_BYTE_LEN];
- wc_test_ret_t ret;
- (void)heap;
- do {
- ret = wc_RNG_GenerateBlock(rng, d, (word32)len);
- if (ret != 0)
- return ret;
- ret = mp_read_unsigned_bin(n, d, (word32)len);
- if (ret != 0)
- return ret;
- } while (mp_iszero(n));
- return 0;
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
- static wc_test_ret_t mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- int i, j;
- mp_digit rem;
- mp_digit rem2;
- wc_test_ret_t ret;
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- for (i = 0; i < 10; i++) {
- for (j = 1; j < 10; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_3(a, r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_d(r, 3, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add_d(r, rem, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- ret = mp_div_3(a, r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_NC;
- ret = mp_div_3(a, a, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_div_d(a, 10, r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, 10, a, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- ret = mp_div_d(a, 12, r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, 12, a, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, a);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- if (rem != rem2)
- return WC_TEST_RET_ENC_NC;
- #endif
- (void)a;
- (void)r;
- (void)rng;
- (void)i;
- (void)j;
- (void)rem;
- (void)rem2;
- (void)ret;
- return 0;
- }
- #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
- (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
- static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i, j;
- int size;
- char str[30];
- WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
- WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
- WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
- WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
- for (i = 0; i < 10; i++) {
- for (j = 2; j < 12; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(a, MP_RADIX_DEC, &size);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_toradix(a, str, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if ((int)XSTRLEN(str) != size - 1)
- return WC_TEST_RET_ENC_NC;
- ret = mp_read_radix(r, str, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, r);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- ret = mp_read_radix(r, badStr1, MP_RADIX_DEC);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(r, badStr2, MP_RADIX_DEC);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(r, empty2, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(r, zeros, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(r, 1);
- ret = mp_read_radix(r, empty, MP_RADIX_DEC);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- mp_zero(a);
- ret = mp_radix_size(a, MP_RADIX_DEC, &size);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (size != 2)
- return WC_TEST_RET_ENC_NC;
- ret = mp_toradix(a, str, MP_RADIX_DEC);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if ((int)XSTRLEN(str) != size - 1)
- return WC_TEST_RET_ENC_NC;
- ret = mp_read_radix(r, str, MP_RADIX_DEC);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
- defined(HAVE_ECC))
- static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i, j;
- int size;
- char str[30];
- #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
- static char longStr[2 * sizeof(a->dp) + 2];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
- WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
- for (i = 0; i < 10; i++) {
- for (j = 2; j < 12; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- mp_radix_size(a, MP_RADIX_HEX, &size);
- mp_toradix(a, str, MP_RADIX_HEX);
- if ((int)XSTRLEN(str) != size - 1)
- return WC_TEST_RET_ENC_NC;
- mp_read_radix(r, str, MP_RADIX_HEX);
- ret = mp_cmp(a, r);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- ret = mp_read_radix(r, empty2, MP_RADIX_HEX);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(r, badStr2, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(r, 1);
- ret = mp_read_radix(r, empty, MP_RADIX_HEX);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
- /* Fixed MP data size - string can be too long. */
- longStr[0] = '8';
- XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
- longStr[sizeof(longStr)-1] = '\0';
- ret = mp_read_radix(r, longStr, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- mp_zero(a);
- ret = mp_radix_size(a, MP_RADIX_HEX, &size);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- if (size != 3)
- #else
- if (size != 2)
- #endif
- return WC_TEST_RET_ENC_NC;
- ret = mp_toradix(a, str, MP_RADIX_HEX);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if ((int)XSTRLEN(str) != size - 1)
- return WC_TEST_RET_ENC_NC;
- ret = mp_read_radix(r, str, MP_RADIX_HEX);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_SP_MATH
- ret = mp_toradix(a, str, 8);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(a, 8, &size);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- static wc_test_ret_t mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
- {
- int i;
- wc_test_ret_t ret;
- ret = randNum(a, 4, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < 4; i++) {
- mp_copy(r1, a);
- ret = mp_lshd(r1, i);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_SP_MATH
- mp_rshd(r1, i);
- #else
- mp_rshb(r1, i * SP_WORD_SIZE);
- #endif
- ret = mp_cmp(a, r1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- #ifndef WOLFSSL_SP_MATH
- for (i = 0; i < DIGIT_BIT+1; i++) {
- ret = mp_mul_2d(a, i, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_rshb(r1, i);
- ret = mp_cmp(a, r1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- #endif
- return 0;
- }
- static wc_test_ret_t mp_test_add_sub_d(mp_int* a, mp_int* r1)
- {
- int i, j;
- wc_test_ret_t ret;
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- mp_zero(a);
- mp_set_bit(a, i);
- if ((int)a->used != (i + DIGIT_BIT) / DIGIT_BIT)
- return WC_TEST_RET_ENC_NC;
- for (j = 0; j < i && j < DIGIT_BIT; j++) {
- mp_zero(r1);
- mp_set_bit(r1, i);
- ret = mp_sub_d(r1, (mp_digit)1 << j, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add_d(r1, (mp_digit)1 << j, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, r1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- mp_zero(r1);
- ret = mp_add_d(r1, 1, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (r1->used != 1)
- return WC_TEST_RET_ENC_NC;
- ret = mp_sub_d(r1, 1, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (r1->used != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- static wc_test_ret_t mp_test_read_to_bin(mp_int* a)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte in[16] = {
- 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08,
- 0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09
- };
- byte out[24];
- int i, j, k;
- const byte* p;
- wc_test_ret_t ret;
- for (i = 0; i < (int)sizeof(in); i++) {
- p = in + sizeof(in) - i;
- ret = mp_read_unsigned_bin(a, p, (word32)i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = i; j < (int)sizeof(out); j++) {
- XMEMSET(out, 0xff, sizeof(out));
- ret = mp_to_unsigned_bin_len(a, out, j);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (k = 0; k < j - i; k++) {
- if (out[k] != 0)
- return WC_TEST_RET_ENC_NC;
- }
- for (; k < j; k++) {
- if (out[k] != p[k - (j - i)])
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- /* Length too small. */
- ret = mp_to_unsigned_bin_len(a, out, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(a, NULL, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(a))
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static wc_test_ret_t mp_test_set_int(mp_int* a)
- {
- #if SP_ULONG_BITS == 64
- unsigned long n = 0xfedcba9876543210UL;
- byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
- byte out[8] = { 0 };
- #elif SP_ULONG_BITS == 32
- unsigned long n = 0xfedcba98UL;
- byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 };
- byte out[4] = { 0 };
- #elif SP_ULONG_BITS == 16
- unsigned long n = 0xfedc;
- byte exp[2] = { 0xfe, 0xdc };
- byte out[2] = { 0 };
- #elif SP_ULONG_BITS == 8
- unsigned long n = 0xfe;
- byte exp[1] = { 0xfe };
- byte out[1] = { 0 };
- #endif
- wc_test_ret_t ret;
- ret = mp_set_int(a, n);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_unsigned_bin_size(a);
- if (ret != sizeof(exp))
- return WC_TEST_RET_ENC_NC;
- ret = mp_to_unsigned_bin(a, out);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (XMEMCMP(exp, out, sizeof(exp)) != 0)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
- {
- byte buffer[16];
- #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
- char hexStr[] = "abcdef0123456789";
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- char negStr[] = "-1234";
- #endif
- #endif
- #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_COMP_KEY)
- char decStr[] = "0987654321";
- #endif
- wc_test_ret_t ret;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_digit rho;
- int size;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- int result;
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- mp_digit rd;
- #endif
- (void)rng;
- (void)r;
- ret = mp_init(NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
- ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- mp_free(NULL);
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = mp_grow(NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SP_MATH
- ret = mp_grow(a, SP_INT_DIGITS + 1);
- if (ret != MP_MEM)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #endif
- mp_clear(NULL);
- ret = mp_abs(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_abs(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_abs(NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_unsigned_bin_size(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_read_radix(NULL, NULL, 16);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(a, NULL, 16);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_read_radix(NULL, hexStr, 16);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- ret = mp_read_radix(a, negStr, 16);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_read_radix(a, negStr, 10);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* WOLFSSL_SP_MATH_ALL */
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- #endif
- #ifndef WOLFSSL_SP_MATH_ALL
- /* Radix 10 only supported with ALL. */
- ret = mp_read_radix(a, decStr, 10);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- /* Radix 8 not supported SP_INT. */
- ret = mp_read_radix(a, "0123", 8);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_count_bits(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_is_bit_set(NULL, 0);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_leading_bit(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(a);
- ret = mp_leading_bit(a);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- !defined(NO_RSA)
- ret = mp_set_bit(NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_to_unsigned_bin(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin(NULL, buffer);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_len(a, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
- ret = mp_copy(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_copy(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_copy(NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
- ret = sp_2expt(NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = mp_set(NULL, 0);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(NULL, 0);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(NULL, NULL);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(a, NULL);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(NULL, b);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_rshd(NULL, 1);
- #endif
- mp_zero(NULL);
- #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_lshd(NULL, 0);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lshd(a, SP_INT_DIGITS + 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_div(NULL, NULL, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, NULL, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(NULL, b, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_mod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(NULL, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(NULL, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_set_int(NULL, 0);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, a, 1, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, a, 1, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, NULL, 1, a, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, a, 1, a, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, a, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, a, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, NULL, a, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, a, a, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- ret = mp_rand_prime(NULL, 32, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_rand_prime(a, 32, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_rand_prime(NULL, 32, rng, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_rand_prime(a, 0, rng, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_mul(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(NULL, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(NULL, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_sqr(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqr(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqr(NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_sqrmod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(NULL, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(a, NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqrmod(NULL, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, NULL, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
- !defined(NO_RSA) || !defined(NO_DSA)
- ret = mp_add_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add_d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add_d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
