12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161616261636164616561666167616861696170617161726173617461756176617761786179618061816182618361846185618661876188618961906191619261936194619561966197619861996200620162026203620462056206620762086209621062116212621362146215621662176218621962206221622262236224622562266227622862296230623162326233623462356236623762386239624062416242624362446245624662476248624962506251625262536254625562566257625862596260626162626263626462656266626762686269627062716272627362746275627662776278627962806281628262836284628562866287628862896290629162926293629462956296629762986299630063016302630363046305630663076308630963106311631263136314631563166317631863196320632163226323632463256326632763286329633063316332633363346335633663376338633963406341634263436344634563466347634863496350635163526353635463556356635763586359636063616362636363646365636663676368636963706371637263736374637563766377637863796380638163826383638463856386638763886389639063916392639363946395639663976398639964006401640264036404640564066407640864096410641164126413641464156416641764186419642064216422642364246425642664276428642964306431643264336434643564366437643864396440644164426443644464456446644764486449645064516452645364546455645664576458645964606461646264636464646564666467646864696470647164726473647464756476647764786479648064816482648364846485648664876488648964906491649264936494649564966497649864996500650165026503650465056506650765086509651065116512651365146515651665176518651965206521652265236524652565266527652865296530653165326533653465356536653765386539654065416542654365446545654665476548654965506551655265536554655565566557655865596560656165626563656465656566656765686569657065716572657365746575657665776578657965806581658265836584658565866587658865896590659165926593659465956596659765986599660066016602660366046605660666076608660966106611661266136614661566166617661866196620662166226623662466256626662766286629663066316632663366346635663666376638663966406641664266436644664566466647664866496650665166526653665466556656665766586659666066616662666366646665666666676668666966706671667266736674667566766677667866796680668166826683668466856686668766886689669066916692669366946695669666976698669967006701670267036704670567066707670867096710671167126713671467156716671767186719672067216722672367246725672667276728672967306731673267336734673567366737673867396740674167426743674467456746674767486749675067516752675367546755675667576758675967606761676267636764676567666767676867696770677167726773677467756776677767786779678067816782678367846785678667876788678967906791679267936794679567966797679867996800680168026803680468056806680768086809681068116812681368146815681668176818681968206821682268236824682568266827682868296830683168326833683468356836683768386839684068416842684368446845684668476848684968506851685268536854685568566857685868596860686168626863686468656866686768686869687068716872687368746875687668776878687968806881688268836884688568866887688868896890689168926893689468956896689768986899690069016902690369046905690669076908690969106911691269136914691569166917691869196920692169226923692469256926692769286929693069316932693369346935693669376938693969406941694269436944694569466947694869496950695169526953695469556956695769586959696069616962696369646965696669676968696969706971697269736974697569766977697869796980698169826983698469856986698769886989699069916992699369946995699669976998699970007001700270037004700570067007700870097010701170127013701470157016701770187019702070217022702370247025702670277028702970307031703270337034703570367037703870397040704170427043704470457046704770487049705070517052705370547055705670577058705970607061706270637064706570667067706870697070707170727073707470757076707770787079708070817082708370847085708670877088708970907091709270937094709570967097709870997100710171027103710471057106710771087109711071117112711371147115711671177118711971207121712271237124712571267127712871297130713171327133713471357136713771387139714071417142714371447145714671477148714971507151715271537154715571567157715871597160716171627163716471657166716771687169717071717172717371747175717671777178717971807181718271837184718571867187718871897190719171927193719471957196719771987199720072017202720372047205720672077208720972107211721272137214721572167217721872197220722172227223722472257226722772287229723072317232723372347235723672377238723972407241724272437244724572467247724872497250725172527253725472557256725772587259726072617262726372647265726672677268726972707271727272737274727572767277727872797280728172827283728472857286728772887289729072917292729372947295729672977298729973007301730273037304730573067307730873097310731173127313731473157316731773187319732073217322732373247325732673277328732973307331733273337334733573367337733873397340734173427343734473457346734773487349735073517352735373547355735673577358735973607361736273637364736573667367736873697370737173727373737473757376737773787379738073817382738373847385738673877388738973907391739273937394739573967397739873997400740174027403740474057406740774087409741074117412741374147415741674177418741974207421742274237424742574267427742874297430743174327433743474357436743774387439744074417442744374447445744674477448744974507451745274537454745574567457745874597460746174627463746474657466746774687469747074717472747374747475747674777478747974807481748274837484748574867487748874897490749174927493749474957496749774987499750075017502750375047505750675077508750975107511751275137514751575167517751875197520752175227523752475257526752775287529753075317532753375347535753675377538753975407541754275437544754575467547754875497550755175527553755475557556755775587559756075617562756375647565756675677568756975707571757275737574757575767577757875797580758175827583758475857586758775887589759075917592759375947595759675977598759976007601760276037604760576067607760876097610761176127613761476157616761776187619762076217622762376247625762676277628762976307631763276337634763576367637763876397640764176427643764476457646764776487649765076517652765376547655765676577658765976607661766276637664766576667667766876697670767176727673767476757676767776787679768076817682768376847685768676877688768976907691769276937694769576967697769876997700770177027703770477057706770777087709771077117712771377147715771677177718771977207721772277237724772577267727772877297730773177327733773477357736773777387739774077417742774377447745774677477748774977507751775277537754775577567757775877597760776177627763776477657766776777687769777077717772777377747775777677777778777977807781778277837784778577867787778877897790779177927793779477957796779777987799780078017802780378047805780678077808780978107811781278137814781578167817781878197820782178227823782478257826782778287829783078317832783378347835783678377838783978407841784278437844784578467847784878497850785178527853785478557856785778587859786078617862786378647865786678677868786978707871787278737874787578767877787878797880788178827883788478857886788778887889789078917892789378947895789678977898789979007901790279037904790579067907790879097910791179127913791479157916791779187919792079217922792379247925792679277928792979307931793279337934793579367937793879397940794179427943794479457946794779487949795079517952795379547955795679577958795979607961796279637964796579667967796879697970797179727973797479757976797779787979798079817982798379847985798679877988798979907991799279937994799579967997799879998000800180028003800480058006800780088009801080118012801380148015801680178018801980208021802280238024802580268027802880298030803180328033803480358036803780388039804080418042804380448045804680478048804980508051805280538054805580568057805880598060806180628063806480658066806780688069807080718072807380748075807680778078807980808081808280838084808580868087808880898090809180928093809480958096809780988099810081018102810381048105810681078108810981108111811281138114811581168117811881198120812181228123812481258126812781288129813081318132813381348135813681378138813981408141814281438144814581468147814881498150815181528153815481558156815781588159816081618162816381648165816681678168816981708171817281738174817581768177817881798180818181828183818481858186818781888189819081918192819381948195819681978198819982008201820282038204820582068207820882098210821182128213821482158216821782188219822082218222822382248225822682278228822982308231823282338234823582368237823882398240824182428243824482458246824782488249825082518252825382548255825682578258825982608261826282638264826582668267826882698270827182728273827482758276827782788279828082818282828382848285828682878288828982908291829282938294829582968297829882998300830183028303830483058306830783088309831083118312831383148315831683178318831983208321832283238324832583268327832883298330833183328333833483358336833783388339834083418342834383448345834683478348834983508351835283538354835583568357835883598360836183628363836483658366836783688369837083718372837383748375837683778378837983808381838283838384838583868387838883898390839183928393839483958396839783988399840084018402840384048405840684078408840984108411841284138414841584168417841884198420842184228423842484258426842784288429843084318432843384348435843684378438843984408441844284438444844584468447844884498450845184528453845484558456845784588459846084618462846384648465846684678468846984708471847284738474847584768477847884798480848184828483848484858486848784888489849084918492849384948495849684978498849985008501850285038504850585068507850885098510851185128513851485158516851785188519852085218522852385248525852685278528852985308531853285338534853585368537853885398540854185428543854485458546854785488549855085518552855385548555855685578558855985608561856285638564856585668567856885698570857185728573857485758576857785788579858085818582858385848585858685878588858985908591859285938594859585968597859885998600860186028603860486058606860786088609861086118612861386148615861686178618861986208621862286238624862586268627862886298630863186328633863486358636863786388639864086418642864386448645864686478648864986508651865286538654865586568657865886598660866186628663866486658666866786688669867086718672867386748675867686778678867986808681868286838684868586868687868886898690869186928693869486958696869786988699870087018702870387048705870687078708870987108711871287138714871587168717871887198720872187228723872487258726872787288729873087318732873387348735873687378738873987408741874287438744874587468747874887498750875187528753875487558756875787588759876087618762876387648765876687678768876987708771877287738774877587768777877887798780878187828783878487858786878787888789879087918792879387948795879687978798879988008801880288038804880588068807880888098810881188128813881488158816881788188819882088218822882388248825882688278828882988308831883288338834883588368837883888398840884188428843884488458846884788488849885088518852885388548855885688578858885988608861886288638864886588668867886888698870887188728873887488758876887788788879888088818882888388848885888688878888888988908891889288938894889588968897889888998900890189028903890489058906890789088909891089118912891389148915891689178918891989208921892289238924892589268927892889298930893189328933893489358936893789388939894089418942894389448945894689478948894989508951895289538954895589568957895889598960896189628963896489658966896789688969897089718972897389748975897689778978897989808981898289838984898589868987898889898990899189928993899489958996899789988999900090019002900390049005900690079008900990109011901290139014901590169017901890199020902190229023902490259026902790289029903090319032903390349035903690379038903990409041904290439044904590469047904890499050905190529053905490559056905790589059906090619062906390649065906690679068906990709071907290739074907590769077907890799080908190829083908490859086908790889089909090919092909390949095909690979098909991009101910291039104910591069107910891099110911191129113911491159116911791189119912091219122912391249125912691279128912991309131913291339134913591369137913891399140914191429143914491459146914791489149915091519152915391549155915691579158915991609161916291639164916591669167916891699170917191729173917491759176917791789179918091819182918391849185918691879188918991909191919291939194919591969197919891999200920192029203920492059206920792089209921092119212921392149215921692179218921992209221922292239224922592269227922892299230923192329233923492359236923792389239924092419242924392449245924692479248924992509251925292539254925592569257925892599260926192629263926492659266926792689269927092719272927392749275927692779278927992809281928292839284928592869287928892899290929192929293929492959296929792989299930093019302930393049305930693079308930993109311931293139314931593169317931893199320932193229323932493259326932793289329933093319332933393349335933693379338933993409341934293439344934593469347934893499350935193529353935493559356935793589359936093619362936393649365936693679368936993709371937293739374937593769377937893799380938193829383938493859386938793889389939093919392939393949395939693979398939994009401940294039404940594069407940894099410941194129413941494159416941794189419942094219422942394249425942694279428942994309431943294339434943594369437943894399440944194429443944494459446944794489449945094519452945394549455945694579458945994609461946294639464946594669467946894699470947194729473947494759476947794789479948094819482948394849485948694879488948994909491949294939494949594969497949894999500950195029503950495059506950795089509951095119512951395149515951695179518951995209521952295239524952595269527952895299530953195329533953495359536953795389539954095419542954395449545954695479548954995509551955295539554955595569557955895599560956195629563956495659566956795689569957095719572957395749575957695779578957995809581958295839584958595869587958895899590959195929593959495959596959795989599960096019602960396049605960696079608960996109611961296139614961596169617961896199620962196229623962496259626962796289629963096319632963396349635963696379638963996409641964296439644964596469647964896499650965196529653965496559656965796589659966096619662966396649665966696679668966996709671967296739674967596769677967896799680968196829683968496859686968796889689969096919692969396949695969696979698969997009701970297039704970597069707970897099710971197129713971497159716971797189719972097219722972397249725972697279728972997309731973297339734973597369737973897399740974197429743974497459746974797489749975097519752975397549755975697579758975997609761976297639764976597669767976897699770977197729773977497759776977797789779978097819782978397849785978697879788978997909791979297939794979597969797979897999800980198029803980498059806980798089809981098119812981398149815981698179818981998209821982298239824982598269827982898299830983198329833983498359836983798389839984098419842984398449845984698479848984998509851985298539854985598569857985898599860986198629863986498659866986798689869987098719872987398749875987698779878987998809881988298839884988598869887988898899890989198929893989498959896989798989899990099019902990399049905990699079908990999109911991299139914991599169917991899199920992199229923992499259926992799289929993099319932993399349935993699379938993999409941994299439944994599469947994899499950995199529953995499559956995799589959996099619962996399649965996699679968996999709971997299739974997599769977997899799980998199829983998499859986998799889989999099919992999399949995999699979998999910000100011000210003100041000510006100071000810009100101001110012100131001410015100161001710018100191002010021100221002310024100251002610027100281002910030100311003210033100341003510036100371003810039100401004110042100431004410045100461004710048100491005010051100521005310054100551005610057100581005910060100611006210063100641006510066100671006810069100701007110072100731007410075100761007710078100791008010081100821008310084100851008610087100881008910090100911009210093100941009510096100971009810099101001010110102101031010410105101061010710108101091011010111101121011310114101151011610117101181011910120101211012210123101241012510126101271012810129101301013110132101331013410135101361013710138101391014010141101421014310144101451014610147101481014910150101511015210153101541015510156101571015810159101601016110162101631016410165101661016710168101691017010171101721017310174101751017610177101781017910180101811018210183101841018510186101871018810189101901019110192101931019410195101961019710198101991020010201102021020310204102051020610207102081020910210102111021210213102141021510216102171021810219102201022110222102231022410225102261022710228102291023010231102321023310234102351023610237102381023910240102411024210243102441024510246102471024810249102501025110252102531025410255102561025710258102591026010261102621026310264102651026610267102681026910270102711027210273102741027510276102771027810279102801028110282102831028410285102861028710288102891029010291102921029310294102951029610297102981029910300103011030210303103041030510306103071030810309103101031110312103131031410315103161031710318103191032010321103221032310324103251032610327103281032910330103311033210333103341033510336103371033810339103401034110342103431034410345103461034710348103491035010351103521035310354103551035610357103581035910360103611036210363103641036510366103671036810369103701037110372103731037410375103761037710378103791038010381103821038310384103851038610387103881038910390103911039210393103941039510396103971039810399104001040110402104031040410405104061040710408104091041010411104121041310414104151041610417104181041910420104211042210423104241042510426104271042810429104301043110432104331043410435104361043710438104391044010441104421044310444104451044610447104481044910450104511045210453104541045510456104571045810459104601046110462104631046410465104661046710468104691047010471104721047310474104751047610477104781047910480104811048210483104841048510486104871048810489104901049110492104931049410495104961049710498104991050010501105021050310504105051050610507105081050910510105111051210513105141051510516105171051810519105201052110522105231052410525105261052710528105291053010531105321053310534105351053610537105381053910540105411054210543105441054510546105471054810549105501055110552105531055410555105561055710558105591056010561105621056310564105651056610567105681056910570105711057210573105741057510576105771057810579105801058110582105831058410585105861058710588105891059010591105921059310594105951059610597105981059910600106011060210603106041060510606106071060810609106101061110612106131061410615106161061710618106191062010621106221062310624106251062610627106281062910630106311063210633106341063510636106371063810639106401064110642106431064410645106461064710648106491065010651106521065310654106551065610657106581065910660106611066210663106641066510666106671066810669106701067110672106731067410675106761067710678106791068010681106821068310684106851068610687106881068910690106911069210693106941069510696106971069810699107001070110702107031070410705107061070710708107091071010711107121071310714107151071610717107181071910720107211072210723107241072510726107271072810729107301073110732107331073410735107361073710738107391074010741107421074310744107451074610747107481074910750107511075210753107541075510756107571075810759107601076110762107631076410765107661076710768107691077010771107721077310774107751077610777107781077910780107811078210783107841078510786107871078810789107901079110792107931079410795107961079710798107991080010801108021080310804108051080610807108081080910810108111081210813108141081510816108171081810819108201082110822108231082410825108261082710828108291083010831108321083310834108351083610837108381083910840108411084210843108441084510846108471084810849108501085110852108531085410855108561085710858108591086010861108621086310864108651086610867108681086910870108711087210873108741087510876108771087810879108801088110882108831088410885108861088710888108891089010891108921089310894108951089610897108981089910900109011090210903109041090510906109071090810909109101091110912109131091410915109161091710918109191092010921109221092310924109251092610927109281092910930109311093210933109341093510936109371093810939109401094110942109431094410945109461094710948109491095010951109521095310954109551095610957109581095910960109611096210963109641096510966109671096810969109701097110972109731097410975109761097710978109791098010981109821098310984109851098610987109881098910990109911099210993109941099510996109971099810999110001100111002110031100411005110061100711008110091101011011110121101311014110151101611017110181101911020110211102211023110241102511026110271102811029110301103111032110331103411035110361103711038110391104011041110421104311044110451104611047110481104911050110511105211053110541105511056110571105811059110601106111062110631106411065110661106711068110691107011071110721107311074110751107611077110781107911080110811108211083110841108511086110871108811089110901109111092110931109411095110961109711098110991110011101111021110311104111051110611107111081110911110111111111211113111141111511116111171111811119111201112111122111231112411125111261112711128111291113011131111321113311134111351113611137111381113911140111411114211143111441114511146111471114811149111501115111152111531115411155111561115711158111591116011161111621116311164111651116611167111681116911170111711117211173111741117511176111771117811179111801118111182111831118411185111861118711188111891119011191111921119311194111951119611197111981119911200112011120211203112041120511206112071120811209112101121111212112131121411215112161121711218112191122011221112221122311224112251122611227112281122911230112311123211233112341123511236112371123811239112401124111242112431124411245112461124711248112491125011251112521125311254112551125611257112581125911260112611126211263112641126511266112671126811269112701127111272112731127411275112761127711278112791128011281112821128311284112851128611287112881128911290112911129211293112941129511296112971129811299113001130111302113031130411305113061130711308113091131011311113121131311314113151131611317113181131911320113211132211323113241132511326113271132811329113301133111332113331133411335113361133711338113391134011341113421134311344113451134611347113481134911350113511135211353113541135511356113571135811359113601136111362113631136411365113661136711368113691137011371113721137311374113751137611377113781137911380113811138211383113841138511386113871138811389113901139111392113931139411395113961139711398113991140011401114021140311404114051140611407114081140911410114111141211413114141141511416114171141811419114201142111422114231142411425114261142711428114291143011431114321143311434114351143611437114381143911440114411144211443114441144511446114471144811449114501145111452114531145411455114561145711458114591146011461114621146311464114651146611467114681146911470114711147211473114741147511476114771147811479114801148111482114831148411485114861148711488114891149011491114921149311494114951149611497114981149911500115011150211503115041150511506115071150811509115101151111512115131151411515115161151711518115191152011521115221152311524115251152611527115281152911530115311153211533115341153511536115371153811539115401154111542115431154411545115461154711548115491155011551115521155311554115551155611557115581155911560115611156211563115641156511566115671156811569115701157111572115731157411575115761157711578115791158011581115821158311584115851158611587115881158911590115911159211593115941159511596115971159811599116001160111602116031160411605116061160711608116091161011611116121161311614116151161611617116181161911620116211162211623116241162511626116271162811629116301163111632116331163411635116361163711638116391164011641116421164311644116451164611647116481164911650116511165211653116541165511656116571165811659116601166111662116631166411665116661166711668116691167011671116721167311674116751167611677116781167911680116811168211683116841168511686116871168811689116901169111692116931169411695116961169711698116991170011701117021170311704117051170611707117081170911710117111171211713117141171511716117171171811719117201172111722117231172411725117261172711728117291173011731117321173311734117351173611737117381173911740117411174211743117441174511746117471174811749117501175111752117531175411755117561175711758117591176011761117621176311764117651176611767117681176911770117711177211773117741177511776117771177811779117801178111782117831178411785117861178711788117891179011791117921179311794117951179611797117981179911800118011180211803118041180511806118071180811809118101181111812118131181411815118161181711818118191182011821118221182311824118251182611827118281182911830118311183211833118341183511836118371183811839118401184111842118431184411845118461184711848118491185011851118521185311854118551185611857118581185911860118611186211863118641186511866118671186811869118701187111872118731187411875118761187711878118791188011881118821188311884118851188611887118881188911890118911189211893118941189511896118971189811899119001190111902119031190411905119061190711908119091191011911119121191311914119151191611917119181191911920119211192211923119241192511926119271192811929119301193111932119331193411935119361193711938119391194011941119421194311944119451194611947119481194911950119511195211953119541195511956119571195811959119601196111962119631196411965119661196711968119691197011971119721197311974119751197611977119781197911980119811198211983119841198511986119871198811989119901199111992119931199411995119961199711998119991200012001120021200312004120051200612007120081200912010120111201212013120141201512016120171201812019120201202112022120231202412025120261202712028120291203012031120321203312034120351203612037120381203912040120411204212043120441204512046120471204812049120501205112052120531205412055120561205712058120591206012061120621206312064120651206612067120681206912070120711207212073120741207512076120771207812079120801208112082120831208412085120861208712088120891209012091120921209312094120951209612097120981209912100121011210212103121041210512106121071210812109121101211112112121131211412115121161211712118121191212012121121221212312124121251212612127121281212912130121311213212133121341213512136121371213812139121401214112142121431214412145121461214712148121491215012151121521215312154121551215612157121581215912160121611216212163121641216512166121671216812169121701217112172121731217412175121761217712178121791218012181121821218312184121851218612187121881218912190121911219212193121941219512196121971219812199122001220112202122031220412205122061220712208122091221012211122121221312214122151221612217122181221912220122211222212223122241222512226122271222812229122301223112232122331223412235122361223712238122391224012241122421224312244122451224612247122481224912250122511225212253122541225512256122571225812259122601226112262122631226412265122661226712268122691227012271122721227312274122751227612277122781227912280122811228212283122841228512286122871228812289122901229112292122931229412295122961229712298122991230012301123021230312304123051230612307123081230912310123111231212313123141231512316123171231812319123201232112322123231232412325123261232712328123291233012331123321233312334123351233612337123381233912340123411234212343123441234512346123471234812349123501235112352123531235412355123561235712358123591236012361123621236312364123651236612367123681236912370123711237212373123741237512376123771237812379123801238112382123831238412385123861238712388123891239012391123921239312394123951239612397123981239912400124011240212403124041240512406124071240812409124101241112412124131241412415124161241712418124191242012421124221242312424124251242612427124281242912430124311243212433124341243512436124371243812439124401244112442124431244412445124461244712448124491245012451124521245312454124551245612457124581245912460124611246212463124641246512466124671246812469124701247112472124731247412475124761247712478124791248012481124821248312484124851248612487124881248912490124911249212493124941249512496124971249812499125001250112502125031250412505125061250712508125091251012511125121251312514125151251612517125181251912520125211252212523125241252512526125271252812529125301253112532125331253412535125361253712538125391254012541125421254312544125451254612547125481254912550125511255212553125541255512556125571255812559125601256112562125631256412565125661256712568125691257012571125721257312574125751257612577125781257912580125811258212583125841258512586125871258812589125901259112592125931259412595125961259712598125991260012601126021260312604126051260612607126081260912610126111261212613126141261512616126171261812619126201262112622126231262412625126261262712628126291263012631126321263312634126351263612637126381263912640126411264212643126441264512646126471264812649126501265112652126531265412655126561265712658126591266012661126621266312664126651266612667126681266912670126711267212673126741267512676126771267812679126801268112682126831268412685126861268712688126891269012691126921269312694126951269612697126981269912700127011270212703127041270512706127071270812709127101271112712127131271412715127161271712718127191272012721127221272312724127251272612727127281272912730127311273212733127341273512736127371273812739127401274112742127431274412745127461274712748127491275012751127521275312754127551275612757127581275912760127611276212763127641276512766127671276812769127701277112772127731277412775127761277712778127791278012781127821278312784127851278612787127881278912790127911279212793127941279512796127971279812799128001280112802128031280412805128061280712808128091281012811128121281312814128151281612817128181281912820128211282212823128241282512826128271282812829128301283112832128331283412835128361283712838128391284012841128421284312844128451284612847128481284912850128511285212853128541285512856128571285812859128601286112862128631286412865128661286712868128691287012871128721287312874128751287612877128781287912880128811288212883128841288512886128871288812889128901289112892128931289412895128961289712898128991290012901129021290312904129051290612907129081290912910129111291212913129141291512916129171291812919129201292112922129231292412925129261292712928129291293012931129321293312934129351293612937129381293912940129411294212943129441294512946129471294812949129501295112952129531295412955129561295712958129591296012961129621296312964129651296612967129681296912970129711297212973129741297512976129771297812979129801298112982129831298412985129861298712988129891299012991129921299312994129951299612997129981299913000130011300213003130041300513006130071300813009130101301113012130131301413015130161301713018130191302013021130221302313024130251302613027130281302913030130311303213033130341303513036130371303813039130401304113042130431304413045130461304713048130491305013051130521305313054130551305613057130581305913060130611306213063130641306513066130671306813069130701307113072130731307413075130761307713078130791308013081130821308313084130851308613087130881308913090130911309213093130941309513096130971309813099131001310113102131031310413105131061310713108131091311013111131121311313114131151311613117131181311913120131211312213123131241312513126131271312813129131301313113132131331313413135131361313713138131391314013141131421314313144131451314613147131481314913150131511315213153131541315513156131571315813159131601316113162131631316413165131661316713168131691317013171131721317313174131751317613177131781317913180131811318213183131841318513186131871318813189131901319113192131931319413195131961319713198131991320013201132021320313204132051320613207132081320913210132111321213213132141321513216132171321813219132201322113222132231322413225132261322713228132291323013231132321323313234132351323613237132381323913240132411324213243132441324513246132471324813249132501325113252132531325413255132561325713258132591326013261132621326313264132651326613267132681326913270132711327213273132741327513276132771327813279132801328113282132831328413285132861328713288132891329013291132921329313294132951329613297132981329913300133011330213303133041330513306133071330813309133101331113312133131331413315133161331713318133191332013321133221332313324133251332613327133281332913330133311333213333133341333513336133371333813339133401334113342133431334413345133461334713348133491335013351133521335313354133551335613357133581335913360133611336213363133641336513366133671336813369133701337113372133731337413375133761337713378133791338013381133821338313384133851338613387133881338913390133911339213393133941339513396133971339813399134001340113402134031340413405134061340713408134091341013411134121341313414134151341613417134181341913420134211342213423134241342513426134271342813429134301343113432134331343413435134361343713438134391344013441134421344313444134451344613447134481344913450134511345213453134541345513456134571345813459134601346113462134631346413465134661346713468134691347013471134721347313474134751347613477134781347913480134811348213483134841348513486134871348813489134901349113492134931349413495134961349713498134991350013501135021350313504135051350613507135081350913510135111351213513135141351513516135171351813519135201352113522135231352413525135261352713528135291353013531135321353313534135351353613537135381353913540135411354213543135441354513546135471354813549135501355113552135531355413555135561355713558135591356013561135621356313564135651356613567135681356913570135711357213573135741357513576135771357813579135801358113582135831358413585135861358713588135891359013591135921359313594135951359613597135981359913600136011360213603136041360513606136071360813609136101361113612136131361413615136161361713618136191362013621136221362313624136251362613627136281362913630136311363213633136341363513636136371363813639136401364113642136431364413645136461364713648136491365013651136521365313654136551365613657136581365913660136611366213663136641366513666136671366813669136701367113672136731367413675136761367713678136791368013681136821368313684136851368613687136881368913690136911369213693136941369513696136971369813699137001370113702137031370413705137061370713708137091371013711137121371313714137151371613717137181371913720137211372213723137241372513726137271372813729137301373113732137331373413735137361373713738137391374013741137421374313744137451374613747137481374913750137511375213753137541375513756137571375813759137601376113762137631376413765137661376713768137691377013771137721377313774137751377613777137781377913780137811378213783137841378513786137871378813789137901379113792137931379413795137961379713798137991380013801138021380313804138051380613807138081380913810138111381213813138141381513816138171381813819138201382113822138231382413825138261382713828138291383013831138321383313834138351383613837138381383913840138411384213843138441384513846138471384813849138501385113852138531385413855138561385713858138591386013861138621386313864138651386613867138681386913870138711387213873138741387513876138771387813879138801388113882138831388413885138861388713888138891389013891138921389313894138951389613897138981389913900139011390213903139041390513906139071390813909139101391113912139131391413915139161391713918139191392013921139221392313924139251392613927139281392913930139311393213933139341393513936139371393813939139401394113942139431394413945139461394713948139491395013951139521395313954139551395613957139581395913960139611396213963139641396513966139671396813969139701397113972139731397413975139761397713978139791398013981139821398313984139851398613987139881398913990139911399213993139941399513996139971399813999140001400114002140031400414005140061400714008140091401014011140121401314014140151401614017140181401914020140211402214023140241402514026140271402814029140301403114032140331403414035140361403714038140391404014041140421404314044140451404614047140481404914050140511405214053140541405514056140571405814059140601406114062140631406414065140661406714068140691407014071140721407314074140751407614077140781407914080140811408214083140841408514086140871408814089140901409114092140931409414095140961409714098140991410014101141021410314104141051410614107141081410914110141111411214113141141411514116141171411814119141201412114122141231412414125141261412714128141291413014131141321413314134141351413614137141381413914140141411414214143141441414514146141471414814149141501415114152141531415414155141561415714158141591416014161141621416314164141651416614167141681416914170141711417214173141741417514176141771417814179141801418114182141831418414185141861418714188141891419014191141921419314194141951419614197141981419914200142011420214203142041420514206142071420814209142101421114212142131421414215142161421714218142191422014221142221422314224142251422614227142281422914230142311423214233142341423514236142371423814239142401424114242142431424414245142461424714248142491425014251142521425314254142551425614257142581425914260142611426214263142641426514266142671426814269142701427114272142731427414275142761427714278142791428014281142821428314284142851428614287142881428914290142911429214293142941429514296142971429814299143001430114302143031430414305143061430714308143091431014311143121431314314143151431614317143181431914320143211432214323143241432514326143271432814329143301433114332143331433414335143361433714338143391434014341143421434314344143451434614347143481434914350143511435214353143541435514356143571435814359143601436114362143631436414365143661436714368143691437014371143721437314374143751437614377143781437914380143811438214383143841438514386143871438814389143901439114392143931439414395143961439714398143991440014401144021440314404144051440614407144081440914410144111441214413144141441514416144171441814419144201442114422144231442414425144261442714428144291443014431144321443314434144351443614437144381443914440144411444214443144441444514446144471444814449144501445114452144531445414455144561445714458144591446014461144621446314464144651446614467144681446914470144711447214473144741447514476144771447814479144801448114482144831448414485144861448714488144891449014491144921449314494144951449614497144981449914500145011450214503145041450514506145071450814509145101451114512145131451414515145161451714518145191452014521145221452314524145251452614527145281452914530145311453214533145341453514536145371453814539145401454114542145431454414545145461454714548145491455014551145521455314554145551455614557145581455914560145611456214563145641456514566145671456814569145701457114572145731457414575145761457714578145791458014581145821458314584145851458614587145881458914590145911459214593145941459514596145971459814599146001460114602146031460414605146061460714608146091461014611146121461314614146151461614617146181461914620146211462214623146241462514626146271462814629146301463114632146331463414635146361463714638146391464014641146421464314644146451464614647146481464914650146511465214653146541465514656146571465814659146601466114662146631466414665146661466714668146691467014671146721467314674146751467614677146781467914680146811468214683146841468514686146871468814689146901469114692146931469414695146961469714698146991470014701147021470314704147051470614707147081470914710147111471214713147141471514716147171471814719147201472114722147231472414725147261472714728147291473014731147321473314734147351473614737147381473914740147411474214743147441474514746147471474814749147501475114752147531475414755147561475714758147591476014761147621476314764147651476614767147681476914770147711477214773147741477514776147771477814779147801478114782147831478414785147861478714788147891479014791147921479314794147951479614797147981479914800148011480214803148041480514806148071480814809148101481114812148131481414815148161481714818148191482014821148221482314824148251482614827148281482914830148311483214833148341483514836148371483814839148401484114842148431484414845148461484714848148491485014851148521485314854148551485614857148581485914860148611486214863148641486514866148671486814869148701487114872148731487414875148761487714878148791488014881148821488314884148851488614887148881488914890148911489214893148941489514896148971489814899149001490114902149031490414905149061490714908149091491014911149121491314914149151491614917149181491914920149211492214923149241492514926149271492814929149301493114932149331493414935149361493714938149391494014941149421494314944149451494614947149481494914950149511495214953149541495514956149571495814959149601496114962149631496414965149661496714968149691497014971149721497314974149751497614977149781497914980149811498214983149841498514986149871498814989149901499114992149931499414995149961499714998149991500015001150021500315004150051500615007150081500915010150111501215013150141501515016150171501815019150201502115022150231502415025150261502715028150291503015031150321503315034150351503615037150381503915040150411504215043150441504515046150471504815049150501505115052150531505415055150561505715058150591506015061150621506315064150651506615067150681506915070150711507215073150741507515076150771507815079150801508115082150831508415085150861508715088150891509015091150921509315094150951509615097150981509915100151011510215103151041510515106151071510815109151101511115112151131511415115151161511715118151191512015121151221512315124151251512615127151281512915130151311513215133151341513515136151371513815139151401514115142151431514415145151461514715148151491515015151151521515315154151551515615157151581515915160151611516215163151641516515166151671516815169151701517115172151731517415175151761517715178151791518015181151821518315184151851518615187151881518915190151911519215193151941519515196151971519815199152001520115202152031520415205152061520715208152091521015211152121521315214152151521615217152181521915220152211522215223152241522515226152271522815229152301523115232152331523415235152361523715238152391524015241152421524315244152451524615247152481524915250152511525215253152541525515256152571525815259152601526115262152631526415265152661526715268152691527015271152721527315274152751527615277152781527915280152811528215283152841528515286152871528815289152901529115292152931529415295152961529715298152991530015301153021530315304153051530615307153081530915310153111531215313153141531515316153171531815319153201532115322153231532415325153261532715328153291533015331153321533315334153351533615337153381533915340153411534215343153441534515346153471534815349153501535115352153531535415355153561535715358153591536015361153621536315364153651536615367153681536915370153711537215373153741537515376153771537815379153801538115382153831538415385153861538715388153891539015391153921539315394153951539615397153981539915400154011540215403154041540515406154071540815409154101541115412154131541415415154161541715418154191542015421154221542315424154251542615427154281542915430154311543215433154341543515436154371543815439154401544115442154431544415445154461544715448154491545015451154521545315454154551545615457154581545915460154611546215463154641546515466154671546815469154701547115472154731547415475154761547715478154791548015481154821548315484154851548615487154881548915490154911549215493154941549515496154971549815499155001550115502155031550415505155061550715508155091551015511155121551315514155151551615517155181551915520155211552215523155241552515526155271552815529155301553115532155331553415535155361553715538155391554015541155421554315544155451554615547155481554915550155511555215553155541555515556155571555815559155601556115562155631556415565155661556715568155691557015571155721557315574155751557615577155781557915580155811558215583155841558515586155871558815589155901559115592155931559415595155961559715598155991560015601156021560315604156051560615607156081560915610156111561215613156141561515616156171561815619156201562115622156231562415625156261562715628156291563015631156321563315634156351563615637156381563915640156411564215643156441564515646156471564815649156501565115652156531565415655156561565715658156591566015661156621566315664156651566615667156681566915670156711567215673156741567515676156771567815679156801568115682156831568415685156861568715688156891569015691156921569315694156951569615697156981569915700157011570215703157041570515706157071570815709157101571115712157131571415715157161571715718157191572015721157221572315724157251572615727157281572915730157311573215733157341573515736157371573815739157401574115742157431574415745157461574715748157491575015751157521575315754157551575615757157581575915760157611576215763157641576515766157671576815769157701577115772157731577415775157761577715778157791578015781157821578315784157851578615787157881578915790157911579215793157941579515796157971579815799158001580115802158031580415805158061580715808158091581015811158121581315814158151581615817158181581915820158211582215823158241582515826158271582815829158301583115832158331583415835158361583715838158391584015841158421584315844158451584615847158481584915850158511585215853158541585515856158571585815859158601586115862158631586415865158661586715868158691587015871158721587315874158751587615877158781587915880158811588215883158841588515886158871588815889158901589115892158931589415895158961589715898158991590015901159021590315904159051590615907159081590915910159111591215913159141591515916159171591815919159201592115922159231592415925159261592715928159291593015931159321593315934159351593615937159381593915940159411594215943159441594515946159471594815949159501595115952159531595415955159561595715958159591596015961159621596315964159651596615967159681596915970159711597215973159741597515976159771597815979159801598115982159831598415985159861598715988159891599015991159921599315994159951599615997159981599916000160011600216003160041600516006160071600816009160101601116012160131601416015160161601716018160191602016021160221602316024160251602616027160281602916030160311603216033160341603516036160371603816039160401604116042160431604416045160461604716048160491605016051160521605316054160551605616057160581605916060160611606216063160641606516066160671606816069160701607116072160731607416075160761607716078160791608016081160821608316084160851608616087160881608916090160911609216093160941609516096160971609816099161001610116102161031610416105161061610716108161091611016111161121611316114161151611616117161181611916120161211612216123161241612516126161271612816129161301613116132161331613416135161361613716138161391614016141161421614316144161451614616147161481614916150161511615216153161541615516156161571615816159161601616116162161631616416165161661616716168161691617016171161721617316174161751617616177161781617916180161811618216183161841618516186161871618816189161901619116192161931619416195161961619716198161991620016201162021620316204162051620616207162081620916210162111621216213162141621516216162171621816219162201622116222162231622416225162261622716228162291623016231162321623316234162351623616237162381623916240162411624216243162441624516246162471624816249162501625116252162531625416255162561625716258162591626016261162621626316264162651626616267162681626916270162711627216273162741627516276162771627816279162801628116282162831628416285162861628716288162891629016291162921629316294162951629616297162981629916300163011630216303163041630516306163071630816309163101631116312163131631416315163161631716318163191632016321163221632316324163251632616327163281632916330163311633216333163341633516336163371633816339163401634116342163431634416345163461634716348163491635016351163521635316354163551635616357163581635916360163611636216363163641636516366163671636816369163701637116372163731637416375163761637716378163791638016381163821638316384163851638616387163881638916390163911639216393163941639516396163971639816399164001640116402164031640416405164061640716408164091641016411164121641316414164151641616417164181641916420164211642216423164241642516426164271642816429164301643116432164331643416435164361643716438164391644016441164421644316444164451644616447164481644916450164511645216453164541645516456164571645816459164601646116462164631646416465164661646716468164691647016471164721647316474164751647616477164781647916480164811648216483164841648516486164871648816489164901649116492164931649416495164961649716498164991650016501165021650316504165051650616507165081650916510165111651216513165141651516516165171651816519165201652116522165231652416525165261652716528165291653016531165321653316534165351653616537165381653916540165411654216543165441654516546165471654816549165501655116552165531655416555165561655716558165591656016561165621656316564165651656616567165681656916570165711657216573165741657516576165771657816579165801658116582165831658416585165861658716588165891659016591165921659316594165951659616597165981659916600166011660216603166041660516606166071660816609166101661116612166131661416615166161661716618166191662016621166221662316624166251662616627166281662916630166311663216633166341663516636166371663816639166401664116642166431664416645166461664716648166491665016651166521665316654166551665616657166581665916660166611666216663166641666516666166671666816669166701667116672166731667416675166761667716678166791668016681166821668316684166851668616687166881668916690166911669216693166941669516696166971669816699167001670116702167031670416705167061670716708167091671016711167121671316714167151671616717167181671916720167211672216723167241672516726167271672816729167301673116732167331673416735167361673716738167391674016741167421674316744167451674616747167481674916750167511675216753167541675516756167571675816759167601676116762167631676416765167661676716768167691677016771167721677316774167751677616777167781677916780167811678216783167841678516786167871678816789167901679116792167931679416795167961679716798167991680016801168021680316804168051680616807168081680916810168111681216813168141681516816168171681816819168201682116822168231682416825168261682716828168291683016831168321683316834168351683616837168381683916840168411684216843168441684516846168471684816849168501685116852168531685416855168561685716858168591686016861168621686316864168651686616867168681686916870168711687216873168741687516876168771687816879168801688116882168831688416885168861688716888168891689016891168921689316894168951689616897168981689916900169011690216903169041690516906169071690816909169101691116912169131691416915169161691716918169191692016921169221692316924169251692616927169281692916930169311693216933169341693516936169371693816939169401694116942169431694416945169461694716948169491695016951169521695316954169551695616957169581695916960169611696216963169641696516966169671696816969169701697116972169731697416975169761697716978169791698016981169821698316984169851698616987169881698916990169911699216993169941699516996169971699816999170001700117002170031700417005170061700717008170091701017011170121701317014170151701617017170181701917020170211702217023170241702517026170271702817029170301703117032170331703417035170361703717038170391704017041170421704317044170451704617047170481704917050170511705217053170541705517056170571705817059170601706117062170631706417065170661706717068170691707017071170721707317074170751707617077170781707917080170811708217083170841708517086170871708817089170901709117092170931709417095170961709717098170991710017101171021710317104171051710617107171081710917110171111711217113171141711517116171171711817119171201712117122171231712417125171261712717128171291713017131171321713317134171351713617137171381713917140171411714217143171441714517146171471714817149171501715117152171531715417155171561715717158171591716017161171621716317164171651716617167171681716917170171711717217173171741717517176171771717817179171801718117182171831718417185171861718717188171891719017191171921719317194171951719617197171981719917200172011720217203172041720517206172071720817209172101721117212172131721417215172161721717218172191722017221172221722317224172251722617227172281722917230172311723217233172341723517236172371723817239172401724117242172431724417245172461724717248172491725017251172521725317254172551725617257172581725917260172611726217263172641726517266172671726817269172701727117272172731727417275172761727717278172791728017281172821728317284172851728617287172881728917290172911729217293172941729517296172971729817299173001730117302173031730417305173061730717308173091731017311173121731317314173151731617317173181731917320173211732217323173241732517326173271732817329173301733117332173331733417335173361733717338173391734017341173421734317344173451734617347173481734917350173511735217353173541735517356173571735817359173601736117362173631736417365173661736717368173691737017371173721737317374173751737617377173781737917380173811738217383173841738517386173871738817389173901739117392173931739417395173961739717398173991740017401174021740317404174051740617407174081740917410174111741217413174141741517416174171741817419174201742117422174231742417425174261742717428174291743017431174321743317434174351743617437174381743917440174411744217443174441744517446174471744817449174501745117452174531745417455174561745717458174591746017461174621746317464174651746617467174681746917470174711747217473174741747517476174771747817479174801748117482174831748417485174861748717488174891749017491174921749317494174951749617497174981749917500175011750217503175041750517506175071750817509175101751117512175131751417515175161751717518175191752017521175221752317524175251752617527175281752917530175311753217533175341753517536175371753817539175401754117542175431754417545175461754717548175491755017551175521755317554175551755617557175581755917560175611756217563175641756517566175671756817569175701757117572175731757417575175761757717578175791758017581175821758317584175851758617587175881758917590175911759217593175941759517596175971759817599176001760117602176031760417605176061760717608176091761017611176121761317614176151761617617176181761917620176211762217623176241762517626176271762817629176301763117632176331763417635176361763717638176391764017641176421764317644176451764617647176481764917650176511765217653176541765517656176571765817659176601766117662176631766417665176661766717668176691767017671176721767317674176751767617677176781767917680176811768217683176841768517686176871768817689176901769117692176931769417695176961769717698176991770017701177021770317704177051770617707177081770917710177111771217713177141771517716177171771817719177201772117722177231772417725177261772717728177291773017731177321773317734177351773617737177381773917740177411774217743177441774517746177471774817749177501775117752177531775417755177561775717758177591776017761177621776317764177651776617767177681776917770177711777217773177741777517776177771777817779177801778117782177831778417785177861778717788177891779017791177921779317794177951779617797177981779917800178011780217803178041780517806178071780817809178101781117812178131781417815178161781717818178191782017821178221782317824178251782617827178281782917830178311783217833178341783517836178371783817839178401784117842178431784417845178461784717848178491785017851178521785317854178551785617857178581785917860178611786217863178641786517866178671786817869178701787117872178731787417875178761787717878178791788017881178821788317884178851788617887178881788917890178911789217893178941789517896178971789817899179001790117902179031790417905179061790717908179091791017911179121791317914179151791617917179181791917920179211792217923179241792517926179271792817929179301793117932179331793417935179361793717938179391794017941179421794317944179451794617947179481794917950179511795217953179541795517956179571795817959179601796117962179631796417965179661796717968179691797017971179721797317974179751797617977179781797917980179811798217983179841798517986179871798817989179901799117992179931799417995179961799717998179991800018001180021800318004180051800618007180081800918010180111801218013180141801518016180171801818019180201802118022180231802418025180261802718028180291803018031180321803318034180351803618037180381803918040180411804218043180441804518046180471804818049180501805118052180531805418055180561805718058180591806018061180621806318064180651806618067180681806918070180711807218073180741807518076180771807818079180801808118082180831808418085180861808718088180891809018091180921809318094180951809618097180981809918100181011810218103181041810518106181071810818109181101811118112181131811418115181161811718118181191812018121181221812318124181251812618127181281812918130181311813218133181341813518136181371813818139181401814118142181431814418145181461814718148181491815018151181521815318154181551815618157181581815918160181611816218163181641816518166181671816818169181701817118172181731817418175181761817718178181791818018181181821818318184181851818618187181881818918190181911819218193181941819518196181971819818199182001820118202182031820418205182061820718208182091821018211182121821318214182151821618217182181821918220182211822218223182241822518226182271822818229182301823118232182331823418235182361823718238182391824018241182421824318244182451824618247182481824918250182511825218253182541825518256182571825818259182601826118262182631826418265182661826718268182691827018271182721827318274182751827618277182781827918280182811828218283182841828518286182871828818289182901829118292182931829418295182961829718298182991830018301183021830318304183051830618307183081830918310183111831218313