- ret = mp_sub_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub_d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub_d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- ret = mp_div_d(NULL, 0, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, 0, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- ret = mp_mod_d(NULL, 0, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 0, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(NULL, 0, &rd);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- ret = mp_gcd(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(NULL, a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(a, NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(NULL, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
- ret = mp_div_2_mod_ct(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2_mod_ct(NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_2(NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
- ret = mp_invmod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(a, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
- ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(a, b, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(a, NULL, a, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod_mont_ct(NULL, b, a, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- ret = mp_lcm(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, b, 1, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, b, 1, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(a, NULL, 1, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_ex(NULL, b, 1, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
- ret = mp_cnt_lsb(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- ret = mp_prime_is_prime(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(NULL, 1, &result);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, 0, &result);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, 1024, &result);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
- ret = mp_exch(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exch(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exch(NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_mul_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_add(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(NULL, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(a, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_add(NULL, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_sub(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(a, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(NULL, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(a, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(a, NULL, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub(NULL, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
- defined(WOLFSSL_CUSTOM_CURVES))
- ret = mp_addmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_addmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_submod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(a, b, b, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(a, b, NULL, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(a, NULL, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_submod(NULL, b, b, a);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_div_2d(NULL, 1, a, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_2d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_2d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_2d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(a, 1, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(NULL, 1, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_montgomery_reduce(NULL, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_reduce(a, NULL, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_reduce(NULL, b, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(b);
- ret = mp_montgomery_reduce(a, b, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_montgomery_setup(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_setup(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_setup(NULL, &rho);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_calc_normalization(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_calc_normalization(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_calc_normalization(NULL, b);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = mp_unsigned_bin_size(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_tohex(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_tohex(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_tohex(NULL, hexStr);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- ret = mp_todecimal(NULL, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_todecimal(a, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_todecimal(NULL, decStr);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_toradix(a, NULL, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_toradix(a, hexStr, 3);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_radix_size(a, 3, &size);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static wc_test_ret_t mp_test_set_is_bit(mp_int* a)
- {
- int i, j;
- wc_test_ret_t ret;
- mp_zero(a);
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- if (mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- for (j = 0; j < i; j++) {
- if (!mp_is_bit_set(a, j))
- return WC_TEST_RET_ENC_NC;
- }
- if (mp_set_bit(a, i) != 0)
- return WC_TEST_RET_ENC_NC;
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- }
- mp_zero(a);
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- if (mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- }
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- mp_zero(a);
- if (mp_set_bit(a, i) != 0)
- return WC_TEST_RET_ENC_NC;
- for (j = 0; j < i; j++) {
- if (mp_is_bit_set(a, j))
- return WC_TEST_RET_ENC_NC;
- }
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- }
- #ifdef WOLFSSL_KEY_GEN
- for (i = 0; i < DIGIT_BIT * 2; i++) {
- mp_set(a, 1);
- ret = mp_2expt(a, i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = 0; j < i; j++) {
- if (mp_is_bit_set(a, j))
- return WC_TEST_RET_ENC_NC;
- }
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- }
- #endif
- #ifdef WOLFSSL_SP_MATH
- mp_zero(a);
- for (j = 1; j <= 3; j++) {
- i = SP_INT_MAX_BITS - j;
- if (mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- if (mp_set_bit(a, i) != 0)
- return WC_TEST_RET_ENC_NC;
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_KEY_GEN
- ret = mp_2expt(a, i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- #endif
- }
- mp_zero(a);
- for (j = 0; j <= 3; j++) {
- i = SP_INT_MAX_BITS + j;
- if (mp_is_bit_set(a, i))
- return WC_TEST_RET_ENC_NC;
- if (mp_set_bit(a, i) != MP_VAL)
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_KEY_GEN
- ret = mp_2expt(a, i);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- }
- #endif
- (void)ret;
- return 0;
- }
- #endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
- static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
- {
- wc_test_ret_t ret;
- mp_zero(a);
- mp_zero(b);
- ret = mp_cmp_d(a, 0);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(a, 1);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- mp_set(a, 1);
- ret = mp_cmp_d(a, 0);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(a, 1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(a, 2);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, b);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
- ret = mp_cmp_d(b, -1);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, b);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(b, a);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(b, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
- defined(WOLFSSL_SP_INT_NEGATIVE)
- mp_read_radix(a, "-1", MP_RADIX_HEX);
- mp_read_radix(a, "1", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(b, a);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- mp_read_radix(b, "-2", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_NC;
- ret = mp_cmp(b, a);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_NC;
- mp_read_radix(a, "-2", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- #endif
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
- defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING)
- mp_zero(a);
- mp_zero(b);
- ret = mp_cmp_ct(a, b, 1);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(a, a, a->used);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_cmp_ct(a, NULL, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(NULL, a, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- mp_read_radix(a, "1", MP_RADIX_HEX);
- ret = mp_cmp_ct(a, b, 1);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(b, a, 1);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- mp_read_radix(a, "0123456789abcdef0123456789abcdef", MP_RADIX_HEX);
- ret = mp_cmp_ct(a, b, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(b, a, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- mp_read_radix(b, "1123456789abcdef0123456789abcdef", MP_RADIX_HEX);
- ret = mp_cmp_ct(b, a, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(a, b, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- mp_read_radix(b, "0123456789abcdef0123456789abcdf0", MP_RADIX_HEX);
- ret = mp_cmp_ct(b, a, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(a, b, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- mp_read_radix(b, "0123456789abcdf0", MP_RADIX_HEX);
- ret = mp_cmp_ct(a, b, a->used);
- if (ret != MP_GT)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_ct(b, a, a->used);
- if (ret != MP_LT)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i, j, k;
- #ifndef WOLFSSL_SP_MATH
- for (i = 0; i < 10; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_copy(a, b);
- for (k = 0; k <= DIGIT_BIT * 2; k++) {
- ret = mp_mul_2d(a, k, a);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_rshb(a, k);
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- #endif
- for (i = 0; i < 10; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_copy(a, b);
- for (k = 0; k < 10; k++) {
- ret = mp_lshd(a, k);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_SP_MATH
- mp_rshd(a, k);
- #else
- mp_rshb(a, k * SP_WORD_SIZE);
- #endif
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- #ifndef WOLFSSL_SP_MATH
- mp_zero(a);
- mp_rshd(a, 1);
- if (!mp_iszero(a))
- return WC_TEST_RET_ENC_NC;
- mp_set(a, 1);
- mp_rshd(a, 1);
- if (!mp_iszero(a))
- return WC_TEST_RET_ENC_NC;
- mp_set(a, 1);
- mp_rshd(a, 2);
- if (!mp_iszero(a))
- return WC_TEST_RET_ENC_NC;
- #endif
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
- WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i, j, k;
- mp_zero(a);
- mp_zero(d);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(d, 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(rem))
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_isone(r))
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(rem))
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < 100; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) {
- ret = randNum(d, j, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) {
- ret = randNum(a, k, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, d, NULL, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, d, r, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_mul(r, d, r);
- mp_add(r, rem, r);
- if (mp_cmp(r, a) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- }
- ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_add(d, d, a);
- mp_set(rem, 1);
- mp_div(a, d, NULL, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(rem))
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(r, 1);
- mp_div(a, d, r, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (mp_cmp_d(r, 2) != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(r, 1);
- mp_set(rem, 1);
- mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (mp_cmp_d(r, 2) != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(rem))
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 0xfe);
- mp_lshd(a, 3);
- mp_add_d(a, 0xff, a);
- mp_set(d, 0xfe);
- mp_lshd(d, 2);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_mul(r, d, d);
- mp_add(rem, d, d);
- if (mp_cmp(a, d) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- /* Force (hi | lo) / d to be (d | 0) / d which will would not fit in
- * a digit. So mp_div must detect and handle.
- * For example: 0x800000 / 0x8001, DIGIT_BIT = 8
- */
- mp_zero(a);
- mp_set_bit(a, DIGIT_BIT * 3 - 1);
- mp_zero(d);
- mp_set_bit(d, DIGIT_BIT * 2 - 1);
- mp_add_d(d, 1, d);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- /* Make sure [d | d] / d is handled. */
- mp_zero(a);
- mp_set_bit(a, DIGIT_BIT * 2 - 1);
- mp_set_bit(a, DIGIT_BIT * 1 - 1);
- mp_zero(d);
- mp_set_bit(d, DIGIT_BIT - 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(a);
- mp_set_bit(a, DIGIT_BIT);
- mp_set_bit(a, 0);
- mp_zero(d);
- if (mp_cmp(r, a) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- if (mp_cmp(rem, d) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int res;
- ret = mp_rand_prime(a, 1, rng, NULL);
- #if defined(WOLFSSL_SP_MATH_ALL)
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #else
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_NC;
- #endif
- #ifndef WOLFSSL_SP_MATH
- ret = mp_rand_prime(a, -5, rng, NULL);
- if (ret != 0 || (a->dp[0] & 3) != 3)
- return WC_TEST_RET_ENC_NC;
- #endif
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #ifndef WOLFSSL_SP_MATH
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- #else
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- #endif
- ret = mp_prime_is_prime(a, 0, &res);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, -1, &res);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_prime_is_prime(a, 257, &res);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- mp_set(a, 2);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- mp_set(a, 0xfb);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_YES)
- return WC_TEST_RET_ENC_EC(res);
- mp_set(a, 0x6);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- mp_set_int(a, 0x655 * 0x65b);
- ret = mp_prime_is_prime(a, 10, &res);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- ret = mp_prime_is_prime_ex(a, 10, &res, rng);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (res != MP_NO)
- return WC_TEST_RET_ENC_EC(res);
- return 0;
- }
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
- WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i;
- WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = {
- { 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 },
- { 12, 56, 168 }, { 56, 12, 168 }
- };
- (void)exp;
- mp_set(a, 0);
- mp_set(b, 1);
- ret = mp_lcm(a, a, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(b, a, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
- mp_set(a, kat[i][0]);
- mp_set(b, kat[i][1]);
- ret = mp_lcm(a, b, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(exp, kat[i][2]);
- ret = mp_cmp(r, exp);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- (void)rng;
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- ret = mp_rand_prime(a, 20, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_rand_prime(b, 20, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, b, exp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_lcm(a, b, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, exp);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- ret = mp_lcm(b, a, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, exp);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- #endif
- mp_set(a, 11);
- mp_zero(b);
- ret = mp_gcd(a, b, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(r, 11);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(b, a, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(r, 11);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_gcd(b, b, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif
- #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- static wc_test_ret_t mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i;
- int j;
- mp_set(a, 10);
- ret = mp_mod_2d(a, 0, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_mod_2d(a, 1, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_mod_2d(a, 2, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(r, 2);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (i = 2; i < 20; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = 1; j <= mp_count_bits(a); j++) {
- /* Get top part */
- ret = mp_div_2d(a, j, t, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(t, j, t);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Get bottom part */
- ret = mp_mod_2d(a, j, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* Reassemble */
- ret = mp_add(t, r, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(a, r);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_INT_NEGATIVE)
- /* Test negative value being moded. */
- for (j = 0; j < 20; j++) {
- ret = randNum(a, 2, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- a->sign = MP_NEG;
- for (i = 1; i < DIGIT_BIT * 3 + 1; i++) {
- ret = mp_mod_2d(a, i, r);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(t);
- ret = mp_set_bit(t, i);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, t, t);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r, t);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- #endif
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY))
- static wc_test_ret_t mp_test_mod_d(mp_int* a, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- mp_digit r;
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
- mp_digit rem;
- int i;
- #endif
- (void)rng;
- ret = mp_set(a, 1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 0, &r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_zero(a);
- ret = mp_mod_d(a, 1, &r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 3, &r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 5, &r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
- for (i = MP_MAX_TEST_BYTE_LEN - 16; i <= MP_MAX_TEST_BYTE_LEN; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod_d(a, 3, &r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_div_d(a, 3, a, &rem);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (r != rem)
- return WC_TEST_RET_ENC_NC;
- }
- #endif
- return 0;
- }
- #endif
- static wc_test_ret_t mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
- WC_RNG* rng)
- {
- wc_test_ret_t ret;
- int i;
- for (i = 1; i < 16; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, a, r1);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqr(a, r2);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp(r1, r2);
- if (ret != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- ret = mp_set(b, 0);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r1))
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sqr(b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r1))
- return WC_TEST_RET_ENC_NC;
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_set(a, 1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- i = (SP_INT_DIGITS / 2) + 1;
- ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_set(b, 1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mul(a, a, r1);
- if (ret == MP_OKAY)
- return WC_TEST_RET_ENC_NC;
- ret = mp_sqr(a, r1);
- if (ret == MP_OKAY)
- return WC_TEST_RET_ENC_NC;
- ret = mp_sqr(b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- (defined(HAVE_ECC) && defined(FP_ECC))
- ret = mp_mulmod(a, b, b, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mulmod(a, a, b, r1);
- if (ret == MP_OKAY)
- return WC_TEST_RET_ENC_NC;
- #if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC))
- ret = mp_sqrmod(a, b, r1);
- if (ret == MP_OKAY)
- return WC_TEST_RET_ENC_NC;
- ret = mp_sqrmod(b, a, r1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
- #endif /* WOLFSSL_SP_MATH_ALL */
- return 0;
- }
- #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA)
- static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
- {
- wc_test_ret_t ret;
- mp_set(a, 0);
- mp_set(m, 1);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_invmod(m, a, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 2);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 3);
- mp_set(m, 6);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 5*9);
- mp_set(m, 6*9);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_isone(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(a, 3);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_cmp_d(r, 3);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 3);
- mp_set(m, 5);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- /* Maximum 'a' */
- mp_set(a, 0);
- mp_set_bit(a, (r->size / 2)* SP_WORD_SIZE - 1);
- mp_sub_d(a, 1, a);
- /* Modulus too big. */
- mp_set(m, 0);
- mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- /* Maximum modulus - even. */
- mp_set(m, 0);
- mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE - 1);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
- mp_read_radix(a, "-3", 16);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- mp_set(a, 0);
- mp_set(m, 3);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 0);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 1);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 2);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(a, 1);
- mp_set(m, 3);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
- {
- wc_test_ret_t ret;
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x0);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x1);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(b, 0x2);
- mp_set(e, 0x0);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_isone(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_isone(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(b, 0x0);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- mp_set(b, 0x10);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- mp_set(b, 0x7);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- #ifndef WOLFSSL_SP_MATH
- mp_set(b, 0x01);
- mp_mul_2d(b, DIGIT_BIT, b);
- mp_add_d(b, 1, b);
- mp_set(e, 0x3);
- mp_copy(b, m);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (!mp_iszero(r))
- return WC_TEST_RET_ENC_NC;
- #endif
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x01);
- mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
- mp_add_d(m, 0x01, m);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_VAL)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- return 0;
- }
- #endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) ||
- * OPENSSL_EXTRA */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng)
- {
- wc_test_ret_t ret;
- mp_digit mp;
- static int exp[] = { 7, 8, 16, 27, 32, 64,
- 127, 128, 255, 256,
- #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
- 383, 384, 2033, 2048
- #endif
- };
- static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b,
- 0x01, 0x9f, 0x13, 0xbd,
- #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
- 0x1f, 0x13d, 0x45, 0x615
- #endif
- };
- int bits[] = { 256, 384,
- #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 4096
- 2048,
- #endif
- #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 6144
- 3072
- #endif
- };
- int i;
- int j;
- for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) {
- if (exp[i] >= DIGIT_BIT)
- continue;
- mp_zero(m);
- ret = mp_set_bit(m, exp[i]);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_sub_d(m, sub[i], m);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_setup(m, &mp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_calc_normalization(n, m);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- for (j = 0; j < 10; j++) {
- ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_mod(a, m, a);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- /* r = a * a */
- ret = mp_sqrmod(a, m, r);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- /* Convert to Montgomery form = a*n */
- ret = mp_mulmod(a, n, m, a);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- /* a*a mod m == ((a*n) * (a*n)) / n / n */
- ret = mp_sqr(a, a);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- if (mp_cmp(a, r) != MP_EQ)
- return WC_TEST_RET_ENC_NC;
- }
- }
- /* Force carries. */
- for (i = 0; i < (int)(sizeof(bits) / sizeof(*bits)); i++) {
- /* a = 2^(bits*2) - 1 */
- mp_zero(a);
- mp_set_bit(a, bits[i] * 2);
- mp_sub_d(a, 1, a);
- /* m = 2^(bits) - 1 */
- mp_zero(m);
- mp_set_bit(m, bits[i]);
- mp_sub_d(m, 1, m);
- mp = 1;
- /* result = r = 2^(bits) - 1 */
- mp_zero(r);
- mp_set_bit(r, bits[i]);
- mp_sub_d(r, 1, r);
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return WC_TEST_RET_ENC_EC(ret);
- /* Result is m or 0 if reduced to range of modulus. */
- if (mp_cmp(a, r) != MP_EQ && mp_iszero(a) != MP_YES)
- return WC_TEST_RET_ENC_NC;
- }
- return 0;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
- {
- WC_RNG rng;
- int rng_inited = 0;
- wc_test_ret_t ret;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- int i, j;
- #ifndef WOLFSSL_SP_MATH
- int k;
- #endif
- mp_digit d = 0;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *a = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER),
- *b = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER),
- *r1 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER),
- *r2 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER),
- *p = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if ((a == NULL) ||
- (b == NULL) ||
- (r1 == NULL) ||
- (r2 == NULL) ||
- (p == NULL))
- {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
- }
- #else
- mp_int a[1], b[1], r1[1], r2[1], p[1];
- #endif
- WOLFSSL_ENTER("mp_test");
- ret = mp_init_multi(a, b, r1, r2, NULL, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_init_copy(p, a);
- #else
- ret = mp_init(p);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- goto done;
- rng_inited = 1;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- mp_set_int(a, 0);
- if (a->used != 0 || a->dp[0] != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
- for (i = 0; i < 4 * j; i++) {
- /* New values to use. */
- ret = randNum(p, j, &rng, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = randNum(a, j, &rng, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = randNum(b, j, &rng, NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- d &= MP_MASK;
- #if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \
- (defined(ECC_SHAMIR) || defined(FP_ECC)))
- /* Ensure sqrmod produce same result as mulmod. */
- ret = mp_sqrmod(a, p, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = mp_mulmod(a, a, p, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (mp_cmp(r1, r2) != 0) {
- WOLFSSL_MSG("Fail: mp_mulmod result does not match mp_sqrmod!");
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
- !defined(WOLFSSL_SP_INT_NEGATIVE))
- ret = mp_addmod(a, b, p, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = mp_submod(r1, b, p, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = mp_mod(a, p, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (mp_cmp(r1, r2) != MP_EQ)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #else
- /* Ensure add with mod produce same result as sub with mod. */
- ret = mp_addmod(a, b, p, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- b->sign ^= 1;
- ret = mp_submod(a, b, p, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (mp_cmp(r1, r2) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- #endif
- /* Ensure add digit produce same result as sub digit. */
- ret = mp_add_d(a, d, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- ret = mp_sub_d(r1, d, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (mp_cmp(a, r2) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- /* Invert - if p is even it will use the slow impl.
- * - if p and a are even it will fail.