183141831518316183171831818319183201832118322183231832418325183261832718328183291833018331183321833318334183351833618337183381833918340183411834218343183441834518346183471834818349183501835118352183531835418355183561835718358183591836018361183621836318364183651836618367183681836918370183711837218373183741837518376183771837818379183801838118382183831838418385183861838718388183891839018391183921839318394183951839618397183981839918400184011840218403184041840518406184071840818409184101841118412184131841418415184161841718418184191842018421184221842318424184251842618427184281842918430184311843218433184341843518436184371843818439184401844118442184431844418445184461844718448184491845018451184521845318454184551845618457184581845918460184611846218463184641846518466184671846818469184701847118472184731847418475184761847718478184791848018481184821848318484184851848618487184881848918490184911849218493184941849518496184971849818499185001850118502185031850418505185061850718508185091851018511185121851318514185151851618517185181851918520185211852218523185241852518526185271852818529185301853118532185331853418535185361853718538185391854018541185421854318544185451854618547185481854918550185511855218553185541855518556185571855818559185601856118562185631856418565185661856718568185691857018571185721857318574185751857618577185781857918580185811858218583185841858518586185871858818589185901859118592185931859418595185961859718598185991860018601186021860318604186051860618607186081860918610186111861218613186141861518616186171861818619186201862118622186231862418625186261862718628186291863018631186321863318634186351863618637186381863918640186411864218643186441864518646186471864818649186501865118652186531865418655186561865718658186591866018661186621866318664186651866618667186681866918670186711867218673186741867518676186771867818679186801868118682186831868418685186861868718688186891869018691186921869318694186951869618697186981869918700187011870218703187041870518706187071870818709187101871118712187131871418715187161871718718187191872018721187221872318724187251872618727187281872918730187311873218733187341873518736187371873818739187401874118742187431874418745187461874718748187491875018751187521875318754187551875618757187581875918760187611876218763187641876518766187671876818769187701877118772187731877418775187761877718778187791878018781187821878318784187851878618787187881878918790187911879218793187941879518796187971879818799188001880118802188031880418805188061880718808188091881018811188121881318814188151881618817188181881918820188211882218823188241882518826188271882818829188301883118832188331883418835188361883718838188391884018841188421884318844188451884618847188481884918850188511885218853188541885518856188571885818859188601886118862188631886418865188661886718868188691887018871188721887318874188751887618877188781887918880188811888218883188841888518886188871888818889188901889118892188931889418895188961889718898188991890018901189021890318904189051890618907189081890918910189111891218913189141891518916189171891818919189201892118922189231892418925189261892718928189291893018931189321893318934189351893618937189381893918940189411894218943189441894518946189471894818949189501895118952189531895418955189561895718958189591896018961189621896318964189651896618967189681896918970189711897218973189741897518976189771897818979189801898118982189831898418985189861898718988189891899018991189921899318994189951899618997189981899919000190011900219003190041900519006190071900819009190101901119012190131901419015190161901719018190191902019021190221902319024190251902619027190281902919030190311903219033190341903519036190371903819039190401904119042190431904419045190461904719048190491905019051190521905319054190551905619057190581905919060190611906219063190641906519066190671906819069190701907119072190731907419075190761907719078190791908019081190821908319084190851908619087190881908919090190911909219093190941909519096190971909819099191001910119102191031910419105191061910719108191091911019111191121911319114191151911619117191181911919120191211912219123191241912519126191271912819129191301913119132191331913419135191361913719138191391914019141191421914319144191451914619147191481914919150191511915219153191541915519156191571915819159191601916119162191631916419165191661916719168191691917019171191721917319174191751917619177191781917919180191811918219183191841918519186191871918819189191901919119192191931919419195191961919719198191991920019201192021920319204192051920619207192081920919210192111921219213192141921519216192171921819219192201922119222192231922419225192261922719228192291923019231192321923319234192351923619237192381923919240192411924219243192441924519246192471924819249192501925119252192531925419255192561925719258192591926019261192621926319264192651926619267192681926919270192711927219273192741927519276192771927819279192801928119282192831928419285192861928719288192891929019291192921929319294192951929619297192981929919300193011930219303193041930519306193071930819309193101931119312193131931419315193161931719318193191932019321193221932319324193251932619327193281932919330193311933219333193341933519336193371933819339193401934119342193431934419345193461934719348193491935019351193521935319354193551935619357193581935919360193611936219363193641936519366193671936819369193701937119372193731937419375193761937719378193791938019381193821938319384193851938619387193881938919390193911939219393193941939519396193971939819399194001940119402194031940419405194061940719408194091941019411194121941319414194151941619417194181941919420194211942219423194241942519426194271942819429194301943119432194331943419435194361943719438194391944019441194421944319444194451944619447194481944919450194511945219453194541945519456194571945819459194601946119462194631946419465194661946719468194691947019471194721947319474194751947619477194781947919480194811948219483194841948519486194871948819489194901949119492194931949419495194961949719498194991950019501195021950319504195051950619507195081950919510195111951219513195141951519516195171951819519195201952119522195231952419525195261952719528195291953019531195321953319534195351953619537195381953919540195411954219543195441954519546195471954819549195501955119552195531955419555195561955719558195591956019561195621956319564195651956619567195681956919570195711957219573195741957519576195771957819579195801958119582195831958419585195861958719588195891959019591195921959319594195951959619597195981959919600196011960219603196041960519606196071960819609196101961119612196131961419615196161961719618196191962019621196221962319624196251962619627196281962919630196311963219633196341963519636196371963819639196401964119642196431964419645196461964719648196491965019651196521965319654196551965619657196581965919660196611966219663196641966519666196671966819669196701967119672196731967419675196761967719678196791968019681196821968319684196851968619687196881968919690196911969219693196941969519696196971969819699197001970119702197031970419705197061970719708197091971019711197121971319714197151971619717197181971919720197211972219723197241972519726197271972819729197301973119732197331973419735197361973719738197391974019741197421974319744197451974619747197481974919750197511975219753197541975519756197571975819759197601976119762197631976419765197661976719768197691977019771197721977319774197751977619777197781977919780197811978219783197841978519786197871978819789197901979119792197931979419795197961979719798197991980019801198021980319804198051980619807198081980919810198111981219813198141981519816198171981819819198201982119822198231982419825198261982719828198291983019831198321983319834198351983619837198381983919840198411984219843198441984519846198471984819849198501985119852198531985419855198561985719858198591986019861198621986319864198651986619867198681986919870198711987219873198741987519876198771987819879198801988119882198831988419885198861988719888198891989019891198921989319894198951989619897198981989919900199011990219903199041990519906199071990819909199101991119912199131991419915199161991719918199191992019921199221992319924199251992619927199281992919930199311993219933199341993519936199371993819939199401994119942199431994419945199461994719948199491995019951199521995319954199551995619957199581995919960199611996219963199641996519966199671996819969199701997119972199731997419975199761997719978199791998019981199821998319984199851998619987199881998919990199911999219993199941999519996199971999819999200002000120002200032000420005200062000720008200092001020011200122001320014200152001620017200182001920020200212002220023200242002520026200272002820029200302003120032200332003420035200362003720038200392004020041200422004320044200452004620047200482004920050200512005220053200542005520056200572005820059200602006120062200632006420065200662006720068200692007020071200722007320074200752007620077200782007920080200812008220083200842008520086200872008820089200902009120092200932009420095200962009720098200992010020101201022010320104201052010620107201082010920110201112011220113201142011520116201172011820119201202012120122201232012420125201262012720128201292013020131201322013320134201352013620137201382013920140201412014220143201442014520146201472014820149201502015120152201532015420155201562015720158201592016020161201622016320164201652016620167201682016920170201712017220173201742017520176201772017820179201802018120182201832018420185201862018720188201892019020191201922019320194201952019620197201982019920200202012020220203202042020520206202072020820209202102021120212202132021420215202162021720218202192022020221202222022320224202252022620227202282022920230202312023220233202342023520236202372023820239202402024120242202432024420245202462024720248202492025020251202522025320254202552025620257202582025920260202612026220263202642026520266202672026820269202702027120272202732027420275202762027720278202792028020281202822028320284202852028620287202882028920290202912029220293202942029520296202972029820299203002030120302203032030420305203062030720308203092031020311203122031320314203152031620317203182031920320203212032220323203242032520326203272032820329203302033120332203332033420335203362033720338203392034020341203422034320344203452034620347203482034920350203512035220353203542035520356203572035820359203602036120362203632036420365203662036720368203692037020371203722037320374203752037620377203782037920380203812038220383203842038520386203872038820389203902039120392203932039420395203962039720398203992040020401204022040320404204052040620407204082040920410204112041220413204142041520416204172041820419204202042120422204232042420425204262042720428204292043020431204322043320434204352043620437204382043920440204412044220443204442044520446204472044820449204502045120452204532045420455204562045720458204592046020461204622046320464204652046620467204682046920470204712047220473204742047520476204772047820479204802048120482204832048420485204862048720488204892049020491204922049320494204952049620497204982049920500205012050220503205042050520506205072050820509205102051120512205132051420515205162051720518205192052020521205222052320524205252052620527205282052920530205312053220533205342053520536205372053820539205402054120542205432054420545205462054720548205492055020551205522055320554205552055620557205582055920560205612056220563205642056520566205672056820569205702057120572205732057420575205762057720578205792058020581205822058320584205852058620587205882058920590205912059220593205942059520596205972059820599206002060120602206032060420605206062060720608206092061020611206122061320614206152061620617206182061920620206212062220623206242062520626206272062820629206302063120632206332063420635206362063720638206392064020641206422064320644206452064620647206482064920650206512065220653206542065520656206572065820659206602066120662206632066420665206662066720668206692067020671206722067320674206752067620677206782067920680206812068220683206842068520686206872068820689206902069120692206932069420695206962069720698206992070020701207022070320704207052070620707207082070920710207112071220713207142071520716207172071820719207202072120722207232072420725207262072720728207292073020731207322073320734207352073620737207382073920740207412074220743207442074520746207472074820749207502075120752207532075420755207562075720758207592076020761207622076320764207652076620767207682076920770207712077220773207742077520776207772077820779207802078120782207832078420785207862078720788207892079020791207922079320794207952079620797207982079920800208012080220803208042080520806208072080820809208102081120812208132081420815208162081720818208192082020821208222082320824208252082620827208282082920830208312083220833208342083520836208372083820839208402084120842208432084420845208462084720848208492085020851208522085320854208552085620857208582085920860208612086220863208642086520866208672086820869208702087120872208732087420875208762087720878208792088020881208822088320884208852088620887208882088920890208912089220893208942089520896208972089820899209002090120902209032090420905209062090720908209092091020911209122091320914209152091620917209182091920920209212092220923209242092520926209272092820929209302093120932209332093420935209362093720938209392094020941209422094320944209452094620947209482094920950209512095220953209542095520956209572095820959209602096120962209632096420965209662096720968209692097020971209722097320974209752097620977209782097920980209812098220983209842098520986209872098820989209902099120992209932099420995209962099720998209992100021001210022100321004210052100621007210082100921010210112101221013210142101521016210172101821019210202102121022210232102421025210262102721028210292103021031210322103321034210352103621037210382103921040210412104221043210442104521046210472104821049210502105121052210532105421055210562105721058210592106021061210622106321064210652106621067210682106921070210712107221073210742107521076210772107821079210802108121082210832108421085210862108721088210892109021091210922109321094210952109621097210982109921100211012110221103211042110521106211072110821109211102111121112211132111421115211162111721118211192112021121211222112321124211252112621127211282112921130211312113221133211342113521136211372113821139211402114121142211432114421145211462114721148211492115021151211522115321154211552115621157211582115921160211612116221163211642116521166211672116821169211702117121172211732117421175211762117721178211792118021181211822118321184211852118621187211882118921190211912119221193211942119521196211972119821199212002120121202212032120421205212062120721208212092121021211212122121321214212152121621217212182121921220212212122221223212242122521226212272122821229212302123121232212332123421235212362123721238212392124021241212422124321244212452124621247212482124921250212512125221253212542125521256212572125821259212602126121262212632126421265212662126721268212692127021271212722127321274212752127621277212782127921280212812128221283212842128521286212872128821289212902129121292212932129421295212962129721298212992130021301213022130321304213052130621307213082130921310213112131221313213142131521316213172131821319213202132121322213232132421325213262132721328213292133021331213322133321334213352133621337213382133921340213412134221343213442134521346213472134821349213502135121352213532135421355213562135721358213592136021361213622136321364213652136621367213682136921370213712137221373213742137521376213772137821379213802138121382213832138421385213862138721388213892139021391213922139321394213952139621397213982139921400214012140221403214042140521406214072140821409214102141121412214132141421415214162141721418214192142021421214222142321424214252142621427214282142921430214312143221433214342143521436214372143821439214402144121442214432144421445214462144721448214492145021451214522145321454214552145621457214582145921460214612146221463214642146521466214672146821469214702147121472214732147421475214762147721478214792148021481214822148321484214852148621487214882148921490214912149221493214942149521496214972149821499215002150121502215032150421505215062150721508215092151021511215122151321514215152151621517215182151921520215212152221523215242152521526215272152821529215302153121532215332153421535215362153721538215392154021541215422154321544215452154621547215482154921550215512155221553215542155521556215572155821559215602156121562215632156421565215662156721568215692157021571215722157321574215752157621577215782157921580215812158221583215842158521586215872158821589215902159121592215932159421595215962159721598215992160021601216022160321604216052160621607216082160921610216112161221613216142161521616216172161821619216202162121622216232162421625216262162721628216292163021631216322163321634216352163621637216382163921640216412164221643216442164521646216472164821649216502165121652216532165421655216562165721658216592166021661216622166321664216652166621667216682166921670216712167221673216742167521676216772167821679216802168121682216832168421685216862168721688216892169021691216922169321694216952169621697216982169921700217012170221703217042170521706217072170821709217102171121712217132171421715217162171721718217192172021721217222172321724217252172621727217282172921730217312173221733217342173521736217372173821739217402174121742217432174421745217462174721748217492175021751217522175321754217552175621757217582175921760217612176221763217642176521766217672176821769217702177121772217732177421775217762177721778217792178021781217822178321784217852178621787217882178921790217912179221793217942179521796217972179821799218002180121802218032180421805218062180721808218092181021811218122181321814218152181621817218182181921820218212182221823218242182521826218272182821829218302183121832218332183421835218362183721838218392184021841218422184321844218452184621847218482184921850218512185221853218542185521856218572185821859218602186121862218632186421865218662186721868218692187021871218722187321874218752187621877218782187921880218812188221883218842188521886218872188821889218902189121892218932189421895218962189721898218992190021901219022190321904219052190621907219082190921910219112191221913219142191521916219172191821919219202192121922219232192421925219262192721928219292193021931219322193321934219352193621937219382193921940219412194221943219442194521946219472194821949219502195121952219532195421955219562195721958219592196021961219622196321964219652196621967219682196921970219712197221973219742197521976219772197821979219802198121982219832198421985219862198721988219892199021991219922199321994219952199621997219982199922000220012200222003220042200522006220072200822009220102201122012220132201422015220162201722018220192202022021220222202322024220252202622027220282202922030220312203222033220342203522036220372203822039220402204122042220432204422045220462204722048220492205022051220522205322054220552205622057220582205922060220612206222063220642206522066220672206822069220702207122072220732207422075220762207722078220792208022081220822208322084220852208622087220882208922090220912209222093220942209522096220972209822099221002210122102221032210422105221062210722108221092211022111221122211322114221152211622117221182211922120221212212222123221242212522126221272212822129221302213122132221332213422135221362213722138221392214022141221422214322144221452214622147221482214922150221512215222153221542215522156221572215822159221602216122162221632216422165221662216722168221692217022171221722217322174221752217622177221782217922180221812218222183221842218522186221872218822189221902219122192221932219422195221962219722198221992220022201222022220322204222052220622207222082220922210222112221222213222142221522216222172221822219222202222122222222232222422225222262222722228222292223022231222322223322234222352223622237222382223922240222412224222243222442224522246222472224822249222502225122252222532225422255222562225722258222592226022261222622226322264222652226622267222682226922270222712227222273222742227522276222772227822279222802228122282222832228422285222862228722288222892229022291222922229322294222952229622297222982229922300223012230222303223042230522306223072230822309223102231122312223132231422315223162231722318223192232022321223222232322324223252232622327223282232922330223312233222333223342233522336223372233822339223402234122342223432234422345223462234722348223492235022351223522235322354223552235622357223582235922360223612236222363223642236522366223672236822369223702237122372223732237422375223762237722378223792238022381223822238322384223852238622387223882238922390223912239222393223942239522396223972239822399224002240122402224032240422405224062240722408224092241022411224122241322414224152241622417224182241922420224212242222423224242242522426224272242822429224302243122432224332243422435224362243722438224392244022441224422244322444224452244622447224482244922450224512245222453224542245522456224572245822459224602246122462224632246422465224662246722468224692247022471224722247322474224752247622477224782247922480224812248222483224842248522486224872248822489224902249122492224932249422495224962249722498224992250022501225022250322504225052250622507225082250922510225112251222513225142251522516225172251822519225202252122522225232252422525225262252722528225292253022531225322253322534225352253622537225382253922540225412254222543225442254522546225472254822549225502255122552225532255422555225562255722558225592256022561225622256322564225652256622567225682256922570225712257222573225742257522576225772257822579225802258122582225832258422585225862258722588225892259022591225922259322594225952259622597225982259922600226012260222603226042260522606226072260822609226102261122612226132261422615226162261722618226192262022621226222262322624226252262622627226282262922630226312263222633226342263522636226372263822639226402264122642226432264422645226462264722648226492265022651226522265322654226552265622657226582265922660226612266222663226642266522666226672266822669226702267122672226732267422675226762267722678226792268022681226822268322684226852268622687226882268922690226912269222693226942269522696226972269822699227002270122702227032270422705227062270722708227092271022711227122271322714227152271622717227182271922720227212272222723227242272522726227272272822729227302273122732227332273422735227362273722738227392274022741227422274322744227452274622747227482274922750227512275222753227542275522756227572275822759227602276122762227632276422765227662276722768227692277022771227722277322774227752277622777227782277922780227812278222783227842278522786227872278822789227902279122792227932279422795227962279722798227992280022801228022280322804228052280622807228082280922810228112281222813228142281522816228172281822819228202282122822228232282422825228262282722828228292283022831228322283322834228352283622837228382283922840228412284222843228442284522846228472284822849228502285122852228532285422855228562285722858228592286022861228622286322864228652286622867228682286922870228712287222873228742287522876228772287822879228802288122882228832288422885228862288722888228892289022891228922289322894228952289622897228982289922900229012290222903229042290522906229072290822909229102291122912229132291422915229162291722918229192292022921229222292322924229252292622927229282292922930229312293222933229342293522936229372293822939229402294122942229432294422945229462294722948229492295022951229522295322954229552295622957229582295922960229612296222963229642296522966229672296822969229702297122972229732297422975229762297722978229792298022981229822298322984229852298622987229882298922990229912299222993229942299522996229972299822999230002300123002230032300423005230062300723008230092301023011230122301323014230152301623017230182301923020230212302223023230242302523026230272302823029230302303123032230332303423035230362303723038230392304023041230422304323044230452304623047230482304923050230512305223053230542305523056230572305823059230602306123062230632306423065230662306723068230692307023071230722307323074230752307623077230782307923080230812308223083230842308523086230872308823089230902309123092230932309423095230962309723098230992310023101231022310323104231052310623107231082310923110231112311223113231142311523116231172311823119231202312123122231232312423125231262312723128231292313023131231322313323134231352313623137231382313923140231412314223143231442314523146231472314823149231502315123152231532315423155231562315723158231592316023161231622316323164231652316623167231682316923170231712317223173231742317523176231772317823179231802318123182231832318423185231862318723188231892319023191231922319323194231952319623197231982319923200232012320223203232042320523206232072320823209232102321123212232132321423215232162321723218232192322023221232222322323224232252322623227232282322923230232312323223233232342323523236232372323823239232402324123242232432324423245232462324723248232492325023251232522325323254232552325623257232582325923260232612326223263232642326523266232672326823269232702327123272232732327423275232762327723278232792328023281232822328323284232852328623287232882328923290232912329223293232942329523296232972329823299233002330123302233032330423305233062330723308233092331023311233122331323314233152331623317233182331923320233212332223323233242332523326233272332823329233302333123332233332333423335233362333723338233392334023341233422334323344233452334623347233482334923350233512335223353233542335523356233572335823359233602336123362233632336423365233662336723368233692337023371233722337323374233752337623377233782337923380233812338223383233842338523386233872338823389233902339123392233932339423395233962339723398233992340023401234022340323404234052340623407234082340923410234112341223413234142341523416234172341823419234202342123422234232342423425234262342723428234292343023431234322343323434234352343623437234382343923440234412344223443234442344523446234472344823449234502345123452234532345423455234562345723458234592346023461234622346323464234652346623467234682346923470234712347223473234742347523476234772347823479234802348123482234832348423485234862348723488234892349023491234922349323494234952349623497234982349923500235012350223503235042350523506235072350823509235102351123512235132351423515235162351723518235192352023521235222352323524235252352623527235282352923530235312353223533235342353523536235372353823539235402354123542235432354423545235462354723548235492355023551235522355323554235552355623557235582355923560235612356223563235642356523566235672356823569235702357123572235732357423575235762357723578235792358023581235822358323584235852358623587235882358923590235912359223593235942359523596235972359823599236002360123602236032360423605236062360723608236092361023611236122361323614236152361623617236182361923620236212362223623236242362523626236272362823629236302363123632236332363423635236362363723638236392364023641236422364323644236452364623647236482364923650236512365223653236542365523656236572365823659236602366123662236632366423665236662366723668236692367023671236722367323674236752367623677236782367923680236812368223683236842368523686236872368823689236902369123692236932369423695236962369723698236992370023701237022370323704237052370623707237082370923710237112371223713237142371523716237172371823719237202372123722237232372423725237262372723728237292373023731237322373323734237352373623737237382373923740237412374223743237442374523746237472374823749237502375123752237532375423755237562375723758237592376023761237622376323764237652376623767237682376923770237712377223773237742377523776237772377823779237802378123782237832378423785237862378723788237892379023791237922379323794237952379623797237982379923800238012380223803238042380523806238072380823809238102381123812238132381423815238162381723818238192382023821238222382323824238252382623827238282382923830238312383223833238342383523836238372383823839238402384123842238432384423845238462384723848238492385023851238522385323854238552385623857238582385923860238612386223863238642386523866238672386823869238702387123872238732387423875238762387723878238792388023881238822388323884238852388623887238882388923890238912389223893238942389523896238972389823899239002390123902239032390423905239062390723908239092391023911239122391323914239152391623917239182391923920239212392223923239242392523926239272392823929239302393123932239332393423935239362393723938239392394023941239422394323944239452394623947239482394923950239512395223953239542395523956239572395823959239602396123962239632396423965239662396723968239692397023971239722397323974239752397623977239782397923980239812398223983239842398523986239872398823989239902399123992239932399423995239962399723998239992400024001240022400324004240052400624007240082400924010240112401224013240142401524016240172401824019240202402124022240232402424025240262402724028240292403024031240322403324034240352403624037240382403924040240412404224043240442404524046240472404824049240502405124052240532405424055240562405724058240592406024061240622406324064240652406624067240682406924070240712407224073240742407524076240772407824079240802408124082240832408424085240862408724088240892409024091240922409324094240952409624097240982409924100241012410224103241042410524106241072410824109241102411124112241132411424115241162411724118241192412024121241222412324124241252412624127241282412924130241312413224133241342413524136241372413824139241402414124142241432414424145241462414724148241492415024151241522415324154241552415624157241582415924160241612416224163241642416524166241672416824169241702417124172241732417424175241762417724178241792418024181241822418324184241852418624187241882418924190241912419224193241942419524196241972419824199242002420124202242032420424205242062420724208242092421024211242122421324214242152421624217242182421924220242212422224223242242422524226242272422824229242302423124232242332423424235242362423724238242392424024241242422424324244242452424624247242482424924250242512425224253242542425524256242572425824259242602426124262242632426424265242662426724268242692427024271242722427324274242752427624277242782427924280242812428224283242842428524286242872428824289242902429124292242932429424295242962429724298242992430024301243022430324304243052430624307243082430924310243112431224313243142431524316243172431824319243202432124322243232432424325243262432724328243292433024331243322433324334243352433624337243382433924340243412434224343243442434524346243472434824349243502435124352243532435424355243562435724358243592436024361243622436324364243652436624367243682436924370243712437224373243742437524376243772437824379243802438124382243832438424385243862438724388243892439024391243922439324394243952439624397243982439924400244012440224403244042440524406244072440824409244102441124412244132441424415244162441724418244192442024421244222442324424244252442624427244282442924430244312443224433244342443524436244372443824439244402444124442244432444424445244462444724448244492445024451244522445324454244552445624457244582445924460244612446224463244642446524466244672446824469244702447124472244732447424475244762447724478244792448024481244822448324484244852448624487244882448924490244912449224493244942449524496244972449824499245002450124502245032450424505245062450724508245092451024511245122451324514245152451624517245182451924520245212452224523245242452524526245272452824529245302453124532245332453424535245362453724538245392454024541245422454324544245452454624547245482454924550245512455224553245542455524556245572455824559245602456124562245632456424565245662456724568245692457024571245722457324574245752457624577245782457924580245812458224583245842458524586245872458824589245902459124592245932459424595245962459724598245992460024601246022460324604246052460624607246082460924610246112461224613246142461524616246172461824619246202462124622246232462424625246262462724628246292463024631246322463324634246352463624637246382463924640246412464224643246442464524646246472464824649246502465124652246532465424655246562465724658246592466024661246622466324664246652466624667246682466924670246712467224673246742467524676246772467824679246802468124682246832468424685246862468724688246892469024691246922469324694246952469624697246982469924700247012470224703247042470524706247072470824709247102471124712247132471424715247162471724718247192472024721247222472324724247252472624727247282472924730247312473224733247342473524736247372473824739247402474124742247432474424745247462474724748247492475024751247522475324754247552475624757247582475924760247612476224763247642476524766247672476824769247702477124772247732477424775247762477724778247792478024781247822478324784247852478624787247882478924790247912479224793247942479524796247972479824799248002480124802248032480424805248062480724808248092481024811248122481324814248152481624817248182481924820248212482224823248242482524826248272482824829248302483124832248332483424835248362483724838248392484024841248422484324844248452484624847248482484924850248512485224853248542485524856248572485824859248602486124862248632486424865248662486724868248692487024871248722487324874248752487624877248782487924880248812488224883248842488524886248872488824889248902489124892248932489424895248962489724898248992490024901249022490324904249052490624907249082490924910249112491224913249142491524916249172491824919249202492124922249232492424925249262492724928249292493024931249322493324934249352493624937249382493924940249412494224943249442494524946249472494824949249502495124952249532495424955249562495724958249592496024961249622496324964249652496624967249682496924970249712497224973249742497524976249772497824979249802498124982249832498424985249862498724988249892499024991249922499324994249952499624997249982499925000250012500225003250042500525006250072500825009250102501125012250132501425015250162501725018250192502025021250222502325024250252502625027250282502925030250312503225033250342503525036250372503825039250402504125042250432504425045250462504725048250492505025051250522505325054250552505625057250582505925060250612506225063250642506525066250672506825069250702507125072250732507425075250762507725078250792508025081250822508325084250852508625087250882508925090250912509225093250942509525096250972509825099251002510125102251032510425105251062510725108251092511025111251122511325114251152511625117251182511925120251212512225123251242512525126251272512825129251302513125132251332513425135251362513725138251392514025141251422514325144251452514625147251482514925150251512515225153251542515525156251572515825159251602516125162251632516425165251662516725168251692517025171251722517325174251752517625177251782517925180251812518225183251842518525186251872518825189251902519125192251932519425195251962519725198251992520025201252022520325204252052520625207252082520925210252112521225213252142521525216252172521825219252202522125222252232522425225252262522725228252292523025231252322523325234252352523625237252382523925240252412524225243252442524525246252472524825249252502525125252252532525425255252562525725258252592526025261252622526325264252652526625267252682526925270252712527225273252742527525276252772527825279252802528125282252832528425285252862528725288252892529025291252922529325294252952529625297252982529925300253012530225303253042530525306253072530825309253102531125312253132531425315253162531725318253192532025321253222532325324253252532625327253282532925330253312533225333253342533525336253372533825339253402534125342253432534425345253462534725348253492535025351253522535325354253552535625357253582535925360253612536225363253642536525366253672536825369253702537125372253732537425375253762537725378253792538025381253822538325384253852538625387253882538925390253912539225393253942539525396253972539825399254002540125402254032540425405254062540725408254092541025411254122541325414254152541625417254182541925420254212542225423254242542525426254272542825429254302543125432254332543425435254362543725438254392544025441254422544325444254452544625447254482544925450254512545225453254542545525456254572545825459254602546125462254632546425465254662546725468254692547025471254722547325474254752547625477254782547925480254812548225483254842548525486254872548825489254902549125492254932549425495254962549725498254992550025501255022550325504255052550625507255082550925510255112551225513255142551525516255172551825519255202552125522255232552425525255262552725528255292553025531255322553325534255352553625537255382553925540255412554225543255442554525546255472554825549255502555125552255532555425555255562555725558255592556025561255622556325564255652556625567255682556925570255712557225573255742557525576255772557825579255802558125582255832558425585255862558725588255892559025591255922559325594255952559625597255982559925600256012560225603256042560525606256072560825609256102561125612256132561425615256162561725618256192562025621256222562325624256252562625627256282562925630256312563225633256342563525636256372563825639256402564125642256432564425645256462564725648256492565025651256522565325654256552565625657256582565925660256612566225663256642566525666256672566825669256702567125672256732567425675256762567725678256792568025681256822568325684256852568625687256882568925690256912569225693256942569525696256972569825699257002570125702257032570425705257062570725708257092571025711257122571325714257152571625717257182571925720257212572225723257242572525726257272572825729257302573125732257332573425735257362573725738257392574025741257422574325744257452574625747257482574925750257512575225753257542575525756257572575825759257602576125762257632576425765257662576725768257692577025771257722577325774257752577625777257782577925780257812578225783257842578525786257872578825789257902579125792257932579425795257962579725798257992580025801258022580325804258052580625807258082580925810258112581225813258142581525816258172581825819258202582125822258232582425825258262582725828258292583025831258322583325834258352583625837258382583925840258412584225843258442584525846258472584825849258502585125852258532585425855258562585725858258592586025861258622586325864258652586625867258682586925870258712587225873258742587525876258772587825879258802588125882258832588425885258862588725888258892589025891258922589325894258952589625897258982589925900259012590225903259042590525906259072590825909259102591125912259132591425915259162591725918259192592025921259222592325924259252592625927259282592925930259312593225933259342593525936259372593825939259402594125942259432594425945259462594725948259492595025951259522595325954259552595625957259582595925960259612596225963259642596525966259672596825969259702597125972259732597425975259762597725978259792598025981259822598325984259852598625987259882598925990259912599225993259942599525996259972599825999260002600126002260032600426005260062600726008260092601026011260122601326014260152601626017260182601926020260212602226023260242602526026260272602826029260302603126032260332603426035260362603726038260392604026041260422604326044260452604626047260482604926050260512605226053260542605526056260572605826059260602606126062260632606426065260662606726068260692607026071260722607326074260752607626077260782607926080260812608226083260842608526086260872608826089260902609126092260932609426095260962609726098260992610026101261022610326104261052610626107261082610926110261112611226113261142611526116261172611826119261202612126122261232612426125261262612726128261292613026131261322613326134261352613626137261382613926140261412614226143261442614526146261472614826149261502615126152261532615426155261562615726158261592616026161261622616326164261652616626167261682616926170261712617226173261742617526176261772617826179261802618126182261832618426185261862618726188261892619026191261922619326194261952619626197261982619926200262012620226203262042620526206262072620826209262102621126212262132621426215262162621726218262192622026221262222622326224262252622626227262282622926230262312623226233262342623526236262372623826239262402624126242262432624426245262462624726248262492625026251262522625326254262552625626257262582625926260262612626226263262642626526266262672626826269262702627126272262732627426275262762627726278262792628026281262822628326284262852628626287262882628926290262912629226293262942629526296262972629826299263002630126302263032630426305263062630726308263092631026311263122631326314263152631626317263182631926320263212632226323263242632526326263272632826329263302633126332263332633426335263362633726338263392634026341263422634326344263452634626347263482634926350263512635226353263542635526356263572635826359263602636126362263632636426365263662636726368263692637026371263722637326374263752637626377263782637926380263812638226383263842638526386263872638826389263902639126392263932639426395263962639726398263992640026401264022640326404264052640626407264082640926410264112641226413264142641526416264172641826419264202642126422264232642426425264262642726428264292643026431264322643326434264352643626437264382643926440264412644226443264442644526446264472644826449264502645126452264532645426455264562645726458264592646026461264622646326464264652646626467264682646926470264712647226473264742647526476264772647826479264802648126482264832648426485264862648726488264892649026491264922649326494264952649626497264982649926500265012650226503265042650526506265072650826509265102651126512265132651426515265162651726518265192652026521265222652326524265252652626527265282652926530265312653226533265342653526536265372653826539265402654126542265432654426545265462654726548265492655026551265522655326554265552655626557265582655926560265612656226563265642656526566265672656826569265702657126572265732657426575265762657726578265792658026581265822658326584265852658626587265882658926590265912659226593265942659526596265972659826599266002660126602266032660426605266062660726608266092661026611266122661326614266152661626617266182661926620266212662226623266242662526626266272662826629266302663126632266332663426635266362663726638266392664026641266422664326644266452664626647266482664926650266512665226653266542665526656266572665826659266602666126662266632666426665266662666726668266692667026671266722667326674266752667626677266782667926680266812668226683266842668526686266872668826689266902669126692266932669426695266962669726698266992670026701267022670326704267052670626707267082670926710267112671226713267142671526716267172671826719267202672126722267232672426725267262672726728267292673026731267322673326734267352673626737267382673926740267412674226743267442674526746267472674826749267502675126752267532675426755267562675726758267592676026761267622676326764267652676626767267682676926770267712677226773267742677526776267772677826779267802678126782267832678426785267862678726788267892679026791267922679326794267952679626797267982679926800268012680226803268042680526806268072680826809268102681126812268132681426815268162681726818268192682026821268222682326824268252682626827268282682926830268312683226833268342683526836268372683826839268402684126842268432684426845268462684726848268492685026851268522685326854268552685626857268582685926860268612686226863268642686526866268672686826869268702687126872268732687426875268762687726878268792688026881268822688326884268852688626887268882688926890268912689226893268942689526896268972689826899269002690126902269032690426905269062690726908269092691026911269122691326914269152691626917269182691926920269212692226923269242692526926269272692826929269302693126932269332693426935269362693726938269392694026941269422694326944269452694626947269482694926950269512695226953269542695526956269572695826959269602696126962269632696426965269662696726968269692697026971269722697326974269752697626977269782697926980269812698226983269842698526986269872698826989269902699126992269932699426995269962699726998269992700027001270022700327004270052700627007270082700927010270112701227013270142701527016270172701827019270202702127022270232702427025270262702727028270292703027031270322703327034270352703627037270382703927040270412704227043270442704527046270472704827049270502705127052270532705427055270562705727058270592706027061270622706327064270652706627067270682706927070270712707227073270742707527076270772707827079270802708127082270832708427085270862708727088270892709027091270922709327094270952709627097270982709927100271012710227103271042710527106271072710827109271102711127112271132711427115271162711727118271192712027121271222712327124271252712627127271282712927130271312713227133271342713527136271372713827139271402714127142271432714427145271462714727148271492715027151271522715327154271552715627157271582715927160271612716227163271642716527166271672716827169271702717127172271732717427175271762717727178271792718027181271822718327184271852718627187271882718927190271912719227193271942719527196271972719827199272002720127202272032720427205272062720727208272092721027211272122721327214272152721627217272182721927220272212722227223272242722527226272272722827229272302723127232272332723427235272362723727238272392724027241272422724327244272452724627247272482724927250272512725227253272542725527256272572725827259272602726127262272632726427265272662726727268272692727027271272722727327274272752727627277272782727927280272812728227283272842728527286272872728827289272902729127292272932729427295272962729727298272992730027301273022730327304273052730627307273082730927310273112731227313273142731527316273172731827319273202732127322273232732427325273262732727328273292733027331273322733327334273352733627337273382733927340273412734227343273442734527346273472734827349273502735127352273532735427355273562735727358273592736027361273622736327364273652736627367273682736927370273712737227373273742737527376273772737827379273802738127382273832738427385273862738727388273892739027391273922739327394273952739627397273982739927400274012740227403274042740527406274072740827409274102741127412274132741427415274162741727418274192742027421274222742327424274252742627427274282742927430274312743227433274342743527436274372743827439274402744127442274432744427445274462744727448274492745027451274522745327454274552745627457274582745927460274612746227463274642746527466274672746827469274702747127472274732747427475274762747727478274792748027481274822748327484274852748627487274882748927490274912749227493274942749527496274972749827499275002750127502275032750427505275062750727508275092751027511275122751327514275152751627517275182751927520275212752227523275242752527526275272752827529275302753127532275332753427535275362753727538275392754027541275422754327544275452754627547275482754927550275512755227553275542755527556275572755827559275602756127562275632756427565275662756727568275692757027571275722757327574275752757627577275782757927580275812758227583275842758527586275872758827589275902759127592275932759427595275962759727598275992760027601276022760327604276052760627607276082760927610276112761227613276142761527616276172761827619276202762127622276232762427625276262762727628276292763027631276322763327634276352763627637276382763927640276412764227643276442764527646276472764827649276502765127652276532765427655276562765727658276592766027661276622766327664276652766627667276682766927670276712767227673276742767527676276772767827679276802768127682276832768427685276862768727688276892769027691276922769327694276952769627697276982769927700277012770227703277042770527706277072770827709277102771127712277132771427715277162771727718277192772027721277222772327724277252772627727277282772927730277312773227733277342773527736277372773827739277402774127742277432774427745277462774727748277492775027751277522775327754277552775627757277582775927760277612776227763277642776527766277672776827769277702777127772277732777427775277762777727778277792778027781277822778327784277852778627787277882778927790277912779227793277942779527796277972779827799278002780127802278032780427805278062780727808278092781027811278122781327814278152781627817278182781927820278212782227823278242782527826278272782827829278302783127832278332783427835278362783727838278392784027841278422784327844278452784627847278482784927850278512785227853278542785527856278572785827859278602786127862278632786427865278662786727868278692787027871278722787327874278752787627877278782787927880278812788227883278842788527886278872788827889278902789127892278932789427895278962789727898278992790027901279022790327904279052790627907279082790927910279112791227913279142791527916279172791827919279202792127922279232792427925279262792727928279292793027931279322793327934279352793627937279382793927940279412794227943279442794527946279472794827949279502795127952279532795427955279562795727958279592796027961279622796327964279652796627967279682796927970279712797227973279742797527976279772797827979279802798127982279832798427985279862798727988279892799027991279922799327994279952799627997279982799928000280012800228003280042800528006280072800828009280102801128012280132801428015280162801728018280192802028021280222802328024280252802628027280282802928030280312803228033280342803528036280372803828039280402804128042280432804428045280462804728048280492805028051280522805328054280552805628057280582805928060280612806228063280642806528066280672806828069280702807128072280732807428075280762807728078280792808028081280822808328084280852808628087280882808928090280912809228093280942809528096280972809828099281002810128102281032810428105281062810728108281092811028111281122811328114281152811628117281182811928120281212812228123281242812528126281272812828129281302813128132281332813428135281362813728138281392814028141281422814328144281452814628147281482814928150281512815228153281542815528156281572815828159281602816128162281632816428165281662816728168281692817028171281722817328174281752817628177281782817928180281812818228183281842818528186281872818828189281902819128192281932819428195281962819728198281992820028201282022820328204282052820628207282082820928210282112821228213282142821528216282172821828219282202822128222282232822428225282262822728228282292823028231282322823328234282352823628237282382823928240282412824228243282442824528246282472824828249282502825128252282532825428255282562825728258282592826028261282622826328264282652826628267282682826928270282712827228273282742827528276282772827828279282802828128282282832828428285282862828728288282892829028291282922829328294282952829628297282982829928300283012830228303283042830528306283072830828309283102831128312283132831428315283162831728318283192832028321283222832328324283252832628327283282832928330283312833228333283342833528336283372833828339283402834128342283432834428345283462834728348283492835028351283522835328354283552835628357283582835928360283612836228363283642836528366283672836828369283702837128372283732837428375283762837728378283792838028381283822838328384283852838628387283882838928390283912839228393283942839528396283972839828399284002840128402284032840428405284062840728408284092841028411284122841328414284152841628417284182841928420284212842228423284242842528426284272842828429284302843128432284332843428435284362843728438284392844028441284422844328444284452844628447284482844928450284512845228453284542845528456284572845828459284602846128462284632846428465284662846728468284692847028471284722847328474284752847628477284782847928480284812848228483284842848528486284872848828489284902849128492284932849428495284962849728498284992850028501285022850328504285052850628507285082850928510285112851228513285142851528516285172851828519285202852128522285232852428525285262852728528285292853028531285322853328534285352853628537285382853928540285412854228543285442854528546285472854828549285502855128552285532855428555285562855728558285592856028561285622856328564285652856628567285682856928570285712857228573285742857528576285772857828579285802858128582285832858428585285862858728588285892859028591285922859328594285952859628597285982859928600286012860228603286042860528606286072860828609286102861128612286132861428615286162861728618286192862028621286222862328624286252862628627286282862928630286312863228633286342863528636286372863828639286402864128642286432864428645286462864728648286492865028651286522865328654286552865628657286582865928660286612866228663286642866528666286672866828669286702867128672286732867428675286762867728678286792868028681286822868328684286852868628687286882868928690286912869228693286942869528696286972869828699287002870128702287032870428705287062870728708287092871028711287122871328714287152871628717287182871928720287212872228723287242872528726287272872828729287302873128732287332873428735287362873728738287392874028741287422874328744287452874628747287482874928750287512875228753287542875528756287572875828759287602876128762287632876428765287662876728768287692877028771287722877328774287752877628777287782877928780287812878228783287842878528786287872878828789287902879128792287932879428795287962879728798287992880028801288022880328804288052880628807288082880928810288112881228813288142881528816288172881828819288202882128822288232882428825288262882728828288292883028831288322883328834288352883628837288382883928840288412884228843288442884528846288472884828849288502885128852288532885428855288562885728858288592886028861288622886328864288652886628867288682886928870288712887228873288742887528876288772887828879288802888128882288832888428885288862888728888288892889028891288922889328894288952889628897288982889928900289012890228903289042890528906289072890828909289102891128912289132891428915289162891728918289192892028921289222892328924289252892628927289282892928930289312893228933289342893528936289372893828939289402894128942289432894428945289462894728948289492895028951289522895328954289552895628957289582895928960289612896228963289642896528966289672896828969289702897128972289732897428975289762897728978289792898028981289822898328984289852898628987289882898928990289912899228993289942899528996289972899828999290002900129002290032900429005290062900729008290092901029011290122901329014290152901629017290182901929020290212902229023290242902529026290272902829029290302903129032290332903429035290362903729038290392904029041290422904329044290452904629047290482904929050290512905229053290542905529056290572905829059290602906129062290632906429065290662906729068290692907029071290722907329074290752907629077290782907929080290812908229083290842908529086290872908829089290902909129092290932909429095290962909729098290992910029101291022910329104291052910629107291082910929110291112911229113291142911529116291172911829119291202912129122291232912429125291262912729128291292913029131291322913329134291352913629137291382913929140291412914229143291442914529146291472914829149291502915129152291532915429155291562915729158291592916029161291622916329164291652916629167291682916929170291712917229173291742917529176291772917829179291802918129182291832918429185291862918729188291892919029191291922919329194291952919629197291982919929200292012920229203292042920529206292072920829209292102921129212292132921429215292162921729218292192922029221292222922329224292252922629227292282922929230292312923229233292342923529236292372923829239292402924129242292432924429245292462924729248292492925029251292522925329254292552925629257292582925929260292612926229263292642926529266292672926829269292702927129272292732927429275292762927729278292792928029281292822928329284292852928629287292882928929290292912929229293292942929529296292972929829299293002930129302293032930429305293062930729308293092931029311293122931329314293152931629317293182931929320293212932229323293242932529326293272932829329293302933129332293332933429335293362933729338293392934029341293422934329344293452934629347293482934929350293512935229353293542935529356293572935829359293602936129362293632936429365293662936729368293692937029371293722937329374293752937629377293782937929380293812938229383293842938529386293872938829389293902939129392293932939429395293962939729398293992940029401294022940329404294052940629407294082940929410294112941229413294142941529416294172941829419294202942129422294232942429425294262942729428294292943029431294322943329434294352943629437294382943929440294412944229443294442944529446294472944829449294502945129452294532945429455294562945729458294592946029461294622946329464294652946629467294682946929470294712947229473294742947529476294772947829479294802948129482294832948429485294862948729488294892949029491294922949329494294952949629497294982949929500295012950229503295042950529506295072950829509295102951129512295132951429515295162951729518295192952029521295222952329524295252952629527295282952929530295312953229533295342953529536295372953829539295402954129542295432954429545295462954729548295492955029551295522955329554295552955629557295582955929560295612956229563295642956529566295672956829569295702957129572295732957429575295762957729578295792958029581295822958329584295852958629587295882958929590295912959229593295942959529596295972959829599296002960129602296032960429605296062960729608296092961029611296122961329614296152961629617296182961929620296212962229623296242962529626296272962829629296302963129632296332963429635296362963729638296392964029641296422964329644296452964629647296482964929650296512965229653296542965529656296572965829659296602966129662296632966429665296662966729668296692967029671296722967329674296752967629677296782967929680296812968229683296842968529686296872968829689296902969129692296932969429695296962969729698296992970029701297022970329704297052970629707297082970929