- */
- ret = mp_invmod(a, p, r1);
- if (ret != 0 && ret != MP_VAL)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- #ifndef WOLFSSL_SP_MATH
- /* Shift up and down number all bits in a digit. */
- for (k = 0; k < DIGIT_BIT; k++) {
- mp_mul_2d(a, k, r1);
- mp_div_2d(r1, k, r2, p);
- if (mp_cmp(a, r2) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- if (!mp_iszero(p))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- mp_rshb(r1, k);
- if (mp_cmp(a, r1) != 0)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- }
- }
- /* Test adding and subtracting zero from zero. */
- mp_zero(a);
- ret = mp_add_d(a, 0, r1);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (!mp_iszero(r1)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- ret = mp_sub_d(a, 0, r2);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
- if (!mp_iszero(r2)) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #if DIGIT_BIT >= 32
- /* Check that setting a 32-bit digit works. */
- d &= 0xffffffffU;
- mp_set_int(a, d);
- if (a->used != 1 || a->dp[0] != d)
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- #endif
- /* Check setting a bit and testing a bit works. */
- for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
- mp_zero(a);
- mp_set_bit(a, i);
- if (!mp_is_bit_set(a, i))
- ERROR_OUT(WC_TEST_RET_ENC_NC, done);
- }
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
- mp_zero(a);
- i = mp_cnt_lsb(a);
- if (i != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
- mp_set(a, 1);
- i = mp_cnt_lsb(a);
- if (i != 0)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
- mp_set(a, 32);
- i = mp_cnt_lsb(a);
- if (i != 5)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
- mp_zero(a);
- mp_set_bit(a, 129);
- i = mp_cnt_lsb(a);
- if (i != 129)
- ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_param(a, b, r1, &rng)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
- if ((ret = mp_test_div_3(a, r1, &rng)) != 0)
- goto done;
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
- (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
- if ((ret = mp_test_radix_10(a, r1, &rng)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
- defined(HAVE_ECC))
- if ((ret = mp_test_radix_16(a, r1, &rng)) != 0)
- goto done;
- #endif
- if ((ret = mp_test_shift(a, r1, &rng)) != 0)
- goto done;
- if ((ret = mp_test_add_sub_d(a, r1)) != 0)
- goto done;
- if ((ret = mp_test_read_to_bin(a)) != 0)
- goto done;
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_set_int(a)) != 0)
- goto done;
- #endif
- if ((ret = mp_test_cmp(a, r1)) != 0)
- goto done;
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- if ((ret = mp_test_shbd(a, b, &rng)) != 0)
- goto done;
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_set_is_bit(a)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- if ((ret = mp_test_div(a, b, r1, r2, &rng)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- if ((ret = mp_test_prime(a, &rng)) != 0)
- goto done;
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- if ((ret = mp_test_lcm_gcd(a, b, r1, r2, &rng)) != 0)
- goto done;
- #endif
- #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_mod_2d(a, r1, p, &rng)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY))
- if ((ret = mp_test_mod_d(a, &rng)) != 0)
- goto done;
- #endif
- if ((ret = mp_test_mul_sqr(a, b, r1, r2, &rng)) != 0)
- goto done;
- #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA)
- if ((ret = mp_test_invmod(a, b, r1)) != 0)
- goto done;
- #endif
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- if ((ret = mp_test_exptmod(a, b, r1, r2)) != 0)
- goto done;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- if ((ret = mp_test_mont(a, b, r1, r2, &rng)) != 0)
- goto done;
- #endif
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (p) {
- mp_clear(p);
- XFREE(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (r2) {
- mp_clear(r2);
- XFREE(r2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (r1) {
- mp_clear(r1);
- XFREE(r1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (b) {
- mp_clear(b);
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (a) {
- mp_clear(a);
- XFREE(a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(p);
- mp_clear(r2);
- mp_clear(r1);
- mp_clear(b);
- mp_clear(a);
- #endif
- if (rng_inited)
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_PUBLIC_MP && ((WOLFSSL_SP_MATH_ALL &&
- * !WOLFSSL_RSA_VERIFY_ONLY) || USE_FAST_MATH) */
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- typedef struct pairs_t {
- const unsigned char* coeff;
- int coeffSz;
- int exp;
- } pairs_t;
- /*
- n =p1p2p3, where pi = ki(p1-1)+1 with (k2,k3) = (173,293)
- p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
- + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
- */
- static const unsigned char c192a[] =
- {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
- 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
- 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
- };
- static const unsigned char c0a[] =
- {
- 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
- 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
- 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
- };
- static const pairs_t ecPairsA[] =
- {
- {c192a, sizeof(c192a), 192},
- {c0a, sizeof(c0a), 0}
- };
- static const int kA[] = {173, 293};
- static const unsigned char controlPrime[] = {
- 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
- 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
- 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
- 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
- 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
- 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
- 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
- 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
- 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
- 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
- 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
- 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
- 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
- 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
- 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
- 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
- };
- static const unsigned char testOne[] = { 1 };
- static wc_test_ret_t GenerateNextP(mp_int* p1, mp_int* p2, int k)
- {
- wc_test_ret_t ret;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (ki == NULL)
- return MEMORY_E;
- #else
- mp_int ki[1];
- #endif
- ret = mp_init(ki);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- if (ret == 0) {
- ret = mp_set(ki, (mp_digit)k);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_sub_d(p1, 1, p2);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_mul(p2, ki, p2);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_add_d(p2, 1, p2);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- mp_clear(ki);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- static wc_test_ret_t GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
- const pairs_t* ecPairs, int ecPairsSz,
- const int* k)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- mp_int *x = NULL, *y = NULL;
- #else
- mp_int x[1], y[1];
- #endif
- wc_test_ret_t ret;
- int i;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) ||
- ((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
- ret = MEMORY_E;
- goto out;
- }
- #endif
- ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- goto out;
- }
- for (i = 0; ret == 0 && i < ecPairsSz; i++) {
- ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, (word32)ecPairs[i].coeffSz);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- /* p1 = 2^exp */
- ret = mp_2expt(y, ecPairs[i].exp);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- /* p1 = p1 * m */
- ret = mp_mul(x, y, x);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- /* p1 += */
- ret = mp_add(p1, x, p1);
- if (ret != 0) {
- ret = WC_TEST_RET_ENC_EC(ret);
- break;
- }
- mp_zero(x);
- mp_zero(y);
- }
- if (ret == 0)
- ret = GenerateNextP(p1, p2, k[0]);
- if (ret == 0)
- ret = GenerateNextP(p1, p3, k[1]);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (x != NULL) {
- mp_clear(x);
- XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (y != NULL) {
- mp_clear(y);
- XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(x);
- mp_clear(y);
- #endif
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- mp_int n[1],
- p1[1],
- p2[1],
- p3[1];
- #endif
- wc_test_ret_t ret;
- int isPrime = 0;
- WC_RNG rng;
- WOLFSSL_ENTER("prime_test");
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((n == NULL) ||
- (p1 == NULL) ||
- (p2 == NULL) ||
- (p3 == NULL))
- ERROR_OUT(MEMORY_E, out);
- #endif
- ret = wc_InitRng(&rng);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- if (ret == 0) {
- ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0)
- ret = GenerateP(p1, p2, p3,
- ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
- if (ret == 0) {
- ret = mp_mul(p1, p2, n);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret == 0) {
- ret = mp_mul(n, p3, n);
- if (ret != 0)
- ret = WC_TEST_RET_ENC_EC(ret);
- }
- if (ret != 0)
- ERROR_OUT(ret, out);
- /* Check the old prime test using the number that false positives.
- * This test result should indicate as not prime. */
- ret = mp_prime_is_prime(n, 40, &isPrime);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* This test result should fail. It should indicate the value as prime. */
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (!isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* This test result should indicate the value as prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (!isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- /* This test result should indicate the value as prime. */
- isPrime = -1;
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (!isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne));
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
- if (isPrime)
- ERROR_OUT(WC_TEST_RET_ENC_NC, out);
- ret = 0;
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (n != NULL) {
- mp_clear(n);
- XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p1 != NULL) {
- mp_clear(p1);
- XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p2 != NULL) {
- mp_clear(p2);
- XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p3 != NULL) {
- mp_clear(p3);
- XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(p3);
- mp_clear(p2);
- mp_clear(p1);
- mp_clear(n);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_PUBLIC_MP */
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
- typedef struct berDerTestData {
- const byte *in;
- word32 inSz;
- const byte *out;
- word32 outSz;
- } berDerTestData;
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
- {
- wc_test_ret_t ret;
- int i;
- word32 len = 0, l;
- byte out[32];
- WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
- 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
- 0x30, 0x80,
- 0x02, 0x01, 0x01,
- 0x30, 0x80,
- 0x24, 0x80,
- 0x04, 0x01, 0x01,
- 0x04, 0x02, 0x02, 0x03,
- 0x00, 0x00,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x31, 0x80,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x00, 0x00,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
- 0x30, 0x12,
- 0x02, 0x01, 0x01,
- 0x30, 0x08,
- 0x04, 0x03, 0x01, 0x02, 0x03,
- 0x06, 0x01, 0x01,
- 0x31, 0x03,
- 0x06, 0x01, 0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- berDerTestData testData[] = {
- { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
- { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
- { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
- { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
- { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
- };
- WOLFSSL_ENTER("berder_test");
- for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return WC_TEST_RET_ENC_I(i);
- if (len != testData[i].outSz)
- return WC_TEST_RET_ENC_I(i);
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
- if (ret != 0)
- return WC_TEST_RET_ENC_I(i);
- if (XMEMCMP(out, testData[i].out, len) != 0)
- return WC_TEST_RET_ENC_I(i);
- for (l = 1; l < testData[i].inSz; l++) {
- ret = wc_BerToDer(testData[i].in, l, NULL, &len);
- if (ret != ASN_PARSE_E)
- return WC_TEST_RET_ENC_EC(ret);
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, l, out, &len);
- if (ret != ASN_PARSE_E)
- return WC_TEST_RET_ENC_EC(ret);
- }
- for (l = 0; l < testData[i].outSz-1; l++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- }
- }
- ret = wc_BerToDer(NULL, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(out, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(NULL, 4, NULL, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(NULL, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(out, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_BerToDer(NULL, 4, out, &len);
- if (ret != BAD_FUNC_ARG)
- return WC_TEST_RET_ENC_EC(ret);
- for (l = 1; l < sizeof(good4_out); l++) {
- len = l;
- ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
- if (ret != BUFFER_E)
- return WC_TEST_RET_ENC_EC(ret);
- }
- return 0;
- }
- #endif
- #ifdef DEBUG_WOLFSSL
- static THREAD_LS_T int log_cnt = 0;
- static void my_Logging_cb(const int logLevel, const char *const logMessage)
- {
- (void)logLevel;
- (void)logMessage;
- log_cnt++;
- }
- #endif /* DEBUG_WOLFSSL */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
- {
- wc_test_ret_t ret;
- #ifdef DEBUG_WOLFSSL
- const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
- byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
- byte b[256];
- int i;
- WOLFSSL_ENTER("logging_test (debug)");
- for (i = 0; i < (int)sizeof(b); i++)
- b[i] = i;
- ret = wolfSSL_Debugging_ON();
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wolfSSL_SetLoggingCb(my_Logging_cb);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* turn off logs */
- wolfSSL_Debugging_OFF();
- /* capture log count */
- i = log_cnt;
- /* validate no logs are output when disabled */
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* check the logs were disabled */
- if (i != log_cnt)
- return WC_TEST_RET_ENC_NC;
- /* restore callback and leave logging enabled */
- wolfSSL_SetLoggingCb(NULL);
- wolfSSL_Debugging_ON();
- /* suppress unused args */
- (void)a;
- (void)b;
- #else
- WOLFSSL_ENTER("logging_test");
- ret = wolfSSL_Debugging_ON();
- if (ret != NOT_COMPILED_IN)
- return WC_TEST_RET_ENC_EC(ret);
- wolfSSL_Debugging_OFF();
- ret = wolfSSL_SetLoggingCb(NULL);
- if (ret != NOT_COMPILED_IN)
- return WC_TEST_RET_ENC_EC(ret);
- #endif /* DEBUG_WOLFSSL */
- return 0;
- }
- #if defined(__INCLUDE_NUTTX_CONFIG_H)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void)
- #else
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
- #endif
- {
- #ifdef WOLFSSL_PTHREADS
- wolfSSL_Mutex m;
- #endif
- #if defined(WOLFSSL_PTHREADS) || (!defined(WOLFSSL_NO_MALLOC) && \
- !defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY))
- wc_test_ret_t ret;
- #endif
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
- #ifndef WOLFSSL_STATIC_MEMORY
- wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
- WOLFSSL_ENTER("[wolfcrypt_]mutex_test (1)");
- #else
- wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex),
- HEAP_HINT, DYNAMIC_TYPE_MUTEX);
- WOLFSSL_ENTER("[wolfcrypt_]mutex_test (2)");
- if (mm != NULL) {
- ret = wc_InitMutex(mm);
- if (ret != 0) {
- WOLFSSL_MSG("Init Mutex failed");
- XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
- return WC_TEST_RET_ENC_EC(ret);
- }
- }
- #endif
- if (mm == NULL)
- return WC_TEST_RET_ENC_ERRNO;
- wc_FreeMutex(mm);
- XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
- #endif
- /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */
- #ifdef WOLFSSL_PTHREADS
- ret = wc_InitMutex(&m);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_LockMutex(&m);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
- /* trying to free a locked mutex is not portable behavior with pthread */
- /* Attempting to destroy a locked mutex results in undefined behavior */
- ret = wc_FreeMutex(&m);
- if (ret != BAD_MUTEX_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- ret = wc_UnLockMutex(&m);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_FreeMutex(&m);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
- /* Trying to use a pthread after free'ing is not portable behavior */
- ret = wc_LockMutex(&m);
- if (ret != BAD_MUTEX_E)
- return WC_TEST_RET_ENC_EC(ret);
- ret = wc_UnLockMutex(&m);
- if (ret != BAD_MUTEX_E)
- return WC_TEST_RET_ENC_EC(ret);
- #endif
- #endif
- return 0;
- }
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- static wc_test_ret_t malloc_cnt = 0;
- static wc_test_ret_t realloc_cnt = 0;
- static wc_test_ret_t free_cnt = 0;
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void *my_Malloc_cb(size_t size, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void *my_Malloc_cb(size_t size)
- {
- #endif
- malloc_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- return malloc(size);
- #else
- WOLFSSL_MSG("No malloc available");
- (void)size;
- return NULL;
- #endif
- }
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void my_Free_cb(void *ptr, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void my_Free_cb(void *ptr)
- {
- #endif
- free_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- free(ptr);
- #else
- WOLFSSL_MSG("No free available");
- (void)ptr;
- #endif
- }
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void *my_Realloc_cb(void *ptr, size_t size, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void *my_Realloc_cb(void *ptr, size_t size)
- {
- #endif
- realloc_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- return realloc(ptr, size);
- #else
- WOLFSSL_MSG("No realloc available");
- (void)ptr;
- (void)size;
- return NULL;
- #endif
- }
- #endif /* !WOLFSSL_NO_MALLOC */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
- {
- wc_test_ret_t ret = 0;
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- byte* b = NULL;
- #endif
- wolfSSL_Malloc_cb mc;
- wolfSSL_Free_cb fc;
- wolfSSL_Realloc_cb rc;
- WOLFSSL_ENTER("memcb_test");
- /* Save existing memory callbacks */
- ret = wolfSSL_GetAllocators(&mc, &fc, &rc);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- /* test realloc */
- b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_memcb);
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- b = NULL;
- /* Use API. */
- ret = wolfSSL_SetAllocators((wolfSSL_Malloc_cb)my_Malloc_cb,
- (wolfSSL_Free_cb)my_Free_cb,
- (wolfSSL_Realloc_cb)my_Realloc_cb);
- if (ret != 0) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_memcb);
- }
- b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef WOLFSSL_STATIC_MEMORY
- #ifndef WOLFSSL_CHECK_MEM_ZERO
- if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
- #else
- /* Checking zeroized memory means realloc is a malloc and free. */
- if (malloc_cnt != 2 || free_cnt != 2 || realloc_cnt != 0)
- #endif
- #else
- if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
- #endif
- ret = WC_TEST_RET_ENC_NC;
- #endif /* !WOLFSSL_NO_MALLOC */
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- exit_memcb:
- /* reset malloc/free/realloc counts */
- malloc_cnt = 0;
- free_cnt = 0;
- realloc_cnt = 0;
- #endif
- /* restore memory callbacks */
- wolfSSL_SetAllocators(mc, fc, rc);
- return ret;
- }
- #endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */
- #if defined(WOLFSSL_CAAM_BLOB)
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void)
- {
- wc_test_ret_t ret = 0;
- byte out[112];
- byte blob[112];
- word32 outSz;
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte text[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_ENTER("blob_test");
- XMEMSET(blob, 0, sizeof(blob));
- XMEMSET(out, 0, sizeof(out));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- blob[outSz - 2] += 1;
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret == 0) { /* should fail with altered blob */
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- if (XMEMCMP(out, iv, sizeof(iv))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
- if (XMEMCMP(out, text, sizeof(text))) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
- }
- exit_blob:
- return ret;
- }
- #endif /* WOLFSSL_CAAM_BLOB */
- #ifdef WOLF_CRYPTO_CB
- /* Example custom context for crypto callback */
- typedef struct {
- int exampleVar; /* flag for testing if only crypt is enabled. */
- } myCryptoDevCtx;
- #ifdef WOLF_CRYPTO_CB_ONLY_RSA
- /* Testing rsa cb when CB_ONLY_RSA is enabled
- * When CB_ONLY_RSA is enabled, software imple. is not available.
- *
- * ctx callback ctx
- * returen 0 on success, otherwise return negative
- */
- static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
- {
- wc_test_ret_t ret = 0;
- #if !defined(NO_RSA)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- RsaKey *key = (RsaKey *)XMALLOC(sizeof *key,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte* tmp = NULL;
- #else
- RsaKey key[1];
- byte tmp[FOURK_BUF];
- #endif
- size_t bytes;
- const word32 inLen = (word32)TEST_STRING_SZ;
- word32 idx = 0;
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
- byte out[RSA_TEST_BYTES];
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- #ifdef WOLFSSL_KEY_GEN
- WC_RNG rng;
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- bytes = (size_t)sizeof_client_key_der_3072;
- if (bytes < (size_t)sizeof_client_cert_der_3072)
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- bytes = (size_t)sizeof_client_key_der_4096;
- if (bytes < (size_t)sizeof_client_cert_der_4096)
- bytes = (size_t)sizeof_client_cert_der_4096;
- #else
- bytes = FOURK_BUF;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- ret = WC_TEST_RET_ENC_ERRNO;
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", ret);
- ERROR_OUT(ret, exit_onlycb);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- if (bytes == 0)
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
- #endif
- #ifdef WOLFSSL_KEY_GEN
- /* wc_CryptoCb_MakeRsaKey cb test, no actual making key
- * wc_MakeRsaKey() -> rsa cb ->
- * myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID)
- * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return 0(success)
- */
- ctx->exampleVar = 99;
- ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- /* wc_MakeRsaKey() -> rsa cb ->
- * myCryptoDevCb -> wc_MakeRsaKey(INVALID_DEVID)
- * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return NO_VALID_DEVID(failure)
- */
- ctx->exampleVar = 1;
- ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- #endif
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- sigSz = (word32)wc_RsaEncryptSize(key);
- /* wc_CryptoCb_Rsa cb test, no actual rsa operation */
- if (ret == 0) {
- /* wc_SignatureGenerate() -> rsa cb ->
- * myCryptoDevCb -> wc_RsaFunction(CBONLY_TEST_DEVID)
- * wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success)
- */
- ctx->exampleVar = 99;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- in, inLen, out, &sigSz, key, sizeof(*key), NULL);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- }
- if (ret == 0) {
- /* wc_SignatureGenerate() -> rsa cb ->
- * myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID)
- * wc_SignatureGenerate(INVALID_DEVID) expects to
- * return NO_VALID_DEVID(failure)
- */
- ctx->exampleVar = 1;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- in, inLen, out, &sigSz, key, sizeof(*key), NULL);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- }
- exit_onlycb:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_FreeRsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_FreeRsaKey(key);
- #endif
- #endif
- return ret;
- }
- #endif
- #ifdef WOLF_CRYPTO_CB_ONLY_ECC
- /* Testing rsa cb when CB_ONLY_ECC is enabled
- * When CB_ONLY_ECC is enabled, software imple. is not available.