710297112971229713297142971529716297172971829719297202972129722297232972429725297262972729728297292973029731297322973329734297352973629737297382973929740297412974229743297442974529746297472974829749297502975129752297532975429755297562975729758297592976029761297622976329764297652976629767297682976929770297712977229773297742977529776297772977829779297802978129782297832978429785297862978729788297892979029791297922979329794297952979629797297982979929800298012980229803298042980529806298072980829809298102981129812298132981429815298162981729818298192982029821298222982329824298252982629827298282982929830298312983229833298342983529836298372983829839298402984129842298432984429845298462984729848298492985029851298522985329854298552985629857298582985929860298612986229863298642986529866298672986829869298702987129872298732987429875298762987729878298792988029881298822988329884298852988629887298882988929890298912989229893298942989529896298972989829899299002990129902299032990429905299062990729908299092991029911299122991329914299152991629917299182991929920299212992229923299242992529926299272992829929299302993129932299332993429935299362993729938299392994029941299422994329944299452994629947299482994929950299512995229953299542995529956299572995829959299602996129962299632996429965299662996729968299692997029971299722997329974299752997629977299782997929980299812998229983299842998529986299872998829989299902999129992299932999429995299962999729998299993000030001300023000330004300053000630007300083000930010300113001230013300143001530016300173001830019300203002130022300233002430025300263002730028300293003030031300323003330034300353003630037300383003930040300413004230043300443004530046300473004830049300503005130052300533005430055300563005730058300593006030061300623006330064300653006630067300683006930070300713007230073300743007530076300773007830079300803008130082300833008430085300863008730088300893009030091300923009330094300953009630097300983009930100301013010230103301043010530106301073010830109301103011130112301133011430115301163011730118301193012030121301223012330124301253012630127301283012930130301313013230133301343013530136301373013830139301403014130142301433014430145301463014730148301493015030151301523015330154301553015630157301583015930160301613016230163301643016530166301673016830169301703017130172301733017430175301763017730178301793018030181301823018330184301853018630187301883018930190301913019230193301943019530196301973019830199302003020130202302033020430205302063020730208302093021030211302123021330214302153021630217302183021930220302213022230223302243022530226302273022830229302303023130232302333023430235302363023730238302393024030241302423024330244302453024630247302483024930250302513025230253302543025530256302573025830259302603026130262302633026430265302663026730268302693027030271302723027330274302753027630277302783027930280302813028230283302843028530286302873028830289302903029130292302933029430295302963029730298302993030030301303023030330304303053030630307303083030930310303113031230313303143031530316303173031830319303203032130322303233032430325303263032730328303293033030331303323033330334303353033630337303383033930340303413034230343303443034530346303473034830349303503035130352303533035430355303563035730358303593036030361303623036330364303653036630367303683036930370303713037230373303743037530376303773037830379303803038130382303833038430385303863038730388303893039030391303923039330394303953039630397303983039930400304013040230403304043040530406304073040830409304103041130412304133041430415304163041730418304193042030421304223042330424304253042630427304283042930430304313043230433304343043530436304373043830439304403044130442304433044430445304463044730448304493045030451304523045330454304553045630457304583045930460304613046230463304643046530466304673046830469304703047130472304733047430475304763047730478304793048030481304823048330484304853048630487304883048930490304913049230493304943049530496304973049830499305003050130502305033050430505305063050730508305093051030511305123051330514305153051630517305183051930520305213052230523305243052530526305273052830529305303053130532305333053430535305363053730538305393054030541305423054330544305453054630547305483054930550305513055230553305543055530556305573055830559305603056130562305633056430565305663056730568305693057030571305723057330574305753057630577305783057930580305813058230583305843058530586305873058830589305903059130592305933059430595305963059730598305993060030601306023060330604306053060630607306083060930610306113061230613306143061530616306173061830619306203062130622306233062430625306263062730628306293063030631306323063330634306353063630637306383063930640306413064230643306443064530646306473064830649306503065130652306533065430655306563065730658306593066030661306623066330664306653066630667306683066930670306713067230673306743067530676306773067830679306803068130682306833068430685306863068730688306893069030691306923069330694306953069630697306983069930700307013070230703307043070530706307073070830709307103071130712307133071430715307163071730718307193072030721307223072330724307253072630727307283072930730307313073230733307343073530736307373073830739307403074130742307433074430745307463074730748307493075030751307523075330754307553075630757307583075930760307613076230763307643076530766307673076830769307703077130772307733077430775307763077730778307793078030781307823078330784307853078630787307883078930790307913079230793307943079530796307973079830799308003080130802308033080430805308063080730808308093081030811308123081330814308153081630817308183081930820308213082230823308243082530826308273082830829308303083130832308333083430835308363083730838308393084030841308423084330844308453084630847308483084930850308513085230853308543085530856308573085830859308603086130862308633086430865308663086730868308693087030871308723087330874308753087630877308783087930880308813088230883308843088530886308873088830889308903089130892308933089430895308963089730898308993090030901309023090330904309053090630907309083090930910309113091230913309143091530916309173091830919309203092130922309233092430925309263092730928309293093030931309323093330934309353093630937309383093930940309413094230943309443094530946309473094830949309503095130952309533095430955309563095730958309593096030961309623096330964309653096630967309683096930970309713097230973309743097530976309773097830979309803098130982309833098430985309863098730988309893099030991309923099330994309953099630997309983099931000310013100231003310043100531006310073100831009310103101131012310133101431015310163101731018310193102031021310223102331024310253102631027310283102931030310313103231033310343103531036310373103831039310403104131042310433104431045310463104731048310493105031051310523105331054310553105631057310583105931060310613106231063310643106531066310673106831069310703107131072310733107431075310763107731078310793108031081310823108331084310853108631087310883108931090310913109231093310943109531096310973109831099311003110131102311033110431105311063110731108311093111031111311123111331114311153111631117311183111931120311213112231123311243112531126311273112831129311303113131132311333113431135311363113731138311393114031141311423114331144311453114631147311483114931150311513115231153311543115531156311573115831159311603116131162311633116431165311663116731168311693117031171311723117331174311753117631177311783117931180311813118231183311843118531186311873118831189311903119131192311933119431195311963119731198311993120031201312023120331204312053120631207312083120931210312113121231213312143121531216312173121831219312203122131222312233122431225312263122731228312293123031231312323123331234312353123631237312383123931240312413124231243312443124531246312473124831249312503125131252312533125431255312563125731258312593126031261312623126331264312653126631267312683126931270312713127231273312743127531276312773127831279312803128131282312833128431285312863128731288312893129031291312923129331294312953129631297312983129931300313013130231303313043130531306313073130831309313103131131312313133131431315313163131731318313193132031321313223132331324313253132631327313283132931330313313133231333313343133531336313373133831339313403134131342313433134431345313463134731348313493135031351313523135331354313553135631357313583135931360313613136231363313643136531366313673136831369313703137131372313733137431375313763137731378313793138031381313823138331384313853138631387313883138931390313913139231393313943139531396313973139831399314003140131402314033140431405314063140731408314093141031411314123141331414314153141631417314183141931420314213142231423314243142531426314273142831429314303143131432314333143431435314363143731438314393144031441314423144331444314453144631447314483144931450314513145231453314543145531456314573145831459314603146131462314633146431465314663146731468314693147031471314723147331474314753147631477314783147931480314813148231483314843148531486314873148831489314903149131492314933149431495314963149731498314993150031501315023150331504315053150631507315083150931510315113151231513315143151531516315173151831519315203152131522315233152431525315263152731528315293153031531315323153331534315353153631537315383153931540315413154231543315443154531546315473154831549315503155131552315533155431555315563155731558315593156031561315623156331564315653156631567315683156931570315713157231573315743157531576315773157831579315803158131582315833158431585315863158731588315893159031591315923159331594315953159631597315983159931600316013160231603316043160531606316073160831609316103161131612316133161431615316163161731618316193162031621316223162331624316253162631627316283162931630316313163231633316343163531636316373163831639316403164131642316433164431645316463164731648316493165031651316523165331654316553165631657316583165931660316613166231663316643166531666316673166831669316703167131672316733167431675316763167731678316793168031681316823168331684316853168631687316883168931690316913169231693316943169531696316973169831699317003170131702317033170431705317063170731708317093171031711317123171331714317153171631717317183171931720317213172231723317243172531726317273172831729317303173131732317333173431735317363173731738317393174031741317423174331744317453174631747317483174931750317513175231753317543175531756317573175831759317603176131762317633176431765317663176731768317693177031771317723177331774317753177631777317783177931780317813178231783317843178531786317873178831789317903179131792317933179431795317963179731798317993180031801318023180331804318053180631807318083180931810318113181231813318143181531816318173181831819318203182131822318233182431825318263182731828318293183031831318323183331834318353183631837318383183931840318413184231843318443184531846318473184831849318503185131852318533185431855318563185731858318593186031861318623186331864318653186631867318683186931870318713187231873318743187531876318773187831879318803188131882318833188431885318863188731888318893189031891318923189331894318953189631897318983189931900319013190231903319043190531906319073190831909319103191131912319133191431915319163191731918319193192031921319223192331924319253192631927319283192931930319313193231933319343193531936319373193831939319403194131942319433194431945319463194731948319493195031951319523195331954319553195631957319583195931960319613196231963319643196531966319673196831969319703197131972319733197431975319763197731978319793198031981319823198331984319853198631987319883198931990319913199231993319943199531996319973199831999320003200132002320033200432005320063200732008320093201032011320123201332014320153201632017320183201932020320213202232023320243202532026320273202832029320303203132032320333203432035320363203732038320393204032041320423204332044320453204632047320483204932050320513205232053320543205532056320573205832059320603206132062320633206432065320663206732068320693207032071320723207332074320753207632077320783207932080320813208232083320843208532086320873208832089320903209132092320933209432095320963209732098320993210032101321023210332104321053210632107321083210932110321113211232113321143211532116321173211832119321203212132122321233212432125321263212732128321293213032131321323213332134321353213632137321383213932140321413214232143321443214532146321473214832149321503215132152321533215432155321563215732158321593216032161321623216332164321653216632167321683216932170321713217232173321743217532176321773217832179321803218132182321833218432185321863218732188321893219032191321923219332194321953219632197321983219932200322013220232203322043220532206322073220832209322103221132212322133221432215322163221732218322193222032221322223222332224322253222632227322283222932230322313223232233322343223532236322373223832239322403224132242322433224432245322463224732248322493225032251322523225332254322553225632257322583225932260322613226232263322643226532266322673226832269322703227132272322733227432275322763227732278322793228032281322823228332284322853228632287322883228932290322913229232293322943229532296322973229832299323003230132302323033230432305323063230732308323093231032311323123231332314323153231632317323183231932320323213232232323323243232532326323273232832329323303233132332323333233432335323363233732338323393234032341323423234332344323453234632347323483234932350323513235232353323543235532356323573235832359323603236132362323633236432365323663236732368323693237032371323723237332374323753237632377323783237932380323813238232383323843238532386323873238832389323903239132392323933239432395323963239732398323993240032401324023240332404324053240632407324083240932410324113241232413324143241532416324173241832419324203242132422324233242432425324263242732428324293243032431324323243332434324353243632437324383243932440324413244232443324443244532446324473244832449324503245132452324533245432455324563245732458324593246032461324623246332464324653246632467324683246932470324713247232473324743247532476324773247832479324803248132482324833248432485324863248732488324893249032491324923249332494324953249632497324983249932500325013250232503325043250532506325073250832509325103251132512325133251432515325163251732518325193252032521325223252332524325253252632527325283252932530325313253232533325343253532536325373253832539325403254132542325433254432545325463254732548325493255032551325523255332554325553255632557325583255932560325613256232563325643256532566325673256832569325703257132572325733257432575325763257732578325793258032581325823258332584325853258632587325883258932590325913259232593325943259532596325973259832599326003260132602326033260432605326063260732608326093261032611326123261332614326153261632617326183261932620326213262232623326243262532626326273262832629326303263132632326333263432635326363263732638326393264032641326423264332644326453264632647326483264932650326513265232653326543265532656326573265832659326603266132662326633266432665326663266732668326693267032671326723267332674326753267632677326783267932680326813268232683326843268532686326873268832689326903269132692326933269432695326963269732698326993270032701327023270332704327053270632707327083270932710327113271232713327143271532716327173271832719327203272132722327233272432725327263272732728327293273032731327323273332734327353273632737327383273932740327413274232743327443274532746327473274832749327503275132752327533275432755327563275732758327593276032761327623276332764327653276632767327683276932770327713277232773327743277532776327773277832779327803278132782327833278432785327863278732788327893279032791327923279332794327953279632797327983279932800328013280232803328043280532806328073280832809328103281132812328133281432815328163281732818328193282032821328223282332824328253282632827328283282932830328313283232833328343283532836328373283832839328403284132842328433284432845328463284732848328493285032851328523285332854328553285632857328583285932860328613286232863328643286532866328673286832869328703287132872328733287432875328763287732878328793288032881328823288332884328853288632887328883288932890328913289232893328943289532896328973289832899329003290132902329033290432905329063290732908329093291032911329123291332914329153291632917329183291932920329213292232923329243292532926329273292832929329303293132932329333293432935329363293732938329393294032941329423294332944329453294632947329483294932950329513295232953329543295532956329573295832959329603296132962329633296432965329663296732968329693297032971329723297332974329753297632977329783297932980329813298232983329843298532986329873298832989329903299132992329933299432995329963299732998329993300033001330023300333004330053300633007330083300933010330113301233013330143301533016330173301833019330203302133022330233302433025330263302733028330293303033031330323303333034330353303633037330383303933040330413304233043330443304533046330473304833049330503305133052330533305433055330563305733058330593306033061330623306333064330653306633067330683306933070330713307233073330743307533076330773307833079330803308133082330833308433085330863308733088330893309033091330923309333094330953309633097330983309933100331013310233103331043310533106331073310833109331103311133112331133311433115331163311733118331193312033121331223312333124331253312633127331283312933130331313313233133331343313533136331373313833139331403314133142331433314433145331463314733148331493315033151331523315333154331553315633157331583315933160331613316233163331643316533166331673316833169331703317133172331733317433175331763317733178331793318033181331823318333184331853318633187331883318933190331913319233193331943319533196331973319833199332003320133202332033320433205332063320733208332093321033211332123321333214332153321633217332183321933220332213322233223332243322533226332273322833229332303323133232332333323433235332363323733238332393324033241332423324333244332453324633247332483324933250332513325233253332543325533256332573325833259332603326133262332633326433265332663326733268332693327033271332723327333274332753327633277332783327933280332813328233283332843328533286332873328833289332903329133292332933329433295332963329733298332993330033301333023330333304333053330633307333083330933310333113331233313333143331533316333173331833319333203332133322333233332433325333263332733328333293333033331333323333333334333353333633337333383333933340333413334233343333443334533346333473334833349333503335133352333533335433355333563335733358333593336033361333623336333364333653336633367333683336933370333713337233373333743337533376333773337833379333803338133382333833338433385333863338733388333893339033391333923339333394333953339633397333983339933400334013340233403334043340533406334073340833409334103341133412334133341433415334163341733418334193342033421334223342333424334253342633427334283342933430334313343233433334343343533436334373343833439334403344133442334433344433445334463344733448334493345033451334523345333454334553345633457334583345933460334613346233463334643346533466334673346833469334703347133472334733347433475334763347733478334793348033481334823348333484334853348633487334883348933490334913349233493334943349533496334973349833499335003350133502335033350433505335063350733508335093351033511335123351333514335153351633517335183351933520335213352233523335243352533526335273352833529335303353133532335333353433535335363353733538335393354033541335423354333544335453354633547335483354933550335513355233553335543355533556335573355833559335603356133562335633356433565335663356733568335693357033571335723357333574335753357633577335783357933580335813358233583335843358533586335873358833589335903359133592335933359433595335963359733598335993360033601336023360333604336053360633607336083360933610336113361233613336143361533616336173361833619336203362133622336233362433625336263362733628336293363033631336323363333634336353363633637336383363933640336413364233643336443364533646336473364833649336503365133652336533365433655336563365733658336593366033661336623366333664336653366633667336683366933670336713367233673336743367533676336773367833679336803368133682336833368433685336863368733688336893369033691336923369333694336953369633697336983369933700337013370233703337043370533706337073370833709337103371133712337133371433715337163371733718337193372033721337223372333724337253372633727337283372933730337313373233733337343373533736337373373833739337403374133742337433374433745337463374733748337493375033751337523375333754337553375633757337583375933760337613376233763337643376533766337673376833769337703377133772337733377433775337763377733778337793378033781337823378333784337853378633787337883378933790337913379233793337943379533796337973379833799338003380133802338033380433805338063380733808338093381033811338123381333814338153381633817338183381933820338213382233823338243382533826338273382833829338303383133832338333383433835338363383733838338393384033841338423384333844338453384633847338483384933850338513385233853338543385533856338573385833859338603386133862338633386433865338663386733868338693387033871338723387333874338753387633877338783387933880338813388233883338843388533886338873388833889338903389133892338933389433895338963389733898338993390033901339023390333904339053390633907339083390933910339113391233913339143391533916339173391833919339203392133922339233392433925339263392733928339293393033931339323393333934339353393633937339383393933940339413394233943339443394533946339473394833949339503395133952339533395433955339563395733958339593396033961339623396333964339653396633967339683396933970339713397233973339743397533976339773397833979339803398133982339833398433985339863398733988339893399033991339923399333994339953399633997339983399934000340013400234003340043400534006340073400834009340103401134012340133401434015340163401734018340193402034021340223402334024340253402634027340283402934030340313403234033340343403534036340373403834039340403404134042340433404434045340463404734048340493405034051340523405334054340553405634057340583405934060340613406234063340643406534066340673406834069340703407134072340733407434075340763407734078340793408034081340823408334084340853408634087340883408934090340913409234093340943409534096340973409834099341003410134102341033410434105341063410734108341093411034111341123411334114341153411634117341183411934120341213412234123341243412534126341273412834129341303413134132341333413434135341363413734138341393414034141341423414334144341453414634147341483414934150341513415234153341543415534156341573415834159341603416134162341633416434165341663416734168341693417034171341723417334174341753417634177341783417934180341813418234183341843418534186341873418834189341903419134192341933419434195341963419734198341993420034201342023420334204342053420634207342083420934210342113421234213342143421534216342173421834219342203422134222342233422434225342263422734228342293423034231342323423334234342353423634237342383423934240342413424234243342443424534246342473424834249342503425134252342533425434255342563425734258342593426034261342623426334264342653426634267342683426934270342713427234273342743427534276342773427834279342803428134282342833428434285342863428734288342893429034291342923429334294342953429634297342983429934300343013430234303343043430534306343073430834309343103431134312343133431434315343163431734318343193432034321343223432334324343253432634327343283432934330343313433234333343343433534336343373433834339343403434134342343433434434345343463434734348343493435034351343523435334354343553435634357343583435934360343613436234363343643436534366343673436834369343703437134372343733437434375343763437734378343793438034381343823438334384343853438634387343883438934390343913439234393343943439534396343973439834399344003440134402344033440434405344063440734408344093441034411344123441334414344153441634417344183441934420344213442234423344243442534426344273442834429344303443134432344333443434435344363443734438344393444034441344423444334444344453444634447344483444934450344513445234453344543445534456344573445834459344603446134462344633446434465344663446734468344693447034471344723447334474344753447634477344783447934480344813448234483344843448534486344873448834489344903449134492344933449434495344963449734498344993450034501345023450334504345053450634507345083450934510345113451234513345143451534516345173451834519345203452134522345233452434525345263452734528345293453034531345323453334534345353453634537345383453934540345413454234543345443454534546345473454834549345503455134552345533455434555345563455734558345593456034561345623456334564345653456634567345683456934570345713457234573345743457534576345773457834579345803458134582345833458434585345863458734588345893459034591345923459334594345953459634597345983459934600346013460234603346043460534606346073460834609346103461134612346133461434615346163461734618346193462034621346223462334624346253462634627346283462934630346313463234633346343463534636346373463834639346403464134642346433464434645346463464734648346493465034651346523465334654346553465634657346583465934660346613466234663346643466534666346673466834669346703467134672346733467434675346763467734678346793468034681346823468334684346853468634687346883468934690346913469234693346943469534696346973469834699347003470134702347033470434705347063470734708347093471034711347123471334714347153471634717347183471934720347213472234723347243472534726347273472834729347303473134732347333473434735347363473734738347393474034741347423474334744347453474634747347483474934750347513475234753347543475534756347573475834759347603476134762347633476434765347663476734768347693477034771347723477334774347753477634777347783477934780347813478234783347843478534786347873478834789347903479134792347933479434795347963479734798347993480034801348023480334804348053480634807348083480934810348113481234813348143481534816348173481834819348203482134822348233482434825348263482734828348293483034831348323483334834348353483634837348383483934840348413484234843348443484534846348473484834849348503485134852348533485434855348563485734858348593486034861348623486334864348653486634867348683486934870348713487234873348743487534876348773487834879348803488134882348833488434885348863488734888348893489034891348923489334894348953489634897348983489934900349013490234903349043490534906349073490834909349103491134912349133491434915349163491734918349193492034921349223492334924349253492634927349283492934930349313493234933349343493534936349373493834939349403494134942349433494434945349463494734948349493495034951349523495334954349553495634957349583495934960349613496234963349643496534966349673496834969349703497134972349733497434975349763497734978349793498034981349823498334984349853498634987349883498934990349913499234993349943499534996349973499834999350003500135002350033500435005350063500735008350093501035011350123501335014350153501635017350183501935020350213502235023350243502535026350273502835029350303503135032350333503435035350363503735038350393504035041350423504335044350453504635047350483504935050350513505235053350543505535056350573505835059350603506135062350633506435065350663506735068350693507035071350723507335074350753507635077350783507935080350813508235083350843508535086350873508835089350903509135092350933509435095350963509735098350993510035101351023510335104351053510635107351083510935110351113511235113351143511535116351173511835119351203512135122351233512435125351263512735128351293513035131351323513335134351353513635137351383513935140351413514235143351443514535146351473514835149351503515135152351533515435155351563515735158351593516035161351623516335164351653516635167351683516935170351713517235173351743517535176351773517835179351803518135182351833518435185351863518735188351893519035191351923519335194351953519635197351983519935200352013520235203352043520535206352073520835209352103521135212352133521435215352163521735218352193522035221352223522335224352253522635227352283522935230352313523235233352343523535236352373523835239352403524135242352433524435245352463524735248352493525035251352523525335254352553525635257352583525935260352613526235263352643526535266352673526835269352703527135272352733527435275352763527735278352793528035281352823528335284352853528635287352883528935290352913529235293352943529535296352973529835299353003530135302353033530435305353063530735308353093531035311353123531335314353153531635317353183531935320353213532235323353243532535326353273532835329353303533135332353333533435335353363533735338353393534035341353423534335344353453534635347353483534935350353513535235353353543535535356353573535835359353603536135362353633536435365353663536735368353693537035371353723537335374353753537635377353783537935380353813538235383353843538535386353873538835389353903539135392353933539435395353963539735398353993540035401354023540335404354053540635407354083540935410354113541235413354143541535416354173541835419354203542135422354233542435425354263542735428354293543035431354323543335434354353543635437354383543935440354413544235443354443544535446354473544835449354503545135452354533545435455354563545735458354593546035461354623546335464354653546635467354683546935470354713547235473354743547535476354773547835479354803548135482354833548435485354863548735488354893549035491354923549335494354953549635497354983549935500355013550235503355043550535506355073550835509355103551135512355133551435515355163551735518355193552035521355223552335524355253552635527355283552935530355313553235533355343553535536355373553835539355403554135542355433554435545355463554735548355493555035551355523555335554355553555635557355583555935560355613556235563355643556535566355673556835569355703557135572355733557435575355763557735578355793558035581355823558335584355853558635587355883558935590355913559235593355943559535596355973559835599356003560135602356033560435605356063560735608356093561035611356123561335614356153561635617356183561935620356213562235623356243562535626356273562835629356303563135632356333563435635356363563735638356393564035641356423564335644356453564635647356483564935650356513565235653356543565535656356573565835659356603566135662356633566435665356663566735668356693567035671356723567335674356753567635677356783567935680356813568235683356843568535686356873568835689356903569135692356933569435695356963569735698356993570035701357023570335704357053570635707357083570935710357113571235713357143571535716357173571835719357203572135722357233572435725357263572735728357293573035731357323573335734357353573635737357383573935740357413574235743357443574535746357473574835749357503575135752357533575435755357563575735758357593576035761357623576335764357653576635767357683576935770357713577235773357743577535776357773577835779357803578135782357833578435785357863578735788357893579035791357923579335794357953579635797357983579935800358013580235803358043580535806358073580835809358103581135812358133581435815358163581735818358193582035821358223582335824358253582635827358283582935830358313583235833358343583535836358373583835839358403584135842358433584435845358463584735848358493585035851358523585335854358553585635857358583585935860358613586235863358643586535866358673586835869358703587135872358733587435875358763587735878358793588035881358823588335884358853588635887358883588935890358913589235893358943589535896358973589835899359003590135902359033590435905359063590735908359093591035911359123591335914359153591635917359183591935920359213592235923359243592535926359273592835929359303593135932359333593435935359363593735938359393594035941359423594335944359453594635947359483594935950359513595235953359543595535956359573595835959359603596135962359633596435965359663596735968359693597035971359723597335974359753597635977359783597935980359813598235983359843598535986359873598835989359903599135992359933599435995359963599735998359993600036001360023600336004360053600636007360083600936010360113601236013360143601536016360173601836019360203602136022360233602436025360263602736028360293603036031360323603336034360353603636037360383603936040360413604236043360443604536046360473604836049360503605136052360533605436055360563605736058360593606036061360623606336064360653606636067360683606936070360713607236073360743607536076360773607836079360803608136082360833608436085360863608736088360893609036091360923609336094360953609636097360983609936100361013610236103361043610536106361073610836109361103611136112361133611436115361163611736118361193612036121361223612336124361253612636127361283612936130361313613236133361343613536136361373613836139361403614136142361433614436145361463614736148361493615036151361523615336154361553615636157361583615936160361613616236163361643616536166361673616836169361703617136172361733617436175361763617736178361793618036181361823618336184361853618636187361883618936190361913619236193361943619536196361973619836199362003620136202362033620436205362063620736208362093621036211362123621336214362153621636217362183621936220362213622236223362243622536226362273622836229362303623136232362333623436235362363623736238362393624036241362423624336244362453624636247362483624936250362513625236253362543625536256362573625836259362603626136262362633626436265362663626736268362693627036271362723627336274362753627636277362783627936280362813628236283362843628536286362873628836289362903629136292362933629436295362963629736298362993630036301363023630336304363053630636307363083630936310363113631236313363143631536316363173631836319363203632136322363233632436325363263632736328363293633036331363323633336334363353633636337363383633936340363413634236343363443634536346363473634836349363503635136352363533635436355363563635736358363593636036361363623636336364363653636636367363683636936370363713637236373363743637536376363773637836379363803638136382363833638436385363863638736388363893639036391363923639336394363953639636397363983639936400364013640236403364043640536406364073640836409364103641136412364133641436415364163641736418364193642036421364223642336424364253642636427364283642936430364313643236433364343643536436364373643836439364403644136442364433644436445364463644736448364493645036451364523645336454364553645636457364583645936460364613646236463364643646536466364673646836469364703647136472364733647436475364763647736478364793648036481364823648336484364853648636487364883648936490364913649236493364943649536496364973649836499365003650136502365033650436505365063650736508365093651036511365123651336514365153651636517365183651936520365213652236523365243652536526365273652836529365303653136532365333653436535365363653736538365393654036541365423654336544365453654636547365483654936550365513655236553365543655536556365573655836559365603656136562365633656436565365663656736568365693657036571365723657336574365753657636577365783657936580365813658236583365843658536586365873658836589365903659136592365933659436595365963659736598365993660036601366023660336604366053660636607366083660936610366113661236613366143661536616366173661836619366203662136622366233662436625366263662736628366293663036631366323663336634366353663636637366383663936640366413664236643366443664536646366473664836649366503665136652366533665436655366563665736658366593666036661366623666336664366653666636667366683666936670366713667236673366743667536676366773667836679366803668136682366833668436685366863668736688366893669036691366923669336694366953669636697366983669936700367013670236703367043670536706367073670836709367103671136712367133671436715367163671736718367193672036721367223672336724367253672636727367283672936730367313673236733367343673536736367373673836739367403674136742367433674436745367463674736748367493675036751367523675336754367553675636757367583675936760367613676236763367643676536766367673676836769367703677136772367733677436775367763677736778367793678036781367823678336784367853678636787367883678936790367913679236793367943679536796367973679836799368003680136802368033680436805368063680736808368093681036811368123681336814368153681636817368183681936820368213682236823368243682536826368273682836829368303683136832368333683436835368363683736838368393684036841368423684336844368453684636847368483684936850368513685236853368543685536856368573685836859368603686136862368633686436865368663686736868368693687036871368723687336874368753687636877368783687936880368813688236883368843688536886368873688836889368903689136892368933689436895368963689736898368993690036901369023690336904369053690636907369083690936910369113691236913369143691536916369173691836919369203692136922369233692436925369263692736928369293693036931369323693336934369353693636937369383693936940369413694236943369443694536946369473694836949369503695136952369533695436955369563695736958369593696036961369623696336964369653696636967369683696936970369713697236973369743697536976369773697836979369803698136982369833698436985369863698736988369893699036991369923699336994369953699636997369983699937000370013700237003370043700537006370073700837009370103701137012370133701437015370163701737018370193702037021370223702337024370253702637027370283702937030370313703237033370343703537036370373703837039370403704137042370433704437045370463704737048370493705037051370523705337054370553705637057370583705937060370613706237063370643706537066370673706837069370703707137072370733707437075370763707737078370793708037081370823708337084370853708637087370883708937090370913709237093370943709537096370973709837099371003710137102371033710437105371063710737108371093711037111371123711337114371153711637117371183711937120371213712237123371243712537126371273712837129371303713137132371333713437135371363713737138371393714037141371423714337144371453714637147371483714937150371513715237153371543715537156371573715837159371603716137162371633716437165371663716737168371693717037171371723717337174371753717637177371783717937180371813718237183371843718537186371873718837189371903719137192371933719437195371963719737198371993720037201372023720337204372053720637207372083720937210372113721237213372143721537216372173721837219372203722137222372233722437225372263722737228372293723037231372323723337234372353723637237372383723937240372413724237243372443724537246372473724837249372503725137252372533725437255372563725737258372593726037261372623726337264372653726637267372683726937270372713727237273372743727537276372773727837279372803728137282372833728437285372863728737288372893729037291372923729337294372953729637297372983729937300373013730237303373043730537306373073730837309373103731137312373133731437315373163731737318373193732037321373223732337324373253732637327373283732937330373313733237333373343733537336373373733837339373403734137342373433734437345373463734737348373493735037351373523735337354373553735637357373583735937360373613736237363373643736537366373673736837369373703737137372373733737437375373763737737378373793738037381373823738337384373853738637387373883738937390373913739237393373943739537396373973739837399374003740137402374033740437405374063740737408374093741037411374123741337414374153741637417374183741937420374213742237423374243742537426374273742837429374303743137432374333743437435374363743737438374393744037441374423744337444374453744637447374483744937450374513745237453374543745537456374573745837459374603746137462374633746437465374663746737468374693747037471374723747337474374753747637477374783747937480374813748237483374843748537486374873748837489374903749137492374933749437495374963749737498374993750037501375023750337504375053750637507375083750937510375113751237513375143751537516375173751837519375203752137522375233752437525375263752737528375293753037531375323753337534375353753637537375383753937540375413754237543375443754537546375473754837549375503755137552375533755437555375563755737558375593756037561375623756337564375653756637567375683756937570375713757237573375743757537576375773757837579375803758137582375833758437585375863758737588375893759037591375923759337594375953759637597375983759937600376013760237603376043760537606376073760837609376103761137612376133761437615376163761737618376193762037621376223762337624376253762637627376283762937630376313763237633376343763537636376373763837639376403764137642376433764437645376463764737648376493765037651376523765337654376553765637657376583765937660376613766237663376643766537666376673766837669376703767137672376733767437675376763767737678376793768037681376823768337684376853768637687376883768937690376913769237693376943769537696376973769837699377003770137702377033770437705377063770737708377093771037711377123771337714377153771637717377183771937720377213772237723377243772537726377273772837729377303773137732377333773437735377363773737738377393774037741377423774337744377453774637747377483774937750377513775237753377543775537756377573775837759377603776137762377633776437765377663776737768377693777037771377723777337774377753777637777377783777937780377813778237783377843778537786377873778837789377903779137792377933779437795377963779737798377993780037801378023780337804378053780637807378083780937810378113781237813378143781537816378173781837819378203782137822378233782437825378263782737828378293783037831378323783337834378353783637837378383783937840378413784237843378443784537846378473784837849378503785137852378533785437855378563785737858378593786037861378623786337864378653786637867378683786937870378713787237873378743787537876378773787837879378803788137882378833788437885378863788737888378893789037891378923789337894378953789637897378983789937900379013790237903379043790537906379073790837909379103791137912379133791437915379163791737918379193792037921379223792337924379253792637927379283792937930379313793237933379343793537936379373793837939379403794137942379433794437945379463794737948379493795037951379523795337954379553795637957379583795937960379613796237963379643796537966379673796837969379703797137972379733797437975379763797737978379793798037981379823798337984379853798637987379883798937990379913799237993379943799537996379973799837999380003800138002380033800438005380063800738008380093801038011380123801338014380153801638017380183801938020380213802238023380243802538026380273802838029380303803138032380333803438035380363803738038380393804038041380423804338044380453804638047380483804938050380513805238053380543805538056380573805838059380603806138062380633806438065380663806738068380693807038071380723807338074380753807638077380783807938080380813808238083380843808538086380873808838089380903809138092380933809438095380963809738098380993810038101381023810338104381053810638107381083810938110381113811238113381143811538116381173811838119381203812138122381233812438125381263812738128381293813038131381323813338134381353813638137381383813938140381413814238143381443814538146381473814838149381503815138152381533815438155381563815738158381593816038161381623816338164381653816638167381683816938170381713817238173381743817538176381773817838179381803818138182381833818438185381863818738188381893819038191381923819338194381953819638197381983819938200382013820238203382043820538206382073820838209382103821138212382133821438215382163821738218382193822038221382223822338224382253822638227382283822938230382313823238233382343823538236382373823838239382403824138242382433824438245382463824738248382493825038251382523825338254382553825638257382583825938260382613826238263382643826538266382673826838269382703827138272382733827438275382763827738278382793828038281382823828338284382853828638287382883828938290382913829238293382943829538296382973829838299383003830138302383033830438305383063830738308383093831038311383123831338314383153831638317383183831938320383213832238323383243832538326383273832838329383303833138332383333833438335383363833738338383393834038341383423834338344383453834638347383483834938350383513835238353383543835538356383573835838359383603836138362383633836438365383663836738368383693837038371383723837338374383753837638377383783837938380383813838238383383843838538386383873838838389383903839138392383933839438395383963839738398383993840038401384023840338404384053840638407384083840938410384113841238413384143841538416384173841838419384203842138422384233842438425384263842738428384293843038431384323843338434384353843638437384383843938440384413844238443384443844538446384473844838449384503845138452384533845438455384563845738458384593846038461384623846338464384653846638467384683846938470384713847238473384743847538476384773847838479384803848138482384833848438485384863848738488384893849038491384923849338494384953849638497384983849938500385013850238503385043850538506385073850838509385103851138512385133851438515385163851738518385193852038521385223852338524385253852638527385283852938530385313853238533385343853538536385373853838539385403854138542385433854438545385463854738548385493855038551385523855338554385553855638557385583855938560385613856238563385643856538566385673856838569385703857138572385733857438575385763857738578385793858038581385823858338584385853858638587385883858938590385913859238593385943859538596385973859838599386003860138602386033860438605386063860738608386093861038611386123861338614386153861638617386183861938620386213862238623386243862538626386273862838629386303863138632386333863438635386363863738638386393864038641386423864338644386453864638647386483864938650386513865238653386543865538656386573865838659386603866138662386633866438665386663866738668386693867038671386723867338674386753867638677386783867938680386813868238683386843868538686386873868838689386903869138692386933869438695386963869738698386993870038701387023870338704387053870638707387083870938710387113871238713387143871538716387173871838719387203872138722387233872438725387263872738728387293873038731387323873338734387353873638737387383873938740387413874238743387443874538746387473874838749387503875138752387533875438755387563875738758387593876038761387623876338764387653876638767387683876938770387713877238773387743877538776387773877838779387803878138782387833878438785387863878738788387893879038791387923879338794387953879638797387983879938800388013880238803388043880538806388073880838809388103881138812388133881438815388163881738818388193882038821388223882338824388253882638827388283882938830388313883238833388343883538836388373883838839388403884138842388433884438845388463884738848388493885038851388523885338854388553885638857388583885938860388613886238863388643886538866388673886838869388703887138872388733887438875388763887738878388793888038881388823888338884388853888638887388883888938890388913889238893388943889538896388973889838899389003890138902389033890438905389063890738908389093891038911389123891338914389153891638917389183891938920389213892238923389243892538926389273892838929389303893138932389333893438935389363893738938389393894038941389423894338944389453894638947389483894938950389513895238953389543895538956389573895838959389603896138962389633896438965389663896738968389693897038971389723897338974389753897638977389783897938980389813898238983389843898538986389873898838989389903899138992389933899438995389963899738998389993900039001390023900339004390053900639007390083900939010390113901239013390143901539016390173901839019390203902139022390233902439025390263902739028390293903039031390323903339034390353903639037390383903939040390413904239043390443904539046390473904839049390503905139052390533905439055390563905739058390593906039061390623906339064390653906639067390683906939070390713907239073390743907539076390773907839079390803908139082390833908439085390863908739088390893909039091390923909339094390953909639097390983909939100391013910239103391043910539106391073910839109391103911139112391133911439115391163911739118391193912039121391223912339124391253912639127391283912939130391313913239133391343913539136391373913839139391403914139142391433914439145391463914739148391493915039151391523915339154391553915639157391583915939160391613916239163391643916539166391673916839169391703917139172391733917439175391763917739178391793918039181391823918339184391853918639187391883918939190391913919239193391943919539196391973919839199392003920139202392033920439205392063920739208392093921039211392123921339214392153921639217392183921939220392213922239223392243922539226392273922839229392303923139232392333923439235392363923739238392393924039241392423924339244392453924639247392483924939250392513925239253392543925539256392573925839259392603926139262392633926439265392663926739268392693927039271392723927339274392753927639277392783927939280392813928239283392843928539286392873928839289392903929139292392933929439295392963929739298392993930039301393023930339304393053930639307393083930939310393113931239313393143931539316393173931839319393203932139322393233932439325393263932739328393293933039331393323933339334393353933639337393383933939340393413934239343393443934539346393473934839349393503935139352393533935439355393563935739358393593936039361393623936339364393653936639367393683936939370393713937239373393743937539376393773937839379393803938139382393833938439385393863938739388393893939039391393923939339394393953939639397393983939939400394013940239403394043940539406394073940839409394103941139412394133941439415394163941739418394193942039421394223942339424394253942639427394283942939430394313943239433394343943539436394373943839439394403944139442394433944439445394463944739448394493945039451394523945339454394553945639457394583945939460394613946239463394643946539466394673946839469394703947139472394733947439475394763947739478394793948039481394823948339484394853948639487394883948939490394913949239493394943949539496394973949839499395003950139502395033950439505395063950739508395093951039511395123951339514395153951639517395183951939520395213952239523395243952539526395273952839529395303953139532395333953439535395363953739538395393954039541395423954339544395453954639547395483954939550395513955239553395543955539556395573955839559395603956139562395633956439565395663956739568395693957039571395723957339574395753957639577395783957939580395813958239583395843958539586395873958839589395903959139592395933959439595395963959739598395993960039601396023960339604396053960639607396083960939610396113961239613396143961539616396173961839619396203962139622396233962439625396263962739628396293963039631396323963339634396353963639637396383963939640396413964239643396443964539646396473964839649396503965139652396533965439655396563965739658396593966039661396623966339664396653966639667396683966939670396713967239673396743967539676396773967839679396803968139682396833968439685396863968739688396893969039691396923969339694396953969639697396983969939700397013970239703397043970539706397073970839709397103971139712397133971439715397163971739718397193972039721397223972339724397253972639727397283972939730397313973239733397343973539736397373973839739397403974139742397433974439745397463974739748397493975039751397523975339754397553975639757397583975939760397613976239763397643976539766397673976839769397703977139772397733977439775397763977739778397793978039781397823978339784397853978639787397883978939790397913979239793397943979539796397973979839799398003980139802398033980439805398063980739808398093981039811398123981339814398153981639817398183981939820398213982239823398243982539826398273982839829398303983139832398333983439835398363983739838398393984039841398423984339844398453984639847398483984939850398513985239853398543985539856398573985839859398603986139862398633986439865398663986739868398693987039871398723987339874398753987639877398783987939880398813988239883398843988539886398873988839889398903989139892398933989439895398963989739898398993990039901399023990339904399053990639907399083990939910399113991239913399143991539916399173991839919399203992139922399233992439925399263992739928399293993039931399323993339934399353993639937399383993939940399413994239943399443994539946399473994839949399503995139952399533995439955399563995739958399593996039961399623996339964399653996639967399683996939970399713997239973399743997539976399773997839979399803998139982399833998439985399863998739988399893999039991399923999339994399953999639997399983999940000400014000240003400044000540006400074000840009400104001140012400134001440015400164001740018400194002040021400224002340024400254002640027400284002940030400314003240033400344003540036400374003840039400404004140042400434004440045400464004740048400494005040051400524005340054400554005640057400584005940060400614006240063400644006540066400674006840069400704007140072400734007440075400764007740078400794008040081400824008340084400854008640087400884008940090400914009240093400944009540096400974009840099401004010140102401034010440105401064010740108401094011040111401124011340114401154011640117401184011940120401214012240123401244012540126401274012840129401304013140132401334013440135401364013740138401394014040141401424014340144401454014640147401484014940150401514015240153401544015540156401574015840159401604016140162401634016440165401664016740168401694017040171401724017340174401754017640177401784017940180401814018240183401844018540186401874018840189401904019140192401934019440195401964019740198401994020040201402024020340204402054020640207402084020940210402114021240213402144021540216402174021840219402204022140222402234022440225402264022740228402294023040231402324023340234402354023640237402384023940240402414024240243402444024540246402474024840249402504025140252402534025440255402564025740258402594026040261402624026340264402654026640267402684026940270402714027240273402744027540276402774027840279402804028140282402834028440285402864028740288402894029040291402924029340294402954029640297402984029940300403014030240303403044030540306403074030840309403104031140312403134031440315403164031740318403194032040321403224032340324403254032640327403284032940330403314033240333403344033540336403374033840339403404034140342403434034440345403464034740348403494035040351403524035340354403554035640357403584035940360403614036240363403644036540366403674036840369403704037140372403734037440375403764037740378403794038040381403824038340384403854038640387403884038940390403914039240393403944039540396403974039840399404004040140402404034040440405404064040740408404094041040411404124041340414404154041640417404184041940420404214042240423404244042540426404274042840429404304043140432404334043440435404364043740438404394044040441404424044340444404454044640447404484044940450404514045240453404544045540456404574045840459404604046140462404634046440465404664046740468404694047040471404724047340474404754047640477404784047940480404814048240483404844048540486404874048840489404904049140492404934049440495404964049740498404994050040501405024050340504405054050640507405084050940510405114051240513405144051540516405174051840519405204052140522405234052440525405264052740528405294053040531405324053340534405354053640537405384053940540405414054240543405444054540546405474054840549405504055140552405534055440555405564055740558405594056040561405624056340564405654056640567405684056940570405714057240573405744057540576405774057840579405804058140582405834058440585405864058740588405894059040591405924059340594405954059640597405984059940600406014060240603406044060540606406074060840609406104061140612406134061440615406164061740618406194062040621406224062340624406254062640627406284062940630406314063240633406344063540636406374063840639406404064140642406434064440645406464064740648406494065040651406524065340654406554065640657406584065940660406614066240663406644066540666406674066840669406704067140672406734067440675406764067740678406794068040681406824068340684406854068640687406884068940690406914069240693406944069540696406974069840699407004070140702407034070440705407064070740708407094071040711407124071340714407154071640717407184071940720407214072240723407244072540726407274072840729407304073140732407334073440735407364073740738407394074040741407424074340744407454074640747407484074940750407514075240753407544075540756407574075840759407604076140762407634076440765407664076740768407694077040771407724077340774407754077640777407784077940780407814078240783407844078540786407874078840789407904079140792407934079440795407964079740798407994080040801408024080340804408054080640807408084080940810408114081240813408144081540816408174081840819408204082140822408234082440825408264082740828408294083040831408324083340834408354083640837408384083940840408414084240843408444084540846408474084840849408504085140852408534085440855408564085740858408594086040861408624086340864408654086640867408684086940870408714087240873408744087540876408774087840879408804088140882408834088440885408864088740888408894089040891408924089340894408954089640897408984089940900409014090240903409044090540906409074090840909409104091140912409134091440915409164091740918409194092040921409224092340924409254092640927409284092940930409314093240933409344093540936409374093840939409404094140942409434094440945409464094740948409494095040951409524095340954409554095640957409584095940960409614096240963409644096540966409674096840969409704097140972409734097440975409764097740978409794098040981409824098340984409854098640987409884098940990409914099240993409944099540996409974099840999410004100141002410034100441005410064100741008410094101041011410124101341014410154101641017410184101941020410214102241023410244102541026410274102841029410304103141032410334103441035410364103741038410394104041041410424104341044410454104641047410484104941050410514105241053410544105541056410574105841059410604106141062410634106441065410664106741068410694107041071410724107341074410754107641077410784107941080410814108241083410844108541086410874108841089410904109141092410934109441095410964109741098410994110041101411024110341104411054