- *
- * ctx callback ctx
- * returen 0 on success, otherwise return negative
- */
- static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
- {
- wc_test_ret_t ret = 0;
- #if defined(HAVE_ECC)
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key* key = (ecc_key *)XMALLOC(sizeof *key,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte* out = (byte*)XMALLOC(sizeof(byte),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef OPENSSL_EXTRA
- byte* check = (byte*)XMALLOC(sizeof(byte)*(256), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- ecc_key key[1];
- ecc_key pub[1];
- byte out[256];
- #ifdef OPENSSL_EXTRA
- unsigned char check[256];
- #endif
- #endif
- #ifdef OPENSSL_EXTRA
- EVP_PKEY* privKey = NULL;
- EVP_PKEY* pubKey = NULL;
- #ifdef USE_CERT_BUFFERS_256
- ecc_key* pkey;
- const unsigned char* cp;
- #endif
- EVP_MD_CTX mdCtx;
- const char testData[] = "Hi There";
- size_t checkSz = -1;
- const unsigned char* p;
- const unsigned char check_v[256] = {
- 0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09,
- 0x74,0x65,0xa1,0x04,0x76,0x3a,0xce,0xcc,0xe5,0x34,
- 0x5e,0x89,0xed,0x40,0x1e,0x5a,0xb1,0x53,0xb4,0xff,
- 0xc7,0x18,0xfe,0x0f,0xc7,0xa6,0x02,0x21,0x00,0xe5,
- 0x70,0x21,0xfc,0xf9,0x63,0x36,0xfd,0x16,0x18,0x08,
- 0x9a,0x63,0x61,0x0f,0xe7,0x7c,0xa3,0xc9,0x14,0xa3,
- 0x30,0x87,0xf7,0xf5,0x70,0x19,0xaf,0x56,0x96,0x9b,
- 0xd8,0x64,0xcd,0xd9,0xff,0x7b,0x2a,0x55,0x52,0xca,
- 0x41,0xb2,0xa6,0xa4,0x8a,0x3b,0x02,0x20,0x8c,0xc5,
- 0xf9,0xc1,0x7d,0x2a,0x65,0x6c,0xe6,0x5a,0xe3,0x76,
- 0x9b,0xab,0x0b,0x9f,0xaf,0x62,0x5d,0xb2,0x60,0xd7,
- 0xeb,0xb4,0x1b,0x73,0xdc,0x01,0x7d,0x7b,0xab,0xc1,
- 0x0c,0x74,0x96,0x41,0xe6,0x3f,0xc5,0x86,0xe6,0x7d,
- 0x2b,0x9d,0x54,0x6b,0xcd,0x31,0x35,0x1f,0xdb,0x49,
- 0x1f,0x32,0x34,0xf8,0x57,0x12,0x86,0x5c,0x0e,0x80,
- 0x55,0x8d,0xff,0xd8,0xbd,0xdf,0x32,0x26,0x62,0x42,
- 0x09,0xda,0xf7,0x74,0xf2,0x3f,0xe6,0xf1,0x77,0x82,
- 0xce,0xe4,0xbb,0x61,0xa6,0xc0,0x17,0x0c,0x6c,0x47,
- 0x2a,0x40,0x1c,0x2b,0xe0,0x98,0x3b,0xbf,0xc6,0xf8,
- 0x6d,0xfd,0xd0,0xfa,0xc1,0x02,0xfb,0x5f,0xfb,0xb0,
- 0xcb,0xd9,0xa3,0x59,0x94,0xe9,0x0f,0x74,0xbb,0x3f,
- 0x64,0xa3,0x83,0xc4,0x2b,0xf7,0xd2,0x97,0xbf,0x3b,
- 0xcf,0xbb,0x60,0x81,0x33,0x94,0xfa,0x0d,0x35,0xd2,
- 0x3d,0xb9,0x99,0xe3,0x12,0xf8,0xf4,0xa3,0x74,0xf4,
- 0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48,
- 0xef,0x8c,0x94,0x6f,0xdd,0x62,
- };
- #endif
- WC_RNG rng;
- EncryptedInfo encInfo;
- int keyFormat = 0;
- word32 keyIdx = 0;
- byte in[] = "Everyone gets Friday off. ecc p";
- word32 inLen = (word32)XSTRLEN((char*)in);
- word32 outLen;
- int verify;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key == NULL || pub == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
- }
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- /* wc_CryptoCb_MakeEccKey cb test, , no actual testing */
- ctx->exampleVar = 99;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- #ifdef USE_CERT_BUFFERS_256
- if (ret == 0) {
- /* load ECC private key and perform private transform */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &keyIdx,
- key, sizeof_ecc_key_der_256);
- }
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- /* wc_CryptoCb_EccSign cb test, no actual testing */
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
- }
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- }
- else
- ret = 0;
- /* wc_CryptoCb_EccVerify cb test, no actual testing */
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
- }
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- }
- else
- ret = 0;
- /* wc_CryptoCb_Ecdh cb test, no actual testing */
- /* make public key for shared secret */
- wc_ecc_init_ex(pub, HEAP_HINT, devId);
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, out, &outLen);
- }
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, out, &outLen);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- }
- else
- ret = 0;
- #ifdef OPENSSL_EXTRA
- (void)pkey;
- cp = ecc_clikey_der_256;
- privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
- sizeof_ecc_clikey_der_256);
- if (privKey == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- pkey = (ecc_key*)privKey->ecc->internal;
- pkey->devId = devId;
- p = ecc_clikeypub_der_256;
- pubKey = d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256);
- if (pubKey == NULL) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- pkey = (ecc_key*)pubKey->ecc->internal;
- pkey->devId = devId;
- /* sign */
- EVP_MD_CTX_init(&mdCtx);
- ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey);
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ret = EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData));
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ret = EVP_DigestSignFinal(&mdCtx, NULL, &checkSz);
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ctx->exampleVar = 99;
- ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- /* restore checkSz for verify */
- checkSz = 71;
- ret = EVP_MD_CTX_cleanup(&mdCtx);
- if (ret != SSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- /* verify */
- EVP_MD_CTX_init(&mdCtx);
- if (ret == SSL_SUCCESS) {
- ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey);
- }
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData));
- }
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ctx->exampleVar = 99;
- ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0)
- ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
- ctx->exampleVar = 1;
- ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestVerifyFinal returns -1 internally rather than NO_VALID_DEVID.
- */
- if (ret != -1) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- }
- ret = EVP_MD_CTX_cleanup(&mdCtx);
- if (ret != SSL_SUCCESS) {
- ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
- } else
- ret = 0;
- #endif
- #else
- (void)verify;
- (void)outLen;
- (void)inLen;
- (void)out;
- (void)pub;
- #ifdef OPENSSL_EXTRA
- (void)privKey;
- (void)pubKey;
- (void)mdCtx;
- (void)check;
- (void)checkSz;
- (void)p;
- #endif
- #endif
- (void)keyFormat;
- (void)encInfo;
- exit_onlycb:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub != NULL) {
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (out != NULL) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef OPENSSL_EXTRA
- if (check) {
- FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else
- wc_ecc_free(key);
- #ifdef OPENSSL_EXTRA
- if (privKey)
- EVP_PKEY_free(privKey);
- if (pubKey)
- EVP_PKEY_free(pubKey);
- #endif
- #endif
- #endif /* HAVE_ECC */
- return ret;
- }
- #endif
- /* Example crypto dev callback function that calls software version */
- static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
- {
- int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
- myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
- if (info == NULL)
- return BAD_FUNC_ARG;
- #ifdef DEBUG_WOLFSSL
- WOLFSSL_MSG_EX("CryptoDevCb: Algo Type %d\n", info->algo_type);
- #endif
- if (info->algo_type == WC_ALGO_TYPE_RNG) {
- #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
- !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- /* if RNG only supports crypto callback, just use seed */
- ret = wc_GenerateSeed(&info->rng.rng->seed,
- info->rng.out, info->rng.sz);
- #elif !defined(WC_NO_RNG)
- /* set devId to invalid, so software is used */
- info->rng.rng->devId = INVALID_DEVID;
- ret = wc_RNG_GenerateBlock(info->rng.rng,
- info->rng.out, info->rng.sz);
- /* reset devId */
- info->rng.rng->devId = devIdArg;
- #endif
- }
- else if (info->algo_type == WC_ALGO_TYPE_SEED) {
- #ifndef WC_NO_RNG
- ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
- word32* seedWord32 = (word32*)seed;
- word32 len;
- /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
- while (info->seed.sz > 0) {
- len = (word32)sizeof(seed);
- if (info->seed.sz < len)
- len = info->seed.sz;
- XMEMCPY(info->seed.seed, seed, sizeof(seed));
- info->seed.seed += len;
- info->seed.sz -= len;
- (*seedWord32)++;
- }
- ret = 0;
- #endif
- }
- else if (info->algo_type == WC_ALGO_TYPE_PK) {
- #ifdef DEBUG_WOLFSSL
- WOLFSSL_MSG_EX("CryptoDevCb: Pk Type %d\n", info->pk.type);
- #endif
- #ifndef NO_RSA
- if (info->pk.type == WC_PK_TYPE_RSA) {
- /* set devId to invalid, so software is used */
- info->pk.rsa.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.rsa.key->devId = devIdArg;
- return 0;
- }
- #endif
- switch (info->pk.rsa.type) {
- case RSA_PUBLIC_ENCRYPT:
- case RSA_PUBLIC_DECRYPT:
- /* perform software based RSA public op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- case RSA_PRIVATE_ENCRYPT:
- case RSA_PRIVATE_DECRYPT:
- /* perform software based RSA private op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- }
- /* reset devId */
- info->pk.rsa.key->devId = devIdArg;
- }
- #ifdef WOLFSSL_KEY_GEN
- else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
- info->pk.rsakg.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.rsakg.key->devId = devIdArg;
- return 0;
- }
- #endif
- #ifdef HAVE_FIPS
- for (;;) {
- #endif
- ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
- info->pk.rsakg.e, info->pk.rsakg.rng);
- #ifdef HAVE_FIPS
- if (ret == PRIME_GEN_E)
- continue;
- break;
- }
- #endif
- /* reset devId */
- info->pk.rsakg.key->devId = devIdArg;
- }
- #endif
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.eckg.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eckg.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
- info->pk.eckg.key, info->pk.eckg.curveId);
- /* reset devId */
- info->pk.eckg.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
- /* set devId to invalid, so software is used */
- info->pk.eccsign.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eccsign.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_sign_hash(
- info->pk.eccsign.in, info->pk.eccsign.inlen,
- info->pk.eccsign.out, info->pk.eccsign.outlen,
- info->pk.eccsign.rng, info->pk.eccsign.key);
- /* reset devId */
- info->pk.eccsign.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
- /* set devId to invalid, so software is used */
- info->pk.eccverify.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eccverify.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_verify_hash(
- info->pk.eccverify.sig, info->pk.eccverify.siglen,
- info->pk.eccverify.hash, info->pk.eccverify.hashlen,
- info->pk.eccverify.res, info->pk.eccverify.key);
- /* reset devId */
- info->pk.eccverify.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDH) {
- /* set devId to invalid, so software is used */
- info->pk.ecdh.private_key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.ecdh.private_key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_shared_secret(
- info->pk.ecdh.private_key, info->pk.ecdh.public_key,
- info->pk.ecdh.out, info->pk.ecdh.outlen);
- /* reset devId */
- info->pk.ecdh.private_key->devId = devIdArg;
- }
- #endif /* HAVE_ECC */
- #ifdef HAVE_CURVE25519
- if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.curve25519kg.key->devId = INVALID_DEVID;
- ret = wc_curve25519_make_key(info->pk.curve25519kg.rng,
- info->pk.curve25519kg.size, info->pk.curve25519kg.key);
- /* reset devId */
- info->pk.curve25519kg.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_CURVE25519) {
- /* set devId to invalid, so software is used */
- info->pk.curve25519.private_key->devId = INVALID_DEVID;
- ret = wc_curve25519_shared_secret_ex(
- info->pk.curve25519.private_key, info->pk.curve25519.public_key,
- info->pk.curve25519.out, info->pk.curve25519.outlen,
- info->pk.curve25519.endian);
- /* reset devId */
- info->pk.curve25519.private_key->devId = devIdArg;
- }
- #endif /* HAVE_CURVE25519 */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY)
- if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519kg.key->devId = INVALID_DEVID;
- ret = wc_ed25519_make_key(info->pk.ed25519kg.rng,
- info->pk.ed25519kg.size, info->pk.ed25519kg.key);
- /* reset devId */
- info->pk.ed25519kg.key->devId = devIdArg;
- }
- #ifdef HAVE_ED25519_SIGN
- else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519sign.key->devId = INVALID_DEVID;
- ret = wc_ed25519_sign_msg_ex(
- info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
- info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
- info->pk.ed25519sign.key, info->pk.ed25519sign.type,
- info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen);
- /* reset devId */
- info->pk.ed25519sign.key->devId = devIdArg;
- }
- #endif
- #ifdef HAVE_ED25519_VERIFY
- else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519verify.key->devId = INVALID_DEVID;
- ret = wc_ed25519_verify_msg_ex(
- info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen,
- info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen,
- info->pk.ed25519verify.res, info->pk.ed25519verify.key,
- info->pk.ed25519verify.type, info->pk.ed25519verify.context,
- info->pk.ed25519verify.contextLen);
- /* reset devId */
- info->pk.ed25519verify.key->devId = devIdArg;
- }
- #endif
- #endif /* HAVE_ED25519 */
- }
- else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
- #if !defined(NO_AES) || !defined(NO_DES3)
- #ifdef HAVE_AESGCM
- if (info->cipher.type == WC_CIPHER_AES_GCM) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
- ret = wc_AesGcmEncrypt(
- info->cipher.aesgcm_enc.aes,
- info->cipher.aesgcm_enc.out,
- info->cipher.aesgcm_enc.in,
- info->cipher.aesgcm_enc.sz,
- info->cipher.aesgcm_enc.iv,
- info->cipher.aesgcm_enc.ivSz,
- info->cipher.aesgcm_enc.authTag,
- info->cipher.aesgcm_enc.authTagSz,
- info->cipher.aesgcm_enc.authIn,
- info->cipher.aesgcm_enc.authInSz);
- /* reset devId */
- info->cipher.aesgcm_enc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
- ret = wc_AesGcmDecrypt(
- info->cipher.aesgcm_dec.aes,
- info->cipher.aesgcm_dec.out,
- info->cipher.aesgcm_dec.in,
- info->cipher.aesgcm_dec.sz,
- info->cipher.aesgcm_dec.iv,
- info->cipher.aesgcm_dec.ivSz,
- info->cipher.aesgcm_dec.authTag,
- info->cipher.aesgcm_dec.authTagSz,
- info->cipher.aesgcm_dec.authIn,
- info->cipher.aesgcm_dec.authInSz);
- /* reset devId */
- info->cipher.aesgcm_dec.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AESGCM */
- #ifdef HAVE_AES_CBC
- if (info->cipher.type == WC_CIPHER_AES_CBC) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aescbc.aes->devId = INVALID_DEVID;
- ret = wc_AesCbcEncrypt(
- info->cipher.aescbc.aes,
- info->cipher.aescbc.out,
- info->cipher.aescbc.in,
- info->cipher.aescbc.sz);
- /* reset devId */
- info->cipher.aescbc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aescbc.aes->devId = INVALID_DEVID;
- ret = wc_AesCbcDecrypt(
- info->cipher.aescbc.aes,
- info->cipher.aescbc.out,
- info->cipher.aescbc.in,
- info->cipher.aescbc.sz);
- /* reset devId */
- info->cipher.aescbc.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- if (info->cipher.type == WC_CIPHER_AES_ECB) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesecb.aes->devId = INVALID_DEVID;
- ret = wc_AesEcbEncrypt(
- info->cipher.aesecb.aes,
- info->cipher.aesecb.out,
- info->cipher.aesecb.in,
- info->cipher.aesecb.sz);
- /* reset devId */
- info->cipher.aesecb.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesecb.aes->devId = INVALID_DEVID;
- ret = wc_AesEcbDecrypt(
- info->cipher.aesecb.aes,
- info->cipher.aesecb.out,
- info->cipher.aesecb.in,
- info->cipher.aesecb.sz);
- /* reset devId */
- info->cipher.aesecb.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AES_ECB */
- #if defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_FIPS) && \
- !defined(HAVE_SELFTEST)
- if (info->cipher.type == WC_CIPHER_AES_CTR) {
- /* set devId to invalid, so software is used */
- info->cipher.aesctr.aes->devId = INVALID_DEVID;
- ret = wc_AesCtrEncrypt(
- info->cipher.aesctr.aes,
- info->cipher.aesctr.out,
- info->cipher.aesctr.in,
- info->cipher.aesctr.sz);
- /* reset devId */
- info->cipher.aesctr.aes->devId = devIdArg;
- }
- #endif /* WOLFSSL_AES_COUNTER */
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if (info->cipher.type == WC_CIPHER_AES_CCM) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesccm_enc.aes->devId = INVALID_DEVID;
- ret = wc_AesCcmEncrypt(
- info->cipher.aesccm_enc.aes,
- info->cipher.aesccm_enc.out,
- info->cipher.aesccm_enc.in,
- info->cipher.aesccm_enc.sz,
- info->cipher.aesccm_enc.nonce,
- info->cipher.aesccm_enc.nonceSz,
- info->cipher.aesccm_enc.authTag,
- info->cipher.aesccm_enc.authTagSz,
- info->cipher.aesccm_enc.authIn,
- info->cipher.aesccm_enc.authInSz);
- /* reset devId */
- info->cipher.aesccm_enc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesccm_dec.aes->devId = INVALID_DEVID;
- ret = wc_AesCcmDecrypt(
- info->cipher.aesccm_dec.aes,
- info->cipher.aesccm_dec.out,
- info->cipher.aesccm_dec.in,
- info->cipher.aesccm_dec.sz,
- info->cipher.aesccm_dec.nonce,
- info->cipher.aesccm_dec.nonceSz,
- info->cipher.aesccm_dec.authTag,
- info->cipher.aesccm_dec.authTagSz,
- info->cipher.aesccm_dec.authIn,
- info->cipher.aesccm_dec.authInSz);
- /* reset devId */
- info->cipher.aesccm_dec.aes->devId = devIdArg;
- }
- }
- #endif
- #ifndef NO_DES3
- if (info->cipher.type == WC_CIPHER_DES3) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.des3.des->devId = INVALID_DEVID;
- ret = wc_Des3_CbcEncrypt(
- info->cipher.des3.des,
- info->cipher.des3.out,
- info->cipher.des3.in,
- info->cipher.des3.sz);
- /* reset devId */
- info->cipher.des3.des->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.des3.des->devId = INVALID_DEVID;
- ret = wc_Des3_CbcDecrypt(
- info->cipher.des3.des,
- info->cipher.des3.out,
- info->cipher.des3.in,
- info->cipher.des3.sz);
- /* reset devId */
- info->cipher.des3.des->devId = devIdArg;
- }
- }
- #endif /* !NO_DES3 */
- #endif /* !NO_AES || !NO_DES3 */
- }
- #if !defined(NO_SHA) || !defined(NO_SHA256) || \
- defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
- else if (info->algo_type == WC_ALGO_TYPE_HASH) {
- #if !defined(NO_SHA)
- if (info->hash.type == WC_HASH_TYPE_SHA) {
- if (info->hash.sha1 == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hash.sha1->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_ShaUpdate(
- info->hash.sha1,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_ShaFinal(
- info->hash.sha1,
- info->hash.digest);
- }
- /* reset devId */
- info->hash.sha1->devId = devIdArg;
- }
- else
- #endif
- #if !defined(NO_SHA256)
- if (info->hash.type == WC_HASH_TYPE_SHA256) {
- if (info->hash.sha256 == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hash.sha256->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_Sha256Update(
- info->hash.sha256,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha256Final(
- info->hash.sha256,
- info->hash.digest);
- }
- /* reset devId */
- info->hash.sha256->devId = devIdArg;
- }
- else
- #endif
- #ifdef WOLFSSL_SHA384
- if (info->hash.type == WC_HASH_TYPE_SHA384) {
- if (info->hash.sha384 == NULL)
- return NOT_COMPILED_IN;
- #ifndef NO_SHA2_CRYPTO_CB
- /* set devId to invalid, so software is used */
- info->hash.sha384->devId = INVALID_DEVID;
- #endif
- if (info->hash.in != NULL) {
- ret = wc_Sha384Update(
- info->hash.sha384,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha384Final(
- info->hash.sha384,
- info->hash.digest);
- }
- #ifndef NO_SHA2_CRYPTO_CB
- /* reset devId */
- info->hash.sha384->devId = devIdArg;
- #endif
- }
- else
- #endif
- #ifdef WOLFSSL_SHA512
- if (info->hash.type == WC_HASH_TYPE_SHA512) {
- if (info->hash.sha512 == NULL)
- return NOT_COMPILED_IN;
- #ifndef NO_SHA2_CRYPTO_CB
- /* set devId to invalid, so software is used */
- info->hash.sha512->devId = INVALID_DEVID;
- #endif
- if (info->hash.in != NULL) {
- ret = wc_Sha512Update(
- info->hash.sha512,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha512Final(
- info->hash.sha512,
- info->hash.digest);
- }
- #ifndef NO_SHA2_CRYPTO_CB
- /* reset devId */
- info->hash.sha512->devId = devIdArg;
- #endif
- }
- else
- #endif
- {
- }
- }
- #endif /* !NO_SHA || !NO_SHA256 */
- #ifndef NO_HMAC
- else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
- if (info->hmac.hmac == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hmac.hmac->devId = INVALID_DEVID;
- if (info->hmac.in != NULL) {
- ret = wc_HmacUpdate(
- info->hmac.hmac,
- info->hmac.in,
- info->hmac.inSz);
- }
- else if (info->hmac.digest != NULL) {
- ret = wc_HmacFinal(
- info->hmac.hmac,
- info->hmac.digest);
- }
- /* reset devId */
- info->hmac.hmac->devId = devIdArg;
- }
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
- if (info->cmac.cmac == NULL) {
- return NOT_COMPILED_IN;
- }
- /* set devId to invalid so software is used */
- info->cmac.cmac->devId = INVALID_DEVID;
- /* Handle one-shot cases */
- if (info->cmac.key != NULL && info->cmac.in != NULL
- && info->cmac.out != NULL) {
- ret = wc_AesCmacGenerate(info->cmac.out,
- info->cmac.outSz,
- info->cmac.in,
- info->cmac.inSz,
- info->cmac.key,
- info->cmac.keySz);
- /* Sequentially handle incremental cases */
- } else {
- if (info->cmac.key != NULL) {
- ret = wc_InitCmac(info->cmac.cmac,
- info->cmac.key,
- info->cmac.keySz,
- info->cmac.type,
- NULL);
- }
- if ((ret == 0) && (info->cmac.in != NULL)) {
- ret = wc_CmacUpdate(info->cmac.cmac,
- info->cmac.in,
- info->cmac.inSz);
- }
- if ((ret ==0) && (info->cmac.out != NULL)) {
- ret = wc_CmacFinal(info->cmac.cmac,
- info->cmac.out,
- info->cmac.outSz);
- }
- }
- /* reset devId */
- info->cmac.cmac->devId = devIdArg;
- }
- #endif /* WOLFSSL_CMAC && !(NO_AES) && WOLFSSL_AES_DIRECT */
- (void)devIdArg;
- (void)myCtx;
- return ret;
- }
- #ifdef WOLF_CRYPTO_CB_FIND
- static int myCryptoCbFind(int currentId, int algoType)
- {
- /* can have algo specific overrides here
- switch (algoType) {
- i.e.