110641107411084110941110411114111241113411144111541116411174111841119411204112141122411234112441125411264112741128411294113041131411324113341134411354113641137411384113941140411414114241143411444114541146411474114841149411504115141152411534115441155411564115741158411594116041161411624116341164411654116641167411684116941170411714117241173411744117541176411774117841179411804118141182411834118441185411864118741188411894119041191411924119341194411954119641197411984119941200412014120241203412044120541206412074120841209412104121141212412134121441215412164121741218412194122041221412224122341224412254122641227412284122941230412314123241233412344123541236412374123841239412404124141242412434124441245412464124741248412494125041251412524125341254412554125641257412584125941260412614126241263412644126541266412674126841269412704127141272412734127441275412764127741278412794128041281412824128341284412854128641287412884128941290412914129241293412944129541296412974129841299413004130141302413034130441305413064130741308413094131041311413124131341314413154131641317413184131941320413214132241323413244132541326413274132841329413304133141332413334133441335413364133741338413394134041341413424134341344413454134641347413484134941350413514135241353413544135541356413574135841359413604136141362413634136441365413664136741368413694137041371413724137341374413754137641377413784137941380413814138241383413844138541386413874138841389413904139141392413934139441395413964139741398413994140041401414024140341404414054140641407414084140941410414114141241413414144141541416414174141841419414204142141422414234142441425414264142741428414294143041431414324143341434414354143641437414384143941440414414144241443414444144541446414474144841449414504145141452414534145441455414564145741458414594146041461414624146341464414654146641467414684146941470414714147241473414744147541476414774147841479414804148141482414834148441485414864148741488414894149041491414924149341494414954149641497414984149941500415014150241503415044150541506415074150841509415104151141512415134151441515415164151741518415194152041521415224152341524415254152641527415284152941530415314153241533415344153541536415374153841539415404154141542415434154441545415464154741548415494155041551415524155341554415554155641557415584155941560415614156241563415644156541566415674156841569415704157141572415734157441575415764157741578415794158041581415824158341584415854158641587415884158941590415914159241593415944159541596415974159841599416004160141602416034160441605416064160741608416094161041611416124161341614416154161641617416184161941620416214162241623416244162541626416274162841629416304163141632416334163441635416364163741638416394164041641416424164341644416454164641647416484164941650416514165241653416544165541656416574165841659416604166141662416634166441665416664166741668416694167041671416724167341674416754167641677416784167941680416814168241683416844168541686416874168841689416904169141692416934169441695416964169741698416994170041701417024170341704417054170641707417084170941710417114171241713417144171541716417174171841719417204172141722417234172441725417264172741728417294173041731417324173341734417354173641737417384173941740417414174241743417444174541746417474174841749417504175141752417534175441755417564175741758417594176041761417624176341764417654176641767417684176941770417714177241773417744177541776417774177841779417804178141782417834178441785417864178741788417894179041791417924179341794417954179641797417984179941800418014180241803418044180541806418074180841809418104181141812418134181441815418164181741818418194182041821418224182341824418254182641827418284182941830418314183241833418344183541836418374183841839418404184141842418434184441845418464184741848418494185041851418524185341854418554185641857418584185941860418614186241863418644186541866418674186841869418704187141872418734187441875418764187741878418794188041881418824188341884418854188641887418884188941890418914189241893418944189541896418974189841899419004190141902419034190441905419064190741908419094191041911419124191341914419154191641917419184191941920419214192241923419244192541926419274192841929419304193141932419334193441935419364193741938419394194041941419424194341944419454194641947419484194941950419514195241953419544195541956419574195841959419604196141962419634196441965419664196741968419694197041971419724197341974419754197641977419784197941980419814198241983419844198541986419874198841989419904199141992419934199441995419964199741998419994200042001420024200342004420054200642007420084200942010420114201242013420144201542016420174201842019420204202142022420234202442025420264202742028420294203042031420324203342034420354203642037420384203942040420414204242043420444204542046420474204842049420504205142052420534205442055420564205742058420594206042061420624206342064420654206642067420684206942070420714207242073420744207542076420774207842079420804208142082420834208442085420864208742088420894209042091420924209342094420954209642097420984209942100421014210242103421044210542106421074210842109421104211142112421134211442115421164211742118421194212042121421224212342124421254212642127421284212942130421314213242133421344213542136421374213842139421404214142142421434214442145421464214742148421494215042151421524215342154421554215642157421584215942160421614216242163421644216542166421674216842169421704217142172421734217442175421764217742178421794218042181421824218342184421854218642187421884218942190421914219242193421944219542196421974219842199422004220142202422034220442205422064220742208422094221042211422124221342214422154221642217422184221942220422214222242223422244222542226422274222842229422304223142232422334223442235422364223742238422394224042241422424224342244422454224642247422484224942250422514225242253422544225542256422574225842259422604226142262422634226442265422664226742268422694227042271422724227342274422754227642277422784227942280422814228242283422844228542286422874228842289422904229142292422934229442295422964229742298422994230042301423024230342304423054230642307423084230942310423114231242313423144231542316423174231842319423204232142322423234232442325423264232742328423294233042331423324233342334423354233642337423384233942340423414234242343423444234542346423474234842349423504235142352423534235442355423564235742358423594236042361423624236342364423654236642367423684236942370423714237242373423744237542376423774237842379423804238142382423834238442385423864238742388423894239042391423924239342394423954239642397423984239942400424014240242403424044240542406424074240842409424104241142412424134241442415424164241742418424194242042421424224242342424424254242642427424284242942430424314243242433424344243542436424374243842439424404244142442424434244442445424464244742448424494245042451424524245342454424554245642457424584245942460424614246242463424644246542466424674246842469424704247142472424734247442475424764247742478424794248042481424824248342484424854248642487424884248942490424914249242493424944249542496424974249842499425004250142502425034250442505425064250742508425094251042511425124251342514425154251642517425184251942520425214252242523425244252542526425274252842529425304253142532425334253442535425364253742538425394254042541425424254342544425454254642547425484254942550425514255242553425544255542556425574255842559425604256142562425634256442565425664256742568425694257042571425724257342574425754257642577425784257942580425814258242583425844258542586425874258842589425904259142592425934259442595425964259742598425994260042601426024260342604426054260642607426084260942610426114261242613426144261542616426174261842619426204262142622426234262442625426264262742628426294263042631426324263342634426354263642637426384263942640426414264242643426444264542646426474264842649426504265142652426534265442655426564265742658426594266042661426624266342664426654266642667426684266942670426714267242673426744267542676426774267842679426804268142682426834268442685426864268742688426894269042691426924269342694426954269642697426984269942700427014270242703427044270542706427074270842709427104271142712427134271442715427164271742718427194272042721427224272342724427254272642727427284272942730427314273242733427344273542736427374273842739427404274142742427434274442745427464274742748427494275042751427524275342754427554275642757427584275942760427614276242763427644276542766427674276842769427704277142772427734277442775427764277742778427794278042781427824278342784427854278642787427884278942790427914279242793427944279542796427974279842799428004280142802428034280442805428064280742808428094281042811428124281342814428154281642817428184281942820428214282242823428244282542826428274282842829428304283142832428334283442835428364283742838428394284042841428424284342844428454284642847428484284942850428514285242853428544285542856428574285842859428604286142862428634286442865428664286742868428694287042871428724287342874428754287642877428784287942880428814288242883428844288542886428874288842889428904289142892428934289442895428964289742898428994290042901429024290342904429054290642907429084290942910429114291242913429144291542916429174291842919429204292142922429234292442925429264292742928429294293042931429324293342934429354293642937429384293942940429414294242943429444294542946429474294842949429504295142952429534295442955429564295742958429594296042961429624296342964429654296642967429684296942970429714297242973429744297542976429774297842979429804298142982429834298442985429864298742988429894299042991429924299342994429954299642997429984299943000430014300243003430044300543006430074300843009430104301143012430134301443015430164301743018430194302043021430224302343024430254302643027430284302943030430314303243033430344303543036430374303843039430404304143042430434304443045430464304743048430494305043051430524305343054430554305643057430584305943060430614306243063430644306543066430674306843069430704307143072430734307443075430764307743078430794308043081430824308343084430854308643087430884308943090430914309243093430944309543096430974309843099431004310143102431034310443105431064310743108431094311043111431124311343114431154311643117431184311943120431214312243123431244312543126431274312843129431304313143132431334313443135431364313743138431394314043141431424314343144431454314643147431484314943150431514315243153431544315543156431574315843159431604316143162431634316443165431664316743168431694317043171431724317343174431754317643177431784317943180431814318243183431844318543186431874318843189431904319143192431934319443195431964319743198431994320043201432024320343204432054320643207432084320943210432114321243213432144321543216432174321843219432204322143222432234322443225432264322743228432294323043231432324323343234432354323643237432384323943240432414324243243432444324543246432474324843249432504325143252432534325443255432564325743258432594326043261432624326343264432654326643267432684326943270432714327243273432744327543276432774327843279432804328143282432834328443285432864328743288432894329043291432924329343294432954329643297432984329943300433014330243303433044330543306433074330843309433104331143312433134331443315433164331743318433194332043321433224332343324433254332643327433284332943330433314333243333433344333543336433374333843339433404334143342433434334443345433464334743348433494335043351433524335343354433554335643357433584335943360433614336243363433644336543366433674336843369433704337143372433734337443375433764337743378433794338043381433824338343384433854338643387433884338943390433914339243393433944339543396433974339843399434004340143402434034340443405434064340743408434094341043411434124341343414434154341643417434184341943420434214342243423434244342543426434274342843429434304343143432434334343443435434364343743438434394344043441434424344343444434454344643447434484344943450434514345243453434544345543456434574345843459434604346143462434634346443465434664346743468434694347043471434724347343474434754347643477434784347943480434814348243483434844348543486434874348843489434904349143492434934349443495434964349743498434994350043501435024350343504435054350643507435084350943510435114351243513435144351543516435174351843519435204352143522435234352443525435264352743528435294353043531435324353343534435354353643537435384353943540435414354243543435444354543546435474354843549435504355143552435534355443555435564355743558435594356043561435624356343564435654356643567435684356943570435714357243573435744357543576435774357843579435804358143582435834358443585435864358743588435894359043591435924359343594435954359643597435984359943600436014360243603436044360543606436074360843609436104361143612436134361443615436164361743618436194362043621436224362343624436254362643627436284362943630436314363243633436344363543636436374363843639436404364143642436434364443645436464364743648436494365043651436524365343654436554365643657436584365943660436614366243663436644366543666436674366843669436704367143672436734367443675436764367743678436794368043681436824368343684436854368643687436884368943690436914369243693436944369543696436974369843699437004370143702437034370443705437064370743708437094371043711437124371343714437154371643717437184371943720437214372243723437244372543726437274372843729437304373143732437334373443735437364373743738437394374043741437424374343744437454374643747437484374943750437514375243753437544375543756437574375843759437604376143762437634376443765437664376743768437694377043771437724377343774437754377643777437784377943780437814378243783437844378543786437874378843789437904379143792437934379443795437964379743798437994380043801438024380343804438054380643807438084380943810438114381243813438144381543816438174381843819438204382143822438234382443825438264382743828438294383043831438324383343834438354383643837438384383943840438414384243843438444384543846438474384843849438504385143852438534385443855438564385743858438594386043861438624386343864438654386643867438684386943870438714387243873438744387543876438774387843879438804388143882438834388443885438864388743888438894389043891438924389343894438954389643897438984389943900439014390243903439044390543906439074390843909439104391143912439134391443915439164391743918439194392043921439224392343924439254392643927439284392943930439314393243933439344393543936439374393843939439404394143942439434394443945439464394743948439494395043951439524395343954439554395643957439584395943960439614396243963439644396543966439674396843969439704397143972439734397443975439764397743978439794398043981439824398343984439854398643987439884398943990439914399243993439944399543996439974399843999440004400144002440034400444005440064400744008440094401044011440124401344014440154401644017440184401944020440214402244023440244402544026440274402844029440304403144032440334403444035440364403744038440394404044041440424404344044440454404644047440484404944050440514405244053440544405544056440574405844059440604406144062440634406444065440664406744068440694407044071440724407344074440754407644077440784407944080440814408244083440844408544086440874408844089440904409144092440934409444095440964409744098440994410044101441024410344104441054410644107441084410944110441114411244113441144411544116441174411844119441204412144122441234412444125441264412744128441294413044131441324413344134441354413644137441384413944140441414414244143441444414544146441474414844149441504415144152441534415444155441564415744158441594416044161441624416344164441654416644167441684416944170441714417244173441744417544176441774417844179441804418144182441834418444185441864418744188441894419044191441924419344194441954419644197441984419944200442014420244203442044420544206442074420844209442104421144212442134421444215442164421744218442194422044221442224422344224442254422644227442284422944230442314423244233442344423544236442374423844239442404424144242442434424444245442464424744248442494425044251442524425344254442554425644257442584425944260442614426244263442644426544266442674426844269442704427144272442734427444275442764427744278442794428044281442824428344284442854428644287442884428944290442914429244293442944429544296442974429844299443004430144302443034430444305443064430744308443094431044311443124431344314443154431644317443184431944320443214432244323443244432544326443274432844329443304433144332443334433444335443364433744338443394434044341443424434344344443454434644347443484434944350443514435244353443544435544356443574435844359443604436144362443634436444365443664436744368443694437044371443724437344374443754437644377443784437944380443814438244383443844438544386443874438844389443904439144392443934439444395443964439744398443994440044401444024440344404444054440644407444084440944410444114441244413444144441544416444174441844419444204442144422444234442444425444264442744428444294443044431444324443344434444354443644437444384443944440444414444244443444444444544446444474444844449444504445144452444534445444455444564445744458444594446044461444624446344464444654446644467444684446944470444714447244473444744447544476444774447844479444804448144482444834448444485444864448744488444894449044491444924449344494444954449644497444984449944500445014450244503445044450544506445074450844509445104451144512445134451444515445164451744518445194452044521445224452344524445254452644527445284452944530445314453244533445344453544536445374453844539445404454144542445434454444545445464454744548445494455044551445524455344554445554455644557445584455944560445614456244563445644456544566445674456844569445704457144572445734457444575445764457744578445794458044581445824458344584445854458644587445884458944590445914459244593445944459544596445974459844599446004460144602446034460444605446064460744608446094461044611446124461344614446154461644617446184461944620446214462244623446244462544626446274462844629446304463144632446334463444635446364463744638446394464044641446424464344644446454464644647446484464944650446514465244653446544465544656446574465844659446604466144662446634466444665446664466744668446694467044671446724467344674446754467644677446784467944680446814468244683446844468544686446874468844689446904469144692446934469444695446964469744698446994470044701447024470344704447054470644707447084470944710447114471244713447144471544716447174471844719447204472144722447234472444725447264472744728447294473044731447324473344734447354473644737447384473944740447414474244743447444474544746447474474844749447504475144752447534475444755447564475744758447594476044761447624476344764447654476644767447684476944770447714477244773447744477544776447774477844779447804478144782447834478444785447864478744788447894479044791447924479344794447954479644797447984479944800448014480244803448044480544806448074480844809448104481144812448134481444815448164481744818448194482044821448224482344824448254482644827448284482944830448314483244833448344483544836448374483844839448404484144842448434484444845448464484744848448494485044851448524485344854448554485644857448584485944860448614486244863448644486544866448674486844869448704487144872448734487444875448764487744878448794488044881448824488344884448854488644887448884488944890448914489244893448944489544896448974489844899449004490144902449034490444905449064490744908449094491044911449124491344914449154491644917449184491944920449214492244923449244492544926449274492844929449304493144932449334493444935449364493744938449394494044941449424494344944449454494644947449484494944950449514495244953449544495544956449574495844959449604496144962449634496444965449664496744968449694497044971449724497344974449754497644977449784497944980449814498244983449844498544986449874498844989449904499144992449934499444995449964499744998449994500045001450024500345004450054500645007450084500945010450114501245013450144501545016450174501845019450204502145022450234502445025450264502745028450294503045031450324503345034450354503645037450384503945040450414504245043450444504545046450474504845049450504505145052450534505445055450564505745058450594506045061450624506345064450654506645067450684506945070450714507245073450744507545076450774507845079450804508145082450834508445085450864508745088450894509045091450924509345094450954509645097450984509945100451014510245103451044510545106451074510845109451104511145112451134511445115451164511745118451194512045121451224512345124451254512645127451284512945130451314513245133451344513545136451374513845139451404514145142451434514445145451464514745148451494515045151451524515345154451554515645157451584515945160451614516245163451644516545166451674516845169451704517145172451734517445175451764517745178451794518045181451824518345184451854518645187451884518945190451914519245193451944519545196451974519845199452004520145202452034520445205452064520745208452094521045211452124521345214452154521645217452184521945220452214522245223452244522545226452274522845229452304523145232452334523445235452364523745238452394524045241452424524345244452454524645247452484524945250452514525245253452544525545256452574525845259452604526145262452634526445265452664526745268452694527045271452724527345274452754527645277452784527945280452814528245283452844528545286452874528845289452904529145292452934529445295452964529745298452994530045301453024530345304453054530645307453084530945310453114531245313453144531545316453174531845319453204532145322453234532445325453264532745328453294533045331453324533345334453354533645337453384533945340453414534245343453444534545346453474534845349453504535145352453534535445355453564535745358453594536045361453624536345364453654536645367453684536945370453714537245373453744537545376453774537845379453804538145382453834538445385453864538745388453894539045391453924539345394453954539645397453984539945400454014540245403454044540545406454074540845409454104541145412454134541445415454164541745418454194542045421454224542345424454254542645427454284542945430454314543245433454344543545436454374543845439454404544145442454434544445445454464544745448454494545045451454524545345454454554545645457454584545945460454614546245463454644546545466454674546845469454704547145472454734547445475454764547745478454794548045481454824548345484454854548645487454884548945490454914549245493454944549545496454974549845499455004550145502455034550445505455064550745508455094551045511455124551345514455154551645517455184551945520455214552245523455244552545526455274552845529455304553145532455334553445535455364553745538455394554045541455424554345544455454554645547455484554945550455514555245553455544555545556455574555845559455604556145562455634556445565455664556745568455694557045571455724557345574455754557645577455784557945580455814558245583455844558545586455874558845589455904559145592455934559445595455964559745598455994560045601456024560345604456054560645607456084560945610456114561245613456144561545616456174561845619456204562145622456234562445625456264562745628456294563045631456324563345634456354563645637456384563945640456414564245643456444564545646456474564845649456504565145652456534565445655456564565745658456594566045661456624566345664456654566645667456684566945670456714567245673456744567545676456774567845679456804568145682456834568445685456864568745688456894569045691456924569345694456954569645697456984569945700457014570245703457044570545706457074570845709457104571145712457134571445715457164571745718457194572045721457224572345724457254572645727457284572945730457314573245733457344573545736457374573845739457404574145742457434574445745457464574745748457494575045751457524575345754457554575645757457584575945760457614576245763457644576545766457674576845769457704577145772457734577445775457764577745778457794578045781457824578345784457854578645787457884578945790457914579245793457944579545796457974579845799458004580145802458034580445805458064580745808458094581045811458124581345814458154581645817458184581945820458214582245823458244582545826458274582845829458304583145832458334583445835458364583745838458394584045841458424584345844458454584645847458484584945850458514585245853458544585545856458574585845859458604586145862458634586445865458664586745868458694587045871458724587345874458754587645877458784587945880458814588245883458844588545886458874588845889458904589145892458934589445895458964589745898458994590045901459024590345904459054590645907459084590945910459114591245913459144591545916459174591845919459204592145922459234592445925459264592745928459294593045931459324593345934459354593645937459384593945940459414594245943459444594545946459474594845949459504595145952459534595445955459564595745958459594596045961459624596345964459654596645967459684596945970459714597245973459744597545976459774597845979459804598145982459834598445985459864598745988459894599045991459924599345994459954599645997459984599946000460014600246003460044600546006460074600846009460104601146012460134601446015460164601746018460194602046021460224602346024460254602646027460284602946030460314603246033460344603546036460374603846039460404604146042460434604446045460464604746048460494605046051460524605346054460554605646057460584605946060460614606246063460644606546066460674606846069460704607146072460734607446075460764607746078460794608046081460824608346084460854608646087460884608946090460914609246093460944609546096460974609846099461004610146102461034610446105461064610746108461094611046111461124611346114461154611646117461184611946120461214612246123461244612546126461274612846129461304613146132461334613446135461364613746138461394614046141461424614346144461454614646147461484614946150461514615246153461544615546156461574615846159461604616146162461634616446165461664616746168461694617046171461724617346174461754617646177461784617946180461814618246183461844618546186461874618846189461904619146192461934619446195461964619746198461994620046201462024620346204462054620646207462084620946210462114621246213462144621546216462174621846219462204622146222462234622446225462264622746228462294623046231462324623346234462354623646237462384623946240462414624246243462444624546246462474624846249462504625146252462534625446255462564625746258462594626046261462624626346264462654626646267462684626946270462714627246273462744627546276462774627846279462804628146282462834628446285462864628746288462894629046291462924629346294462954629646297462984629946300463014630246303463044630546306463074630846309463104631146312463134631446315463164631746318463194632046321463224632346324463254632646327463284632946330463314633246333463344633546336463374633846339463404634146342463434634446345463464634746348463494635046351463524635346354463554635646357463584635946360463614636246363463644636546366463674636846369463704637146372463734637446375463764637746378463794638046381463824638346384463854638646387463884638946390463914639246393463944639546396463974639846399464004640146402464034640446405464064640746408464094641046411464124641346414464154641646417464184641946420464214642246423464244642546426464274642846429464304643146432464334643446435464364643746438464394644046441464424644346444464454644646447464484644946450464514645246453464544645546456464574645846459464604646146462464634646446465464664646746468464694647046471464724647346474464754647646477464784647946480464814648246483464844648546486464874648846489464904649146492464934649446495464964649746498464994650046501465024650346504465054650646507465084650946510465114651246513465144651546516465174651846519465204652146522465234652446525465264652746528465294653046531465324653346534465354653646537465384653946540465414654246543465444654546546465474654846549465504655146552465534655446555465564655746558465594656046561465624656346564465654656646567465684656946570465714657246573465744657546576465774657846579465804658146582465834658446585465864658746588465894659046591465924659346594465954659646597465984659946600466014660246603466044660546606466074660846609466104661146612466134661446615466164661746618466194662046621466224662346624466254662646627466284662946630466314663246633466344663546636466374663846639466404664146642466434664446645466464664746648466494665046651466524665346654466554665646657466584665946660466614666246663466644666546666466674666846669466704667146672466734667446675466764667746678466794668046681466824668346684466854668646687466884668946690466914669246693466944669546696466974669846699467004670146702467034670446705467064670746708467094671046711467124671346714467154671646717467184671946720467214672246723467244672546726467274672846729467304673146732467334673446735467364673746738467394674046741467424674346744467454674646747467484674946750467514675246753467544675546756467574675846759467604676146762467634676446765467664676746768467694677046771467724677346774467754677646777467784677946780467814678246783467844678546786467874678846789467904679146792467934679446795467964679746798467994680046801468024680346804468054680646807468084680946810468114681246813468144681546816468174681846819468204682146822468234682446825468264682746828468294683046831468324683346834468354683646837468384683946840468414684246843468444684546846468474684846849468504685146852468534685446855468564685746858468594686046861468624686346864468654686646867468684686946870468714687246873468744687546876468774687846879468804688146882468834688446885468864688746888468894689046891468924689346894468954689646897468984689946900469014690246903469044690546906469074690846909469104691146912469134691446915469164691746918469194692046921469224692346924469254692646927469284692946930469314693246933469344693546936469374693846939469404694146942469434694446945469464694746948469494695046951469524695346954469554695646957469584695946960469614696246963469644696546966469674696846969469704697146972469734697446975469764697746978469794698046981469824698346984469854698646987469884698946990469914699246993469944699546996469974699846999470004700147002470034700447005470064700747008470094701047011470124701347014470154701647017470184701947020470214702247023470244702547026470274702847029470304703147032470334703447035470364703747038470394704047041470424704347044470454704647047470484704947050470514705247053470544705547056470574705847059470604706147062470634706447065470664706747068470694707047071470724707347074470754707647077470784707947080470814708247083470844708547086470874708847089470904709147092470934709447095470964709747098470994710047101471024710347104471054710647107471084710947110471114711247113471144711547116471174711847119471204712147122471234712447125471264712747128471294713047131471324713347134471354713647137471384713947140471414714247143471444714547146471474714847149471504715147152471534715447155471564715747158471594716047161471624716347164471654716647167471684716947170471714717247173471744717547176471774717847179471804718147182471834718447185471864718747188471894719047191471924719347194471954719647197471984719947200472014720247203472044720547206472074720847209472104721147212472134721447215472164721747218472194722047221472224722347224472254722647227472284722947230472314723247233472344723547236472374723847239472404724147242472434724447245472464724747248472494725047251472524725347254472554725647257472584725947260472614726247263472644726547266472674726847269472704727147272472734727447275472764727747278472794728047281472824728347284472854728647287472884728947290472914729247293472944729547296472974729847299473004730147302473034730447305473064730747308473094731047311473124731347314473154731647317473184731947320473214732247323473244732547326473274732847329473304733147332473334733447335473364733747338473394734047341473424734347344473454734647347473484734947350473514735247353473544735547356473574735847359473604736147362473634736447365473664736747368473694737047371473724737347374473754737647377473784737947380473814738247383473844738547386473874738847389473904739147392473934739447395473964739747398473994740047401474024740347404474054740647407474084740947410474114741247413474144741547416474174741847419474204742147422474234742447425474264742747428474294743047431474324743347434474354743647437474384743947440474414744247443474444744547446474474744847449474504745147452474534745447455474564745747458474594746047461474624746347464474654746647467474684746947470474714747247473474744747547476474774747847479474804748147482474834748447485474864748747488474894749047491474924749347494474954749647497474984749947500475014750247503475044750547506475074750847509475104751147512475134751447515475164751747518475194752047521475224752347524475254752647527475284752947530475314753247533475344753547536475374753847539475404754147542475434754447545475464754747548475494755047551475524755347554475554755647557475584755947560475614756247563475644756547566475674756847569475704757147572475734757447575475764757747578475794758047581475824758347584475854758647587475884758947590475914759247593475944759547596475974759847599476004760147602476034760447605476064760747608476094761047611476124761347614476154761647617476184761947620476214762247623476244762547626476274762847629476304763147632476334763447635476364763747638476394764047641476424764347644476454764647647476484764947650476514765247653476544765547656476574765847659476604766147662476634766447665476664766747668476694767047671476724767347674476754767647677476784767947680476814768247683476844768547686476874768847689476904769147692476934769447695476964769747698476994770047701477024770347704477054770647707477084770947710477114771247713477144771547716477174771847719477204772147722477234772447725477264772747728477294773047731477324773347734477354773647737477384773947740477414774247743477444774547746477474774847749477504775147752477534775447755477564775747758477594776047761477624776347764477654776647767477684776947770477714777247773477744777547776477774777847779477804778147782477834778447785477864778747788477894779047791477924779347794477954779647797477984779947800478014780247803478044780547806478074780847809478104781147812478134781447815478164781747818478194782047821478224782347824478254782647827478284782947830478314783247833478344783547836478374783847839478404784147842478434784447845478464784747848478494785047851478524785347854478554785647857478584785947860478614786247863478644786547866478674786847869478704787147872478734787447875478764787747878478794788047881478824788347884478854788647887478884788947890478914789247893478944789547896478974789847899479004790147902479034790447905479064790747908479094791047911479124791347914479154791647917479184791947920479214792247923479244792547926479274792847929479304793147932479334793447935479364793747938479394794047941479424794347944479454794647947479484794947950479514795247953479544795547956479574795847959479604796147962479634796447965479664796747968479694797047971479724797347974479754797647977479784797947980479814798247983479844798547986479874798847989479904799147992479934799447995479964799747998479994800048001480024800348004480054800648007480084800948010480114801248013480144801548016480174801848019480204802148022480234802448025480264802748028480294803048031480324803348034480354803648037480384803948040480414804248043480444804548046480474804848049480504805148052480534805448055480564805748058480594806048061480624806348064480654806648067480684806948070480714807248073480744807548076480774807848079480804808148082480834808448085480864808748088480894809048091480924809348094480954809648097480984809948100481014810248103481044810548106481074810848109481104811148112481134811448115481164811748118481194812048121481224812348124481254812648127481284812948130481314813248133481344813548136481374813848139481404814148142481434814448145481464814748148481494815048151481524815348154481554815648157481584815948160481614816248163481644816548166481674816848169481704817148172481734817448175481764817748178481794818048181481824818348184481854818648187481884818948190481914819248193481944819548196481974819848199482004820148202482034820448205482064820748208482094821048211482124821348214482154821648217482184821948220482214822248223482244822548226482274822848229482304823148232482334823448235482364823748238482394824048241482424824348244482454824648247482484824948250482514825248253482544825548256482574825848259482604826148262482634826448265482664826748268482694827048271482724827348274482754827648277482784827948280482814828248283482844828548286482874828848289482904829148292482934829448295482964829748298482994830048301483024830348304483054830648307483084830948310483114831248313483144831548316483174831848319483204832148322483234832448325483264832748328483294833048331483324833348334483354833648337483384833948340483414834248343483444834548346483474834848349483504835148352483534835448355483564835748358483594836048361483624836348364483654836648367483684836948370483714837248373483744837548376483774837848379483804838148382483834838448385483864838748388483894839048391483924839348394483954839648397483984839948400484014840248403484044840548406484074840848409484104841148412484134841448415484164841748418484194842048421484224842348424484254842648427484284842948430484314843248433484344843548436484374843848439484404844148442484434844448445484464844748448484494845048451484524845348454484554845648457484584845948460484614846248463484644846548466484674846848469484704847148472484734847448475484764847748478484794848048481484824848348484484854848648487484884848948490484914849248493484944849548496484974849848499485004850148502485034850448505485064850748508485094851048511485124851348514485154851648517485184851948520485214852248523485244852548526485274852848529485304853148532485334853448535485364853748538485394854048541485424854348544485454854648547485484854948550485514855248553485544855548556485574855848559485604856148562485634856448565485664856748568485694857048571485724857348574485754857648577485784857948580485814858248583485844858548586485874858848589485904859148592485934859448595485964859748598485994860048601486024860348604486054860648607486084860948610486114861248613486144861548616486174861848619486204862148622486234862448625486264862748628486294863048631486324863348634486354863648637486384863948640486414864248643486444864548646486474864848649486504865148652486534865448655486564865748658486594866048661486624866348664486654866648667486684866948670486714867248673486744867548676486774867848679486804868148682486834868448685486864868748688486894869048691486924869348694486954869648697486984869948700487014870248703487044870548706487074870848709487104871148712487134871448715487164871748718487194872048721487224872348724487254872648727487284872948730487314873248733487344873548736487374873848739487404874148742487434874448745487464874748748487494875048751487524875348754487554875648757487584875948760487614876248763487644876548766487674876848769487704877148772487734877448775487764877748778487794878048781487824878348784487854878648787487884878948790487914879248793487944879548796487974879848799488004880148802488034880448805488064880748808488094881048811488124881348814488154881648817488184881948820488214882248823488244882548826488274882848829488304883148832488334883448835488364883748838488394884048841488424884348844488454884648847488484884948850488514885248853488544885548856488574885848859488604886148862488634886448865488664886748868488694887048871488724887348874488754887648877488784887948880488814888248883488844888548886488874888848889488904889148892488934889448895488964889748898488994890048901489024890348904489054890648907489084890948910489114891248913489144891548916489174891848919489204892148922489234892448925489264892748928489294893048931489324893348934489354893648937489384893948940489414894248943489444894548946489474894848949489504895148952489534895448955489564895748958489594896048961489624896348964489654896648967489684896948970489714897248973489744897548976489774897848979489804898148982489834898448985489864898748988489894899048991489924899348994489954899648997489984899949000490014900249003490044900549006490074900849009490104901149012490134901449015490164901749018490194902049021490224902349024490254902649027490284902949030490314903249033490344903549036490374903849039490404904149042490434904449045490464904749048490494905049051490524905349054490554905649057490584905949060490614906249063490644906549066490674906849069490704907149072490734907449075490764907749078490794908049081490824908349084490854908649087490884908949090490914909249093490944909549096490974909849099491004910149102491034910449105491064910749108491094911049111491124911349114491154911649117491184911949120491214912249123491244912549126491274912849129491304913149132491334913449135491364913749138491394914049141491424914349144491454914649147491484914949150491514915249153491544915549156491574915849159491604916149162491634916449165491664916749168491694917049171491724917349174491754917649177491784917949180491814918249183491844918549186491874918849189491904919149192491934919449195491964919749198491994920049201492024920349204492054920649207492084920949210492114921249213492144921549216492174921849219492204922149222492234922449225492264922749228492294923049231492324923349234492354923649237492384923949240492414924249243492444924549246492474924849249492504925149252492534925449255492564925749258492594926049261492624926349264492654926649267492684926949270492714927249273492744927549276492774927849279492804928149282492834928449285492864928749288492894929049291492924929349294492954929649297492984929949300493014930249303493044930549306493074930849309493104931149312493134931449315493164931749318493194932049321493224932349324493254932649327493284932949330493314933249333493344933549336493374933849339493404934149342493434934449345493464934749348493494935049351493524935349354493554935649357493584935949360493614936249363493644936549366493674936849369493704937149372493734937449375493764937749378493794938049381493824938349384493854938649387493884938949390493914939249393493944939549396493974939849399494004940149402494034940449405494064940749408494094941049411494124941349414494154941649417494184941949420494214942249423494244942549426494274942849429494304943149432494334943449435494364943749438494394944049441494424944349444494454944649447494484944949450494514945249453494544945549456494574945849459494604946149462494634946449465494664946749468494694947049471494724947349474494754947649477494784947949480494814948249483494844948549486494874948849489494904949149492494934949449495494964949749498494994950049501495024950349504495054950649507495084950949510495114951249513495144951549516495174951849519495204952149522495234952449525495264952749528495294953049531495324953349534495354953649537495384953949540495414954249543495444954549546495474954849549495504955149552495534955449555495564955749558495594956049561495624956349564495654956649567495684956949570495714957249573495744957549576495774957849579495804958149582495834958449585495864958749588495894959049591495924959349594495954959649597495984959949600496014960249603496044960549606496074960849609496104961149612496134961449615496164961749618496194962049621496224962349624496254962649627496284962949630496314963249633496344963549636496374963849639496404964149642496434964449645496464964749648496494965049651496524965349654496554965649657496584965949660496614966249663496644966549666496674966849669496704967149672496734967449675496764967749678496794968049681496824968349684496854968649687496884968949690496914969249693496944969549696496974969849699497004970149702497034970449705497064970749708497094971049711497124971349714497154971649717497184971949720497214972249723497244972549726497274972849729497304973149732497334973449735497364973749738497394974049741497424974349744497454974649747497484974949750497514975249753497544975549756497574975849759497604976149762497634976449765497664976749768497694977049771497724977349774497754977649777497784977949780497814978249783497844978549786497874978849789497904979149792497934979449795497964979749798497994980049801498024980349804498054980649807498084980949810498114981249813498144981549816498174981849819498204982149822498234982449825498264982749828498294983049831498324983349834498354983649837498384983949840498414984249843498444984549846498474984849849498504985149852498534985449855498564985749858498594986049861498624986349864498654986649867498684986949870498714987249873498744987549876498774987849879498804988149882498834988449885498864988749888498894989049891498924989349894498954989649897498984989949900499014990249903499044990549906499074990849909499104991149912499134991449915499164991749918499194992049921499224992349924499254992649927499284992949930499314993249933499344993549936499374993849939499404994149942499434994449945499464994749948499494995049951499524995349954499554995649957499584995949960499614996249963499644996549966499674996849969499704997149972499734997449975499764997749978499794998049981499824998349984499854998649987499884998949990499914999249993499944999549996499974999849999500005000150002500035000450005500065000750008500095001050011500125001350014500155001650017500185001950020500215002250023500245002550026500275002850029500305003150032500335003450035500365003750038500395004050041500425004350044500455004650047500485004950050500515005250053500545005550056500575005850059500605006150062500635006450065500665006750068500695007050071500725007350074500755007650077500785007950080500815008250083500845008550086500875008850089500905009150092500935009450095500965009750098500995010050101501025010350104501055010650107501085010950110501115011250113501145011550116501175011850119501205012150122501235012450125501265012750128501295013050131501325013350134501355013650137501385013950140501415014250143501445014550146501475014850149501505015150152501535015450155501565015750158501595016050161501625016350164501655016650167501685016950170501715017250173501745017550176501775017850179501805018150182501835018450185501865018750188501895019050191501925019350194501955019650197501985019950200502015020250203502045020550206502075020850209502105021150212502135021450215502165021750218502195022050221502225022350224502255022650227502285022950230502315023250233502345023550236502375023850239502405024150242502435024450245502465024750248502495025050251502525025350254502555025650257502585025950260502615026250263502645026550266502675026850269502705027150272502735027450275502765027750278502795028050281502825028350284502855028650287502885028950290502915029250293502945029550296502975029850299503005030150302503035030450305503065030750308503095031050311503125031350314503155031650317503185031950320503215032250323503245032550326503275032850329503305033150332503335033450335503365033750338503395034050341503425034350344503455034650347503485034950350503515035250353503545035550356503575035850359503605036150362503635036450365503665036750368503695037050371503725037350374503755037650377503785037950380503815038250383503845038550386503875038850389503905039150392503935039450395503965039750398503995040050401504025040350404504055040650407504085040950410504115041250413504145041550416504175041850419504205042150422504235042450425504265042750428504295043050431504325043350434504355043650437504385043950440504415044250443504445044550446504475044850449504505045150452504535045450455504565045750458504595046050461504625046350464504655046650467504685046950470504715047250473504745047550476504775047850479504805048150482504835048450485504865048750488504895049050491504925049350494504955049650497504985049950500505015050250503505045050550506505075050850509505105051150512505135051450515505165051750518505195052050521505225052350524505255052650527505285052950530505315053250533505345053550536505375053850539505405054150542505435054450545505465054750548505495055050551505525055350554505555055650557505585055950560505615056250563505645056550566505675056850569505705057150572505735057450575505765057750578505795058050581505825058350584505855058650587505885058950590505915059250593505945059550596505975059850599506005060150602506035060450605506065060750608506095061050611506125061350614506155061650617506185061950620506215062250623506245062550626506275062850629506305063150632506335063450635506365063750638506395064050641506425064350644506455064650647506485064950650506515065250653506545065550656506575065850659506605066150662506635066450665506665066750668506695067050671506725067350674506755067650677506785067950680506815068250683506845068550686506875068850689506905069150692506935069450695506965069750698506995070050701507025070350704507055070650707507085070950710507115071250713507145071550716507175071850719507205072150722507235072450725507265072750728507295073050731507325073350734507355073650737507385073950740507415074250743507445074550746507475074850749507505075150752507535075450755507565075750758507595076050761507625076350764507655076650767507685076950770507715077250773507745077550776507775077850779507805078150782507835078450785507865078750788507895079050791507925079350794507955079650797507985079950800508015080250803508045080550806508075080850809508105081150812508135081450815508165081750818508195082050821508225082350824508255082650827508285082950830508315083250833508345083550836508375083850839508405084150842508435084450845508465084750848508495085050851508525085350854508555085650857508585085950860508615086250863508645086550866508675086850869508705087150872508735087450875508765087750878508795088050881508825088350884508855088650887508885088950890508915089250893508945089550896508975089850899509005090150902509035090450905509065090750908509095091050911509125091350914509155091650917509185091950920509215092250923509245092550926509275092850929509305093150932509335093450935509365093750938509395094050941509425094350944509455094650947509485094950950509515095250953509545095550956509575095850959509605096150962509635096450965509665096750968509695097050971509725097350974509755097650977509785097950980509815098250983509845098550986509875098850989509905099150992509935099450995509965099750998509995100051001510025100351004510055100651007510085100951010510115101251013510145101551016510175101851019510205102151022510235102451025510265102751028510295103051031510325103351034510355103651037510385103951040510415104251043510445104551046510475104851049510505105151052510535105451055510565105751058510595106051061510625106351064510655106651067510685106951070510715107251073510745107551076510775107851079510805108151082510835108451085510865108751088510895109051091510925109351094510955109651097510985109951100511015110251103511045110551106511075110851109511105111151112511135111451115511165111751118511195112051121511225112351124511255112651127511285112951130511315113251133511345113551136511375113851139511405114151142511435114451145511465114751148511495115051151511525115351154511555115651157511585115951160511615116251163511645116551166511675116851169511705117151172511735117451175511765117751178511795118051181511825118351184511855118651187511885118951190511915119251193511945119551196511975119851199512005120151202512035120451205512065120751208512095121051211512125121351214512155121651217512185121951220512215122251223512245122551226512275122851229512305123151232512335123451235512365123751238512395124051241512425124351244512455124651247512485124951250512515125251253512545125551256512575125851259512605126151262512635126451265512665126751268512695127051271512725127351274512755127651277512785127951280512815128251283512845128551286512875128851289512905129151292512935129451295512965129751298512995130051301513025130351304513055130651307513085130951310513115131251313513145131551316513175131851319513205132151322513235132451325513265132751328513295133051331513325133351334513355133651337513385133951340513415134251343513445134551346513475134851349513505135151352513535135451355513565135751358513595136051361513625136351364513655136651367513685136951370513715137251373513745137551376513775137851379513805138151382513835138451385513865138751388513895139051391513925139351394513955139651397513985139951400514015140251403514045140551406514075140851409514105141151412514135141451415514165141751418514195142051421514225142351424514255142651427514285142951430514315143251433514345143551436514375143851439514405144151442514435144451445514465144751448514495145051451514525145351454514555145651457514585145951460514615146251463514645146551466514675146851469514705147151472514735147451475514765147751478514795148051481514825148351484514855148651487514885148951490514915149251493514945149551496514975149851499515005150151502515035150451505515065150751508515095151051511515125151351514515155151651517515185151951520515215152251523515245152551526515275152851529515305153151532515335153451535515365153751538515395154051541515425154351544515455154651547515485154951550515515155251553515545155551556515575155851559515605156151562515635156451565515665156751568515695157051571515725157351574515755157651577515785157951580515815158251583515845158551586515875158851589515905159151592515935159451595515965159751598515995160051601516025160351604516055160651607516085160951610516115161251613516145161551616516175161851619516205162151622516235162451625516265162751628516295163051631516325163351634516355163651637516385163951640516415164251643516445164551646516475164851649516505165151652516535165451655516565165751658516595166051661516625166351664516655166651667516685166951670516715167251673516745167551676516775167851679516805168151682516835168451685516865168751688516895169051691516925169351694516955169651697516985169951700517015170251703517045170551706517075170851709517105171151712517135171451715517165171751718517195172051721517225172351724517255172651727517285172951730517315173251733517345173551736517375173851739517405174151742517435174451745517465174751748517495175051751517525175351754517555175651757517585175951760517615176251763517645176551766517675176851769517705177151772517735177451775517765177751778517795178051781517825178351784517855178651787517885178951790517915179251793517945179551796517975179851799518005180151802518035180451805518065180751808518095181051811518125181351814518155181651817518185181951820518215182251823518245182551826518275182851829518305183151832518335183451835518365183751838518395184051841518425184351844518455184651847518485184951850518515185251853518545185551856518575185851859518605186151862518635186451865518665186751868518695187051871518725187351874518755187651877518785187951880518815188251883518845188551886518875188851889518905189151892518935189451895518965189751898518995190051901519025190351904519055190651907519085190951910519115191251913519145191551916519175191851919519205192151922519235192451925519265192751928519295193051931519325193351934519355193651937519385193951940519415194251943519445194551946519475194851949519505195151952519535195451955519565195751958519595196051961519625196351964519655196651967519685196951970519715197251973519745197551976519775197851979519805198151982519835198451985519865198751988519895199051991519925199351994519955199651997519985199952000520015200252003520045200552006520075200852009520105201152012520135201452015520165201752018520195202052021520225202352024520255202652027520285202952030520315203252033520345203552036520375203852039520405204152042520435204452045520465204752048520495205052051520525205352054520555205652057520585205952060520615206252063520645206552066520675206852069520705207152072520735207452075520765207752078520795208052081520825208352084520855208652087520885208952090520915209252093520945209552096520975209852099521005210152102521035210452105521065210752108521095211052111521125211352114521155211652117521185211952120521215212252123521245212552126521275212852129521305213152132521335213452135521365213752138521395214052141521425214352144521455214652147521485214952150521515215252153521545215552156521575215852159521605216152162521635216452165521665216752168521695217052171521725217352174521755217652177521785217952180521815218252183521845218552186521875218852189521905219152192521935219452195521965219752198521995220052201522025220352204522055220652207522085220952210522115221252213522145221552216522175221852219522205222152222522235222452225522265222752228522295223052231522325223352234522355223652237522385223952240522415224252243522445224552246522475224852249522505225152252522535225452255522565225752258522595226052261522625226352264522655226652267522685226952270522715227252273522745227552276522775227852279522805228152282522835228452285522865228752288522895229052291522925229352294522955229652297522985229952300523015230252303523045230552306523075230852309523105231152312523135231452315523165231752318523195232052321523225232352324523255232652327523285232952330523315233252333523345233552336523375233852339523405234152342523435234452345523465234752348523495235052351523525235352354523555235652357523585235952360523615236252363523645236552366523675236852369523705237152372523735237452375523765237752378523795238052381523825238352384523855238652387523885238952390523915239252393523945239552396523975239852399524005240152402524035240452405524065240752408524095241052411524125241352414524155241652417524185241952420524215242252423524245242552426524275242852429524305243152432524335243452435524365243752438524395244052441524425244352444524455244652447524485244952450524515245252453524545245552456524575245852459524605246152462524635246452465524665246752468524695247052471524725247352474524755247652477524785247952480524815248252483524845248552486524875248852489524905249152492524935249452495524965249752498524995250052501