- WC_ALGO_TYPE_CMAC
- WC_ALGO_TYPE_SEED
- WC_ALGO_TYPE_HMAC
- WC_ALGO_TYPE_HASH
- WC_ALGO_TYPE_CIPHER
- WC_ALGO_TYPE_PK
- }
- */
- (void)algoType;
- if (currentId == INVALID_DEVID) {
- /* can override invalid devid found with 1 */
- }
- return currentId;
- }
- #endif /* WOLF_CRYPTO_CB_FIND */
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
- {
- wc_test_ret_t ret = 0;
- int origDevId = devId;
- myCryptoDevCtx myCtx;
- WOLFSSL_ENTER("cryptocb_test");
- /* example data for callback */
- myCtx.exampleVar = 1;
- /* set devId to something other than INVALID_DEVID */
- devId = 1;
- ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
- #ifdef WOLF_CRYPTO_CB_FIND
- wc_CryptoCb_SetDeviceFindCb(myCryptoCbFind);
- #endif /* WOLF_CRYPTO_CB_FIND */
- #ifndef WC_NO_RNG
- if (ret == 0)
- ret = random_test();
- #endif /* WC_NO_RNG */
- #if !defined(NO_RSA)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = rsa_test();
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = rsa_onlycb_test(&myCtx);
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(HAVE_ECC)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = ecc_test();
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = ecc_onlycb_test(&myCtx);
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef HAVE_ED25519
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = ed25519_test();
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef HAVE_CURVE25519
- if (ret == 0)
- ret = curve25519_test();
- #endif
- #ifndef NO_AES
- #ifdef HAVE_AESGCM
- if (ret == 0)
- ret = aesgcm_test();
- #endif
- #ifdef HAVE_AES_CBC
- if (ret == 0)
- ret = aes_test();
- #endif
- #ifdef WOLFSSL_AES_XTS
- if (ret == 0)
- ret = aes_xts_test();
- #endif
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if (ret == 0)
- ret = aesccm_test();
- #endif
- #endif /* !NO_AES */
- #ifndef NO_DES3
- if (ret == 0)
- ret = des3_test();
- #endif /* !NO_DES3 */
- #ifndef NO_SHA
- if (ret == 0)
- ret = sha_test();
- #endif
- #ifndef NO_SHA256
- if (ret == 0)
- ret = sha256_test();
- #endif
- #ifdef WOLFSSL_SHA384
- if (ret == 0)
- ret = sha384_test();
- #endif
- #ifdef WOLFSSL_SHA512
- if (ret == 0)
- ret = sha512_test();
- #endif
- #ifndef NO_HMAC
- #ifndef NO_SHA
- if (ret == 0)
- ret = hmac_sha_test();
- #endif
- #ifndef NO_SHA256
- if (ret == 0)
- ret = hmac_sha256_test();
- #endif
- #endif
- #ifndef NO_PWDBASED
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = pbkdf2_test();
- PRIVATE_KEY_LOCK();
- #endif
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if (ret == 0)
- ret = cmac_test();
- #endif
- /* restore devId */
- devId = origDevId;
- return ret;
- }
- #endif /* WOLF_CRYPTO_CB */
- #ifdef WOLFSSL_CERT_PIV
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void)
- {
- wc_test_ret_t ret;
- wc_CertPIV piv;
- /* Template for Identiv PIV cert, nonce and signature */
- WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
- 0x0A, 0x0B,
- 0x53, 0x09, /* NIST PIV Cert */
- 0x70, 0x02, /* Certificate */
- 0x30, 0x00,
- 0x71, 0x01, 0x05, /* Cert Info */
- 0xFE, 0x00, /* Error Detection */
- 0x0B, 0x01, 0x00, /* Nonce */
- 0x0C, 0x01, 0x00, /* Signed Nonce */
- };
- /* PIV certificate data including certificate, info and error detection. */
- WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
- 0x53, 0x09, /* NIST PIV Cert */
- 0x70, 0x02, /* Certificate */
- 0x30, 0x00,
- 0x71, 0x01, 0x04, /* Cert Info */
- 0xFE, 0x00, /* Error Detection */
- };
- WOLFSSL_ENTER("certpiv_test");
- XMEMSET(&piv, 0, sizeof(piv));
- /* Test with Identiv 0x0A, 0x0B and 0x0C markers */
- ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (!piv.isIdentiv) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.cert == NULL) || (piv.certSz != 2)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
- return WC_TEST_RET_ENC_NC;
- }
- if (!piv.isX509) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
- return WC_TEST_RET_ENC_NC;
- }
- XMEMSET(&piv, 0, sizeof(piv));
- /* Test with NIST PIV format */
- ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- if (piv.isIdentiv) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.cert == NULL) || (piv.certSz != 2)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
- return WC_TEST_RET_ENC_NC;
- }
- if ((piv.compression != 0)) {
- return WC_TEST_RET_ENC_NC;
- }
- if (!piv.isX509) {
- return WC_TEST_RET_ENC_NC;
- }
- return ret;
- }
- #endif /* WOLFSSL_CERT_PIV */
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- static time_t time_cb(time_t* t)
- {
- if (t != NULL) {
- *t = 99;
- }
- return 99;
- }
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void)
- {
- time_t t;
- wc_test_ret_t ret;
- WOLFSSL_ENTER("time_test");
- ret = wc_SetTimeCb(time_cb);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- t = wc_Time(NULL);
- if (t != 99)
- return WC_TEST_RET_ENC_NC;
- ret = wc_GetTime(&t, sizeof(time_t));
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- if (t != 99)
- return WC_TEST_RET_ENC_NC;
- ret = wc_SetTimeCb(NULL);
- if (ret != 0)
- return WC_TEST_RET_ENC_EC(ret);
- return 0;
- }
- #endif
- #ifdef WOLFSSL_AES_SIV
- typedef struct {
- const byte key[33];
- word32 keySz;
- const byte nonce[49];
- word32 nonceSz;
- const byte assoc[81];
- word32 assocSz;
- const byte plaintext[83];
- word32 plaintextSz;
- const byte siv[AES_BLOCK_SIZE+1];
- const byte ciphertext[82];
- word32 ciphertextSz;
- } AesSivTestVector;
- #define AES_SIV_TEST_VECTORS 7
- WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
- {
- /* These test vectors come from chrony 4.1's SIV unit tests. */
- WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = {
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "", 0,
- "", 0,
- "\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21",
- "", 0
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "", 0,
- "\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef",
- "", 0
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "", 0,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1",
- "\x14\xff\xb3\x97\x34\x5c\xcb\xe4\x4a\xa4\xde\xac\xd9\x36\x90\x46", 16
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15,
- "\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03",
- "\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16,
- "\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb",
- "\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\xd5", 17,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b"
- "\xa0", 17,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7"
- "\x08", 17,
- "\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49",
- "\xa5\x11\xcd\xb6\x08\xf3\x76\xa0\xb6\xfa\x15\x82\xf3\x95\xe1\xeb"
- "\xbd", 17
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c"
- "\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09"
- "\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48,
- "\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06"
- "\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27"
- "\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27"
- "\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe"
- "\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79,
- "\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2"
- "\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2"
- "\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99"
- "\xae\x81\xa1\xca\x5b\x5f\x45\xa6\x6f\x0c\x8a\xf3\xd4\x67\x40\x81"
- "\x26\xe2\x01\x86\xe8\x5a\xd5\xf8\x58\x80\x9f\x56\xaa\x76\x96\xbf"
- "\x31", 81,
- "\x9a\x06\x33\xe0\xee\x00\x6a\x9b\xc8\x20\xd5\xe2\xc2\xed\xb5\x75",
- "\xfa\x9e\x42\x2a\x31\x6b\xda\xca\xaa\x7d\x31\x8b\x84\x7a\xb8\xd7"
- "\x8a\x81\x25\x64\xed\x41\x9b\xa9\x77\x10\xbd\x05\x0c\x4e\xc5\x31"
- "\x0c\xa2\x86\xec\x8a\x94\xc8\x24\x23\x3c\x13\xee\xa5\x51\xc9\xdf"
- "\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17"
- "\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c"
- "\xa1", 81
- }};
- int i;
- byte computedCiphertext[82];
- byte computedPlaintext[82];
- byte siv[AES_BLOCK_SIZE];
- wc_test_ret_t ret = 0;
- WOLFSSL_ENTER("aes_siv_test");
- for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
- ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
- testVectors[i].assoc, testVectors[i].assocSz,
- testVectors[i].nonce, testVectors[i].nonceSz,
- testVectors[i].plaintext,
- testVectors[i].plaintextSz, siv,
- computedCiphertext);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = XMEMCMP(siv, testVectors[i].siv, AES_BLOCK_SIZE);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
- testVectors[i].ciphertextSz);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- ret = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz,
- testVectors[i].assoc, testVectors[i].assocSz,
- testVectors[i].nonce, testVectors[i].nonceSz,
- computedCiphertext, testVectors[i].plaintextSz,
- siv, computedPlaintext);
- if (ret != 0) {
- return WC_TEST_RET_ENC_EC(ret);
- }
- ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
- testVectors[i].plaintextSz);
- if (ret != 0) {
- return WC_TEST_RET_ENC_NC;
- }
- }
- return 0;
- }
- #endif
- #undef ERROR_OUT
- static const int fiducial4 = WC_TEST_RET_LN;
- /* print the fiducial line numbers assigned above, allowing confirmation of
- * source code version match when in doubt.
- */
- static void print_fiducials(void) {
- printf(" [fiducial line numbers: %d %d %d %d]\n",
- fiducial1, fiducial2, fiducial3, fiducial4);
- }
- #else
- #ifndef NO_MAIN_DRIVER
- int main(void) { return 0; }
- #endif
- #endif /* NO_CRYPT_TEST */
|