525025250352504525055250652507525085250952510525115251252513525145251552516525175251852519525205252152522525235252452525525265252752528525295253052531525325253352534525355253652537525385253952540525415254252543525445254552546525475254852549525505255152552525535255452555525565255752558525595256052561525625256352564525655256652567525685256952570525715257252573525745257552576525775257852579525805258152582525835258452585525865258752588525895259052591525925259352594525955259652597525985259952600526015260252603526045260552606526075260852609526105261152612526135261452615526165261752618526195262052621526225262352624526255262652627526285262952630526315263252633526345263552636526375263852639526405264152642526435264452645526465264752648526495265052651526525265352654526555265652657526585265952660526615266252663526645266552666526675266852669526705267152672526735267452675526765267752678526795268052681526825268352684526855268652687526885268952690526915269252693526945269552696526975269852699527005270152702527035270452705527065270752708527095271052711527125271352714527155271652717527185271952720527215272252723527245272552726527275272852729527305273152732527335273452735527365273752738527395274052741527425274352744527455274652747527485274952750527515275252753527545275552756527575275852759527605276152762527635276452765527665276752768527695277052771527725277352774527755277652777527785277952780527815278252783527845278552786527875278852789527905279152792527935279452795527965279752798527995280052801528025280352804528055280652807528085280952810528115281252813528145281552816528175281852819528205282152822528235282452825528265282752828528295283052831528325283352834528355283652837528385283952840528415284252843528445284552846528475284852849528505285152852528535285452855528565285752858528595286052861528625286352864528655286652867528685286952870528715287252873528745287552876528775287852879528805288152882528835288452885528865288752888528895289052891528925289352894528955289652897528985289952900529015290252903529045290552906529075290852909529105291152912529135291452915529165291752918529195292052921529225292352924529255292652927529285292952930529315293252933529345293552936529375293852939529405294152942529435294452945529465294752948529495295052951529525295352954529555295652957529585295952960529615296252963529645296552966529675296852969529705297152972529735297452975529765297752978529795298052981529825298352984529855298652987529885298952990529915299252993529945299552996529975299852999530005300153002530035300453005530065300753008530095301053011530125301353014530155301653017530185301953020530215302253023530245302553026530275302853029530305303153032530335303453035530365303753038530395304053041530425304353044530455304653047530485304953050530515305253053530545305553056530575305853059530605306153062530635306453065530665306753068530695307053071530725307353074530755307653077530785307953080530815308253083530845308553086530875308853089530905309153092530935309453095530965309753098530995310053101531025310353104531055310653107531085310953110531115311253113531145311553116531175311853119531205312153122531235312453125531265312753128531295313053131531325313353134531355313653137531385313953140531415314253143531445314553146531475314853149531505315153152531535315453155531565315753158531595316053161531625316353164531655316653167531685316953170531715317253173531745317553176531775317853179531805318153182531835318453185531865318753188531895319053191531925319353194531955319653197531985319953200532015320253203532045320553206532075320853209532105321153212532135321453215532165321753218532195322053221532225322353224532255322653227532285322953230532315323253233532345323553236532375323853239532405324153242532435324453245532465324753248532495325053251532525325353254532555325653257532585325953260532615326253263532645326553266532675326853269532705327153272532735327453275532765327753278532795328053281532825328353284532855328653287532885328953290532915329253293532945329553296532975329853299533005330153302533035330453305533065330753308533095331053311533125331353314533155331653317533185331953320533215332253323533245332553326533275332853329533305333153332533335333453335533365333753338533395334053341533425334353344533455334653347533485334953350533515335253353533545335553356533575335853359533605336153362533635336453365533665336753368533695337053371533725337353374533755337653377533785337953380533815338253383533845338553386533875338853389533905339153392533935339453395533965339753398533995340053401534025340353404534055340653407534085340953410534115341253413534145341553416534175341853419534205342153422534235342453425534265342753428534295343053431534325343353434534355343653437534385343953440534415344253443534445344553446534475344853449534505345153452534535345453455534565345753458534595346053461534625346353464534655346653467534685346953470534715347253473534745347553476534775347853479534805348153482534835348453485534865348753488534895349053491534925349353494534955349653497534985349953500535015350253503535045350553506535075350853509535105351153512535135351453515535165351753518535195352053521535225352353524535255352653527535285352953530535315353253533535345353553536535375353853539535405354153542535435354453545535465354753548535495355053551535525355353554535555355653557535585355953560535615356253563535645356553566535675356853569535705357153572535735357453575535765357753578535795358053581535825358353584535855358653587535885358953590535915359253593535945359553596535975359853599536005360153602536035360453605536065360753608536095361053611536125361353614536155361653617536185361953620536215362253623536245362553626536275362853629536305363153632536335363453635536365363753638536395364053641536425364353644536455364653647536485364953650536515365253653536545365553656536575365853659536605366153662536635366453665536665366753668536695367053671536725367353674536755367653677536785367953680536815368253683536845368553686536875368853689536905369153692536935369453695536965369753698536995370053701537025370353704537055370653707537085370953710537115371253713537145371553716537175371853719537205372153722537235372453725537265372753728537295373053731537325373353734537355373653737537385373953740537415374253743537445374553746537475374853749537505375153752537535375453755537565375753758537595376053761537625376353764537655376653767537685376953770537715377253773537745377553776537775377853779537805378153782537835378453785537865378753788537895379053791537925379353794537955379653797537985379953800538015380253803538045380553806538075380853809538105381153812538135381453815538165381753818538195382053821538225382353824538255382653827538285382953830538315383253833538345383553836538375383853839538405384153842538435384453845538465384753848538495385053851538525385353854538555385653857538585385953860538615386253863538645386553866538675386853869538705387153872538735387453875538765387753878538795388053881538825388353884538855388653887538885388953890538915389253893538945389553896538975389853899539005390153902539035390453905539065390753908539095391053911539125391353914539155391653917539185391953920539215392253923539245392553926539275392853929539305393153932539335393453935539365393753938539395394053941539425394353944539455394653947539485394953950539515395253953539545395553956539575395853959539605396153962539635396453965539665396753968539695397053971539725397353974539755397653977539785397953980539815398253983539845398553986539875398853989539905399153992539935399453995539965399753998539995400054001540025400354004540055400654007540085400954010540115401254013540145401554016540175401854019540205402154022540235402454025540265402754028540295403054031540325403354034540355403654037540385403954040540415404254043540445404554046540475404854049540505405154052540535405454055540565405754058540595406054061540625406354064540655406654067540685406954070540715407254073540745407554076540775407854079540805408154082540835408454085540865408754088540895409054091540925409354094540955409654097540985409954100541015410254103541045410554106541075410854109541105411154112541135411454115541165411754118541195412054121541225412354124541255412654127541285412954130541315413254133541345413554136541375413854139541405414154142541435414454145541465414754148541495415054151541525415354154541555415654157541585415954160541615416254163541645416554166541675416854169541705417154172541735417454175541765417754178541795418054181541825418354184541855418654187541885418954190541915419254193541945419554196541975419854199542005420154202542035420454205542065420754208542095421054211542125421354214542155421654217542185421954220542215422254223542245422554226542275422854229542305423154232542335423454235542365423754238542395424054241542425424354244542455424654247542485424954250542515425254253542545425554256542575425854259542605426154262542635426454265542665426754268542695427054271542725427354274542755427654277542785427954280542815428254283542845428554286542875428854289542905429154292542935429454295542965429754298542995430054301543025430354304543055430654307543085430954310543115431254313543145431554316543175431854319543205432154322543235432454325543265432754328543295433054331543325433354334543355433654337543385433954340543415434254343543445434554346543475434854349543505435154352543535435454355543565435754358543595436054361543625436354364543655436654367543685436954370543715437254373543745437554376543775437854379543805438154382543835438454385543865438754388543895439054391543925439354394543955439654397543985439954400544015440254403544045440554406544075440854409544105441154412544135441454415544165441754418544195442054421544225442354424544255442654427544285442954430544315443254433544345443554436544375443854439544405444154442544435444454445544465444754448544495445054451544525445354454544555445654457544585445954460544615446254463544645446554466544675446854469544705447154472544735447454475544765447754478544795448054481544825448354484544855448654487544885448954490544915449254493544945449554496544975449854499545005450154502545035450454505545065450754508545095451054511545125451354514545155451654517545185451954520545215452254523545245452554526545275452854529545305453154532545335453454535545365453754538545395454054541545425454354544545455454654547545485454954550545515455254553545545455554556545575455854559545605456154562545635456454565545665456754568545695457054571545725457354574545755457654577545785457954580545815458254583545845458554586545875458854589545905459154592545935459454595545965459754598545995460054601546025460354604546055460654607546085460954610546115461254613546145461554616546175461854619546205462154622546235462454625546265462754628546295463054631546325463354634546355463654637546385463954640546415464254643546445464554646546475464854649546505465154652546535465454655546565465754658546595466054661546625466354664546655466654667546685466954670546715467254673546745467554676546775467854679546805468154682546835468454685546865468754688546895469054691546925469354694546955469654697546985469954700547015470254703547045470554706547075470854709547105471154712547135471454715547165471754718547195472054721547225472354724547255472654727547285472954730547315473254733547345473554736547375473854739547405474154742547435474454745547465474754748547495475054751547525475354754547555475654757547585475954760547615476254763547645476554766547675476854769547705477154772547735477454775547765477754778547795478054781547825478354784547855478654787547885478954790547915479254793547945479554796547975479854799548005480154802548035480454805548065480754808548095481054811548125481354814548155481654817548185481954820548215482254823548245482554826548275482854829548305483154832548335483454835548365483754838548395484054841548425484354844548455484654847548485484954850548515485254853548545485554856548575485854859548605486154862548635486454865548665486754868548695487054871548725487354874548755487654877548785487954880548815488254883548845488554886548875488854889548905489154892548935489454895548965489754898548995490054901549025490354904549055490654907549085490954910549115491254913549145491554916549175491854919549205492154922549235492454925549265492754928549295493054931549325493354934549355493654937549385493954940549415494254943549445494554946549475494854949549505495154952549535495454955549565495754958549595496054961549625496354964549655496654967549685496954970549715497254973549745497554976549775497854979549805498154982549835498454985549865498754988549895499054991549925499354994549955499654997549985499955000550015500255003550045500555006550075500855009550105501155012550135501455015550165501755018550195502055021550225502355024550255502655027550285502955030550315503255033550345503555036550375503855039550405504155042550435504455045550465504755048550495505055051550525505355054550555505655057550585505955060550615506255063550645506555066550675506855069550705507155072550735507455075550765507755078550795508055081550825508355084550855508655087550885508955090550915509255093550945509555096550975509855099551005510155102551035510455105551065510755108551095511055111551125511355114551155511655117551185511955120551215512255123551245512555126551275512855129551305513155132551335513455135551365513755138551395514055141551425514355144551455514655147551485514955150551515515255153551545515555156551575515855159551605516155162551635516455165551665516755168551695517055171551725517355174551755517655177551785517955180551815518255183551845518555186551875518855189551905519155192551935519455195551965519755198551995520055201552025520355204552055520655207552085520955210552115521255213552145521555216552175521855219552205522155222552235522455225552265522755228552295523055231552325523355234552355523655237552385523955240552415524255243552445524555246552475524855249552505525155252552535525455255552565525755258552595526055261552625526355264552655526655267552685526955270552715527255273552745527555276552775527855279552805528155282552835528455285552865528755288552895529055291552925529355294552955529655297552985529955300553015530255303553045530555306553075530855309553105531155312553135531455315553165531755318553195532055321553225532355324553255532655327553285532955330553315533255333553345533555336553375533855339553405534155342553435534455345553465534755348553495535055351553525535355354553555535655357553585535955360553615536255363553645536555366553675536855369553705537155372553735537455375553765537755378553795538055381553825538355384553855538655387553885538955390553915539255393553945539555396553975539855399554005540155402554035540455405554065540755408554095541055411554125541355414554155541655417554185541955420554215542255423554245542555426554275542855429554305543155432554335543455435554365543755438554395544055441554425544355444554455544655447554485544955450554515545255453554545545555456554575545855459554605546155462554635546455465554665546755468554695547055471554725547355474554755547655477554785547955480554815548255483554845548555486554875548855489554905549155492554935549455495554965549755498554995550055501555025550355504555055550655507555085550955510555115551255513555145551555516555175551855519555205552155522555235552455525555265552755528555295553055531555325553355534555355553655537555385553955540555415554255543555445554555546555475554855549555505555155552555535555455555555565555755558555595556055561555625556355564555655556655567555685556955570555715557255573555745557555576555775557855579555805558155582555835558455585555865558755588555895559055591555925559355594555955559655597555985559955600556015560255603556045560555606556075560855609556105561155612556135561455615556165561755618556195562055621556225562355624556255562655627556285562955630556315563255633556345563555636556375563855639556405564155642556435564455645556465564755648556495565055651556525565355654556555565655657556585565955660556615566255663556645566555666556675566855669556705567155672556735567455675556765567755678556795568055681556825568355684556855568655687556885568955690556915569255693556945569555696556975569855699557005570155702557035570455705557065570755708557095571055711557125571355714557155571655717557185571955720557215572255723557245572555726557275572855729557305573155732557335573455735557365573755738557395574055741557425574355744557455574655747557485574955750557515575255753557545575555756557575575855759557605576155762557635576455765557665576755768557695577055771557725577355774557755577655777557785577955780557815578255783557845578555786557875578855789557905579155792557935579455795557965579755798557995580055801558025580355804558055580655807558085580955810558115581255813558145581555816558175581855819558205582155822558235582455825558265582755828558295583055831558325583355834558355583655837558385583955840558415584255843558445584555846558475584855849558505585155852558535585455855558565585755858558595586055861558625586355864558655586655867558685586955870558715587255873558745587555876558775587855879558805588155882558835588455885558865588755888558895589055891558925589355894558955589655897558985589955900559015590255903559045590555906559075590855909559105591155912559135591455915559165591755918559195592055921559225592355924559255592655927559285592955930559315593255933559345593555936559375593855939559405594155942559435594455945559465594755948559495595055951559525595355954559555595655957559585595955960559615596255963559645596555966559675596855969559705597155972559735597455975559765597755978559795598055981559825598355984559855598655987559885598955990559915599255993559945599555996559975599855999560005600156002560035600456005560065600756008560095601056011560125601356014560155601656017560185601956020560215602256023560245602556026560275602856029560305603156032560335603456035560365603756038560395604056041560425604356044560455604656047560485604956050560515605256053560545605556056560575605856059560605606156062560635606456065560665606756068560695607056071560725607356074560755607656077560785607956080560815608256083560845608556086560875608856089560905609156092560935609456095560965609756098560995610056101561025610356104561055610656107561085610956110561115611256113561145611556116561175611856119561205612156122561235612456125561265612756128561295613056131561325613356134561355613656137561385613956140561415614256143561445614556146561475614856149561505615156152561535615456155561565615756158561595616056161561625616356164561655616656167561685616956170561715617256173561745617556176561775617856179561805618156182561835618456185561865618756188561895619056191561925619356194561955619656197561985619956200562015620256203562045620556206562075620856209562105621156212562135621456215562165621756218562195622056221562225622356224562255622656227562285622956230562315623256233562345623556236562375623856239562405624156242562435624456245562465624756248562495625056251562525625356254562555625656257562585625956260562615626256263562645626556266562675626856269562705627156272562735627456275562765627756278562795628056281562825628356284562855628656287562885628956290562915629256293562945629556296562975629856299563005630156302563035630456305563065630756308563095631056311563125631356314563155631656317563185631956320563215632256323563245632556326563275632856329563305633156332563335633456335563365633756338563395634056341563425634356344563455634656347563485634956350563515635256353563545635556356563575635856359563605636156362563635636456365563665636756368563695637056371563725637356374563755637656377563785637956380563815638256383563845638556386563875638856389563905639156392563935639456395563965639756398563995640056401564025640356404564055640656407564085640956410564115641256413564145641556416564175641856419564205642156422564235642456425564265642756428564295643056431564325643356434564355643656437564385643956440564415644256443564445644556446564475644856449564505645156452564535645456455564565645756458564595646056461564625646356464564655646656467564685646956470564715647256473564745647556476564775647856479564805648156482564835648456485564865648756488564895649056491564925649356494564955649656497564985649956500565015650256503565045650556506565075650856509565105651156512565135651456515565165651756518565195652056521565225652356524565255652656527565285652956530565315653256533565345653556536565375653856539565405654156542565435654456545565465654756548565495655056551565525655356554565555655656557565585655956560565615656256563565645656556566565675656856569565705657156572565735657456575565765657756578565795658056581565825658356584565855658656587565885658956590565915659256593565945659556596565975659856599566005660156602566035660456605566065660756608566095661056611566125661356614566155661656617566185661956620566215662256623566245662556626566275662856629566305663156632566335663456635566365663756638566395664056641566425664356644566455664656647566485664956650566515665256653566545665556656566575665856659566605666156662566635666456665566665666756668566695667056671566725667356674566755667656677566785667956680566815668256683566845668556686566875668856689566905669156692566935669456695566965669756698566995670056701567025670356704567055670656707567085670956710567115671256713567145671556716567175671856719567205672156722567235672456725567265672756728567295673056731567325673356734567355673656737567385673956740567415674256743567445674556746567475674856749567505675156752567535675456755567565675756758567595676056761567625676356764567655676656767567685676956770567715677256773567745677556776567775677856779567805678156782567835678456785567865678756788567895679056791567925679356794567955679656797567985679956800568015680256803568045680556806568075680856809568105681156812568135681456815568165681756818568195682056821568225682356824568255682656827568285682956830568315683256833568345683556836568375683856839568405684156842568435684456845568465684756848568495685056851568525685356854568555685656857568585685956860568615686256863568645686556866568675686856869568705687156872568735687456875568765687756878568795688056881568825688356884568855688656887568885688956890568915689256893568945689556896568975689856899569005690156902569035690456905569065690756908569095691056911569125691356914569155691656917569185691956920569215692256923569245692556926569275692856929569305693156932569335693456935569365693756938569395694056941569425694356944569455694656947569485694956950569515695256953569545695556956569575695856959569605696156962569635696456965569665696756968569695697056971569725697356974569755697656977569785697956980569815698256983569845698556986569875698856989569905699156992569935699456995569965699756998569995700057001570025700357004570055700657007570085700957010570115701257013570145701557016570175701857019570205702157022570235702457025570265702757028570295703057031570325703357034570355703657037570385703957040570415704257043570445704557046570475704857049570505705157052570535705457055570565705757058570595706057061570625706357064570655706657067570685706957070570715707257073570745707557076570775707857079570805708157082570835708457085570865708757088570895709057091570925709357094570955709657097570985709957100571015710257103571045710557106571075710857109571105711157112571135711457115571165711757118571195712057121571225712357124571255712657127571285712957130571315713257133571345713557136571375713857139571405714157142571435714457145571465714757148571495715057151571525715357154571555715657157571585715957160571615716257163571645716557166571675716857169571705717157172571735717457175571765717757178571795718057181571825718357184571855718657187571885718957190571915719257193571945719557196571975719857199572005720157202572035720457205572065720757208572095721057211572125721357214572155721657217572185721957220572215722257223572245722557226572275722857229572305723157232572335723457235572365723757238572395724057241572425724357244572455724657247572485724957250572515725257253572545725557256572575725857259572605726157262572635726457265572665726757268572695727057271572725727357274572755727657277572785727957280572815728257283572845728557286572875728857289572905729157292572935729457295572965729757298572995730057301573025730357304573055730657307573085730957310573115731257313573145731557316573175731857319573205732157322573235732457325573265732757328573295733057331573325733357334573355733657337573385733957340573415734257343573445734557346573475734857349573505735157352573535735457355573565735757358573595736057361573625736357364573655736657367573685736957370573715737257373573745737557376573775737857379573805738157382573835738457385573865738757388573895739057391573925739357394573955739657397573985739957400574015740257403574045740557406574075740857409574105741157412574135741457415574165741757418574195742057421574225742357424574255742657427574285742957430574315743257433574345743557436574375743857439574405744157442574435744457445574465744757448574495745057451574525745357454574555745657457574585745957460574615746257463574645746557466574675746857469574705747157472574735747457475574765747757478574795748057481574825748357484574855748657487574885748957490574915749257493574945749557496574975749857499575005750157502575035750457505575065750757508575095751057511575125751357514575155751657517575185751957520575215752257523575245752557526575275752857529575305753157532575335753457535575365753757538575395754057541575425754357544575455754657547575485754957550575515755257553575545755557556575575755857559575605756157562575635756457565575665756757568575695757057571575725757357574575755757657577575785757957580575815758257583575845758557586575875758857589575905759157592575935759457595575965759757598575995760057601576025760357604576055760657607576085760957610576115761257613576145761557616576175761857619576205762157622576235762457625576265762757628576295763057631576325763357634576355763657637576385763957640576415764257643576445764557646576475764857649576505765157652576535765457655576565765757658576595766057661576625766357664576655766657667576685766957670576715767257673576745767557676576775767857679576805768157682576835768457685576865768757688576895769057691576925769357694576955769657697576985769957700577015770257703577045770557706577075770857709577105771157712577135771457715577165771757718577195772057721577225772357724577255772657727577285772957730577315773257733577345773557736577375773857739577405774157742577435774457745577465774757748577495775057751577525775357754577555775657757577585775957760577615776257763577645776557766577675776857769577705777157772577735777457775577765777757778577795778057781577825778357784577855778657787577885778957790577915779257793577945779557796577975779857799578005780157802578035780457805578065780757808578095781057811578125781357814578155781657817578185781957820578215782257823578245782557826578275782857829578305783157832578335783457835578365783757838578395784057841578425784357844578455784657847578485784957850578515785257853578545785557856578575785857859578605786157862578635786457865578665786757868578695787057871578725787357874578755787657877578785787957880578815788257883578845788557886578875788857889578905789157892578935789457895578965789757898578995790057901579025790357904579055790657907579085790957910579115791257913579145791557916579175791857919579205792157922579235792457925579265792757928579295793057931579325793357934579355793657937579385793957940579415794257943579445794557946579475794857949579505795157952579535795457955579565795757958579595796057961579625796357964579655796657967579685796957970579715797257973579745797557976579775797857979579805798157982579835798457985579865798757988579895799057991579925799357994579955799657997579985799958000580015800258003580045800558006580075800858009580105801158012580135801458015580165801758018580195802058021580225802358024580255802658027580285802958030580315803258033580345803558036580375803858039580405804158042580435804458045580465804758048580495805058051580525805358054580555805658057580585805958060580615806258063580645806558066580675806858069580705807158072580735807458075580765807758078580795808058081580825808358084580855808658087580885808958090580915809258093580945809558096580975809858099581005810158102581035810458105581065810758108581095811058111581125811358114581155811658117581185811958120581215812258123581245812558126581275812858129581305813158132581335813458135581365813758138581395814058141581425814358144581455814658147581485814958150581515815258153581545815558156581575815858159581605816158162581635816458165581665816758168581695817058171581725817358174581755817658177581785817958180581815818258183581845818558186581875818858189581905819158192581935819458195581965819758198581995820058201582025820358204582055820658207582085820958210582115821258213582145821558216582175821858219582205822158222582235822458225582265822758228582295823058231582325823358234582355823658237582385823958240582415824258243582445824558246582475824858249582505825158252582535825458255582565825758258582595826058261582625826358264582655826658267582685826958270582715827258273582745827558276582775827858279582805828158282582835828458285582865828758288582895829058291582925829358294582955829658297582985829958300583015830258303583045830558306583075830858309583105831158312583135831458315583165831758318583195832058321583225832358324583255832658327583285832958330583315833258333583345833558336583375833858339583405834158342583435834458345583465834758348583495835058351583525835358354583555835658357583585835958360583615836258363583645836558366583675836858369583705837158372583735837458375583765837758378583795838058381583825838358384583855838658387583885838958390583915839258393583945839558396583975839858399584005840158402584035840458405584065840758408584095841058411584125841358414584155841658417584185841958420584215842258423584245842558426584275842858429584305843158432584335843458435584365843758438584395844058441584425844358444584455844658447584485844958450584515845258453584545845558456584575845858459584605846158462584635846458465584665846758468584695847058471584725847358474584755847658477584785847958480584815848258483584845848558486584875848858489584905849158492584935849458495584965849758498584995850058501585025850358504585055850658507585085850958510585115851258513585145851558516585175851858519585205852158522585235852458525585265852758528585295853058531585325853358534585355853658537585385853958540585415854258543585445854558546585475854858549585505855158552585535855458555585565855758558585595856058561585625856358564585655856658567585685856958570585715857258573585745857558576585775857858579585805858158582585835858458585585865858758588585895859058591585925859358594585955859658597585985859958600586015860258603586045860558606586075860858609586105861158612586135861458615586165861758618586195862058621586225862358624586255862658627586285862958630586315863258633586345863558636586375863858639586405864158642586435864458645586465864758648586495865058651586525865358654586555865658657586585865958660586615866258663586645866558666586675866858669586705867158672586735867458675586765867758678586795868058681586825868358684586855868658687586885868958690586915869258693586945869558696586975869858699587005870158702587035870458705587065870758708587095871058711587125871358714587155871658717587185871958720587215872258723587245872558726587275872858729587305873158732587335873458735587365873758738587395874058741587425874358744587455874658747587485874958750587515875258753587545875558756587575875858759587605876158762587635876458765587665876758768587695877058771587725877358774587755877658777587785877958780587815878258783587845878558786587875878858789587905879158792587935879458795587965879758798587995880058801588025880358804588055880658807588085880958810588115881258813588145881558816588175881858819588205882158822588235882458825588265882758828588295883058831588325883358834588355883658837588385883958840588415884258843588445884558846588475884858849588505885158852588535885458855588565885758858588595886058861588625886358864588655886658867588685886958870588715887258873588745887558876588775887858879588805888158882588835888458885588865888758888588895889058891588925889358894588955889658897588985889958900589015890258903589045890558906589075890858909589105891158912589135891458915589165891758918589195892058921589225892358924589255892658927589285892958930589315893258933589345893558936589375893858939589405894158942589435894458945589465894758948589495895058951589525895358954589555895658957589585895958960589615896258963589645896558966589675896858969589705897158972589735897458975589765897758978589795898058981589825898358984589855898658987589885898958990589915899258993589945899558996589975899858999590005900159002590035900459005590065900759008590095901059011590125901359014590155901659017590185901959020590215902259023590245902559026590275902859029590305903159032590335903459035590365903759038590395904059041590425904359044590455904659047590485904959050590515905259053590545905559056590575905859059590605906159062590635906459065590665906759068590695907059071590725907359074590755907659077590785907959080590815908259083590845908559086590875908859089590905909159092590935909459095590965909759098590995910059101591025910359104591055910659107591085910959110591115911259113591145911559116591175911859119591205912159122591235912459125591265912759128591295913059131591325913359134591355913659137591385913959140591415914259143591445914559146591475914859149591505915159152591535915459155591565915759158591595916059161591625916359164591655916659167591685916959170591715917259173591745917559176591775917859179591805918159182591835918459185591865918759188591895919059191591925919359194591955919659197591985919959200592015920259203592045920559206592075920859209592105921159212592135921459215592165921759218592195922059221592225922359224592255922659227592285922959230592315923259233592345923559236592375923859239592405924159242592435924459245592465924759248592495925059251592525925359254592555925659257592585925959260592615926259263592645926559266592675926859269592705927159272592735927459275592765927759278592795928059281592825928359284592855928659287592885928959290592915929259293592945929559296592975929859299593005930159302593035930459305593065930759308593095931059311593125931359314593155931659317593185931959320593215932259323593245932559326593275932859329593305933159332593335933459335593365933759338593395934059341593425934359344593455934659347593485934959350593515935259353593545935559356593575935859359593605936159362593635936459365593665936759368593695937059371593725937359374593755937659377593785937959380593815938259383593845938559386593875938859389593905939159392593935939459395593965939759398593995940059401594025940359404594055940659407594085940959410594115941259413594145941559416594175941859419594205942159422594235942459425594265942759428594295943059431594325943359434594355943659437594385943959440594415944259443594445944559446594475944859449594505945159452594535945459455594565945759458594595946059461594625946359464594655946659467594685946959470594715947259473594745947559476594775947859479594805948159482594835948459485594865948759488594895949059491594925949359494594955949659497594985949959500595015950259503595045950559506595075950859509595105951159512595135951459515595165951759518595195952059521595225952359524595255952659527595285952959530595315953259533595345953559536595375953859539595405954159542595435954459545595465954759548595495955059551595525955359554595555955659557595585955959560595615956259563595645956559566595675956859569595705957159572595735957459575595765957759578595795958059581595825958359584595855958659587595885958959590595915959259593595945959559596595975959859599596005960159602596035960459605596065960759608596095961059611596125961359614596155961659617596185961959620596215962259623596245962559626596275962859629596305963159632596335963459635596365963759638596395964059641596425964359644596455964659647596485964959650596515965259653596545965559656596575965859659596605966159662596635966459665596665966759668596695967059671596725967359674596755967659677596785967959680596815968259683596845968559686596875968859689596905969159692596935969459695596965969759698596995970059701597025970359704597055970659707597085970959710597115971259713597145971559716597175971859719597205972159722597235972459725597265972759728597295973059731597325973359734597355973659737597385973959740597415974259743597445974559746597475974859749597505975159752597535975459755597565975759758597595976059761597625976359764597655976659767597685976959770597715977259773597745977559776597775977859779597805978159782597835978459785597865978759788597895979059791597925979359794597955979659797597985979959800598015980259803598045980559806598075980859809598105981159812598135981459815598165981759818598195982059821598225982359824598255982659827598285982959830598315983259833598345983559836598375983859839598405984159842598435984459845598465984759848598495985059851598525985359854598555985659857598585985959860598615986259863598645986559866598675986859869598705987159872598735987459875598765987759878598795988059881598825988359884598855988659887598885988959890598915989259893598945989559896598975989859899599005990159902599035990459905599065990759908599095991059911599125991359914599155991659917599185991959920599215992259923599245992559926599275992859929599305993159932599335993459935599365993759938599395994059941599425994359944599455994659947599485994959950599515995259953599545995559956599575995859959599605996159962599635996459965599665996759968599695997059971599725997359974599755997659977599785997959980599815998259983599845998559986599875998859989599905999159992599935999459995599965999759998599996000060001600026000360004600056000660007600086000960010600116001260013600146001560016600176001860019600206002160022600236002460025600266002760028600296003060031600326003360034600356003660037600386003960040600416004260043600446004560046600476004860049600506005160052600536005460055600566005760058600596006060061600626006360064600656006660067600686006960070600716007260073600746007560076600776007860079600806008160082600836008460085600866008760088600896009060091600926009360094600956009660097600986009960100601016010260103601046010560106601076010860109601106011160112601136011460115601166011760118601196012060121601226012360124601256012660127601286012960130601316013260133601346013560136601376013860139601406014160142601436014460145601466014760148601496015060151601526015360154601556015660157601586015960160601616016260163601646016560166601676016860169601706017160172601736017460175601766017760178601796018060181601826018360184601856018660187601886018960190601916019260193601946019560196601976019860199602006020160202602036020460205602066020760208602096021060211602126021360214602156021660217602186021960220602216022260223602246022560226602276022860229602306023160232602336023460235602366023760238602396024060241602426024360244602456024660247602486024960250602516025260253602546025560256602576025860259602606026160262602636026460265602666026760268602696027060271602726027360274602756027660277602786027960280602816028260283602846028560286602876028860289602906029160292602936029460295602966029760298602996030060301603026030360304603056030660307603086030960310603116031260313603146031560316603176031860319603206032160322603236032460325603266032760328603296033060331603326033360334603356033660337603386033960340603416034260343603446034560346603476034860349603506035160352603536035460355603566035760358603596036060361603626036360364603656036660367603686036960370603716037260373603746037560376603776037860379603806038160382603836038460385603866038760388603896039060391603926039360394603956039660397603986039960400604016040260403604046040560406604076040860409604106041160412604136041460415604166041760418604196042060421604226042360424604256042660427604286042960430604316043260433604346043560436604376043860439604406044160442604436044460445604466044760448604496045060451604526045360454604556045660457604586045960460604616046260463604646046560466604676046860469604706047160472604736047460475604766047760478604796048060481604826048360484604856048660487604886048960490604916049260493604946049560496604976049860499605006050160502605036050460505605066050760508605096051060511605126051360514605156051660517605186051960520605216052260523605246052560526605276052860529605306053160532605336053460535605366053760538605396054060541605426054360544605456054660547605486054960550605516055260553605546055560556605576055860559605606056160562605636056460565605666056760568605696057060571605726057360574605756057660577605786057960580605816058260583605846058560586605876058860589605906059160592605936059460595605966059760598605996060060601606026060360604606056060660607606086060960610606116061260613606146061560616606176061860619606206062160622606236062460625606266062760628606296063060631606326063360634606356063660637606386063960640606416064260643606446064560646606476064860649606506065160652606536065460655606566065760658606596066060661606626066360664606656066660667606686066960670606716067260673606746067560676606776067860679606806068160682606836068460685606866068760688606896069060691606926069360694606956069660697606986069960700607016070260703607046070560706607076070860709607106071160712607136071460715607166071760718607196072060721607226072360724607256072660727607286072960730607316073260733607346073560736607376073860739607406074160742607436074460745607466074760748607496075060751607526075360754607556075660757607586075960760607616076260763607646076560766607676076860769607706077160772607736077460775607766077760778607796078060781607826078360784607856078660787607886078960790607916079260793607946079560796607976079860799608006080160802608036080460805608066080760808608096081060811608126081360814608156081660817608186081960820608216082260823608246082560826608276082860829608306083160832608336083460835608366083760838608396084060841608426084360844608456084660847608486084960850608516085260853608546085560856608576085860859608606086160862608636086460865608666086760868608696087060871608726087360874608756087660877608786087960880608816088260883608846088560886608876088860889608906089160892608936089460895608966089760898608996090060901609026090360904609056090660907609086090960910609116091260913609146091560916609176091860919609206092160922609236092460925609266092760928609296093060931609326093360934609356093660937609386093960940609416094260943609446094560946609476094860949609506095160952609536095460955609566095760958609596096060961609626096360964609656096660967609686096960970609716097260973609746097560976609776097860979609806098160982609836098460985609866098760988609896099060991609926099360994609956099660997609986099961000610016100261003610046100561006610076100861009610106101161012610136101461015610166101761018610196102061021610226102361024610256102661027610286102961030610316103261033610346103561036610376103861039610406104161042610436104461045610466104761048610496105061051610526105361054610556105661057610586105961060610616106261063610646106561066610676106861069610706107161072610736107461075610766107761078610796108061081610826108361084610856108661087610886108961090610916109261093610946109561096610976109861099611006110161102611036110461105611066110761108611096111061111611126111361114611156111661117611186111961120611216112261123611246112561126611276112861129611306113161132611336113461135611366113761138611396114061141611426114361144611456114661147611486114961150611516115261153611546115561156611576115861159611606116161162611636116461165611666116761168611696117061171611726117361174611756117661177611786117961180611816118261183611846118561186611876118861189611906119161192611936119461195611966119761198611996120061201612026120361204612056120661207612086120961210612116121261213612146121561216612176121861219612206122161222612236122461225612266122761228612296123061231612326123361234612356123661237612386123961240612416124261243612446124561246612476124861249612506125161252612536125461255612566125761258612596126061261612626126361264612656126661267612686126961270612716127261273612746127561276612776127861279612806128161282612836128461285612866128761288612896129061291612926129361294612956129661297612986129961300613016130261303613046130561306613076130861309613106131161312613136131461315613166131761318613196132061321613226132361324613256132661327613286132961330613316133261333613346133561336613376133861339613406134161342613436134461345613466134761348613496135061351613526135361354613556135661357613586135961360613616136261363613646136561366613676136861369613706137161372613736137461375613766137761378613796138061381613826138361384613856138661387613886138961390613916139261393613946139561396613976139861399614006140161402614036140461405614066140761408614096141061411614126141361414614156141661417614186141961420614216142261423614246142561426614276142861429614306143161432614336143461435614366143761438614396144061441614426144361444614456144661447614486144961450614516145261453614546145561456614576145861459614606146161462614636146461465614666146761468614696147061471614726147361474614756147661477614786147961480614816148261483614846148561486614876148861489614906149161492614936149461495614966149761498614996150061501615026150361504615056150661507615086150961510615116151261513615146151561516615176151861519615206152161522615236152461525615266152761528615296153061531615326153361534615356153661537615386153961540615416154261543615446154561546615476154861549615506155161552615536155461555615566155761558615596156061561615626156361564615656156661567615686156961570615716157261573615746157561576615776157861579615806158161582615836158461585615866158761588615896159061591615926159361594615956159661597615986159961600616016160261603616046160561606616076160861609616106161161612616136161461615616166161761618616196162061621616226162361624616256162661627616286162961630616316163261633616346163561636616376163861639616406164161642616436164461645616466164761648616496165061651616526165361654616556165661657616586165961660616616166261663616646166561666616676166861669616706167161672616736167461675616766167761678616796168061681616826168361684616856168661687616886168961690616916169261693616946169561696616976169861699617006170161702617036170461705617066170761708617096171061711617126171361714617156171661717617186171961720617216172261723617246172561726617276172861729617306173161732617336173461735617366173761738617396174061741617426174361744617456174661747617486174961750617516175261753617546175561756617576175861759617606176161762617636176461765617666176761768617696177061771617726177361774617756177661777617786177961780617816178261783617846178561786617876178861789617906179161792617936179461795617966179761798617996180061801618026180361804618056180661807618086180961810618116181261813618146181561816618176181861819618206182161822618236182461825618266182761828618296183061831618326183361834618356183661837618386183961840618416184261843618446184561846618476184861849618506185161852618536185461855618566185761858618596186061861618626186361864618656186661867618686186961870618716187261873618746187561876618776187861879618806188161882618836188461885618866188761888618896189061891618926189361894618956189661897618986189961900619016190261903619046190561906619076190861909619106191161912619136191461915619166191761918619196192061921619226192361924619256192661927619286192961930619316193261933619346193561936619376193861939619406194161942619436194461945619466194761948619496195061951619526195361954619556195661957619586195961960619616196261963619646196561966619676196861969619706197161972619736197461975619766197761978619796198061981619826198361984619856198661987619886198961990619916199261993619946199561996619976199861999620006200162002620036200462005620066200762008620096201062011620126201362014620156201662017620186201962020620216202262023620246202562026620276202862029620306203162032620336203462035620366203762038620396204062041620426204362044620456204662047620486204962050620516205262053620546205562056620576205862059620606206162062620636206462065620666206762068620696207062071620726207362074620756207662077620786207962080620816208262083620846208562086620876208862089620906209162092620936209462095620966209762098620996210062101621026210362104621056210662107621086210962110621116211262113621146211562116621176211862119621206212162122621236212462125621266212762128621296213062131621326213362134621356213662137621386213962140621416214262143621446214562146621476214862149621506215162152621536215462155621566215762158621596216062161621626216362164621656216662167621686216962170621716217262173621746217562176621776217862179621806218162182621836218462185621866218762188621896219062191621926219362194621956219662197621986219962200622016220262203622046220562206622076220862209622106221162212622136221462215622166221762218622196222062221622226222362224622256222662227622286222962230622316223262233622346223562236622376223862239622406224162242622436224462245622466224762248622496225062251622526225362254622556225662257622586225962260622616226262263622646226562266622676226862269622706227162272622736227462275622766227762278622796228062281622826228362284622856228662287622886228962290622916229262293622946229562296622976229862299623006230162302623036230462305623066230762308623096231062311623126231362314623156231662317623186231962320623216232262323623246232562326623276232862329623306233162332623336233462335623366233762338623396234062341623426234362344623456234662347623486234962350623516235262353623546235562356623576235862359623606236162362623636236462365623666236762368623696237062371623726237362374623756237662377623786237962380623816238262383623846238562386623876238862389623906239162392623936239462395623966239762398623996240062401624026240362404624056240662407624086240962410624116241262413624146241562416624176241862419624206242162422624236242462425624266242762428624296243062431624326243362434624356243662437624386243962440624416244262443624446244562446624476244862449624506245162452624536245462455624566245762458624596246062461624626246362464624656246662467624686246962470624716247262473624746247562476624776247862479624806248162482624836248462485624866248762488624896249062491624926249362494624956249662497624986249962500625016250262503625046250562506625076250862509625106251162512625136251462515625166251762518625196252062521625226252362524625256252662527625286252962530625316253262533625346253562536625376253862539625406254162542625436254462545625466254762548625496255062551625526255362554625556255662557625586255962560625616256262563625646256562566625676256862569625706257162572625736257462575625766257762578625796258062581625826258362584625856258662587625886258962590625916259262593625946259562596625976259862599626006260162602626036260462605626066260762608626096261062611626126261362614626156261662617626186261962620626216262262623626246262562626626276262862629626306263162632626336263462635626366263762638626396264062641626426264362644626456264662647626486264962650626516265262653626546265562656626576265862659626606266162662626636266462665626666266762668626696267062671626726267362674626756267662677626786267962680626816268262683626846268562686626876268862689626906269162692626936269462695626966269762698626996270062701627026270362704627056270662707627086270962710627116271262713627146271562716627176271862719627206272162722627236272462725627266272762728627296273062731627326273362734627356273662737627386273962740627416274262743627446274562746627476274862749627506275162752627536275462755627566275762758627596276062761627626276362764627656276662767627686276962770627716277262773627746277562776627776277862779627806278162782627836278462785627866278762788627896279062791627926279362794627956279662797627986279962800628016280262803628046280562806628076280862809628106281162812628136281462815628166281762818628196282062821628226282362824628256282662827628286282962830628316283262833628346283562836628376283862839628406284162842628436284462845628466284762848628496285062851628526285362854628556285662857628586285962860628616286262863628646286562866628676286862869628706287162872628736287462875628766287762878628796288062881628826288362884628856288662887628886288962890628916289262893628946289562896628976289862899629006290162902629036290462905629066290762908629096291062911629126291362914629156291662917629186291962920629216292262923629246292562926629276292862929629306293162932629336293462935629366293762938629396294062941629426294362944629456294662947629486294962950629516295262953629546295562956629576295862959629606296162962629636296462965629666296762968629696297062971629726297362974629756297662977629786297962980629816298262983629846298562986629876298862989629906299162992629936299462995629966299762998629996300063001630026300363004630056300663007630086300963010630116301263013630146301563016630176301863019630206302163022630236302463025630266302763028630296303063031630326303363034630356303663037630386303963040630416304263043630446304563046630476304863049630506305163052630536305463055630566305763058630596306063061630626306363064630656306663067630686306963070630716307263073630746307563076630776307863079630806308163082630836308463085630866308763088630896309063091630926309363094630956309663097630986309963100631016310263103631046310563106631076310863109631106311163112631136311463115631166311763118631196312063121631226312363124631256312663127631286312963130631316313263133631346313563136631376313863139631406314163142631436314463145631466314763148631496315063151631526315363154631556315663157631586315963160631616316263163631646316563166631676316863169631706317163172631736317463175631766317763178631796318063181631826318363184631856318663187631886318963190631916319263193631946319563196631976319863199632006320163202632036320463205632066320763208632096321063211632126321363214632156321663217632186321963220632216322263223632246322563226632276322863229632306323163232632336323463235632366323763238632396324063241632426324363244632456324663247632486324963250632516325263253632546325563256632576325863259632606326163262632636326463265632666326763268632696327063271632726327363274632756327663277632786327963280632816328263283632846328563286632876328863289632906329163292632936329463295632966329763298632996330063301633026330363304633056330663307633086330963310633116331263313633146331563316633176331863319633206332163322633236332463325633266332763328633296333063331633326333363334633356333663337633386333963340633416334263343633446334563346633476334863349633506335163352633536335463355633566335763358633596336063361633626336363364633656336663367633686336963370633716337263373633746337563376633776337863379633806338163382633836338463385633866338763388633896339063391633926339363394633956339663397633986339963400634016340263403634046340563406634076340863409634106341163412634136341463415634166341763418634196342063421634226342363424634256342663427634286342963430634316343263433634346343563436634376343863439634406344163442634436344463445634466344763448634496345063451634526345363454634556345663457634586345963460634616346263463634646346563466634676346863469634706347163472634736347463475634766347763478634796348063481634826348363484634856348663487634886348963490634916349263493634946349563496634976349863499635006350163502635036350463505635066350763508635096351063511635126351363514635156351663517635186351963520635216352263523635246352563526635276352863529635306353163532635336353463535635366353763538635396354063541635426354363544635456354663547635486354963550635516355263553635546355563556635576355863559635606356163562635636356463565635666356763568635696357063571635726357363574635756357663577635786357963580635816358263583635846358563586635876358863589635906359163592635936359463595635966359763598635996360063601636026360363604636056360663607636086360963610636116361263613636146361563616636176361863619636206362163622636236362463625636266362763628636296363063631636326363363634636356363663637636386363963640636416364263643636446364563646636476364863649636506365163652636536365463655636566365763658636596366063661636626366363664636656366663667636686366963670636716367263673636746367563676636776367863679636806368163682636836368463685636866368763688636896369063691636926369363694636956369663697636986369963700637016370263703637046370563706637076370863709637106371163712637136371463715637166371763718637196372063721637226372363724637256372663727637286372963730637316373263733637346373563736637376373863739637406374163742637436374463745637466374763748637496375063751637526375363754637556375663757637586375963760637616376263763637646376563766637676376863769637706377163772637736377463775637766377763778637796378063781637826378363784637856378663787637886378963790637916379263793637946379563796637976379863799638006380163802638036380463805638066380763808638096381063811638126381363814638156381663817638186381963820638216382263823638246382563826638276382863829638306383163832638336383463835638366383763838638396384063841638426384363844638456384663847638486384963850638516385263853638546385563856638576385863859638606386163862638636386463865638666386763868638696387063871638726387363874638756387663877638786387963880638816388263883638846388563886638876388863889638906389163892638936389463895638966389763898638996390063901639026390363904639056390663907639086390963910639116391263913639146391563916639176391863919639206392163922639236392463925639266392763928639296393063931639326393363934639356393663937639386393963940639416394263943639446394563946639476394863949639506395163952639536395463955639566395763958639596396063961639626396363964639656396663967639686396963970639716397263973639746397563976639776397863979639806398163982639836398463985639866398763988639896399063991639926399363994639956399663997639986399964000640016400264003640046400564006640076400864009640106401164012640136401464015640166401764018640196402064021640226402364024640256402664027640286402964030640316403264033640346403564036640376403864039640406404164042640436404464045640466404764048640496405064051640526405364054640556405664057640586405964060640616406264063640646406564066640676406864069640706407164072640736407464075640766407764078640796408064081640826408364084640856408664087640886408964090640916409264093640946409564096640976409864099641006410164102641036410464105641066410764108641096411064111641126411364114641156411664117641186411964120641216412264123641246412564126641276412864129641306413164132641336413464135641366413764138641396414064141641426414364144641456414664147641486414964150641516415264153641546415564156641576415864159641606416164162641636416464165641666416764168641696417064171641726417364174641756417664177641786417964180641816418264183641846418564186641876418864189641906419164192641936419464195641966419764198641996420064201642026420364204642056420664207642086420964210642116421264213642146421564216642176421864219642206422164222642236422464225642266422764228642296423064231642326423364234642356423664237642386423964240642416424264243642446424564246642476424864249642506425164252642536425464255642566425764258642596426064261642626426364264642656426664267642686426964270642716427264273642746427564276642776427864279642806428164282642836428464285642866428764288642896429064291642926429364294642956429664297642986429964300643016430264303643046430564306643076430864309643106431164312643136431464315643166431764318643196432064321643226432364324643256432664327643286432964330643316433264333643346433564336643376433864339643406434164342643436434464345643466434764348643496435064351643526435364354643556435664357643586435964360643616436264363643646436564366643676436864369643706437164372643736437464375643766437764378643796438064381643826438364384643856438664387643886438964390643916439264393643946439564396643976439864399644006440164402644036440464405644066440764408644096441064411644126441364414644156441664417644186441964420644216442264423644246442564426644276442864429644306443164432644336443464435644366443764438644396444064441644426444364444644456444664447644486444964450644516445264453644546445564456644576445864459644606446164462644636446464465644666446764468644696447064471644726447364474644756447664477644786447964480644816448264483644846448564486644876448864489644906449164492644936449464495644966449764498644996450064501645026450364504645056450664507645086450964510645116451264513645146451564516645176451864519645206452164522645236452464525645266452764528645296453064531645326453364534645356453664537645386453964540645416454264543645446454564546645476454864549645506455164552645536455464555645566455764558645596456064561645626456364564645656456664567645686456964570645716457264573645746457564576645776457864579645806458164582645836458464585645866458764588645896459064591645926459364594645956459664597645986459964600646016460264603646046460564606646076460864609646106461164612646136461464615646166461764618646196462064621646226462364624646256462664627646286462964630646316463264633646346463564636646376463864639646406464164642646436464464645646466464764648646496465064651646526465364654646556465664657646586465964660646616466264663646646466564666646676466864669646706467164672646736467464675646766467764678646796468064681646826468364684646856468664687646886468964690646916469264693646946469564696646976469864699647006470164702647036470464705647066470764708647096471064711647126471364714647156471664717647186471964720647216472264723647246472564726647276472864729647306473164732647336473464735647366473764738647396474064741647426474364744647456474664747647486474964750647516475264753647546475564756647576475864759647606476164762647636476464765647666476764768647696477064771647726477364774647756477664777647786477964780647816478264783647846478564786647876478864789647906479164792647936479464795647966479764798647996480064801648026480364804648056480664807648086480964810648116481264813648146481564816648176481864819648206482164822648236482464825648266482764828648296483064831648326483364834648356483664837648386483964840648416484264843648446484564846648476484864849648506485164852648536485464855648566485764858648596486064861648626486364864648656486664867648686486964870648716487264873648746487564876648776487864879648806488164882648836488464885648866488764888648896489064891648926489364894648956489664897648986489964900649016490264903649046490564906649076490864909649106491164912649136491464915649166491764918649196492064921649226492364924649256492664927649286492964930649316493264933649346493564936649376493864939649406494164942649436494464945649466494764948649496495064951649526495364954649556495664957649586495964960649616496264963649646496564966649676496864969649706497164972649736497464975649766497764978649796498064981649826498364984649856498664987649886498964990649916499264993649946499564996649976499864999650006500165002650036500465005650066500765008650096501065011650126501365014650156501665017650186501965020650216502265023650246502565026650276502865029650306503165032650336503465035650366503765038650396504065041650426504365044650456504665047650486504965050650516505265053650546505565056650576505865059650606506165062650636506465065650666506765068650696507065071650726507365074650756507665077650786507965080650816508265083650846508565086650876508865089650906509165092650936509465095650966509765098650996510065101651026510365104651056510665107651086510965110651116511265113651146511565116651176511865119651206512165122651236512465125651266512765128651296513065131651326513365134651356513665137651386513965140651416514265143651446514565146651476514865149651506515165152651536515465155651566515765158651596516065161651626516365164651656516665167651686516965170651716517265173651746517565176651776517865179651806518165182651836518465185651866518765188651896519065191651926519365194651956519665197651986519965200652016520265203652046520565206652076520865209652106521165212652136521465215652166521765218652196522065221652226522365224652256522665227652286522965230652316523265233652346523565236652376523865239652406524165242652436524465245652466524765248652496525065251652526525365254652556525665257652586525965260652616526265263652646526565266652676526865269652706527165272652736527465275652766527765278652796528065281652826528365284652856528665287652886528965290652916529265293652946529565296652976529865299653006530165302653036530465305653066530765308653096531065311653126531365314653156531665317653186531965320653216532265323653246532565326653276532865329653306533165332653336533465335653366533765338653396534065341653426534365344653456534665347653486534965350653516535265353653546535565356653576535865359653606536165362653636536465365653666536765368653696537065371653726537365374653756537665377653786537965380653816538265383653846538565386653876538865389653906539165392653936539465395653966539765398653996540065401654026540365404654056540665407654086540965410654116541265413654146541565416654176541865419654206542165422654236542465425654266542765428654296543065431654326543365434654356543665437654386543965440654416544265443654446544565446654476544865449654506545165452654536545465455654566545765458654596546065461654626546365464654656546665467654686546965470654716547265473654746547565476654776547865479654806548165482654836548465485654866548765488654896549065491654926549365494654956549665497654986549965500655016550265503655046550565506655076550865509655106551165512655136551465515655166551765518655196552065521655226552365524655256552665527655286552965530655316553265533655346553565536655376553865539655406554165542655436554465545655466554765548655496555065551655526555365554655556555665557655586555965560655616556265563655646556565566655676556865569655706557165572655736557465575655766557765578655796558065581655826558365584655856558665587655886558965590655916559265593655946559565596655976559865599656006560165602656036560465605656066560765608656096561065611656126561365614656156561665617656186561965620656216562265623656246562565626656276562865629656306563165632656336563465635656366563765638656396564065641656426564365644656456564665647656486564965650656516565265653656546565565656656576565865659656606566165662656636566465665656666566765668656696567065671656726567365674656756567665677656786567965680656816568265683656846568565686656876568865689656906569165692656936569465695656966569765698656996570065701657026570365704657056570665707657086570965710657116571265713657146571565716657176571865719657206572165722657236572465725657266572765728657296573065731657326573365734657356573665737657386573965740657416574265743657446574565746657476574865749657506575165752657536575465755657566575765758657596576065761657626576365764657656576665767657686576965770657716577265773657746577565776657776577865779657806578165782657836578465785657866578765788657896579065791657926579365794657956579665797657986579965800658016580265803658046580565806658076580865809658106581165812658136581465815658166581765818658196582065821658226582365824658256582665827658286582965830658316583265833658346583565836658376583865839658406584165842658436584465845658466584765848658496585065851658526585365854658556585665857658586585965860658616586265863658646586565866658676586865869658706587165872658736587465875658766587765878658796588065881658826588365884658856588665887658886588965890658916589265893658946589565896658976589865899659006590165902659036590465905659066590765908659096591065911659126591365914659156591665917659186591965920659216592265923659246592565926659276592865929659306593165932659336593465935659366593765938659396594065941659426594365944659456594665947659486594965950659516595265953659546595565956659576595865959659606596165962659636596465965659666596765968659696597065971659726597365974659756597665977659786597965980659816598265983659846598565986659876598865989659906599165992659936599465995659966599765998659996600066001660026600366004660056600666007660086600966010660116601266013660146601566016660176601866019660206602166022660236602466025660266602766028660296603066031660326603366034660356603666037660386603966040660416604266043660446604566046660476604866049660506605166052660536605466055660566605766058660596606066061660626606366064660656606666067660686606966070660716607266073660746607566076660776607866079660806608166082660836608466085660866608766088660896609066091660926609366094660956609666097660986609966100661016610266103661046610566106661076610866109661106611166112661136611466115661166611766118661196612066121661226612366124661256612666127661286612966130661316613266133661346613566136661376613866139661406614166142661436614466145661466614766148661496615066151661526615366154661556615666157661586615966160661616616266163661646616566166661676616866169661706617166172661736617466175661766617766178661796618066181661826618366184661856618666187661886618966190661916619266193661946619566196661976619866199662006620166202662036620466205662066620766208662096621066211662126621366214662156621666217662186621966220662216622266223662246622566226662276622866229662306623166232662336623466235662366623766238662396624066241662426624366244662456624666247662486624966250662516625266253662546625566256662576625866259662606626166262662636626466265662666626766268662696627066271662726627366274662756627666277662786627966280662816628266283662846628566286662876628866289662906629166292662936629466295662966629766298662996630066301663026630366304663056630666307663086630966310663116631266313663146631566316663176631866319663206632166322663236632466325663266632766328663296633066331663326633366334663356633666337663386633966340663416634266343663446634566346663476634866349663506635166352663536635466355663566635766358663596636066361663626636366364663656636666367663686636966370663716637266373663746637566376663776637866379663806638166382663836638466385663866638766388663896639066391663926639366394663956639666397663986639966400664016640266403664046640566406664076640866409664106641166412664136641466415664166641766418664196642066421664226642366424664256642666427664286642966430664316643266433664346643566436664376643866439664406644166442664436644466445664466644766448664496645066451664526645366454664556645666457664586645966460664616646266463664646646566466664676646866469664706647166472664736647466475664766647766478664796648066481664826648366484664856648666487664886648966490664916649266493664946649566496664976649866499665006650166502665036650466505665066650766508665096651066511665126651366514665156651666517665186651966520665216652266523665246652566526665276652866529665306653166532665336653466535665366653766538665396654066541665426654366544665456654666547665486654966550665516655266553665546655566556665576655866559665606656166562665636656466565665666656766568665696657066571665726657366574665756657666577665786657966580665816658266583665846658566586665876658866589665906659166592665936659466595665966659766598665996660066601666026660366604666056660666607666086660966610666116661266613666146661566616666176661866619666206662166622666236662466625666266662766628666296663066631666326663366634666356663666637666386663966640666416664266643666446664566646666476664866649666506665166652666536665466655666566665766658666596666066661666626666366664666656666666667666686666966670666716667266673666746667566676666776667866679666806668166682666836668466685666866668766688666896669066691666926669366694666956669666697666986669966700667016670266703667046670566706667076670866709667106671166712667136671466715667166671766718667196672066721667226672366724667256672666727667286672966730667316673266733667346673566736667376673866739667406674166742667436674466745667466674766748667496675066751667526675366754667556675666757667586675966760667616676266763667646676566766667676676866769667706677166772667736677466775667766677766778667796678066781667826678366784667856678666787667886678966790667916679266793667946679566796667976679866799668006680166802668036680466805668066680766808668096681066811668126681366814668156681666817668186681966820668216682266823668246682566826668276682866829668306683166832668336683466835668366683766838668396684066841668426684366844668456684666847668486684966850668516685266853668546685566856668576685866859668606686166862668636686466865668666686766868668696687066871668726687366874668756687666877668786687966880668816688266883668846688566886668876688866889668906689166892668936689466895668966689766898668996690066901669026690366904669056690666907669086690966910669116691266913669146691566916669176691866919669206692166922669236692466925669266692766928669296693066931669326693366934669356693666937669386693966940669416694266943669446694566946669476694866949669506695166952669536695466955669566695766958669596696066961669626696366964669656696666967669686696966970669716697266973669746697566976669776697866979669806698166982669836698466985669866698766988669896699066991669926699366994669956699666997669986699967000670016700267003670046700567006670076700867009670106701167012670136701467015670166701767018670196702067021670226702367024670256702667027670286702967030670316703267033670346703567036670376703867039670406704167042670436704467045670466704767048670496705067051670526705367054670556705667057670586705967060670616706267063670646706567066670676706867069670706707167072670736707467075670766707767078670796708067081670826708367084670856708667087670886708967090670916709267093670946709567096670976709867099671006710167102671036710467105671066710767108671096711067111671126711367114671156711667117671186711967120671216712267123671246712567126671276712867129671306713167132671336713467135671366713767138671396714067141671426714367144671456714667147671486714967150671516715267153671546715567156671576715867159671606716167162671636716467165671666716767168671696717067171671726717367174671756717667177671786717967180671816718267183671846718567186671876718867189671906719167192671936719467195671966719767198671996720067201672026720367204672056720667207672086720967210672116721267213672146721567216672176721867219672206722167222672236722467225672266722767228672296723067231672326723367234672356723667237672386723967240672416724267243672446724567246672476724867249672506725167252672536725467255672566725767258672596726067261672626726367264672656726667267672686726967270672716727267273672746727567276672776727867279672806728167282672836728467285672866728767288672896729067291672926729367294672956729667297672986729967300673016730267303673046730567306673076730867309673106731167312673136731467315673166731767318673196732067321673226732367324673256732667327673286732967330673316733267333673346733567336673376733867339673406734167342673436734467345673466734767348673496735067351673526735367354673556735667357673586735967360673616736267363673646736567366673676736867369673706737167372673736737467375673766737767378673796738067381673826738367384673856738667387673886738967390673916739267393673946739567396673976739867399674006740167402674036740467405674066740767408674096741067411674126741367414674156741667417674186741967420674216742267423674246742567426674276742867429674306743167432674336743467435674366743767438674396744067441674426744367444674456744667447674486744967450674516745267453674546745567456674576745867459674606746167462674636746467465674666746767468674696747067471674726747367474674756747667477674786747967480674816748267483674846748567486674876748867489674906749167492674936749467495674966749767498674996750067501675026750367504675056750667507675086750967510675116751267513675146751567516675176751867519675206752167522675236752467525675266752767528675296753067531675326753367534675356753667537675386753967540675416754267543675446754567546675476754867549675506755167552675536755467555675566755767558675596756067561675626756367564675656756667567675686756967570675716757267573675746757567576675776757867579675806758167582675836758467585675866758767588675896759067591675926759367594675956759667597675986759967600676016760267603676046760567606676076760867609676106761167612676136761467615676166761767618676196762067621676226762367624676256762667627676286762967630676316763267633676346763567636676376763867639676406764167642676436764467645676466764767648676496765067651676526765367654676556765667657676586765967660676616766267663676646766567666676676766867669676706767167672676736767467675676766767767678676796768067681676826768367684676856768667687676886768967690676916769267693676946769567696676976769867699677006770167702677036770467705677066770767708677096771067711677126771367714677156771667717677186771967720677216772267723677246772567726677276772867729677306773167732677336773467735677366773767738677396774067741677426774367744677456774667747677486774967750677516775267753677546775567756677576775867759677606776167762677636776467765677666776767768677696777067771677726777367774677756777667777677786777967780677816778267783677846778567786677876778867789677906779167792677936779467795677966779767798677996780067801678026780367804678056780667807678086780967810678116781267813678146781567816678176781867819678206782167822678236782467825678266782767828678296783067831678326783367834678356783667837678386783967840678416784267843678446784567846678476784867849678506785167852678536785467855678566785767858678596786067861678626786367864678656786667867678686786967870678716787267873678746787567876678776787867879678806788167882678836788467885678866788767888678896789067891678926789367894678956789667897678986789967900679016790267903679046790567906679076790867909679106791167912679136791467915679166791767918679196792067921679226792367924679256792667927679286792967930679316793267933679346793567936679376793867939679406794167942679436794467945679466794767948679496795067951679526795367954679556795667957679586795967960679616796267963679646796567966679676796867969679706797167972679736797467975679766797767978679796798067981679826798367984679856798667987679886798967990679916799267993679946799567996679976799867999680006800168002680036800468005680066800768008680096801068011680126801368014680156801668017680186801968020680216802268023680246802568026680276802868029680306803168032680336803468035680366803768038680396804068041680426804368044680456804668047680486804968050680516805268053680546805568056680576805868059680606806168062680636806468065680666806768068680696807068071680726807368074680756807668077680786807968080680816808268083680846808568086680876808868089680906809168092680936809468095680966809768098680996810068101681026810368104681056810668107681086810968110681116811268113681146811568116681176811868119681206812168122681236812468125681266812768128681296813068131681326813368134681356813668137681386813968140681416814268143681446814568146681476814868149681506815168152681536815468155681566815768158681596816068161681626816368164681656816668167681686816968170681716817268173681746817568176681776817868179681806818168182681836818468185681866818768188681896819068191681926819368194681956819668197681986819968200682016820268203682046820568206682076820868209682106821168212682136821468215682166821768218682196822068221682226822368224682256822668227682286822968230682316823268233682346823568236682376823868239682406824168242682436824468245682466824768248682496825068251682526825368254682556825668257682586825968260682616826268263682646826568266682676826868269682706827168272682736827468275682766827768278682796828068281682826828368284682856828668287682886828968290682916829268293682946829568296682976829868299683006830168302683036830468305683066830768308683096831068311683126831368314683156831668317683186831968320683216832268323683246832568326683276832868329683306833168332683336833468335683366833768338683396834068341683426834368344683456834668347683486834968350683516835268353683546835568356683576835868359683606836168362683636836468365683666836768368683696837068371683726837368374683756837668377683786837968380683816838268383683846838568386683876838868389683906839168392683936839468395683966839768398683996840068401684026840368404684056840668407684086840968410684116841268413684146841568416684176841868419684206842168422684236842468425684266842768428684296843068431684326843368434684356843668437684386843968440684416844268443684446844568446684476844868449684506845168452684536845468455684566845768458684596846068461684626846368464684656846668467684686846968470684716847268473684746847568476684776847868479684806848168482684836848468485684866848768488684896849068491684926849368494684956849668497684986849968500685016850268503685046850568506685076850868509685106851168512685136851468515685166851768518685196852068521685226852368524685256852668527685286852968530685316853268533685346853568536685376853868539685406854168542685436854468545685466854768548685496855068551685526855368554685556855668557685586855968560685616856268563685646856568566685676856868569685706857168572685736857468575685766857768578685796858068581685826858368584685856858668587685886858968590685916859268593685946859568596685976859868599686006860168602686036860468605686066860768608686096861068611686126861368614686156861668617686186861968620686216862268623686246862568626686276862868629686306863168632686336863468635686366863768638686396864068641686426864368644686456864668647686486864968650686516865268653686546865568656686576865868659686606866168662686636866468665686666866768668686696867068671686726867368674686756867668677686786867968680686816868268683686846868568686686876868868689686906869168692686936869468695686966869768698686996870068701687026870368704687056870668707687086870968710687116871268713687146871568716687176871868719687206872168722687236872468725687266872768728687296873068731687326873368734687356873668737687386873968740687416874268743687446874568746687476874868749687506875168752687536875468755687566875768758687596876068761687626876368764687656876668767687686876968770687716877268773687746877568776687776877868779687806878168782687836878468785687866878768788687896879068791687926879368794687956879668797687986879968800688016880268803688046880568806688076880868809688106881168812688136881468815688166881768818688196882068821688226882368824688256882668827688286882968830688316883268833688346883568836688376883868839688406884168842688436884468845688466884768848688496885068851688526885368854688556885668857688586885968860688616886268863688646886568866688676886868869688706887168872688736887468875688766887768878688796888068881688826888368884688856888668887688886888968890688916889268893688946889568896688976889868899689006890168902689036890468905689066890768908689096891068911689126891368914689156891668917689186891968920689216892268923689246892568926689276892868929689306893168932689336893468935689366893768938689396894068941689426894368944689456894668947689486894968950689516895268953689546895568956689576895868959689606896168962689636896468965689666896768968689696897068971689726897368974689756897668977689786897968980689816898268983689846898568986689876898868989689906899168992689936899468995689966899768998689996900069001690026900369004690056900669007690086900969010690116901269013690146901569016690176901869019690206902169022690236902469025690266902769028690296903069031690326903369034690356903669037690386903969040690416904269043690446904569046690476904869049690506905169052690536905469055690566905769058690596906069061690626906369064690656906669067690686906969070690716907269073690746907569076690776907869079690806908169082690836908469085690866908769088690896909069091690926909369094690956909669097690986909969100691016910269103691046910569106691076910869109691106911169112691136911469115691166911769118691196912069121691226912369124691256912669127691286912969130691316913269133691346913569136691376913869139691406914169142691436914469145691466914769148691496915069151691526915369154691556915669157691586915969160691616916269163691646916569166691676916869169691706917169172691736917469175691766917769178691796918069181691826918369184691856918669187691886918969190691916919269193691946919569196691976919869199692006920169202692036920469205692066920769208692096921069211692126921369214692156921669217692186921969220692216922269223692246922569226692276922869229692306923169232692336923469235692366923769238692396924069241692426924369244692456924669247692486924969250692516925269253692546925569256692576925869259692606926169262692636926469265692666926769268692696927069271692726927369274692756927669277692786927969280692816928269283692846928569286692876928869289692906929169292692936929469295692966929769298692996930069301693026930369304693056930669307693086930969310693116931269313693146931569316693176931869319693206932169322693236932469325693266932769328693296933069331693326933369334693356933669337693386933969340693416934269343693446934569346693476934869349693506935169352693536935469355693566935769358693596936069361693626936369364693656936669367693686936969370693716937269373693746937569376693776937869379693806938169382693836938469385693866938769388693896939069391693926939369394693956939669397693986939969400694016940269403694046940569406694076940869409694106941169412694136941469415694166941769418694196942069421694226942369424694256942669427694286942969430694316943269433694346943569436694376943869439694406944169442694436944469445694466944769448694496945069451694526945369454694556945669457694586945969460694616946269463694646946569466694676946869469694706947169472694736947469475694766947769478694796948069481694826948369484694856948669487694886948969490694916949269493694946949569496694976949869499695006950169502695036950469505695066950769508695096951069511695126951369514695156951669517695186951969520695216952269523695246952569526695276952869529695306953169532695336953469535695366953769538695396954069541695426954369544695456954669547695486954969550695516955269553695546955569556695576955869559695606956169562695636956469565695666956769568695696957069571695726957369574695756957669577695786957969580695816958269583695846958569586695876958869589695906959169592695936959469595695966959769598695996960069601696026960369604696056960669607696086960969610696116961269613696146961569616696176961869619696206962169622696236962469625696266962769628696296963069631696326963369634696356963669637696386963969640696416964269643696446964569646696476964869649696506965169652696536965469655696566965769658696596966069661696626966369664696656966669667696686966969670696716967269673696746967569676696776967869679696806968169682696836968469685696866968769688696896969069691696926969369694696956969669697696986969969700697016970269703697046970569706697076970869709697106971169712697136971469715697166971769718697196972069721697226972369724697256972669727697286972969730697316973269733697346973569736697376973869739697406974169742697436974469745697466974769748697496975069751697526975369754697556975669757697586975969760697616976269763697646976569766697676976869769697706977169772697736977469775697766977769778697796978069781697826978369784697856978669787697886978969790697916979269793697946979569796697976979869799698006980169802698036980469805698066980769808698096981069811698126981369814698156981669817698186981969820698216982269823698246982569826698276982869829698306983169832698336983469835698366983769838698396984069841698426984369844698456984669847698486984969850698516985269853698546985569856698576985869859698606986169862698636986469865698666986769868698696987069871698726987369874698756987669877698786987969880698816988269883698846988569886698876988869889698906989169892698936989469895698966989769898698996990069901699026990369904699056990669907699086990969910699116991269913699146991569916699176991869919699206992169922699236992469925699266992769928699296993069931699326993369934699356993669937699386993969940699416994269943699446994569946699476994869949699506995169952699536995469955699566995769958699596996069961699626996369964699656996669967699686996969970699716997269973699746997569976699776997869979699806998169982699836998469985699866998769988699896999069991699926999369994699956999669997699986999970000700017000270003700047000570006700077000870009700107001170012700137001470015700167001770018700197002070021700227002370024700257002670027700287002970030700317003270033700347003570036700377003870039700407004170042700437004470045700467004770048700497005070051700527005370054700557005670057700587005970060700617006270063700647006570066700677006870069700707007170072700737007470075700767007770078700797008070081700827008370084700857008670087700887008970090700917009270093700947009570096700977009870099701007010170102701037010470105701067010770108701097011070111701127011370114701157011670117701187011970120701217012270123701247012570126701277012870129701307013170132701337013470135701367013770138701397014070141701427014370144701457014670147701487014970150701517015270153701547015570156701577015870159701607016170162701637016470165701667016770168701697017070171701727017370174701757017670177701787017970180701817018270183701847018570186701877018870189701907019170192701937019470195701967019770198701997020070201702027020370204702057020670207702087020970210702117021270213702147021570216702177021870219702207022170222702237022470225702267022770228702297023070231702327023370234702357023670237702387023970240702417024270243702447024570246702477024870249702507025170252702537025470255702567025770258702597026070261702627026370264702657026670267702687026970270702717027270273702747027570276702777027870279702807028170282702837028470285702867028770288702897029070291702927029370294702957029670297702987029970300703017030270303703047030570306703077030870309703107031170312703137031470315703167031770318703197032070321703227032370324703257032670327703287032970330703317033270333703347033570336703377033870339703407034170342703437034470345703467034770348703497035070351703527035370354703557035670357703587035970360703617036270363703647036570366703677036870369703707037170372703737037470375703767037770378703797038070381703827038370384703857038670387703887038970390703917039270393703947039570396703977039870399704007040170402704037040470405704067040770408704097041070411704127041370414704157041670417704187041970420704217042270423704247042570426704277042870429704307043170432704337043470435704367043770438704397044070441704427044370444704457044670447704487044970450704517045270453704547045570456704577045870459704607046170462704637046470465704667046770468704697047070471704727047370474704757047670477704787047970480704817048270483704847048570486704877048870489704907049170492704937049470495704967049770498704997050070501705027050370504705057050670507705087050970510705117051270513705147051570516705177051870519705207052170522705237052470525705267052770528705297053070531705327053370534705357053670537705387053970540705417054270543705447054570546705477054870549705507055170552705537055470555705567055770558705597056070561705627056370564705657056670567705687056970570705717057270573705747057570576705777057870579705807058170582705837058470585705867058770588705897059070591705927059370594705957059670597705987059970600706017060270603706047060570606706077060870609706107061170612706137061470615706167061770618706197062070621706227062370624706257062670627706287062970630706317063270633706347063570636706377063870639706407064170642706437064470645706467064770648706497065070651706527065370654706557065670657706587065970660706617066270663706647066570666706677066870669706707067170672706737067470675706767067770678706797068070681706827068370684706857068670687706887068970690706917069270693706947069570696706977069870699707007070170702707037070470705707067070770708707097071070711707127071370714707157071670717707187071970720707217072270723707247072570726707277072870729707307073170732707337073470735707367073770738707397074070741707427074370744707457074670747707487074970750707517075270753707547075570756707577075870759707607076170762707637076470765707667076770768707697077070771707727077370774707757077670777707787077970780707817078270783707847078570786707877078870789707907079170792707937079470795707967079770798707997080070801708027080370804708057080670807708087080970810708117081270813708147081570816708177081870819708207082170822708237082470825708267082770828708297083070831708327083370834708357083670837708387083970840708417084270843708447084570846708477084870849708507085170852708537085470855708567085770858708597086070861708627086370864708657086670867708687086970870708717087270873708747087570876708777087870879708807088170882708837088470885708867088770888708897089070891708927089370894708957089670897708987089970900709017090270903709047090570906709077090870909709107091170912709137091470915709167091770918709197092070921709227092370924709257092670927709287092970930709317093270933709347093570936709377093870939709407094170942709437094470945709467094770948709497095070951709527095370954709557095670957709587095970960709617096270963709647096570966709677096870969709707097170972709737097470975709767097770978709797098070981709827098370984709857098670987709887098970990709917099270993709947099570996709977099870999710007100171002710037100471005710067100771008710097101071011710127101371014710157101671017710187101971020710217102271023710247102571026710277102871029710307103171032710337103471035710367103771038710397104071041710427104371044710457104671047710487104971050710517105271053710547105571056710577105871059710607106171062710637106471065710667106771068710697107071071710727107371074710757107671077710787107971080710817108271083710847108571086710877108871089710907109171092710937109471095710967109771098710997110071101711027110371104711057110671107711087110971110711117111271113711147111571116711177111871119711207112171122711237112471125711267112771128711297113071131711327113371134711357113671137711387113971140711417114271143711447114571146711477114871149711507115171152711537115471155711567115771158711597116071161711627116371164711657116671167711687116971170711717117271173711747117571176711777117871179711807118171182711837118471185711867118771188711897119071191711927119371194711957119671197711987119971200712017120271203712047120571206712077120871209712107121171212712137121471215712167121771218712197122071221712227122371224712257122671227712287122971230712317123271233712347123571236712377123871239712407124171242712437124471245712467124771248712497125071251712527125371254712557125671257712587125971260712617126271263712647126571266712677126871269712707127171272712737127471275712767127771278712797128071281712827128371284712857128671287712887128971290712917129271293712947129571296712977129871299713007130171302713037130471305713067130771308713097131071311713127131371314713157131671317713187131971320713217132271323713247132571326713277132871329713307133171332713337133471335713367133771338713397134071341713427134371344713457134671347713487134971350713517135271353713547135571356713577135871359713607136171362713637136471365713667136771368713697137071371713727137371374713757137671377713787137971380713817138271383713847138571386713877138871389713907139171392713937139471395713967139771398713997140071401714027140371404714057140671407714087140971410714117141271413714147141571416714177141871419714207142171422714237142471425714267142771428714297143071431714327143371434714357143671437714387143971440714417144271443714447144571446714477144871449714507145171452714537145471455714567145771458714597146071461714627146371464714657146671467714687146971470714717147271473714747147571476714777147871479714807148171482714837148471485714867148771488714897149071491714927149371494714957149671497714987149971500715017150271503715047150571506715077150871509715107151171512715137151471515715167151771518715197152071521715227152371524715257152671527715287152971530715317153271533715347153571536715377153871539715407154171542715437154471545715467154771548715497155071551715527155371554715557155671557715587155971560715617156271563715647156571566715677156871569715707157171572715737157471575715767157771578715797158071581715827158371584715857158671587715887158971590715917159271593715947159571596715977159871599716007160171602716037160471605716067160771608716097161071611716127161371614716157161671617716187161971620716217162271623716247162571626716277162871629716307163171632716337163471635716367163771638716397164071641716427164371644716457164671647716487164971650716517165271653716547165571656716577165871659716607166171662716637166471665716667166771668716697167071671716727167371674716757167671677716787167971680716817168271683716847168571686716877168871689716907169171692716937169471695716967169771698716997170071701717027170371704717057170671707717087170971710717117171271713717147171571716717177171871719717207172171722717237172471725717267172771728717297173071731717327173371734717357173671737717387173971740717417174271743717447174571746717477174871749717507175171752717537175471755717567175771758717597176071761717627176371764717657176671767717687176971770717717177271773717747177571776717777177871779717807178171782717837178471785717867178771788717897179071791717927179371794717957179671797717987179971800718017180271803718047180571806718077180871809718107181171812718137181471815718167181771818718197182071821718227182371824718257182671827718287182971830718317183271833718347183571836718377183871839718407184171842718437184471845718467184771848718497185071851718527185371854718557185671857718587185971860718617186271863718647186571866718677186871869718707187171872718737187471875718767187771878718797188071881718827188371884718857188671887718887188971890718917189271893718947189571896718977189871899719007190171902719037190471905719067190771908719097191071911719127191371914719157191671917719187191971920719217192271923719247192571926719277192871929719307193171932719337193471935719367193771938719397194071941719427194371944719457194671947719487194971950719517195271953719547195571956719577195871959719607196171962719637196471965719667196771968719697197071971719727197371974719757197671977719787197971980719817198271983719847198571986719877198871989719907199171992719937199471995719967199771998719997200072001720027200372004720057200672007720087200972010720117201272013720147201572016720177201872019720207202172022720237202472025720267202772028720297203072031720327203372034720357203672037720387203972040720417204272043720447204572046720477204872049720507205172052720537205472055720567205772058720597206072061720627206372064720657206672067720687206972070720717207272073720747207572076720777207872079720807208172082720837208472085720867208772088720897209072091720927209372094720957209672097720987209972100721017210272103721047210572106721077210872109721107211172112721137211472115721167211772118721197212072121721227212372124721257212672127721287212972130721317213272133721347213572136721377213872139721407214172142721437214472145721467214772148721497215072151721527215372154721557215672157721587215972160721617216272163721647216572166721677216872169721707217172172721737217472175721767217772178721797218072181721827218372184721857218672187721887218972190721917219272193721947219572196721977219872199722007220172202722037220472205722067220772208722097221072211722127221372214722157221672217722187221972220722217222272223722247222572226722277222872229722307223172232722337223472235722367223772238722397224072241722427224372244722457224672247722487224972250722517225272253722547225572256722577225872259722607226172262722637226472265722667226772268722697227072271722727227372274722757227672277722787227972280722817228272283722847228572286722877228872289722907229172292722937229472295722967229772298722997230072301723027230372304723057230672307723087230972310723117231272313723147231572316723177231872319723207232172322723237232472325723267232772328723297233072331723327233372334723357233672337723387233972340723417234272343723447234572346723477234872349723507235172352723537235472355723567235772358723597236072361723627236372364723657236672367723687236972370723717237272373723747237572376 |
- /* api.c API unit tests
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /* For AES-CBC, input lengths can optionally be validated to be a
- * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS,
- * also available via the configure option --enable-aescbc-length-checks.
- */
- /*----------------------------------------------------------------------------*
- | Includes
- *----------------------------------------------------------------------------*/
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
- #ifndef FOURK_BUF
- #define FOURK_BUF 4096
- #endif
- #ifndef TWOK_BUF
- #define TWOK_BUF 2048
- #endif
- #ifndef ONEK_BUF
- #define ONEK_BUF 1024
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY)
- #include <wolfssl/wolfcrypt/memory.h>
- #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
- #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
- defined(SESSION_CERTS)
- #ifdef OPENSSL_EXTRA
- #define TEST_TLS_STATIC_MEMSZ (400000)
- #else
- #define TEST_TLS_STATIC_MEMSZ (320000)
- #endif
- #else
- #define TEST_TLS_STATIC_MEMSZ (80000)
- #endif
- #endif
- #endif /* WOLFSSL_STATIC_MEMORY */
- #ifndef HEAP_HINT
- #define HEAP_HINT NULL
- #endif /* WOLFSSL_STAIC_MEMORY */
- #ifdef WOLFSSL_ASNC_CRYPT
- #include <wolfssl/wolfcrypt/async.h>
- #endif
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
- #ifndef ECC_ASN963_MAX_BUF_SZ
- #define ECC_ASN963_MAX_BUF_SZ 133
- #endif
- #ifndef ECC_PRIV_KEY_BUF
- #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */
- #endif
- /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
- /* logic to choose right key ECC size */
- #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
- #define KEY14 14
- #else
- #define KEY14 32
- #endif
- #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
- #define KEY16 16
- #else
- #define KEY16 32
- #endif
- #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
- #define KEY20 20
- #else
- #define KEY20 32
- #endif
- #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
- #define KEY24 24
- #else
- #define KEY24 32
- #endif
- #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
- #define KEY28 28
- #else
- #define KEY28 32
- #endif
- #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
- #define KEY30 30
- #else
- #define KEY30 32
- #endif
- #define KEY32 32
- #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
- #define KEY40 40
- #else
- #define KEY40 32
- #endif
- #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
- #define KEY48 48
- #else
- #define KEY48 32
- #endif
- #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
- #define KEY64 64
- #else
- #define KEY64 32
- #endif
- #if !defined(HAVE_COMP_KEY)
- #if !defined(NOCOMP)
- #define NOCOMP 0
- #endif
- #else
- #if !defined(COMP)
- #define COMP 1
- #endif
- #endif
- #if !defined(DER_SZ)
- #define DER_SZ(ks) ((ks) * 2 + 1)
- #endif
- #ifdef WOLFSSL_SM2
- #include <wolfssl/wolfcrypt/sm2.h>
- #endif
- #endif
- #ifndef NO_ASN
- #include <wolfssl/wolfcrypt/asn_public.h>
- #endif
- #include <wolfssl/error-ssl.h>
- #include <stdlib.h>
- #include <wolfssl/ssl.h> /* compatibility layer */
- #include <wolfssl/test.h>
- #include <tests/unit.h>
- #include "examples/server/server.h"
- /* for testing compatibility layer callbacks */
- #ifndef NO_MD5
- #include <wolfssl/wolfcrypt/md5.h>
- #endif
- #ifndef NO_SHA
- #include <wolfssl/wolfcrypt/sha.h>
- #endif
- #ifndef NO_SHA256
- #include <wolfssl/wolfcrypt/sha256.h>
- #endif
- #ifdef WOLFSSL_SHA512
- #include <wolfssl/wolfcrypt/sha512.h>
- #endif
- #ifdef WOLFSSL_SHA384
- #include <wolfssl/wolfcrypt/sha512.h>
- #endif
- #ifdef WOLFSSL_SHA3
- #include <wolfssl/wolfcrypt/sha3.h>
- #ifndef HEAP_HINT
- #define HEAP_HINT NULL
- #endif
- #endif
- #ifdef WOLFSSL_SM3
- #include <wolfssl/wolfcrypt/sm3.h>
- #endif
- #ifndef NO_AES
- #include <wolfssl/wolfcrypt/aes.h>
- #ifdef HAVE_AES_DECRYPT
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #endif
- #endif
- #ifdef WOLFSSL_SM4
- #include <wolfssl/wolfcrypt/sm4.h>
- #endif
- #ifdef WOLFSSL_RIPEMD
- #include <wolfssl/wolfcrypt/ripemd.h>
- #endif
- #ifndef NO_DES3
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #endif
- #ifdef WC_RC2
- #include <wolfssl/wolfcrypt/rc2.h>
- #endif
- #ifndef NO_HMAC
- #include <wolfssl/wolfcrypt/hmac.h>
- #endif
- #ifdef HAVE_CHACHA
- #include <wolfssl/wolfcrypt/chacha.h>
- #endif
- #ifdef HAVE_POLY1305
- #include <wolfssl/wolfcrypt/poly1305.h>
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
- #endif
- #ifdef HAVE_CAMELLIA
- #include <wolfssl/wolfcrypt/camellia.h>
- #endif
- #ifndef NO_RC4
- #include <wolfssl/wolfcrypt/arc4.h>
- #endif
- #ifdef HAVE_BLAKE2
- #include <wolfssl/wolfcrypt/blake2.h>
- #endif
- #include <wolfssl/wolfcrypt/hash.h>
- #ifndef NO_RSA
- #include <wolfssl/wolfcrypt/rsa.h>
- #define FOURK_BUF 4096
- #define GEN_BUF 294
- #endif
- #ifndef NO_SIG_WRAPPER
- #include <wolfssl/wolfcrypt/signature.h>
- #endif
- #ifdef HAVE_AESCCM
- #include <wolfssl/wolfcrypt/aes.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/wolfcrypt/pkcs7.h>
- #include <wolfssl/wolfcrypt/asn.h>
- #ifdef HAVE_LIBZ
- #include <wolfssl/wolfcrypt/compress.h>
- #endif
- #endif
- #ifdef WOLFSSL_SMALL_CERT_VERIFY
- #include <wolfssl/wolfcrypt/asn.h>
- #endif
- #ifndef NO_DSA
- #include <wolfssl/wolfcrypt/dsa.h>
- #ifndef ONEK_BUF
- #define ONEK_BUF 1024
- #endif
- #ifndef TWOK_BUF
- #define TWOK_BUF 2048
- #endif
- #ifndef FOURK_BUF
- #define FOURK_BUF 4096
- #endif
- #ifndef DSA_SIG_SIZE
- #define DSA_SIG_SIZE 40
- #endif
- #ifndef MAX_DSA_PARAM_SIZE
- #define MAX_DSA_PARAM_SIZE 256
- #endif
- #endif
- #ifdef WOLFSSL_CMAC
- #include <wolfssl/wolfcrypt/cmac.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/wolfcrypt/ed25519.h>
- #endif
- #ifdef HAVE_CURVE25519
- #include <wolfssl/wolfcrypt/curve25519.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/wolfcrypt/ed448.h>
- #endif
- #ifdef HAVE_CURVE448
- #include <wolfssl/wolfcrypt/curve448.h>
- #endif
- #ifdef HAVE_PKCS12
- #include <wolfssl/wolfcrypt/pkcs12.h>
- #endif
- #include <wolfssl/wolfcrypt/logging.h>
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
- #include <wolfssl/openssl/ssl.h>
- #ifndef NO_ASN
- /* for ASN_COMMON_NAME DN_tags enum */
- #include <wolfssl/wolfcrypt/asn.h>
- #endif
- #ifdef HAVE_OCSP
- #include <wolfssl/openssl/ocsp.h>
- #endif
- #endif
- #ifdef OPENSSL_EXTRA
- #include <wolfssl/openssl/cmac.h>
- #include <wolfssl/openssl/x509v3.h>
- #include <wolfssl/openssl/asn1.h>
- #include <wolfssl/openssl/crypto.h>
- #include <wolfssl/openssl/pkcs12.h>
- #include <wolfssl/openssl/evp.h>
- #include <wolfssl/openssl/dh.h>
- #include <wolfssl/openssl/bn.h>
- #include <wolfssl/openssl/buffer.h>
- #include <wolfssl/openssl/pem.h>
- #include <wolfssl/openssl/ec.h>
- #include <wolfssl/openssl/ecdh.h>
- #include <wolfssl/openssl/engine.h>
- #include <wolfssl/openssl/hmac.h>
- #include <wolfssl/openssl/objects.h>
- #include <wolfssl/openssl/rand.h>
- #include <wolfssl/openssl/modes.h>
- #include <wolfssl/openssl/fips_rand.h>
- #include <wolfssl/openssl/kdf.h>
- #ifdef OPENSSL_ALL
- #include <wolfssl/openssl/txt_db.h>
- #include <wolfssl/openssl/lhash.h>
- #endif
- #ifndef NO_AES
- #include <wolfssl/openssl/aes.h>
- #endif
- #ifndef NO_DES3
- #include <wolfssl/openssl/des.h>
- #endif
- #ifndef NO_RC4
- #include <wolfssl/openssl/rc4.h>
- #endif
- #ifdef HAVE_ECC
- #include <wolfssl/openssl/ecdsa.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/openssl/pkcs7.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/openssl/ed25519.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/openssl/ed448.h>
- #endif
- #endif /* OPENSSL_EXTRA */
- #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
- && !defined(NO_SHA256) && !defined(RC_NO_RNG)
- #include <wolfssl/wolfcrypt/srp.h>
- #endif
- #if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
- defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) || \
- defined(WOLFSSL_TEST_STATIC_BUILD) || defined(WOLFSSL_DTLS) || \
- defined(HAVE_ECH) || defined(HAVE_EX_DATA) || !defined(NO_SESSION_CACHE) \
- || !defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)
- /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
- * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence
- * number tracking */
- #include "wolfssl/internal.h"
- #endif
- /* force enable test buffers */
- #ifndef USE_CERT_BUFFERS_2048
- #define USE_CERT_BUFFERS_2048
- #endif
- #ifndef USE_CERT_BUFFERS_256
- #define USE_CERT_BUFFERS_256
- #endif
- #include <wolfssl/certs_test.h>
- #include "tests/utils.h"
- /* include misc.c here regardless of NO_INLINE, because misc.c implementations
- * have default (hidden) visibility, and in the absence of visibility, it's
- * benign to mask out the library implementation.
- */
- #define WOLFSSL_MISC_INCLUDED
- #include <wolfcrypt/src/misc.c>
- #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- /* FIPS build has replaced ecc.h. */
- #define wc_ecc_key_get_priv(key) (&((key)->k))
- #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- #endif
- typedef struct testVector {
- const char* input;
- const char* output;
- size_t inLen;
- size_t outLen;
- } testVector;
- #if defined(HAVE_PKCS7)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- } pkcs7EnvelopedVector;
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- byte* encryptionKey;
- word32 encryptionKeySz;
- } pkcs7EncryptedVector;
- #endif
- #endif /* HAVE_PKCS7 */
- typedef int (*ctx_cb)(WOLFSSL_CTX* ctx);
- typedef int (*ssl_cb)(WOLFSSL* ssl);
- typedef int (*test_cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
- typedef int (*hs_cb)(WOLFSSL_CTX **ctx, WOLFSSL **ssl);
- typedef struct test_ssl_cbf {
- method_provider method;
- ctx_cb ctx_ready;
- ssl_cb ssl_ready;
- ssl_cb on_result;
- ctx_cb on_ctx_cleanup;
- ssl_cb on_cleanup;
- hs_cb on_handshake;
- WOLFSSL_CTX* ctx;
- const char* caPemFile;
- const char* certPemFile;
- const char* keyPemFile;
- const char* crlPemFile;
- #ifdef WOLFSSL_STATIC_MEMORY
- byte* mem;
- word32 memSz;
- wolfSSL_method_func method_ex;
- #endif
- int devId;
- int return_code;
- int last_err;
- unsigned char isSharedCtx:1;
- unsigned char loadToSSL:1;
- unsigned char ticNoInit:1;
- unsigned char doUdp:1;
- } test_ssl_cbf;
- #define TEST_SSL_MEMIO_BUF_SZ (64 * 1024)
- typedef struct test_ssl_memio_ctx {
- WOLFSSL_CTX* s_ctx;
- WOLFSSL_CTX* c_ctx;
- WOLFSSL* s_ssl;
- WOLFSSL* c_ssl;
- const char* c_ciphers;
- const char* s_ciphers;
- char* c_msg;
- int c_msglen;
- char* s_msg;
- int s_msglen;
- test_ssl_cbf s_cb;
- test_ssl_cbf c_cb;
- byte c_buff[TEST_SSL_MEMIO_BUF_SZ];
- int c_len;
- byte s_buff[TEST_SSL_MEMIO_BUF_SZ];
- int s_len;
- } test_ssl_memio_ctx;
- int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
- test_ssl_cbf* server_cb, test_cbType client_on_handshake);
- #ifdef WOLFSSL_DUMP_MEMIO_STREAM
- const char* currentTestName;
- char tmpDirName[16];
- int tmpDirNameSet = 0;
- #endif
- /*----------------------------------------------------------------------------*
- | Constants
- *----------------------------------------------------------------------------*/
- /* Test result constants and macros. */
- /* Test succeeded. */
- #define TEST_SUCCESS (1)
- /* Test failed. */
- #define TEST_FAIL (0)
- /* Test skipped - not run. */
- #define TEST_SKIPPED (-7777)
- /* Returns the result based on whether check is true.
- *
- * @param [in] check Condition for success.
- * @return When condition is true: TEST_SUCCESS.
- * @return When condition is false: TEST_FAIL.
- */
- #ifdef DEBUG_WOLFSSL_VERBOSE
- #define XSTRINGIFY(s) STRINGIFY(s)
- #define STRINGIFY(s) #s
- #define TEST_RES_CHECK(check) ({ \
- int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \
- if (_ret == TEST_FAIL) { \
- fprintf(stderr, " check \"%s\" at %d ", \
- XSTRINGIFY(check), __LINE__); \
- } \
- _ret; })
- #else
- #define TEST_RES_CHECK(check) \
- ((check) ? TEST_SUCCESS : TEST_FAIL)
- #endif /* DEBUG_WOLFSSL_VERBOSE */
- #define TEST_STRING "Everyone gets Friday off."
- #define TEST_STRING_SZ 25
- #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
- #define TEST_RSA_BITS 1024
- #else
- #define TEST_RSA_BITS 2048
- #endif
- #define TEST_RSA_BYTES (TEST_RSA_BITS/8)
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
- static const char* bogusFile =
- #ifdef _WIN32
- "NUL"
- #else
- "/dev/null"
- #endif
- ;
- #endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */
- enum {
- TESTING_RSA = 1,
- TESTING_ECC = 2
- };
- #ifdef WOLFSSL_QNX_CAAM
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- static int testDevId = WOLFSSL_CAAM_DEVID;
- #else
- static int testDevId = INVALID_DEVID;
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && !defined(SINGLE_THREADED) && \
- !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
- #define HAVE_IO_TESTS_DEPENDENCIES
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
- #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
- #endif
- /*----------------------------------------------------------------------------*
- | BIO with fixed read/write size
- *----------------------------------------------------------------------------*/
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data,
- int len)
- {
- if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) {
- len = 0;
- }
- else {
- if (bio->wrSz - bio->wrIdx < len) {
- len = bio->wrSz - bio->wrIdx;
- }
- XMEMCPY((char*)bio->ptr + bio->wrIdx, data, len);
- bio->wrIdx += len;
- }
- return len;
- }
- static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len)
- {
- if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) {
- len = 0;
- }
- else {
- if (bio->wrSz - bio->rdIdx < len) {
- len = bio->wrSz - bio->rdIdx;
- }
- XMEMCPY(data, (char*)bio->ptr + bio->rdIdx, len);
- bio->rdIdx += len;
- }
- return len;
- }
- static WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_fixed_mem(void)
- {
- static WOLFSSL_BIO_METHOD meth;
- meth.type = WOLFSSL_BIO_BIO;
- XMEMCPY(meth.name, "Fixed Memory Size", 18);
- meth.writeCb = wolfssl_bio_s_fixed_mem_write;
- meth.readCb = wolfssl_bio_s_fixed_mem_read;
- return &meth;
- }
- #endif
- /*----------------------------------------------------------------------------*
- | Setup
- *----------------------------------------------------------------------------*/
- static int test_wolfSSL_Init(void)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_Init(), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_Cleanup(void)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_Cleanup(), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- /* Initialize the wolfCrypt state.
- * POST: 0 success.
- */
- static int test_wolfCrypt_Init(void)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfCrypt_Init(), 0);
- return EXPECT_RESULT();
- } /* END test_wolfCrypt_Init */
- static int test_wolfCrypt_Cleanup(void)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfCrypt_Cleanup(), 0);
- return EXPECT_RESULT();
- }
- /*----------------------------------------------------------------------------*
- | Platform dependent function test
- *----------------------------------------------------------------------------*/
- static int test_fileAccess(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM)
- const char *fname[] = {
- svrCertFile, svrKeyFile, caCertFile,
- eccCertFile, eccKeyFile, eccRsaCertFile,
- cliCertFile, cliCertDerFile, cliKeyFile,
- dhParamFile,
- cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile,
- cliEdCertFile, cliEdKeyFile, caEdCertFile,
- NULL
- };
- const char derfile[] = "./certs/server-cert.der";
- XFILE f = XBADFILE;
- size_t sz;
- byte *buff = NULL;
- int i;
- ExpectTrue(XFOPEN("badfilename", "rb") == XBADFILE);
- for (i=0; EXPECT_SUCCESS() && fname[i] != NULL ; i++) {
- ExpectTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE);
- XFCLOSE(f);
- }
- ExpectTrue((f = XFOPEN(derfile, "rb")) != XBADFILE);
- ExpectTrue(XFSEEK(f, 0, XSEEK_END) == 0);
- ExpectIntGE(sz = (size_t) XFTELL(f), sizeof_server_cert_der_2048);
- ExpectTrue(XFSEEK(f, 0, XSEEK_SET) == 0);
- ExpectTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL);
- ExpectTrue(XFREAD(buff, 1, sz, f) == sz);
- ExpectIntEQ(XMEMCMP(server_cert_der_2048, buff, sz), 0);
- XFREE(buff, NULL, DYNAMIC_TYPE_FILE);
- XFCLOSE(f);
- #endif
- return EXPECT_RESULT();
- }
- /*----------------------------------------------------------------------------*
- | Method Allocators
- *----------------------------------------------------------------------------*/
- static int test_wolfSSL_Method_Allocators(void)
- {
- EXPECT_DECLS;
- #define TEST_METHOD_ALLOCATOR(allocator, condition) \
- do { \
- WOLFSSL_METHOD *method = NULL; \
- condition(method = allocator()); \
- XFREE(method, 0, DYNAMIC_TYPE_METHOD); \
- } while (0)
- #define TEST_VALID_METHOD_ALLOCATOR(a) \
- TEST_METHOD_ALLOCATOR(a, ExpectNotNull)
- #define TEST_INVALID_METHOD_ALLOCATOR(a) \
- TEST_METHOD_ALLOCATOR(a, ExpectNull)
- #ifndef NO_OLD_TLS
- #ifdef WOLFSSL_ALLOW_SSLV3
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
- #endif
- #endif
- #ifdef WOLFSSL_ALLOW_TLSV10
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
- #endif
- #endif
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
- #endif
- #endif /* !NO_OLD_TLS */
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
- #endif
- #endif /* !WOLFSSL_NO_TLS12 */
- #ifdef WOLFSSL_TLS13
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method);
- #endif
- #endif /* WOLFSSL_TLS13 */
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
- #endif
- #ifdef WOLFSSL_DTLS
- #ifndef NO_OLD_TLS
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
- #endif
- #endif
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
- #endif
- #endif
- #endif /* WOLFSSL_DTLS */
- #if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA)
- /* Stubs */
- #ifndef NO_WOLFSSL_SERVER
- TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method);
- #endif
- #endif
- /* Test Either Method (client or server) */
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method);
- #ifndef NO_OLD_TLS
- #ifdef WOLFSSL_ALLOW_TLSV10
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method);
- #endif
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method);
- #endif /* !NO_OLD_TLS */
- #ifndef WOLFSSL_NO_TLS12
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method);
- #endif /* !WOLFSSL_NO_TLS12 */
- #ifdef WOLFSSL_TLS13
- TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method);
- #endif /* WOLFSSL_TLS13 */
- #ifdef WOLFSSL_DTLS
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method);
- #ifndef NO_OLD_TLS
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method);
- #endif /* !NO_OLD_TLS */
- #ifndef WOLFSSL_NO_TLS12
- TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
- #endif /* !WOLFSSL_NO_TLS12 */
- #endif /* WOLFSSL_DTLS */
- #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(NO_FILESYSTEM)
- /*----------------------------------------------------------------------------*
- | Dual algorithm Certificate Tests
- *----------------------------------------------------------------------------*/
- #define LARGE_TEMP_SZ 4096
- /* To better understand this, please see the X9.146 example in wolfssl-examples
- * repo. */
- static int do_dual_alg_root_certgen(byte **out, char *caKeyFile,
- char *sapkiFile, char *altPrivFile)
- {
- EXPECT_DECLS;
- FILE* file = NULL;
- Cert newCert;
- DecodedCert preTBS;
- byte caKeyBuf[LARGE_TEMP_SZ];
- word32 caKeySz = LARGE_TEMP_SZ;
- byte sapkiBuf[LARGE_TEMP_SZ];
- word32 sapkiSz = LARGE_TEMP_SZ;
- byte altPrivBuf[LARGE_TEMP_SZ];
- word32 altPrivSz = LARGE_TEMP_SZ;
- byte altSigAlgBuf[LARGE_TEMP_SZ];
- word32 altSigAlgSz = LARGE_TEMP_SZ;
- byte scratchBuf[LARGE_TEMP_SZ];
- word32 scratchSz = LARGE_TEMP_SZ;
- byte preTbsBuf[LARGE_TEMP_SZ];
- word32 preTbsSz = LARGE_TEMP_SZ;
- byte altSigValBuf[LARGE_TEMP_SZ];
- word32 altSigValSz = LARGE_TEMP_SZ;
- byte *outBuf = NULL;
- word32 outSz = LARGE_TEMP_SZ;
- WC_RNG rng;
- RsaKey caKey;
- ecc_key altCaKey;
- word32 idx = 0;
- ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- XMEMSET(caKeyBuf, 0, caKeySz);
- ExpectNotNull(file = fopen(caKeyFile, "rb"));
- ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0);
- if (file) {
- fclose(file);
- file = NULL;
- }
- ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0);
- idx = 0;
- ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz),
- 0);
- XMEMSET(sapkiBuf, 0, sapkiSz);
- ExpectNotNull(file = fopen(sapkiFile, "rb"));
- ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0);
- if (file) {
- fclose(file);
- file = NULL;
- }
- XMEMSET(altPrivBuf, 0, altPrivSz);
- ExpectNotNull(file = fopen(altPrivFile, "rb"));
- ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0);
- if (file) {
- fclose(file);
- file = NULL;
- }
- wc_ecc_init(&altCaKey);
- idx = 0;
- ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,
- (word32)altPrivSz), 0);
- XMEMSET(altSigAlgBuf, 0, altSigAlgSz);
- ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf,
- oidSigType, 0), 0);
- wc_InitCert(&newCert);
- strncpy(newCert.subject.country, "US", CTC_NAME_SIZE);
- strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE);
- strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE);
- strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
- strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
- strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
- strncpy(newCert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE);
- newCert.sigType = CTC_SHA256wRSA;
- newCert.isCA = 1;
- ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5",
- (const byte *)"This is NOT a critical extension", 32), 0);
- ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf,
- sapkiSz), 0);
- ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf,
- altSigAlgSz), 0);
- XMEMSET(scratchBuf, 0, scratchSz);
- ExpectIntGT(scratchSz = wc_MakeSelfCert(&newCert, scratchBuf, scratchSz,
- &caKey, &rng), 0);
- wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
- ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
- XMEMSET(preTbsBuf, 0, preTbsSz);
- ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0);
- XMEMSET(altSigValBuf, 0, altSigValSz);
- ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz,
- CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey,
- &rng), 0);
- ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74", altSigValBuf,
- altSigValSz), 0);
- /* Finally, generate the new certificate. */
- XMEMSET(outBuf, 0, outSz);
- ExpectIntGT(outSz = wc_MakeSelfCert(&newCert, outBuf, outSz, &caKey, &rng),
- 0);
- *out = outBuf;
- wc_FreeRsaKey(&caKey);
- wc_FreeRng(&rng);
- wc_FreeDecodedCert(&preTBS);
- return outSz;
- }
- static int do_dual_alg_server_certgen(byte **out, char *caKeyFile,
- char *sapkiFile, char *altPrivFile,
- char *serverKeyFile,
- byte *caCertBuf, int caCertSz)
- {
- EXPECT_DECLS;
- FILE* file = NULL;
- Cert newCert;
- DecodedCert preTBS;
- byte serverKeyBuf[LARGE_TEMP_SZ];
- word32 serverKeySz = LARGE_TEMP_SZ;
- byte caKeyBuf[LARGE_TEMP_SZ];
- word32 caKeySz = LARGE_TEMP_SZ;
- byte sapkiBuf[LARGE_TEMP_SZ];
- word32 sapkiSz = LARGE_TEMP_SZ;
- byte altPrivBuf[LARGE_TEMP_SZ];
- word32 altPrivSz = LARGE_TEMP_SZ;
- byte altSigAlgBuf[LARGE_TEMP_SZ];
- word32 altSigAlgSz = LARGE_TEMP_SZ;
- byte scratchBuf[LARGE_TEMP_SZ];
- word32 scratchSz = LARGE_TEMP_SZ;
- byte preTbsBuf[LARGE_TEMP_SZ];
- word32 preTbsSz = LARGE_TEMP_SZ;
- byte altSigValBuf[LARGE_TEMP_SZ];
- word32 altSigValSz = LARGE_TEMP_SZ;
- byte *outBuf = NULL;
- word32 outSz = LARGE_TEMP_SZ;
- WC_RNG rng;
- RsaKey caKey;
- RsaKey serverKey;
- ecc_key altCaKey;
- word32 idx = 0;
- ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- XMEMSET(serverKeyBuf, 0, serverKeySz);
- ExpectNotNull(file = fopen(serverKeyFile, "rb"));
- ExpectIntGT(serverKeySz = (word32)fread(serverKeyBuf, 1, serverKeySz, file),
- 0);
- if (file) {
- fclose(file);
- file = NULL;
- }
- ExpectIntEQ(wc_InitRsaKey_ex(&serverKey, NULL, INVALID_DEVID), 0);
- idx = 0;
- ExpectIntEQ(wc_RsaPrivateKeyDecode(serverKeyBuf, &idx, &serverKey,
- (word32)serverKeySz), 0);
- XMEMSET(caKeyBuf, 0, caKeySz);
- ExpectNotNull(file = fopen(caKeyFile, "rb"));
- ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0);
- if (file) {
- fclose(file);
- file = NULL;
- }
- ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0);
- idx = 0;
- ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey,
- (word32)caKeySz), 0);
- XMEMSET(sapkiBuf, 0, sapkiSz);
- ExpectNotNull(file = fopen(sapkiFile, "rb"));
- ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0);
- if (file) {
- fclose(file);
- file = NULL;
- }
- XMEMSET(altPrivBuf, 0, altPrivSz);
- ExpectNotNull(file = fopen(altPrivFile, "rb"));
- ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0);
- if (file) {
- fclose(file);
- file = NULL;
- }
- wc_ecc_init(&altCaKey);
- idx = 0;
- ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey,
- (word32)altPrivSz), 0);
- XMEMSET(altSigAlgBuf, 0, altSigAlgSz);
- ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf,
- oidSigType, 0), 0);
- wc_InitCert(&newCert);
- strncpy(newCert.subject.country, "US", CTC_NAME_SIZE);
- strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE);
- strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE);
- strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE);
- strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE);
- strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
- strncpy(newCert.subject.email, "server@wolfssl.com", CTC_NAME_SIZE);
- newCert.sigType = CTC_SHA256wRSA;
- newCert.isCA = 0;
- ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0);
- ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5",
- (const byte *)"This is NOT a critical extension", 32), 0);
- ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf,
- sapkiSz), 0);
- ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf,
- altSigAlgSz), 0);
- XMEMSET(scratchBuf, 0, scratchSz);
- ExpectIntGT(wc_MakeCert(&newCert, scratchBuf, scratchSz, &serverKey, NULL,
- &rng), 0);
- ExpectIntGT(scratchSz = wc_SignCert(newCert.bodySz, newCert.sigType,
- scratchBuf, scratchSz, &caKey, NULL, &rng), 0);
- wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0);
- ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0);
- XMEMSET(preTbsBuf, 0, preTbsSz);
- ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0);
- XMEMSET(altSigValBuf, 0, altSigValSz);
- ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz,
- CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey,
- &rng), 0);
- ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74",
- altSigValBuf, altSigValSz), 0);
- /* Finally, generate the new certificate. */
- XMEMSET(outBuf, 0, outSz);
- ExpectIntGT(wc_MakeCert(&newCert, outBuf, outSz, &serverKey, NULL, &rng),
- 0);
- ExpectIntGT(outSz = wc_SignCert(newCert.bodySz, newCert.sigType, outBuf,
- outSz, &caKey, NULL, &rng), 0);
- *out = outBuf;
- wc_FreeRsaKey(&caKey);
- wc_FreeRsaKey(&serverKey);
- wc_FreeRng(&rng);
- wc_FreeDecodedCert(&preTBS);
- return outSz;
- }
- static int do_dual_alg_tls13_connection(byte *caCert, word32 caCertSz,
- byte *serverCert, word32 serverCertSz,
- byte *serverKey, word32 serverKeySz,
- int negative_test)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup_ex(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- caCert, caCertSz, serverCert, serverCertSz,
- serverKey, serverKeySz), 0);
- if (negative_test) {
- ExpectTrue(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0);
- }
- else {
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- }
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- static int extCount = 0;
- static int myUnknownExtCallback(const word16* oid, word32 oidSz, int crit,
- const unsigned char* der, word32 derSz)
- {
- (void) oid;
- (void) oidSz;
- (void) crit;
- (void) der;
- (void) derSz;
- extCount ++;
- /* Accept all extensions. This is only a test. Normally we would be much more
- * careful about critical extensions. */
- return 1;
- }
- static int test_dual_alg_support(void)
- {
- EXPECT_DECLS;
- /* Root CA and server keys will be the same. This is only appropriate for
- * testing. */
- char keyFile[] = "./certs/ca-key.der";
- char sapkiFile[] = "./certs/ecc-keyPub.der";
- char altPrivFile[] = "./certs/ecc-key.der";
- char wrongPrivFile[] = "./certs/ecc-client-key.der";
- byte *serverKey = NULL;
- size_t serverKeySz = 0;
- byte *root = NULL;
- int rootSz = 0;
- byte *server = NULL;
- int serverSz = 0;
- WOLFSSL_CERT_MANAGER* cm = NULL;
- ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0);
- /* Base normal case. */
- rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, altPrivFile);
- ExpectNotNull(root);
- ExpectIntGT(rootSz, 0);
- serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile,
- altPrivFile, keyFile, root, rootSz);
- ExpectNotNull(server);
- ExpectIntGT(serverSz, 0);
- ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz,
- server, serverSz, serverKey, (word32)serverKeySz, 0),
- TEST_SUCCESS);
- XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- /* Now we try a negative case. Note that we use wrongPrivFile to generate
- * the alternative signature and then set negative_test to true for the
- * call to do_dual_alg_tls13_connection(). Its expecting a failed connection
- * because the signature won't verify. The exception is if
- * WOLFSSL_TRUST_PEER_CERT is defined. In that case, no verfication happens
- * and this is no longer a negative test. */
- rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, wrongPrivFile);
- ExpectNotNull(root);
- ExpectIntGT(rootSz, 0);
- serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile,
- wrongPrivFile, keyFile, root, rootSz);
- ExpectNotNull(server);
- ExpectIntGT(serverSz, 0);
- #ifdef WOLFSSL_TRUST_PEER_CERT
- ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz,
- server, serverSz, serverKey, (word32)serverKeySz, 0),
- TEST_SUCCESS);
- #else
- ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz,
- server, serverSz, serverKey, (word32)serverKeySz, 1),
- TEST_SUCCESS);
- #endif
- /* Lets see if CertManager can find the new extensions */
- extCount = 0;
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- wolfSSL_CertManagerSetUnknownExtCallback(cm, myUnknownExtCallback);
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, root, rootSz,
- SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server, serverSz,
- SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* There is only 1 unknown exension (1.2.3.4.5). The other ones are known
- * because they are for the dual alg extensions. */
- ExpectIntEQ(extCount, 1);
- wolfSSL_CertManagerFree(cm);
- XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- free(serverKey);
- return EXPECT_RESULT();
- }
- #else
- static int test_dual_alg_support(void)
- {
- return TEST_SKIPPED;
- }
- #endif /* WOLFSSL_DUAL_ALG_CERTS && !NO_FILESYSTEM */
- /*----------------------------------------------------------------------------*
- | Context
- *----------------------------------------------------------------------------*/
- #ifndef NO_WOLFSSL_SERVER
- static int test_wolfSSL_CTX_new(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx;
- WOLFSSL_METHOD* method;
- ExpectNull(ctx = wolfSSL_CTX_new(NULL));
- ExpectNotNull(method = wolfSSLv23_server_method());
- ExpectNotNull(ctx = wolfSSL_CTX_new(method));
- wolfSSL_CTX_free(ctx);
- return EXPECT_RESULT();
- }
- #endif
- #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
- (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
- static int test_for_double_Free(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- int skipTest = 0;
- const char* testCertFile;
- const char* testKeyFile;
- char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA"
- ":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM"
- "-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:"
- "DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-"
- "AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE"
- "-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-"
- "8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-"
- "NULL-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-"
- "AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-"
- "SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R"
- "SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA"
- ":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-"
- "RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA"
- ":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3"
- "-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES"
- "256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E"
- "CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25"
- "6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC"
- "M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL"
- "LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH"
- "E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD"
- "H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD"
- "SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA"
- "CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R"
- "SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO"
- "LY1305-OLD:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A"
- "ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA"
- "CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S"
- "HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-"
- "8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384";
- /* OpenVPN uses a "blacklist" method to specify which ciphers NOT to use */
- #ifdef OPENSSL_EXTRA
- char openvpnCiphers[] = "DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:"
- "!SRP:!kRSA:!aNULL:!eNULL";
- #endif
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #else
- skipTest = 1;
- #endif
- if (skipTest != 1) {
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* First test freeing SSL, then CTX */
- wolfSSL_free(ssl);
- ssl = NULL;
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* Next test freeing CTX then SSL */
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- wolfSSL_free(ssl);
- ssl = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- /* Test setting ciphers at ctx level */
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers));
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
- defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- /* only update TLSv13 suites */
- ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384"));
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
- defined(WOLFSSL_AES_128) && !defined(NO_RSA)
- /* only update pre-TLSv13 suites */
- ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx,
- "ECDHE-RSA-AES128-GCM-SHA256"));
- #endif
- #ifdef OPENSSL_EXTRA
- ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, openvpnCiphers));
- #endif
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- wolfSSL_free(ssl);
- ssl = NULL;
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* test setting ciphers at SSL level */
- ExpectTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers));
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
- defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- /* only update TLSv13 suites */
- ExpectTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384"));
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
- defined(WOLFSSL_AES_128) && !defined(NO_RSA)
- /* only update pre-TLSv13 suites */
- ExpectTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"));
- #endif
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- wolfSSL_free(ssl);
- ssl = NULL;
- }
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
- (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
- const char* testCertFile;
- const char* testKeyFile;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- const byte cipherList[] =
- {
- /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x16,
- /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x39,
- /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x33,
- /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0xC0, 0x34,
- /* TLS_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x35,
- /* TLS_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x2F,
- /* TLS_RSA_WITH_NULL_MD5 */ 0xC0, 0x01,
- /* TLS_RSA_WITH_NULL_SHA */ 0xC0, 0x02,
- /* TLS_PSK_WITH_AES_256_CBC_SHA */ 0xC0, 0x8d,
- /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0xae,
- /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0xC0, 0xaf,
- /* TLS_PSK_WITH_AES_128_CBC_SHA */ 0xC0, 0x8c,
- /* TLS_PSK_WITH_NULL_SHA256 */ 0xC0, 0xb0,
- /* TLS_PSK_WITH_NULL_SHA384 */ 0xC0, 0xb1,
- /* TLS_PSK_WITH_NULL_SHA */ 0xC0, 0x2c,
- /* SSL_RSA_WITH_RC4_128_SHA */ 0xC0, 0x05,
- /* SSL_RSA_WITH_RC4_128_MD5 */ 0xC0, 0x04,
- /* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0A,
- /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
- /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x14,
- /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x13,
- /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0A,
- /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x09,
- /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ 0xC0, 0x11,
- /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x07,
- /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x12,
- /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x08,
- /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x27,
- /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256*/ 0xC0, 0x23,
- /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x28,
- /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384*/ 0xC0, 0x24,
- /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ 0xC0, 0x06,
- /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ 0xC0, 0x3a,
- /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x37,
- /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
- /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0F,
- /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x0E,
- /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x05,
- /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x04,
- /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ 0xC0, 0x0C,
- /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x02,
- /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0D,
- /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x03,
- /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x29,
- /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x25,
- /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x2A,
- /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x26,
- /* WDM_WITH_NULL_SHA256 */ 0x00, 0xFE, /* wolfSSL DTLS Multicast */
- /* SHA256 */
- /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x6b,
- /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x67,
- /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x3d,
- /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x3c,
- /* TLS_RSA_WITH_NULL_SHA256 */ 0x00, 0x3b,
- /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xb2,
- /* TLS_DHE_PSK_WITH_NULL_SHA256 */ 0x00, 0xb4,
- /* SHA384 */
- /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xb3,
- /* TLS_DHE_PSK_WITH_NULL_SHA384 */ 0x00, 0xb5,
- /* AES-GCM */
- /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9c,
- /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9d,
- /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9e,
- /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9f,
- /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa7,
- /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xa8,
- /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa9,
- /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xaa,
- /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xab,
- /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
- /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2b,
- /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2c,
- /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2d,
- /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2e,
- /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2f,
- /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x30,
- /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x31,
- /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x32,
- /* AES-CCM, first byte is 0xC0 but isn't ECC,
- * also, in some of the other AES-CCM suites
- * there will be second byte number conflicts
- * with non-ECC AES-GCM */
- /* TLS_RSA_WITH_AES_128_CCM_8 */ 0xC0, 0xa0,
- /* TLS_RSA_WITH_AES_256_CCM_8 */ 0xC0, 0xa1,
- /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ 0xC0, 0xac,
- /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ 0xC0, 0xae,
- /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ 0xC0, 0xaf,
- /* TLS_PSK_WITH_AES_128_CCM */ 0xC0, 0xa4,
- /* TLS_PSK_WITH_AES_256_CCM */ 0xC0, 0xa5,
- /* TLS_PSK_WITH_AES_128_CCM_8 */ 0xC0, 0xa8,
- /* TLS_PSK_WITH_AES_256_CCM_8 */ 0xC0, 0xa9,
- /* TLS_DHE_PSK_WITH_AES_128_CCM */ 0xC0, 0xa6,
- /* TLS_DHE_PSK_WITH_AES_256_CCM */ 0xC0, 0xa7,
- /* Camellia */
- /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x41,
- /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x84,
- /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xba,
- /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc0,
- /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x45,
- /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x88,
- /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xbe,
- /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc4,
- /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
- /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa8,
- /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa9,
- /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xaa,
- /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xac,
- /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xab,
- /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xad,
- /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
- /* TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x13,
- /* TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x14,
- /* TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x15,
- /* ECDHE_PSK RFC8442, first byte is 0xD0 (ECDHE_PSK_BYTE) */
- /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ 0xD0, 0x01,
- /* TLS v1.3 cipher suites */
- /* TLS_AES_128_GCM_SHA256 */ 0x13, 0x01,
- /* TLS_AES_256_GCM_SHA384 */ 0x13, 0x02,
- /* TLS_CHACHA20_POLY1305_SHA256 */ 0x13, 0x03,
- /* TLS_AES_128_CCM_SHA256 */ 0x13, 0x04,
- /* TLS_AES_128_CCM_8_SHA256 */ 0x13, 0x05,
- /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */
- /* TLS_SHA256_SHA256 */ 0xC0, 0xB4,
- /* TLS_SHA384_SHA384 */ 0xC0, 0xB5
- };
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(wolfSSL_CTX_set_cipher_list_bytes(ctx, &cipherList[0U],
- sizeof(cipherList)));
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectTrue(wolfSSL_set_cipher_list_bytes(ssl, &cipherList[0U],
- sizeof(cipherList)));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* (OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES) &&
- (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && (!NO_RSA || HAVE_ECC) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_use_certificate_file(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- /* invalid context */
- ExpectFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid cert file */
- ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid cert type */
- ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999));
- #ifdef NO_RSA
- /* rsa needed */
- ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- #else
- /* success */
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
- static int test_wolfSSL_CTX_use_certificate_ASN1(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
- WOLFSSL_CTX* ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
- server_cert_der_2048), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
- /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
- * context using buffer.
- * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
- * --enable-testcert flag.
- */
- static int test_wolfSSL_CTX_use_certificate_buffer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
- !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX* ctx = NULL;
- int ret;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectIntEQ(ret = wolfSSL_CTX_use_certificate_buffer(ctx,
- server_cert_der_2048, sizeof_server_cert_der_2048,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- } /* END test_wolfSSL_CTX_use_certificate_buffer */
- static int test_wolfSSL_CTX_use_PrivateKey_file(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- /* invalid context */
- ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid key file */
- ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid key type */
- ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));
- /* success */
- #ifdef NO_RSA
- /* rsa needed */
- ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #else
- /* success */
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- /* test both file and buffer versions along with unloading trusted peer certs */
- static int test_wolfSSL_CTX_trust_peer_cert(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL* ssl = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- #if !defined(NO_FILESYSTEM)
- /* invalid file */
- ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, NULL,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* success */
- ExpectIntEQ(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* unload cert */
- ExpectIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS);
- /* invalid file */
- ExpectIntNE(wolfSSL_trust_peer_cert(ssl, NULL,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntNE(wolfSSL_trust_peer_cert(ssl, bogusFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntNE(wolfSSL_trust_peer_cert(ssl, cliCertFile,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* success */
- ExpectIntEQ(wolfSSL_trust_peer_cert(ssl, cliCertFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_LOCAL_X509_STORE
- /* unload cert */
- ExpectIntNE(wolfSSL_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_Unload_trust_peers(ssl), WOLFSSL_SUCCESS);
- #endif
- #endif
- /* Test of loading certs from buffers */
- /* invalid buffer */
- ExpectIntNE(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* success */
- #ifdef USE_CERT_BUFFERS_1024
- ExpectIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024,
- sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif
- #ifdef USE_CERT_BUFFERS_2048
- ExpectIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048,
- sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif
- /* unload cert */
- ExpectIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_load_verify_locations(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx = NULL;
- #ifndef NO_RSA
- WOLFSSL_CERT_MANAGER* cm = NULL;
- #ifdef PERSIST_CERT_CACHE
- int cacheSz = 0;
- unsigned char* cache = NULL;
- int used = 0;
- #ifndef NO_FILESYSTEM
- const char* cacheFile = "./tests/cert_cache.tmp";
- #endif
- int i;
- int t;
- int* p;
- #endif
- #endif
- #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
- const char* load_certs_path = "./certs/external";
- const char* load_no_certs_path = "./examples";
- const char* load_expired_path = "./certs/test/expired";
- #endif
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- /* invalid arguments */
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL),
- WOLFSSL_FAILURE);
- /* invalid ca file */
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
- WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
- #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
- ((defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)) && \
- !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
- /* invalid path */
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
- WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
- #endif
- #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)
- /* test ignoring the invalid path */
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, bogusFile,
- WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR), WOLFSSL_SUCCESS);
- #endif
- /* load ca cert */
- #ifdef NO_RSA
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
- WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
- #else /* Skip the following test without RSA certs. */
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
- WOLFSSL_SUCCESS);
- #ifdef PERSIST_CERT_CACHE
- /* Get cert cache size */
- ExpectIntGT(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), 0);
- ExpectNotNull(cache = (byte*)XMALLOC(cacheSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, -1, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, -1, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, cacheSz, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, &used),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, cacheSz, &used),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, cacheSz, &used),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, -1, &used),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz - 10, &used),
- BUFFER_E);
- ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, &used), 1);
- ExpectIntEQ(cacheSz, used);
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, -1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, -1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, -1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, cacheSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, cacheSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, cacheSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, -1),
- BAD_FUNC_ARG);
- /* Smaller than header. */
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, 1), BUFFER_E);
- for (i = 1; i < cacheSz; i++) {
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz - i),
- BUFFER_E);
- }
- if (EXPECT_SUCCESS()) {
- /* Modify header for bad results! */
- p = (int*)cache;
- /* version */
- t = p[0]; p[0] = 0xff;
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
- CACHE_MATCH_ERROR);
- p[0] = t; p++;
- /* rows */
- t = p[0]; p[0] = 0xff;
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
- CACHE_MATCH_ERROR);
- p[0] = t; p++;
- /* columns[0] */
- t = p[0]; p[0] = -1;
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
- PARSE_ERROR);
- p[0] = t; p += CA_TABLE_SIZE;
- /* signerSz*/
- t = p[0]; p[0] = 0xff;
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz),
- CACHE_MATCH_ERROR);
- p[0] = t;
- }
- ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz), 1);
- ExpectIntEQ(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), used);
- #ifndef NO_FILESYSTEM
- ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, cacheFile), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, cacheFile), 1);
- ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, cacheFile), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "no-file"),
- WOLFSSL_BAD_FILE);
- ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, cacheFile), 1);
- /* File contents is not a cache. */
- ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "./certs/ca-cert.pem"),
- CACHE_MATCH_ERROR);
- #endif
- XFREE(cache, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- /* Test unloading CA's */
- ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
- #ifdef PERSIST_CERT_CACHE
- /* Verify no certs (result is less than cacheSz) */
- ExpectIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
- #endif
- /* load ca cert again */
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
- WOLFSSL_SUCCESS);
- /* Test getting CERT_MANAGER */
- ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
- /* Test unloading CA's using CM */
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- #ifdef PERSIST_CERT_CACHE
- /* Verify no certs (result is less than cacheSz) */
- ExpectIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
- #endif
- #endif
- #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
- /* Test loading CA certificates using a path */
- #ifdef NO_RSA
- /* failure here okay since certs in external directory are RSA */
- ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
- WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
- WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
- #endif
- /* Test loading path with no files */
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL,
- load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
- /* Test loading expired CA certificates */
- #ifdef NO_RSA
- ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL,
- load_expired_path,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
- WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL,
- load_expired_path,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
- WOLFSSL_SUCCESS);
- #endif
- /* Test loading CA certificates and ignoring all errors */
- #ifdef NO_RSA
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
- WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
- #else
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
- WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
- #endif
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_load_system_CA_certs(void)
- {
- int res = TEST_SKIPPED;
- #if defined(WOLFSSL_SYS_CA_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \
- (!defined(NO_RSA) || defined(HAVE_ECC))
- WOLFSSL_CTX* ctx;
- byte dirValid = 0;
- int ret = 0;
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- if (ctx == NULL) {
- fprintf(stderr, "wolfSSL_CTX_new failed.\n");
- ret = -1;
- }
- if (ret == 0) {
- #if defined(USE_WINDOWS_API) || defined(__APPLE__)
- dirValid = 1;
- #else
- word32 numDirs;
- const char** caDirs = wolfSSL_get_system_CA_dirs(&numDirs);
- if (caDirs == NULL || numDirs == 0) {
- fprintf(stderr, "wolfSSL_get_system_CA_dirs failed.\n");
- ret = -1;
- }
- else {
- ReadDirCtx dirCtx;
- word32 i;
- for (i = 0; i < numDirs; ++i) {
- if (wc_ReadDirFirst(&dirCtx, caDirs[i], NULL) == 0) {
- /* Directory isn't empty. */
- dirValid = 1;
- wc_ReadDirClose(&dirCtx);
- break;
- }
- }
- }
- #endif
- }
- /*
- * If the directory isn't empty, we should be able to load CA
- * certs from it. On Windows/Mac, we assume the CA cert stores are
- * usable.
- */
- if (ret == 0 && dirValid && wolfSSL_CTX_load_system_CA_certs(ctx) !=
- WOLFSSL_SUCCESS) {
- fprintf(stderr, "wolfSSL_CTX_load_system_CA_certs failed.\n");
- ret = -1;
- }
- #ifdef OPENSSL_EXTRA
- if (ret == 0 &&
- wolfSSL_CTX_set_default_verify_paths(ctx) != WOLFSSL_SUCCESS) {
- fprintf(stderr, "wolfSSL_CTX_set_default_verify_paths failed.\n");
- ret = -1;
- }
- #endif /* OPENSSL_EXTRA */
- wolfSSL_CTX_free(ctx);
- res = TEST_RES_CHECK(ret == 0);
- #endif /* WOLFSSL_SYS_CA_CERTS && !NO_WOLFSSL_CLIENT */
- return res;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
- static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz,
- int file_type)
- {
- int ret;
- WOLFSSL_CERT_MANAGER* cm;
- cm = wolfSSL_CertManagerNew();
- if (cm == NULL) {
- fprintf(stderr, "test_cm_load_ca failed\n");
- return -1;
- }
- ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
- wolfSSL_CertManagerFree(cm);
- return ret;
- }
- static int test_cm_load_ca_file(const char* ca_cert_file)
- {
- int ret = 0;
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- #if defined(WOLFSSL_PEM_TO_DER)
- DerBuffer* pDer = NULL;
- #endif
- ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
- if (ret == 0) {
- /* normal test */
- ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
- if (ret == WOLFSSL_SUCCESS) {
- /* test including null terminator in length */
- byte* tmp = (byte*)realloc(cert_buf, cert_sz+1);
- if (tmp == NULL) {
- ret = MEMORY_E;
- }
- else {
- cert_buf = tmp;
- cert_buf[cert_sz] = '\0';
- ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1,
- WOLFSSL_FILETYPE_PEM);
- }
- }
- #if defined(WOLFSSL_PEM_TO_DER)
- if (ret == WOLFSSL_SUCCESS) {
- /* test loading DER */
- ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
- if (ret == 0 && pDer != NULL) {
- ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
- WOLFSSL_FILETYPE_ASN1);
- wc_FreeDer(&pDer);
- }
- }
- #endif
- }
- free(cert_buf);
- return ret;
- }
- static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz,
- int file_type, word32 flags)
- {
- int ret;
- WOLFSSL_CERT_MANAGER* cm;
- cm = wolfSSL_CertManagerNew();
- if (cm == NULL) {
- fprintf(stderr, "test_cm_load_ca failed\n");
- return -1;
- }
- ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, cert_sz, file_type,
- 0, flags);
- wolfSSL_CertManagerFree(cm);
- return ret;
- }
- static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags)
- {
- int ret = 0;
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- #if defined(WOLFSSL_PEM_TO_DER)
- DerBuffer* pDer = NULL;
- #endif
- ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
- if (ret == 0) {
- /* normal test */
- ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz,
- WOLFSSL_FILETYPE_PEM, flags);
- if (ret == WOLFSSL_SUCCESS) {
- /* test including null terminator in length */
- byte* tmp = (byte*)realloc(cert_buf, cert_sz+1);
- if (tmp == NULL) {
- ret = MEMORY_E;
- }
- else {
- cert_buf = tmp;
- cert_buf[cert_sz] = '\0';
- ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz+1,
- WOLFSSL_FILETYPE_PEM, flags);
- }
- }
- #if defined(WOLFSSL_PEM_TO_DER)
- if (ret == WOLFSSL_SUCCESS) {
- /* test loading DER */
- ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
- if (ret == 0 && pDer != NULL) {
- ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length,
- WOLFSSL_FILETYPE_ASN1, flags);
- wc_FreeDer(&pDer);
- }
- }
- #endif
- }
- free(cert_buf);
- return ret;
- }
- #endif /* !NO_FILESYSTEM && !NO_CERTS */
- static int test_wolfSSL_CertManagerAPI(void)
- {
- EXPECT_DECLS;
- #ifndef NO_CERTS
- WOLFSSL_CERT_MANAGER* cm = NULL;
- unsigned char c;
- ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- wolfSSL_CertManagerFree(NULL);
- ExpectIntEQ(wolfSSL_CertManager_up_ref(NULL), 0);
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), BAD_FUNC_ARG);
- #ifdef WOLFSSL_TRUST_PEER_CERT
- ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer_ex(NULL, &c, 1,
- WOLFSSL_FILETYPE_ASN1, 0, 0), WOLFSSL_FATAL_ERROR);
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, -1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, -1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, -1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, 1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, 1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, 1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, -1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, 1, -1),
- WOLFSSL_BAD_FILETYPE);
- #endif
- #if !defined(NO_FILESYSTEM)
- {
- const char* ca_cert = "./certs/ca-cert.pem";
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
- const char* ca_cert_der = "./certs/ca-cert.der";
- #endif
- const char* ca_path = "./certs";
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
- ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, NULL, -1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerify(cm, NULL, WOLFSSL_FILETYPE_ASN1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, ca_cert,
- WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1),
- WOLFSSL_BAD_FILETYPE);
- ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file",
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_BAD_FILE);
- ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der,
- WOLFSSL_FILETYPE_PEM), ASN_NO_PEM_HEADER);
- #endif
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL),
- WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, NULL),
- WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, ca_path),
- WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, ca_path),
- WOLFSSL_FATAL_ERROR);
- }
- #endif
- #ifdef OPENSSL_COMPATIBLE_DEFAULTS
- ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), 1);
- #elif !defined(HAVE_CRL)
- ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), NOT_COMPILED_IN);
- #endif
- ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerDisableCRL(cm), 1);
- #ifdef HAVE_CRL
- /* Test APIs when CRL is disabled. */
- #ifdef HAVE_CRL_IO
- ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1);
- #endif
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
- sizeof_server_cert_der_2048), 1);
- ExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1);
- #endif
- /* OCSP */
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), BAD_FUNC_ARG);
- #if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
- !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
- ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), NOT_COMPILED_IN);
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), NOT_COMPILED_IN);
- ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), NOT_COMPILED_IN);
- #endif
- #ifdef HAVE_OCSP
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, NULL, 0,
- NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, NULL, 1,
- NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, &c, 1,
- NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, ""),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, NULL), 1);
- ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(NULL, NULL, NULL, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(cm, NULL, NULL, NULL), 1);
- ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(cm), 1);
- /* Test APIs when OCSP is disabled. */
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, &c, 1,
- NULL, NULL, NULL, NULL), 1);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, 1), 1);
- #endif
- ExpectIntEQ(wolfSSL_CertManager_up_ref(cm), 1);
- wolfSSL_CertManagerFree(cm);
- wolfSSL_CertManagerFree(cm);
- cm = NULL;
- ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- #ifdef HAVE_OCSP
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, WOLFSSL_OCSP_URL_OVERRIDE |
- WOLFSSL_OCSP_CHECKALL), 1);
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
- defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1);
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1);
- ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), 1);
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1);
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), 1);
- ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), 1);
- #endif
- ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, ""), 1);
- ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, ""), 1);
- #endif
- #ifdef WOLFSSL_TRUST_PEER_CERT
- ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(cm), 1);
- #endif
- wolfSSL_CertManagerFree(cm);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerLoadCABuffer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
- int ret;
- ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1);
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
- #elif defined(NO_RSA)
- ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
- #else
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- #endif
- ExpectIntLE(ret = test_cm_load_ca_file(ca_expired_cert), 1);
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
- #elif defined(NO_RSA)
- ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
- #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
- !defined(NO_ASN_TIME)
- ExpectIntEQ(ret, ASN_AFTER_DATE_E);
- #else
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
- int ret;
- ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE),
- 1);
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
- #elif defined(NO_RSA)
- ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
- #else
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- #endif
- ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_expired_cert,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), 1);
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
- #elif defined(NO_RSA)
- ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
- #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
- !defined(NO_ASN_TIME) && defined(WOLFSSL_TRUST_PEER_CERT) && \
- defined(OPENSSL_COMPATIBLE_DEFAULTS)
- ExpectIntEQ(ret, ASN_AFTER_DATE_E);
- #else
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerGetCerts(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
- defined(WOLFSSL_SIGNER_DER_CERT)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- WOLFSSL_STACK* sk = NULL;
- X509* x509 = NULL;
- X509* cert1 = NULL;
- FILE* file1 = NULL;
- #ifdef DEBUG_WOLFSSL_VERBOSE
- WOLFSSL_BIO* bio = NULL;
- #endif
- int i = 0;
- int ret = 0;
- const byte* der = NULL;
- int derSz = 0;
- ExpectNotNull(file1 = fopen("./certs/ca-cert.pem", "rb"));
- ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
- if (file1 != NULL) {
- fclose(file1);
- }
- ExpectNull(sk = wolfSSL_CertManagerGetCerts(NULL));
- ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm));
- ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz));
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
- /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT
- * and full OpenSSL compatibility */
- ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_SELF_SIGNED_E);
- #else
- ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NO_SIGNER_E);
- #endif
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
- "./certs/ca-cert.pem", NULL));
- ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
- for (i = 0; EXPECT_SUCCESS() && i < sk_X509_num(sk); i++) {
- ExpectNotNull(x509 = sk_X509_value(sk, i));
- ExpectIntEQ(0, wolfSSL_X509_cmp(x509, cert1));
- #ifdef DEBUG_WOLFSSL_VERBOSE
- bio = BIO_new(wolfSSL_BIO_s_file());
- if (bio != NULL) {
- BIO_set_fp(bio, stderr, BIO_NOCLOSE);
- X509_print(bio, x509);
- BIO_free(bio);
- }
- #endif /* DEBUG_WOLFSSL_VERBOSE */
- }
- wolfSSL_X509_free(cert1);
- sk_X509_pop_free(sk, NULL);
- wolfSSL_CertManagerFree(cm);
- #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
- defined(WOLFSSL_SIGNER_DER_CERT) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerSetVerify(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
- WOLFSSL_CERT_MANAGER* cm = NULL;
- int tmp = myVerifyAction;
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* expiredCert = "./certs/test/expired/expired-cert.pem";
- wolfSSL_CertManagerSetVerify(NULL, NULL);
- wolfSSL_CertManagerSetVerify(NULL, myVerify);
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- wolfSSL_CertManagerSetVerify(cm, myVerify);
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), -1);
- #else
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL),
- WOLFSSL_SUCCESS);
- #endif
- /* Use the test CB that always accepts certs */
- myVerifyAction = VERIFY_OVERRIDE_ERROR;
- ExpectIntEQ(wolfSSL_CertManagerVerify(cm, expiredCert,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ALWAYS_VERIFY_CB
- {
- const char* verifyCert = "./certs/server-cert.der";
- /* Use the test CB that always fails certs */
- myVerifyAction = VERIFY_FORCE_FAIL;
- ExpectIntEQ(wolfSSL_CertManagerVerify(cm, verifyCert,
- WOLFSSL_FILETYPE_ASN1), VERIFY_CERT_ERROR);
- }
- #endif
- wolfSSL_CertManagerFree(cm);
- myVerifyAction = tmp;
- #endif
- return EXPECT_RESULT();
- }
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_UNIT_TEST_CERTS)
- /* Used when debugging name constraint tests. Not static to allow use in
- * multiple locations with complex define guards. */
- void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName)
- {
- BIO* out = BIO_new_file(fileName, "wb");
- if (out != NULL) {
- PEM_write_bio_X509(out, x509);
- BIO_free(out);
- }
- }
- void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName)
- {
- BIO* out = BIO_new_file(fileName, "wb");
- if (out != NULL) {
- BIO_write(out, der, derSz);
- BIO_free(out);
- }
- }
- #else
- #define DEBUG_WRITE_CERT_X509(x509, fileName) WC_DO_NOTHING
- #define DEBUG_WRITE_DER(der, derSz, fileName) WC_DO_NOTHING
- #endif
- static int test_wolfSSL_CertManagerNameConstraint(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
- defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
- !defined(NO_SHA256)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- WOLFSSL_EVP_PKEY *priv = NULL;
- WOLFSSL_X509_NAME* name = NULL;
- const char* ca_cert = "./certs/test/cert-ext-nc.der";
- const char* server_cert = "./certs/test/server-goodcn.pem";
- int i = 0;
- static const byte extNameConsOid[] = {85, 29, 30};
- RsaKey key;
- WC_RNG rng;
- byte *der = NULL;
- int derSz = 0;
- word32 idx = 0;
- byte *pt;
- WOLFSSL_X509 *x509 = NULL;
- WOLFSSL_X509 *ca = NULL;
- wc_InitRng(&rng);
- /* load in CA private key for signing */
- ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
- sizeof_server_key_der_2048), 0);
- /* get ca certificate then alter it */
- ExpectNotNull(der =
- (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
- if (EXPECT_SUCCESS() && (der != NULL)) {
- XMEMCPY(der, pt, derSz);
- /* find the name constraint extension and alter it */
- pt = der;
- for (i = 0; i < derSz - 3; i++) {
- if (XMEMCMP(pt, extNameConsOid, 3) == 0) {
- pt += 3;
- break;
- }
- pt++;
- }
- ExpectIntNE(i, derSz - 3); /* did not find OID if this case is hit */
- /* go to the length value and set it to 0 */
- while (i < derSz && *pt != 0x81) {
- pt++;
- i++;
- }
- ExpectIntNE(i, derSz); /* did not place to alter */
- pt++;
- *pt = 0x00;
- }
- /* resign the altered certificate */
- ExpectIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der,
- FOURK_BUF, &key, NULL, &rng)), 0);
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
- wolfSSL_CertManagerFree(cm);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_X509_free(x509);
- wc_FreeRsaKey(&key);
- wc_FreeRng(&rng);
- /* add email alt name to satisfy constraint */
- pt = (byte*)server_key_der_2048;
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- (const unsigned char**)&pt, sizeof_server_key_der_2048));
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
- DEBUG_WRITE_DER(der, derSz, "ca.der");
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* Good cert test with proper alt email name */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* Cert with bad alt name list */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
- wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- wolfSSL_CertManagerFree(cm);
- wolfSSL_X509_free(x509);
- wolfSSL_X509_free(ca);
- wolfSSL_EVP_PKEY_free(priv);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerNameConstraint2(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
- defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES)
- const char* ca_cert = "./certs/test/cert-ext-ndir.der";
- const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der";
- const char* server_cert = "./certs/server-cert.pem";
- WOLFSSL_CERT_MANAGER* cm = NULL;
- WOLFSSL_X509 *x509 = NULL;
- WOLFSSL_X509 *ca = NULL;
- const unsigned char *der = NULL;
- const unsigned char *pt;
- WOLFSSL_EVP_PKEY *priv = NULL;
- WOLFSSL_X509_NAME* name = NULL;
- int derSz = 0;
- /* C=US*/
- char altName[] = {
- 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53
- };
- /* C=ID */
- char altNameFail[] = {
- 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44
- };
- /* C=US ST=California*/
- char altNameExc[] = {
- 0x30, 0x22,
- 0x31, 0x0B,
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
- 0x31, 0x13,
- 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
- 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61
- };
- /* load in CA private key for signing */
- pt = ca_key_der_2048;
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
- sizeof_ca_key_der_2048));
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
- #else
- wolfSSL_X509_sign(x509, priv, EVP_sha256());
- #endif
- ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* add in matching DIR alt name and resign */
- wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
- #else
- wolfSSL_X509_sign(x509, priv, EVP_sha256());
- #endif
- ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* check verify fail */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- /* add in miss matching DIR alt name and resign */
- wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
- ASN_DIR_TYPE);
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
- #else
- wolfSSL_X509_sign(x509, priv, EVP_sha256());
- #endif
- ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
- #ifndef WOLFSSL_NO_ASN_STRICT
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- #else
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif
- /* check that it still fails if one bad altname and one good altname is in
- * the certificate */
- wolfSSL_X509_free(x509);
- x509 = NULL;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
- wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
- ASN_DIR_TYPE);
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
- #else
- wolfSSL_X509_sign(x509, priv, EVP_sha256());
- #endif
- ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
- #ifndef WOLFSSL_NO_ASN_STRICT
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- #else
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif
- /* check it fails with switching position of bad altname */
- wolfSSL_X509_free(x509);
- x509 = NULL;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
- ASN_DIR_TYPE);
- wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
- #else
- wolfSSL_X509_sign(x509, priv, EVP_sha256());
- #endif
- ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
- #ifndef WOLFSSL_NO_ASN_STRICT
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- #else
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif
- wolfSSL_CertManagerFree(cm);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- wolfSSL_X509_free(ca);
- ca = NULL;
- /* now test with excluded name constraint */
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc),
- ASN_DIR_TYPE);
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
- #else
- wolfSSL_X509_sign(x509, priv, EVP_sha256());
- #endif
- ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
- #ifndef WOLFSSL_NO_ASN_STRICT
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- #else
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif
- wolfSSL_CertManagerFree(cm);
- wolfSSL_X509_free(x509);
- wolfSSL_X509_free(ca);
- wolfSSL_EVP_PKEY_free(priv);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerNameConstraint3(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
- defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
- !defined(NO_SHA256)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- WOLFSSL_EVP_PKEY *priv = NULL;
- WOLFSSL_X509_NAME* name = NULL;
- const char* ca_cert = "./certs/test/cert-ext-mnc.der";
- const char* server_cert = "./certs/test/server-goodcn.pem";
- byte *der = NULL;
- int derSz = 0;
- byte *pt;
- WOLFSSL_X509 *x509 = NULL;
- WOLFSSL_X509 *ca = NULL;
- pt = (byte*)server_key_der_2048;
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- (const unsigned char**)&pt, sizeof_server_key_der_2048));
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
- DEBUG_WRITE_DER(der, derSz, "ca.der");
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* check satisfying .wolfssl.com constraint passes */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* check satisfying .random.com constraint passes */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* check fail case when neither constraint is matched */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- wolfSSL_CertManagerFree(cm);
- wolfSSL_X509_free(x509);
- wolfSSL_X509_free(ca);
- wolfSSL_EVP_PKEY_free(priv);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerNameConstraint4(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
- defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
- !defined(NO_SHA256)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- WOLFSSL_EVP_PKEY *priv = NULL;
- WOLFSSL_X509_NAME* name = NULL;
- const char* ca_cert = "./certs/test/cert-ext-ncdns.der";
- const char* server_cert = "./certs/test/server-goodcn.pem";
- byte *der = NULL;
- int derSz;
- byte *pt;
- WOLFSSL_X509 *x509 = NULL;
- WOLFSSL_X509 *ca = NULL;
- pt = (byte*)server_key_der_2048;
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- (const unsigned char**)&pt, sizeof_server_key_der_2048));
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
- DEBUG_WRITE_DER(der, derSz, "ca.der");
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* check satisfying wolfssl.com constraint passes */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* check satisfying example.com constraint passes */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"example.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* check satisfying wolfssl.com constraint passes with list of DNS's */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* check fail when one DNS in the list is bad */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* check fail case when neither constraint is matched */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"common", 6, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- wolfSSL_CertManagerFree(cm);
- wolfSSL_X509_free(x509);
- wolfSSL_X509_free(ca);
- wolfSSL_EVP_PKEY_free(priv);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerNameConstraint5(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
- defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
- !defined(NO_SHA256)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- WOLFSSL_EVP_PKEY *priv = NULL;
- WOLFSSL_X509_NAME* name = NULL;
- const char* ca_cert = "./certs/test/cert-ext-ncmixed.der";
- const char* server_cert = "./certs/test/server-goodcn.pem";
- byte *der = NULL;
- int derSz;
- byte *pt;
- WOLFSSL_X509 *x509 = NULL;
- WOLFSSL_X509 *ca = NULL;
- pt = (byte*)server_key_der_2048;
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- (const unsigned char**)&pt, sizeof_server_key_der_2048));
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
- DEBUG_WRITE_DER(der, derSz, "ca.der");
- ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* check satisfying wolfssl.com constraint passes */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"example", 7, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* fail with DNS check because of common name */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* fail on permitted DNS name constraint */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* fail on permitted email name constraint */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
- wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
- wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
- wolfSSL_X509_free(x509);
- x509 = NULL;
- /* success with empty email name */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- X509_NAME_free(name);
- wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem");
- ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_X509_free(x509);
- wolfSSL_CertManagerFree(cm);
- wolfSSL_X509_free(ca);
- wolfSSL_EVP_PKEY_free(priv);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerCRL(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
- !defined(NO_RSA)
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* crl1 = "./certs/crl/crl.pem";
- const char* crl2 = "./certs/crl/crl2.pem";
- #ifdef WC_RSA_PSS
- const char* crl_rsapss = "./certs/crl/crl_rsapss.pem";
- const char* ca_rsapss = "./certs/rsapss/ca-rsapss.pem";
- #endif
- const unsigned char crl_buff[] = {
- 0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xed, 0x02,
- 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
- 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
- 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09,
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
- 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
- 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74,
- 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06,
- 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
- 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30,
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08,
- 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68,
- 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
- 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75,
- 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30,
- 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
- 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66,
- 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31,
- 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
- 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10,
- 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
- 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
- 0x17, 0x0d, 0x32, 0x32, 0x31, 0x32, 0x31, 0x36,
- 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x17,
- 0x0d, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32,
- 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x30, 0x14,
- 0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0d, 0x32,
- 0x32, 0x31, 0x32, 0x31, 0x36, 0x32, 0x31, 0x31,
- 0x37, 0x35, 0x30, 0x5a, 0xa0, 0x0e, 0x30, 0x0c,
- 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x14, 0x04,
- 0x03, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
- 0x39, 0x44, 0xff, 0x39, 0xf4, 0x04, 0x45, 0x79,
- 0x7e, 0x73, 0xe2, 0x42, 0x48, 0xdb, 0x85, 0x66,
- 0xfd, 0x99, 0x76, 0x94, 0x7c, 0xb5, 0x79, 0x5d,
- 0x15, 0x71, 0x36, 0xa9, 0x87, 0xf0, 0x73, 0x05,
- 0x50, 0x08, 0x6b, 0x1c, 0x6e, 0xde, 0x96, 0x45,
- 0x31, 0xc3, 0xc0, 0xba, 0xba, 0xf5, 0x08, 0x1d,
- 0x05, 0x4a, 0x52, 0x39, 0xe9, 0x03, 0xef, 0x59,
- 0xc8, 0x1d, 0x4a, 0xf2, 0x86, 0x05, 0x99, 0x7b,
- 0x4b, 0x74, 0xf6, 0xd3, 0x75, 0x8d, 0xb2, 0x57,
- 0xba, 0xac, 0xa7, 0x11, 0x14, 0xd6, 0x6c, 0x71,
- 0xc4, 0x4c, 0x1c, 0x68, 0xbc, 0x49, 0x78, 0xf0,
- 0xc9, 0x52, 0x8a, 0xe7, 0x8b, 0x54, 0xe6, 0x20,
- 0x58, 0x20, 0x60, 0x66, 0xf5, 0x14, 0xd8, 0xcb,
- 0xff, 0xe0, 0xa0, 0x45, 0xbc, 0xb4, 0x81, 0xad,
- 0x1d, 0xbc, 0xcf, 0xf8, 0x8e, 0xa8, 0x87, 0x24,
- 0x55, 0x99, 0xd9, 0xce, 0x47, 0xf7, 0x5b, 0x4a,
- 0x33, 0x6d, 0xdb, 0xbf, 0x93, 0x64, 0x1a, 0xa6,
- 0x46, 0x5f, 0x27, 0xdc, 0xd8, 0xd4, 0xf9, 0xc2,
- 0x42, 0x2a, 0x7e, 0xb2, 0x7c, 0xdd, 0x98, 0x77,
- 0xf5, 0x88, 0x7d, 0x15, 0x25, 0x08, 0xbc, 0xe0,
- 0xd0, 0x8d, 0xf4, 0xc3, 0xc3, 0x04, 0x41, 0xa4,
- 0xd1, 0xb1, 0x39, 0x4a, 0x6b, 0x2c, 0xb5, 0x2e,
- 0x9a, 0x65, 0x43, 0x0d, 0x0e, 0x73, 0xf4, 0x06,
- 0xe1, 0xb3, 0x49, 0x34, 0x94, 0xb0, 0xb7, 0xff,
- 0xc0, 0x27, 0xc1, 0xb5, 0xea, 0x06, 0xf7, 0x71,
- 0x71, 0x97, 0xbb, 0xbc, 0xc7, 0x1a, 0x9f, 0xeb,
- 0xf6, 0x3d, 0xa5, 0x7b, 0x55, 0xa7, 0xbf, 0xdd,
- 0xd7, 0xee, 0x97, 0xb8, 0x9d, 0xdc, 0xcd, 0xe3,
- 0x06, 0xdb, 0x9a, 0x2c, 0x60, 0xbf, 0x70, 0x84,
- 0xfa, 0x6b, 0x8d, 0x70, 0x7d, 0xde, 0xe8, 0xb7,
- 0xab, 0xb0, 0x38, 0x68, 0x6c, 0xc0, 0xb1, 0xe1,
- 0xba, 0x45, 0xe0, 0xd7, 0x12, 0x3d, 0x71, 0x5b
- };
- WOLFSSL_CERT_MANAGER* cm = NULL;
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1);
- ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK), 1);
- ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm,
- WOLFSSL_CRL_CHECK | WOLFSSL_CRL_CHECKALL), 1);
- ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 16), 1);
- ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1);
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, -1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, 1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, -1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
- sizeof_server_cert_der_2048), ASN_NO_SIGNER_E);
- ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(cm, NULL), 1);
- #ifdef HAVE_CRL_IO
- ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1);
- #endif
- #ifndef NO_FILESYSTEM
- ExpectIntEQ(wolfSSL_CertManagerLoadCRL(NULL, NULL, WOLFSSL_FILETYPE_ASN1,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, NULL, WOLFSSL_FILETYPE_ASN1,
- 0), BAD_FUNC_ARG);
- /* -1 seen as !WOLFSSL_FILETYPE_PEM */
- ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, "./certs/crl", -1, 0), 1);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(NULL, NULL,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, NULL, WOLFSSL_FILETYPE_ASN1),
- BAD_FUNC_ARG);
- /* -1 seen as !WOLFSSL_FILETYPE_PEM */
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, "./certs/crl/crl.pem", -1),
- ASN_PARSE_E);
- #endif
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, -1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, -1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, -1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, 1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, 1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, 1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, -1,
- WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1);
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
- wolfSSL_CertManagerFreeCRL(cm);
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
- ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
- sizeof_server_cert_der_2048), CRL_MISSING);
- ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048,
- sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), CRL_MISSING);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff),
- WOLFSSL_FILETYPE_ASN1), 1);
- #if !defined(NO_FILESYSTEM) && defined(WC_RSA_PSS)
- /* loading should fail without the CA set */
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss,
- WOLFSSL_FILETYPE_PEM), ASN_CRL_NO_SIGNER_E);
- /* now successfully load the RSA-PSS crl once loading in it's CA */
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCA(cm, ca_rsapss, NULL));
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- #endif
- wolfSSL_CertManagerFree(cm);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA)
- /* Need one of these for wolfSSL_OCSP_REQUEST_new. */
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
- defined(HAVE_LIGHTY)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- /* Raw OCSP response bytes captured using the following setup:
- * - Run responder with
- * openssl ocsp -port 9999 -ndays 9999
- * -index certs/ocsp/index-intermediate1-ca-issued-certs.txt
- * -rsigner certs/ocsp/ocsp-responder-cert.pem
- * -rkey certs/ocsp/ocsp-responder-key.pem
- * -CA certs/ocsp/intermediate1-ca-cert.pem
- * - Run client with
- * openssl ocsp -host 127.0.0.1:9999 -respout resp.out
- * -issuer certs/ocsp/intermediate1-ca-cert.pem
- * -cert certs/ocsp/server1-cert.pem
- * -CAfile certs/ocsp/root-ca-cert.pem -noverify
- * - Select the response packet in Wireshark, and export it using
- * "File->Export Packet Dissection->As "C" Arrays". Select "Selected
- * packets only". After importing into the editor, remove the initial
- * ~148 bytes of header, ending with the Content-Length and the \r\n\r\n.
- */
- static const byte response[] = {
- 0x30, 0x82, 0x07, 0x40, /* ....0..@ */
- 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, /* ......90 */
- 0x82, 0x07, 0x35, 0x06, 0x09, 0x2b, 0x06, 0x01, /* ..5..+.. */
- 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, /* ...0.... */
- 0x07, 0x26, 0x30, 0x82, 0x07, 0x22, 0x30, 0x82, /* .&0.."0. */
- 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, /* .@...0.. */
- 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */
- 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, /* ...US1.0 */
- 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, /* ...U.... */
- 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, /* Washingt */
- 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, /* on1.0... */
- 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, /* U....Sea */
- 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, /* ttle1.0. */
- 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, /* ..U....w */
- 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, /* olfSSL1. */
- 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, /* 0...U... */
- 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
- 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, /* ring1.0. */
- 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, /* ..U....w */
- 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, /* olfSSL O */
- 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, /* CSP Resp */
- 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, /* onder1.0 */
- 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, /* ...*.H.. */
- 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, /* ......in */
- 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
- 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, /* sl.com.. */
- 0x32, 0x30, 0x32, 0x33, 0x31, 0x31, 0x30, 0x38, /* 20231108 */
- 0x30, 0x30, 0x32, 0x36, 0x33, 0x37, 0x5a, 0x30, /* 002637Z0 */
- 0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, /* d0b0:0.. */
- 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, /* .+...... */
- 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, /* ..qM.#@Y */
- 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, /* ...7C.1. */
- 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04, 0x04, 0x14, /* ..C..... */
- 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, /* ..:.,... */
- 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, /* ..L.*.q. */
- 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, /* dD...... */
- 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x33, 0x31, /* ...20231 */
- 0x31, 0x30, 0x38, 0x30, 0x30, 0x32, 0x36, 0x33, /* 10800263 */
- 0x37, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 7Z....20 */
- 0x35, 0x31, 0x30, 0x33, 0x32, 0x35, 0x30, 0x30, /* 51032500 */
- 0x32, 0x36, 0x33, 0x37, 0x5a, 0xa1, 0x23, 0x30, /* 2637Z.#0 */
- 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, /* !0...+.. */
- 0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, /* ...0.... */
- 0x04, 0x10, 0xdb, 0xbc, 0x2a, 0x76, 0xa0, 0xb4, /* ....*v.. */
- 0x1e, 0x5d, 0xf6, 0x2b, 0x8e, 0x38, 0x62, 0xdb, /* .].+.8b. */
- 0x90, 0xed, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* ..0...*. */
- 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, /* H....... */
- 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x87, 0xde, /* ........ */
- 0xfb, 0xf9, 0x3a, 0x90, 0x1f, 0x90, 0xde, 0xcf, /* ..:..... */
- 0xfe, 0xad, 0x64, 0x19, 0x34, 0x17, 0xf8, 0x15, /* ..d.4... */
- 0x01, 0x22, 0x5f, 0x67, 0x41, 0xa4, 0x18, 0xf7, /* ."_gA... */
- 0x16, 0xb7, 0xc9, 0xf3, 0xe1, 0x9f, 0xcd, 0x40, /* .......@ */
- 0x56, 0x77, 0x6e, 0x6a, 0xfb, 0x92, 0x6a, 0x6f, /* Vwnj..jo */
- 0x28, 0x3e, 0x22, 0x48, 0xa1, 0xc2, 0xd8, 0x1d, /* (>"H.... */
- 0xc7, 0xe6, 0x78, 0x7f, 0xb6, 0x09, 0xfe, 0x2c, /* ..x...., */
- 0xb5, 0xef, 0x29, 0x7c, 0xc5, 0x51, 0x16, 0x7b, /* ..)|.Q.{ */
- 0x8f, 0xfb, 0x44, 0xa8, 0xcd, 0xf5, 0x5c, 0x0f, /* ..D...\. */
- 0x46, 0x0e, 0xb1, 0xa4, 0xeb, 0x5b, 0xf5, 0x86, /* F....[.. */
- 0x11, 0x0f, 0xcd, 0xe2, 0xe5, 0x3c, 0x91, 0x72, /* .....<.r */
- 0x0d, 0x6a, 0xcb, 0x95, 0x99, 0x39, 0x91, 0x48, /* .j...9.H */
- 0x65, 0x97, 0xb9, 0x78, 0xb5, 0x88, 0x7f, 0x76, /* e..x...v */
- 0xa1, 0x43, 0x2f, 0xf6, 0x1f, 0x49, 0xb7, 0x08, /* .C/..I.. */
- 0x36, 0xe4, 0x2e, 0x34, 0x25, 0xda, 0x16, 0x74, /* 6..4%..t */
- 0x47, 0x62, 0x56, 0xff, 0x2f, 0x02, 0x03, 0x44, /* GbV./..D */
- 0x89, 0x04, 0xe7, 0xb8, 0xde, 0x0a, 0x35, 0x43, /* ......5C */
- 0xae, 0xd7, 0x54, 0xbe, 0xc3, 0x7c, 0x95, 0xa5, /* ..T..|.. */
- 0xc8, 0xe0, 0x2e, 0x52, 0xb6, 0xea, 0x99, 0x45, /* ...R...E */
- 0xfd, 0xda, 0x4b, 0xd5, 0x79, 0x07, 0x64, 0xca, /* ..K.y.d. */
- 0x64, 0xba, 0x52, 0x12, 0x62, 0x8c, 0x08, 0x9a, /* d.R.b... */
- 0x32, 0xeb, 0x85, 0x65, 0x05, 0x39, 0x07, 0x5d, /* 2..e.9.] */
- 0x39, 0x4a, 0xcf, 0xa5, 0x30, 0xf6, 0xd1, 0xf7, /* 9J..0... */
- 0x29, 0xaa, 0x23, 0x42, 0xc6, 0x85, 0x16, 0x7f, /* ).#B.... */
- 0x64, 0x16, 0xb1, 0xb0, 0x5d, 0xcd, 0x88, 0x2d, /* d...]..- */
- 0x06, 0xb0, 0xa9, 0xdf, 0xa3, 0x9f, 0x25, 0x41, /* ......%A */
- 0x89, 0x9a, 0x19, 0xe1, 0xaa, 0xcd, 0xdf, 0x51, /* .......Q */
- 0xcb, 0xa9, 0xc3, 0x7e, 0x27, 0xbc, 0x7d, 0x9b, /* ...~'.}. */
- 0x6f, 0x4d, 0x79, 0x87, 0x09, 0x3f, 0xac, 0xd2, /* oMy..?.. */
- 0x4a, 0x3b, 0xbe, 0xf8, 0x7a, 0xa4, 0x93, 0x45, /* J;..z..E */
- 0x11, 0x64, 0x40, 0xc5, 0x03, 0xc9, 0x24, 0x5b, /* .d@...$[ */
- 0xe9, 0x6d, 0xfc, 0x94, 0x08, 0xbe, 0xa0, 0x82, /* .m...... */
- 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, /* ..0...0. */
- 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, /* ..0..... */
- 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, /* ......0. */
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, /* ..*.H... */
- 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, /* .....0.. */
- 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */
- 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, /* ...US1.0 */
- 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, /* ...U.... */
- 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, /* Washingt */
- 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, /* on1.0... */
- 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, /* U....Sea */
- 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, /* ttle1.0. */
- 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, /* ..U....w */
- 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, /* olfSSL1. */
- 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, /* 0...U... */
- 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
- 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, /* ring1.0. */
- 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, /* ..U....w */
- 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, /* olfSSL r */
- 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, /* oot CA1. */
- 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, /* 0...*.H. */
- 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, /* .......i */
- 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, /* nfo@wolf */
- 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, /* ssl.com0 */
- 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x31, 0x32, 0x31, /* ...22121 */
- 0x36, 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, /* 6211750Z */
- 0x17, 0x0d, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, /* ..250911 */
- 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x30, /* 211750Z0 */
- 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, /* ..1.0... */
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, /* U....US1 */
- 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, /* .0...U.. */
- 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, /* ..Washin */
- 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, /* gton1.0. */
- 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, /* ..U....S */
- 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, /* eattle1. */
- 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, /* 0...U... */
- 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, /* .wolfSSL */
- 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */
- 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, /* ...Engin */
- 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, /* eering1. */
- 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, /* 0...U... */
- 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, /* .wolfSSL */
- 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, /* OCSP Re */
- 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, /* sponder1 */
- 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, /* .0...*.H */
- 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, /* ........ */
- 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, /* info@wol */
- 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, /* fssl.com */
- 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, /* 0.."0... */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */
- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, /* ........ */
- 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, /* 0....... */
- 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, /* ...#...{ */
- 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, /* .....a.. */
- 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, /* .c..#4Pm */
- 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, /* .|.....u */
- 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, /* \-.c...z */
- 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, /* ..E5+... */
- 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, /* "..A8..t */
- 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, /* ..0".Q.. */
- 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, /* .?F+..Z? */
- 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, /* Atgu.... */
- 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, /* ..B..... */
- 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, /* ..e.C... */
- 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, /* ....$5!. */
- 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, /* U.ZQ..-. */
- 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, /* .ZOJs1P. */
- 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, /* J..9...H */
- 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, /* .......r */
- 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, /* g.\..... */
- 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, /* v..J.... */
- 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, /* fL(q..f. */
- 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, /* ..0..... */
- 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, /* ....]... */
- 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, /* ..<..qx. */
- 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, /* .?2..q.. */
- 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, /* .'....CI */
- 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, /* ..p..... */
- 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, /* $..;..el */
- 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, /* .vP..... */
- 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, /* sh&...._ */
- 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, /* na...... */
- 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
- 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, /* .et|qTe. */
- 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, /* 9....... */
- 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, /* ..0...0. */
- 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, /* ..U....0 */
- 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, /* .0...U.. */
- 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, /* ....2g.. */
- 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, /* y....#.p */
- 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, /* @P.FV.06 */
- 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, /* 0....U.# */
- 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, /* ...0.... */
- 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, /* s.../... */
- 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, /* G.8....: */
- 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, /* ~r.!.... */
- 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, /* ..0..1.0 */
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, /* ...U.... */
- 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, /* US1.0... */
- 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, /* U....Was */
- 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, /* hington1 */
- 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, /* .0...U.. */
- 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, /* ..Seattl */
- 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, /* e1.0...U */
- 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, /* ....wolf */
- 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, /* SSL1.0.. */
- 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, /* .U....En */
- 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, /* gineerin */
- 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, /* g1.0...U */
- 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, /* ....wolf */
- 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, /* SSL root */
- 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, /* CA1.0.. */
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, /* .*.H.... */
- 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, /* ....info */
- 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, /* @wolfssl */
- 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, /* .com..c0 */
- 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, /* ...U.%.. */
- 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, /* 0...+... */
- 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, /* ....0... */
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */
- 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, /* ........ */
- 0x2f, 0xb7, 0x6b, 0xec, 0xb7, 0x12, 0x63, 0xb9, /* /.k...c. */
- 0x57, 0xdc, 0x04, 0x4d, 0x9c, 0x67, 0x74, 0x98, /* W..M.gt. */
- 0x06, 0x28, 0x68, 0x37, 0x34, 0xc2, 0x50, 0xe9, /* .(h74.P. */
- 0x2a, 0xd4, 0x1a, 0xb2, 0x32, 0x1a, 0x9d, 0x2b, /* *...2..+ */
- 0x4f, 0x23, 0x50, 0xea, 0xb4, 0x95, 0x86, 0xc3, /* O#P..... */
- 0xb9, 0x5f, 0x34, 0x3e, 0x99, 0x91, 0xa7, 0x80, /* ._4>.... */
- 0x5f, 0x6e, 0x1b, 0x6e, 0xdb, 0xe9, 0x02, 0x38, /* _n.n...8 */
- 0x6f, 0xdf, 0xc5, 0x9b, 0x0d, 0xa3, 0x1c, 0xa9, /* o....... */
- 0x15, 0x76, 0x16, 0x66, 0xa8, 0x4e, 0xfb, 0xd3, /* .v.f.N.. */
- 0x43, 0x76, 0xf1, 0x72, 0xb7, 0xd1, 0xfa, 0xee, /* Cv.r.... */
- 0x39, 0xa6, 0x96, 0xc1, 0xa2, 0x93, 0xa4, 0x9b, /* 9....... */
- 0x1e, 0x9f, 0xba, 0x71, 0x8f, 0xba, 0xbd, 0x67, /* ...q...g */
- 0x6a, 0xf2, 0x15, 0x5f, 0xf1, 0x64, 0xe7, 0xcf, /* j.._.d.. */
- 0x26, 0xb8, 0x4c, 0xc0, 0xeb, 0x85, 0x04, 0x58, /* &.L....X */
- 0xd9, 0x4a, 0x6b, 0xd9, 0x86, 0xf5, 0x80, 0x21, /* .Jk....! */
- 0xbf, 0x91, 0xc8, 0x4b, 0x9f, 0x04, 0xed, 0x57, /* ...K...W */
- 0x7a, 0xd2, 0x58, 0xac, 0x5b, 0x47, 0xaf, 0x4d, /* z.X.[G.M */
- 0x7f, 0x5b, 0x1d, 0x6d, 0x68, 0x9b, 0x84, 0x98, /* .[.mh... */
- 0x2a, 0x31, 0x02, 0x2c, 0xe9, 0x1b, 0xaf, 0x11, /* *1.,.... */
- 0x0b, 0x78, 0x49, 0xbe, 0x68, 0x68, 0xcb, 0x9c, /* .xI.hh.. */
- 0x41, 0x56, 0xe8, 0xb5, 0x59, 0xda, 0xff, 0xca, /* AV..Y... */
- 0x59, 0x99, 0x17, 0x3e, 0x11, 0x0a, 0x8f, 0x49, /* Y..>...I */
- 0x24, 0x0b, 0x81, 0x42, 0x63, 0xcd, 0x4f, 0xf6, /* $..Bc.O. */
- 0x2b, 0x9d, 0xd1, 0x79, 0x75, 0xd7, 0x4a, 0xcc, /* +..yu.J. */
- 0x4c, 0xb7, 0x2b, 0xd7, 0xe8, 0xe7, 0xd4, 0x48, /* L.+....H */
- 0x3c, 0x14, 0x3b, 0x1c, 0x28, 0xe8, 0x46, 0x7a, /* <.;.(.Fz */
- 0xdc, 0x11, 0x9d, 0x7f, 0x1c, 0xab, 0x10, 0x95, /* ........ */
- 0x17, 0xb2, 0xc7, 0x7a, 0xbb, 0x17, 0x44, 0x59, /* ...z..DY */
- 0x69, 0x8e, 0x16, 0x05, 0x94, 0x8c, 0x88, 0xd9, /* i....... */
- 0xdc, 0x9a, 0xfd, 0xf2, 0x93, 0xbe, 0x68, 0xba, /* ......h. */
- 0x3c, 0xd6, 0x2b, 0x61, 0x3a, 0x8b, 0xf7, 0x66, /* <.+a:..f */
- 0xcb, 0x54, 0xe8, 0xe4, 0xdb, 0x9f, 0xcc, 0x9e /* .T...... */
- };
- OcspEntry entry[1];
- CertStatus status[1];
- OcspRequest* request = NULL;
- #ifndef NO_FILESYSTEM
- const char* ca_cert = "./certs/ca-cert.pem";
- #endif
- byte serial[] = {0x05};
- byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04};
- byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e};
- XMEMSET(entry, 0, sizeof(OcspEntry));
- XMEMSET(status, 0, sizeof(CertStatus));
- ExpectNotNull(request = wolfSSL_OCSP_REQUEST_new());
- ExpectNotNull(request->serial = (byte*)XMALLOC(sizeof(serial), NULL,
- DYNAMIC_TYPE_OCSP_REQUEST));
- if ((request != NULL) && (request->serial != NULL)) {
- request->serialSz = sizeof(serial);
- XMEMCPY(request->serial, serial, sizeof(serial));
- XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash));
- XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash));
- }
- ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm,
- "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS);
- /* Response should be valid. */
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, (byte *)response,
- sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);
- /* Flip a byte in the request serial number, response should be invalid
- * now. */
- if ((request != NULL) && (request->serial != NULL))
- request->serial[0] ^= request->serial[0];
- ExpectIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, (byte *)response,
- sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);
- #ifndef NO_FILESYSTEM
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048,
- sizeof(server_cert_der_2048)), ASN_NO_SIGNER_E);
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048,
- sizeof(server_cert_der_2048)), 1);
- #endif
- wolfSSL_OCSP_REQUEST_free(request);
- wolfSSL_CertManagerFree(cm);
- #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
- * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */
- #endif /* HAVE_OCSP */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CheckOCSPResponse(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \
- defined(OPENSSL_ALL)
- const char* responseFile = "./certs/ocsp/test-response.der";
- const char* responseMultiFile = "./certs/ocsp/test-multi-response.der";
- const char* responseNoInternFile =
- "./certs/ocsp/test-response-nointern.der";
- const char* caFile = "./certs/ocsp/root-ca-cert.pem";
- OcspResponse* res = NULL;
- byte data[4096];
- const unsigned char* pt;
- int dataSz = 0; /* initialize to mitigate spurious maybe-uninitialized from
- * gcc sanitizer with --enable-heapmath.
- */
- XFILE f = XBADFILE;
- WOLFSSL_OCSP_BASICRESP* bs = NULL;
- WOLFSSL_X509_STORE* st = NULL;
- WOLFSSL_X509* issuer = NULL;
- ExpectTrue((f = XFOPEN(responseFile, "rb")) != XBADFILE);
- ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- pt = data;
- ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz));
- ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(st = wolfSSL_X509_STORE_new());
- ExpectIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS);
- ExpectNotNull(bs = wolfSSL_OCSP_response_get1_basic(res));
- ExpectIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS);
- wolfSSL_OCSP_BASICRESP_free(bs);
- bs = NULL;
- wolfSSL_OCSP_RESPONSE_free(res);
- res = NULL;
- wolfSSL_X509_STORE_free(st);
- st = NULL;
- wolfSSL_X509_free(issuer);
- issuer = NULL;
- /* check loading a response with optional certs */
- ExpectTrue((f = XFOPEN(responseNoInternFile, "rb")) != XBADFILE);
- ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- f = XBADFILE;
- pt = data;
- ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz));
- wolfSSL_OCSP_RESPONSE_free(res);
- res = NULL;
- /* check loading a response with multiple certs */
- {
- WOLFSSL_CERT_MANAGER* cm = NULL;
- OcspEntry *entry = NULL;
- CertStatus* status = NULL;
- OcspRequest* request = NULL;
- byte serial1[] = {0x01};
- byte serial[] = {0x02};
- byte issuerHash[] = {
- 0x44, 0xA8, 0xDB, 0xD1, 0xBC, 0x97, 0x0A, 0x83,
- 0x3B, 0x5B, 0x31, 0x9A, 0x4C, 0xB8, 0xD2, 0x52,
- 0x37, 0x15, 0x8A, 0x88
- };
- byte issuerKeyHash[] = {
- 0x73, 0xB0, 0x1C, 0xA4, 0x2F, 0x82, 0xCB, 0xCF,
- 0x47, 0xA5, 0x38, 0xD7, 0xB0, 0x04, 0x82, 0x3A,
- 0x7E, 0x72, 0x15, 0x21
- };
- ExpectNotNull(entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
- DYNAMIC_TYPE_OPENSSL));
- ExpectNotNull(status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
- DYNAMIC_TYPE_OPENSSL));
- if (entry != NULL)
- XMEMSET(entry, 0, sizeof(OcspEntry));
- if (status != NULL)
- XMEMSET(status, 0, sizeof(CertStatus));
- ExpectNotNull(request = wolfSSL_OCSP_REQUEST_new());
- ExpectNotNull(request->serial = (byte*)XMALLOC(sizeof(serial), NULL,
- DYNAMIC_TYPE_OCSP_REQUEST));
- if (request != NULL && request->serial != NULL) {
- request->serialSz = sizeof(serial);
- XMEMCPY(request->serial, serial, sizeof(serial));
- XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash));
- XMEMCPY(request->issuerKeyHash, issuerKeyHash,
- sizeof(issuerKeyHash));
- }
- ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, caFile, NULL),
- WOLFSSL_SUCCESS);
- ExpectTrue((f = XFOPEN(responseMultiFile, "rb")) != XBADFILE);
- ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- f = XBADFILE;
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
- dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
- dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS);
- ExpectNotNull(entry->status);
- if (request != NULL && request->serial != NULL)
- XMEMCPY(request->serial, serial1, sizeof(serial1));
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
- dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS);
- /* store both status's in the entry to check that "next" is not
- * overwritten */
- if (EXPECT_SUCCESS() && status != NULL && entry != NULL) {
- status->next = entry->status;
- entry->status = status;
- }
- if (request != NULL && request->serial != NULL)
- XMEMCPY(request->serial, serial, sizeof(serial));
- ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
- dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS);
- ExpectNotNull(entry->status->next);
- /* compare the status found */
- ExpectIntEQ(status->serialSz, entry->status->serialSz);
- ExpectIntEQ(XMEMCMP(status->serial, entry->status->serial,
- status->serialSz), 0);
- if (status != NULL && entry != NULL && entry->status != status) {
- XFREE(status, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- wolfSSL_OCSP_CERTID_free(entry);
- wolfSSL_OCSP_REQUEST_free(request);
- wolfSSL_CertManagerFree(cm);
- }
- #if defined(WC_RSA_PSS)
- {
- const char* responsePssFile = "./certs/ocsp/test-response-rsapss.der";
- /* check loading a response with RSA-PSS signature */
- ExpectTrue((f = XFOPEN(responsePssFile, "rb")) != XBADFILE);
- ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- pt = data;
- ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz));
- /* try to verify the response */
- ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(st = wolfSSL_X509_STORE_new());
- ExpectIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS);
- ExpectNotNull(bs = wolfSSL_OCSP_response_get1_basic(res));
- ExpectIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0),
- WOLFSSL_SUCCESS);
- wolfSSL_OCSP_BASICRESP_free(bs);
- wolfSSL_OCSP_RESPONSE_free(res);
- wolfSSL_X509_STORE_free(st);
- wolfSSL_X509_free(issuer);
- }
- #endif
- #endif /* HAVE_OCSP */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_FPKI(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_FPKI) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- XFILE f = XBADFILE;
- const char* fpkiCert = "./certs/fpki-cert.der";
- DecodedCert cert;
- byte buf[4096];
- byte* uuid = NULL;
- byte* fascn = NULL;
- word32 fascnSz;
- word32 uuidSz;
- int bytes = 0;
- ExpectTrue((f = XFOPEN(fpkiCert, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- wc_InitDecodedCert(&cert, buf, bytes, NULL);
- ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
- ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ;
- ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0);
- XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E);
- ExpectNotNull(uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0);
- XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDecodedCert(&cert);
- #endif
- return EXPECT_RESULT();
- }
- /* use RID in confuncture with other names to test parsing of unknown other
- * names */
- static int test_wolfSSL_OtherName(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- XFILE f = XBADFILE;
- const char* ridCert = "./certs/rid-cert.der";
- DecodedCert cert;
- byte buf[4096];
- int bytes = 0;
- ExpectTrue((f = XFOPEN(ridCert, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- wc_InitDecodedCert(&cert, buf, bytes, NULL);
- ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0);
- wc_FreeDecodedCert(&cert);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CertRsaPss(void)
- {
- EXPECT_DECLS;
- /* FIPS v2 and below don't support long salts. */
- #if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \
- (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
- XFILE f = XBADFILE;
- const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
- const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
- #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
- RSA_MAX_SIZE >= 3072
- const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
- #endif
- #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
- const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem";
- #endif
- DecodedCert cert;
- byte buf[4096];
- int bytes = 0;
- WOLFSSL_CERT_MANAGER* cm = NULL;
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL));
- #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL));
- #endif
- ExpectTrue((f = XFOPEN(rsaPssSha256Cert, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- wc_InitDecodedCert(&cert, buf, bytes, NULL);
- ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
- wc_FreeDecodedCert(&cert);
- #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
- RSA_MAX_SIZE >= 3072
- ExpectTrue((f = XFOPEN(rsaPssSha384Cert, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- wc_InitDecodedCert(&cert, buf, bytes, NULL);
- ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
- wc_FreeDecodedCert(&cert);
- #endif
- wolfSSL_CertManagerFree(cm);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_load_verify_locations_ex(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx = NULL;
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- /* test good CA */
- ExpectTrue(WOLFSSL_SUCCESS ==
- wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL,
- WOLFSSL_LOAD_FLAG_NONE));
- /* test expired CA */
- #if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME)
- ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
- WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
- WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
- #endif
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- defined(USE_CERT_BUFFERS_2048)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX* ctx;
- const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
- byte ca_expired_cert[TWOK_BUF];
- word32 sizeof_ca_expired_cert = 0;
- XFILE fp = XBADFILE;
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- #endif
- ExpectNotNull(ctx);
- /* test good CA */
- ExpectTrue(WOLFSSL_SUCCESS ==
- wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
- sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
- WOLFSSL_LOAD_FLAG_NONE));
- /* load expired CA */
- XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
- ExpectTrue((fp = XFOPEN(ca_expired_cert_file, "rb")) != XBADFILE);
- ExpectIntGT(sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1,
- sizeof(ca_expired_cert), fp), 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- /* test expired CA failure */
- #if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME)
- ExpectIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
- sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
- WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
- sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
- WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
- #endif
- /* test expired CA success */
- ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
- sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
- WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
- WOLFSSL_CTX* ctx = NULL;
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format(
- ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der,
- WOLFSSL_FILETYPE_ASN1));
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_add1_chain_cert(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
- defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx;
- WOLFSSL* ssl = NULL;
- const char *certChain[] = {
- "./certs/intermediate/client-int-cert.pem",
- "./certs/intermediate/ca-int2-cert.pem",
- "./certs/intermediate/ca-int-cert.pem",
- "./certs/ca-cert.pem",
- NULL
- };
- const char** cert;
- WOLFSSL_X509* x509 = NULL;
- WOLF_STACK_OF(X509)* chain = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) {
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1);
- X509_free(x509);
- x509 = NULL;
- }
- for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) {
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 1);
- X509_free(x509);
- x509 = NULL;
- }
- ExpectIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1);
- ExpectIntEQ(sk_X509_num(chain), 3);
- ExpectIntEQ(SSL_get0_chain_certs(ssl, &chain), 1);
- ExpectIntEQ(sk_X509_num(chain), 3);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
- const char* server_chain_der = "./certs/server-cert-chain.der";
- const char* client_single_pem = "./certs/client-cert.pem";
- WOLFSSL_CTX* ctx;
- (void)server_chain_der;
- (void)client_single_pem;
- (void)ctx;
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- #endif
- ExpectNotNull(ctx);
- ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
- server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
- client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_SetTmpDH_file(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
- WOLFSSL_CTX *ctx = NULL;
- (void)ctx;
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- /* invalid context */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL,
- dhParamFile, WOLFSSL_FILETYPE_PEM));
- /* invalid dhParamFile file */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
- NULL, WOLFSSL_FILETYPE_PEM));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
- bogusFile, WOLFSSL_FILETYPE_PEM));
- /* success */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
- WOLFSSL_FILETYPE_PEM));
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_DH) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
- WOLFSSL_CTX *ctx = NULL;
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- /* invalid context */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL,
- dh_key_der_2048, sizeof_dh_key_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- /* invalid dhParamFile file */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
- 0, WOLFSSL_FILETYPE_ASN1));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
- dsa_key_der_2048, sizeof_dsa_key_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- /* success */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
- dh_key_der_2048, sizeof_dh_key_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_DH) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
- WOLFSSL_CTX *ctx;
- (void)ctx;
- #ifndef NO_WOLFSSL_CLIENT
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- #else
- ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- #endif
- ExpectNotNull(ctx);
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
- ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
- dh_key_der_2048, sizeof_dh_key_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
- ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx,
- dh_key_der_2048, sizeof_dh_key_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx,
- dh_key_der_2048, sizeof_dh_key_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_der_load_verify_locations(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_DER_LOAD) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
- WOLFSSL_CTX* ctx = NULL;
- const char* derCert = "./certs/server-cert.der";
- const char* nullPath = NULL;
- const char* invalidPath = "./certs/this-cert-does-not-exist.der";
- const char* emptyPath = "";
- /* der load Case 1 ctx NULL */
- ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- /* Case 2 filePath NULL */
- ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
- /* Case 3 invalid format */
- ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
- /* Case 4 filePath not valid */
- ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
- /* Case 5 filePath empty */
- ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
- #ifndef NO_RSA
- /* Case 6 success case */
- ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_enable_disable(void)
- {
- EXPECT_DECLS;
- #ifndef NO_CERTS
- WOLFSSL_CTX* ctx = NULL;
- #ifdef HAVE_CRL
- ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
- #endif
- #ifdef HAVE_OCSP
- ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
- #endif
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
- defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
- ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifdef HAVE_EXTENDED_MASTER
- ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
- #endif
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #ifdef HAVE_EXTENDED_MASTER
- ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS);
- #endif
- #elif !defined(NO_WOLFSSL_SERVER)
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- #ifdef HAVE_CRL
- ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS);
- #endif
- #ifdef HAVE_OCSP
- ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL),
- WOLFSSL_SUCCESS);
- #endif
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
- defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
- ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
- #endif
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* NO_CERTS */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_ticket_API(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX* ctx = NULL;
- void *userCtx = (void*)"this is my ctx";
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx));
- ExpectTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx));
- wolfSSL_CTX_free(ctx);
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx));
- ExpectNull(wolfSSL_CTX_get_TicketEncCtx(NULL));
- #endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_set_minmax_proto_version(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- (void)ssl;
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE);
- ExpectIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE);
- ExpectIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \
- defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_wolfSSL_CTX_set_max_proto_version_on_result(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- ExpectStrEQ(wolfSSL_get_version(ssl), "TLSv1.2");
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_set_max_proto_version_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- /* Set TLS 1.2 */
- ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION),
- WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- /* Test using wolfSSL_CTX_set_max_proto_version to limit the version below
- * what was set at ctx creation. */
- static int test_wolfSSL_CTX_set_max_proto_version(void)
- {
- EXPECT_DECLS;
- test_ssl_cbf client_cbs;
- test_ssl_cbf server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- client_cbs.method = wolfTLS_client_method;
- server_cbs.method = wolfTLS_server_method;
- server_cbs.ctx_ready = test_wolfSSL_CTX_set_max_proto_version_ctx_ready;
- client_cbs.on_result = test_wolfSSL_CTX_set_max_proto_version_on_result;
- server_cbs.on_result = test_wolfSSL_CTX_set_max_proto_version_on_result;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- static int test_wolfSSL_CTX_set_max_proto_version(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- /*----------------------------------------------------------------------------*
- | SSL
- *----------------------------------------------------------------------------*/
- static int test_server_wolfSSL_new(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL_CTX *ctx_nocert = NULL;
- WOLFSSL *ssl = NULL;
- ExpectNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- /* invalid context */
- ExpectNull(ssl = wolfSSL_new(NULL));
- #if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && \
- !defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_INIT_CTX_KEY)
- ExpectNull(ssl = wolfSSL_new(ctx_nocert));
- #endif
- /* success */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- wolfSSL_CTX_free(ctx_nocert);
- #endif
- return EXPECT_RESULT();
- }
- static int test_client_wolfSSL_new(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL_CTX *ctx_nocert = NULL;
- WOLFSSL *ssl = NULL;
- ExpectNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- /* invalid context */
- ExpectNull(ssl = wolfSSL_new(NULL));
- /* success */
- ExpectNotNull(ssl = wolfSSL_new(ctx_nocert));
- wolfSSL_free(ssl);
- ssl = NULL;
- /* success */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- wolfSSL_CTX_free(ctx_nocert);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SetTmpDH_file(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
- !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #ifndef NO_RSA
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #elif defined(HAVE_ECC)
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #elif defined(HAVE_ED25519)
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #elif defined(HAVE_ED448)
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
- WOLFSSL_FILETYPE_PEM));
- #endif
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* invalid ssl */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL,
- dhParamFile, WOLFSSL_FILETYPE_PEM));
- /* invalid dhParamFile file */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
- NULL, WOLFSSL_FILETYPE_PEM));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
- bogusFile, WOLFSSL_FILETYPE_PEM));
- /* success */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
- WOLFSSL_FILETYPE_PEM));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SetTmpDH_buffer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
- sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
- sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* invalid ssl */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- /* invalid dhParamFile file */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
- 0, WOLFSSL_FILETYPE_ASN1));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
- sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- /* success */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SetMinMaxDhKey_Sz(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL_CTX *ctx2 = NULL;
- WOLFSSL *ssl = NULL;
- WOLFSSL *ssl2 = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
- sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
- sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectNotNull(ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048,
- sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048,
- sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
- ExpectNotNull(ssl2 = wolfSSL_new(ctx2));
- ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
- ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
- ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
- sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
- wolfSSL_free(ssl2);
- wolfSSL_CTX_free(ctx2);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- /* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
- * allowed.
- * POST: return 1 on success.
- */
- static int test_wolfSSL_SetMinVersion(void)
- {
- int res = TEST_SKIPPED;
- #ifndef NO_WOLFSSL_CLIENT
- int failFlag = WOLFSSL_SUCCESS;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- int itr;
- #ifndef NO_OLD_TLS
- const int versions[] = {
- #ifdef WOLFSSL_ALLOW_TLSV10
- WOLFSSL_TLSV1,
- #endif
- WOLFSSL_TLSV1_1,
- WOLFSSL_TLSV1_2};
- #elif !defined(WOLFSSL_NO_TLS12)
- const int versions[] = { WOLFSSL_TLSV1_2 };
- #else
- const int versions[] = { WOLFSSL_TLSV1_3 };
- #endif
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- ssl = wolfSSL_new(ctx);
- for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++) {
- if (wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS) {
- failFlag = WOLFSSL_FAILURE;
- }
- }
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- res = TEST_RES_CHECK(failFlag == WOLFSSL_SUCCESS);
- #endif
- return res;
- } /* END test_wolfSSL_SetMinVersion */
- #ifdef OPENSSL_EXTRA
- static int test_ED25519(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(WOLFSSL_KEY_GEN)
- byte priv[ED25519_PRV_KEY_SIZE];
- unsigned int privSz = (unsigned int)sizeof(priv);
- byte pub[ED25519_PUB_KEY_SIZE];
- unsigned int pubSz = (unsigned int)sizeof(pub);
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
- const char* msg = TEST_STRING;
- unsigned int msglen = (unsigned int)TEST_STRING_SZ;
- byte sig[ED25519_SIG_SIZE];
- unsigned int sigSz = (unsigned int)sizeof(sig);
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
- ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(privSz, ED25519_PRV_KEY_SIZE);
- ExpectIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
- ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
- &sigSz), WOLFSSL_SUCCESS);
- ExpectIntEQ(sigSz, ED25519_SIG_SIZE);
- #ifdef HAVE_ED25519_VERIFY
- ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
- sigSz), WOLFSSL_SUCCESS);
- #endif /* HAVE_ED25519_VERIFY */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
- #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */
- return EXPECT_RESULT();
- }
- static int test_ED448(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(WOLFSSL_KEY_GEN)
- byte priv[ED448_PRV_KEY_SIZE];
- unsigned int privSz = (unsigned int)sizeof(priv);
- byte pub[ED448_PUB_KEY_SIZE];
- unsigned int pubSz = (unsigned int)sizeof(pub);
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
- const char* msg = TEST_STRING;
- unsigned int msglen = (unsigned int)TEST_STRING_SZ;
- byte sig[ED448_SIG_SIZE];
- unsigned int sigSz = (unsigned int)sizeof(sig);
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
- ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(privSz, ED448_PRV_KEY_SIZE);
- ExpectIntEQ(pubSz, ED448_PUB_KEY_SIZE);
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
- ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
- &sigSz), WOLFSSL_SUCCESS);
- ExpectIntEQ(sigSz, ED448_SIG_SIZE);
- #ifdef HAVE_ED448_VERIFY
- ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
- sigSz), WOLFSSL_SUCCESS);
- #endif /* HAVE_ED448_VERIFY */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
- #endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */
- return EXPECT_RESULT();
- }
- #endif /* OPENSSL_EXTRA */
- #include <wolfssl/openssl/pem.h>
- /*----------------------------------------------------------------------------*
- | EVP
- *----------------------------------------------------------------------------*/
- static int test_wolfSSL_EVP_PKEY_print_public(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- WOLFSSL_BIO* rbio = NULL;
- WOLFSSL_BIO* wbio = NULL;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- char line[256] = { 0 };
- char line1[256] = { 0 };
- int i = 0;
- /* test error cases */
- ExpectIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L);
- /*
- * test RSA public key print
- * in this test, pass '3' for indent
- */
- #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024)
- ExpectNotNull(rbio = BIO_new_mem_buf( client_keypub_der_1024,
- sizeof_client_keypub_der_1024));
- ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey));
- ExpectNotNull(wbio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, " RSA Public-Key: (1024 bit)\n");
- ExpectIntEQ(XSTRNCMP(line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, " Modulus:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* skip to the end of modulus element*/
- for (i = 0; i < 8 ;i++) {
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- }
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, " Exponent: 65537 (0x010001)\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* should reach EOF */
- ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BIO_free(rbio);
- BIO_free(wbio);
- rbio = NULL;
- wbio = NULL;
- #endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/
- /*
- * test DSA public key print
- */
- #if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048)
- ExpectNotNull(rbio = BIO_new_mem_buf( dsa_pub_key_der_2048,
- sizeof_dsa_pub_key_der_2048));
- ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey));
- ExpectNotNull(wbio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "DSA Public-Key: (2048 bit)\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "pub:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1,
- " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* skip to the end of pub element*/
- for (i = 0; i < 17 ;i++) {
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- }
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "P:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* skip to the end of P element*/
- for (i = 0; i < 18 ;i++) {
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- }
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "Q:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* skip to the end of Q element*/
- for (i = 0; i < 3 ;i++) {
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- }
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "G:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* skip to the end of G element*/
- for (i = 0; i < 18 ;i++) {
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- }
- /* should reach EOF */
- ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BIO_free(rbio);
- BIO_free(wbio);
- rbio = NULL;
- wbio = NULL;
- #endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */
- /*
- * test ECC public key print
- */
- #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- ExpectNotNull(rbio = BIO_new_mem_buf( ecc_clikeypub_der_256,
- sizeof_ecc_clikeypub_der_256));
- ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey));
- ExpectNotNull(wbio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "Public-Key: (256 bit)\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "pub:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1,
- " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* skip to the end of pub element*/
- for (i = 0; i < 4 ;i++) {
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- }
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "ASN1 OID: prime256v1\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "NIST CURVE: P-256\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* should reach EOF */
- ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BIO_free(rbio);
- BIO_free(wbio);
- rbio = NULL;
- wbio = NULL;
- #endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */
- /*
- * test DH public key print
- */
- #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
- ExpectNotNull(rbio = BIO_new_mem_buf( dh_pub_key_der_2048,
- sizeof_dh_pub_key_der_2048));
- ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey));
- ExpectNotNull(wbio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL), 1);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "DH Public-Key: (2048 bit)\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "public-key:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1,
- " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* skip to the end of public-key element*/
- for (i = 0; i < 17 ;i++) {
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- }
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "prime:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1,
- " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* skip to the end of prime element*/
- for (i = 0; i < 17 ;i++) {
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- }
- ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0);
- strcpy(line1, "generator: 2 (0x02)\n");
- ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
- /* should reach EOF */
- ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BIO_free(rbio);
- BIO_free(wbio);
- rbio = NULL;
- wbio = NULL;
- #endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */
- /* to prevent "unused variable" warning */
- (void)pkey;
- (void)wbio;
- (void)rbio;
- (void)line;
- (void)line1;
- (void)i;
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- /* Test functions for base64 encode/decode */
- static int test_wolfSSL_EVP_ENCODE_CTX_new(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && \
- ( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
- EVP_ENCODE_CTX* ctx = NULL;
- ExpectNotNull(ctx = EVP_ENCODE_CTX_new());
- ExpectIntEQ(ctx->remaining,0);
- ExpectIntEQ(ctx->data[0],0);
- ExpectIntEQ(ctx->data[sizeof(ctx->data) -1],0);
- EVP_ENCODE_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_ENCODE_CTX_free(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && \
- ( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
- EVP_ENCODE_CTX* ctx = NULL;
- ExpectNotNull(ctx = EVP_ENCODE_CTX_new());
- EVP_ENCODE_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_EncodeInit(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
- EVP_ENCODE_CTX* ctx = NULL;
- ExpectNotNull(ctx = EVP_ENCODE_CTX_new());
- ExpectIntEQ(ctx->remaining, 0);
- ExpectIntEQ(ctx->data[0], 0);
- ExpectIntEQ(ctx->data[sizeof(ctx->data) -1], 0);
- if (ctx != NULL) {
- /* make ctx dirty */
- ctx->remaining = 10;
- XMEMSET(ctx->data, 0x77, sizeof(ctx->data));
- }
- EVP_EncodeInit(ctx);
- ExpectIntEQ(ctx->remaining, 0);
- ExpectIntEQ(ctx->data[0], 0);
- ExpectIntEQ(ctx->data[sizeof(ctx->data) -1], 0);
- EVP_ENCODE_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_EncodeUpdate(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
- int outl;
- int total;
- const unsigned char plain0[] = {"Th"};
- const unsigned char plain1[] = {"This is a base64 encodeing test."};
- const unsigned char plain2[] = {"This is additional data."};
- const unsigned char encBlock0[] = {"VGg="};
- const unsigned char enc0[] = {"VGg=\n"};
- /* expected encoded result for the first output 64 chars plus trailing LF*/
- const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"};
- const unsigned char enc2[] =
- {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"};
- unsigned char encOutBuff[300];
- EVP_ENCODE_CTX* ctx = NULL;
- ExpectNotNull(ctx = EVP_ENCODE_CTX_new());
- EVP_EncodeInit(ctx);
- /* illegal parameter test */
- ExpectIntEQ(
- EVP_EncodeUpdate(
- NULL, /* pass NULL as ctx */
- encOutBuff,
- &outl,
- plain1,
- sizeof(plain1)-1),
- 0 /* expected result code 0: fail */
- );
- ExpectIntEQ(
- EVP_EncodeUpdate(
- ctx,
- NULL, /* pass NULL as out buff */
- &outl,
- plain1,
- sizeof(plain1)-1),
- 0 /* expected result code 0: fail */
- );
- ExpectIntEQ(
- EVP_EncodeUpdate(
- ctx,
- encOutBuff,
- NULL, /* pass NULL as outl */
- plain1,
- sizeof(plain1)-1),
- 0 /* expected result code 0: fail */
- );
- ExpectIntEQ(
- EVP_EncodeUpdate(
- ctx,
- encOutBuff,
- &outl,
- NULL, /* pass NULL as in */
- sizeof(plain1)-1),
- 0 /* expected result code 0: fail */
- );
- ExpectIntEQ(EVP_EncodeBlock(NULL, NULL, 0), -1);
- /* meaningless parameter test */
- ExpectIntEQ(
- EVP_EncodeUpdate(
- ctx,
- encOutBuff,
- &outl,
- plain1,
- 0), /* pass zero input */
- 1 /* expected result code 1: success */
- );
- /* very small data encoding test */
- EVP_EncodeInit(ctx);
- ExpectIntEQ(
- EVP_EncodeUpdate(
- ctx,
- encOutBuff,
- &outl,
- plain0,
- sizeof(plain0)-1),
- 1 /* expected result code 1: success */
- );
- ExpectIntEQ(outl,0);
- if (EXPECT_SUCCESS()) {
- EVP_EncodeFinal(
- ctx,
- encOutBuff + outl,
- &outl);
- }
- ExpectIntEQ( outl, sizeof(enc0)-1);
- ExpectIntEQ(
- XSTRNCMP(
- (const char*)encOutBuff,
- (const char*)enc0,sizeof(enc0) ),
- 0);
- XMEMSET( encOutBuff,0, sizeof(encOutBuff));
- ExpectIntEQ(EVP_EncodeBlock(encOutBuff, plain0, sizeof(plain0)-1),
- sizeof(encBlock0)-1);
- ExpectStrEQ(encOutBuff, encBlock0);
- /* pass small size( < 48bytes ) input, then make sure they are not
- * encoded and just stored in ctx
- */
- EVP_EncodeInit(ctx);
- total = 0;
- outl = 0;
- XMEMSET( encOutBuff,0, sizeof(encOutBuff));
- ExpectIntEQ(
- EVP_EncodeUpdate(
- ctx,
- encOutBuff, /* buffer for output */
- &outl, /* size of output */
- plain1, /* input */
- sizeof(plain1)-1), /* size of input */
- 1); /* expected result code 1:success */
- total += outl;
- ExpectIntEQ(outl, 0); /* no output expected */
- ExpectIntEQ(ctx->remaining, sizeof(plain1) -1);
- ExpectTrue(
- XSTRNCMP((const char*)(ctx->data),
- (const char*)plain1,
- ctx->remaining) ==0 );
- ExpectTrue(encOutBuff[0] == 0);
- /* call wolfSSL_EVP_EncodeUpdate again to make it encode
- * the stored data and the new input together
- */
- ExpectIntEQ(
- EVP_EncodeUpdate(
- ctx,
- encOutBuff + outl, /* buffer for output */
- &outl, /* size of output */
- plain2, /* additional input */
- sizeof(plain2) -1), /* size of additional input */
- 1); /* expected result code 1:success */
- total += outl;
- ExpectIntNE(outl, 0); /* some output is expected this time*/
- ExpectIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */
- ExpectIntEQ(
- XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0);
- /* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */
- EVP_EncodeFinal(
- ctx,
- encOutBuff + outl,
- &outl);
- total += outl;
- ExpectIntNE(total,0);
- ExpectIntNE(outl,0);
- ExpectIntEQ(XSTRNCMP(
- (const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0);
- /* test with illeagal parameters */
- outl = 1;
- EVP_EncodeFinal(NULL, encOutBuff + outl, &outl);
- ExpectIntEQ(outl, 0);
- outl = 1;
- EVP_EncodeFinal(ctx, NULL, &outl);
- ExpectIntEQ(outl, 0);
- EVP_EncodeFinal(ctx, encOutBuff + outl, NULL);
- EVP_EncodeFinal(NULL, NULL, NULL);
- EVP_ENCODE_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_EncodeFinal(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
- /* tests for wolfSSL_EVP_EncodeFinal are included in
- * test_wolfSSL_EVP_EncodeUpdate
- */
- res = TEST_SUCCESS;
- #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
- return res;
- }
- static int test_wolfSSL_EVP_DecodeInit(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
- EVP_ENCODE_CTX* ctx = NULL;
- ExpectNotNull( ctx = EVP_ENCODE_CTX_new());
- ExpectIntEQ( ctx->remaining,0);
- ExpectIntEQ( ctx->data[0],0);
- ExpectIntEQ( ctx->data[sizeof(ctx->data) -1],0);
- if (ctx != NULL) {
- /* make ctx dirty */
- ctx->remaining = 10;
- XMEMSET( ctx->data, 0x77, sizeof(ctx->data));
- }
- EVP_DecodeInit(ctx);
- ExpectIntEQ( ctx->remaining,0);
- ExpectIntEQ( ctx->data[0],0);
- ExpectIntEQ( ctx->data[sizeof(ctx->data) -1],0);
- EVP_ENCODE_CTX_free(ctx);
- #endif /* OPENSSL && WOLFSSL_BASE_DECODE */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_DecodeUpdate(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
- int outl;
- unsigned char decOutBuff[300];
- EVP_ENCODE_CTX* ctx = NULL;
- static const unsigned char enc1[] =
- {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
- /* const unsigned char plain1[] =
- {"This is a base64 decoding test."} */
- ExpectNotNull(ctx = EVP_ENCODE_CTX_new());
- EVP_DecodeInit(ctx);
- /* illegal parameter tests */
- /* pass NULL as ctx */
- ExpectIntEQ(
- EVP_DecodeUpdate(
- NULL, /* pass NULL as ctx */
- decOutBuff,
- &outl,
- enc1,
- sizeof(enc1)-1),
- -1 /* expected result code -1: fail */
- );
- ExpectIntEQ( outl, 0);
- /* pass NULL as output */
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- NULL, /* pass NULL as out buff */
- &outl,
- enc1,
- sizeof(enc1)-1),
- -1 /* expected result code -1: fail */
- );
- ExpectIntEQ( outl, 0);
- /* pass NULL as outl */
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- decOutBuff,
- NULL, /* pass NULL as outl */
- enc1,
- sizeof(enc1)-1),
- -1 /* expected result code -1: fail */
- );
- /* pass NULL as input */
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- decOutBuff,
- &outl,
- NULL, /* pass NULL as in */
- sizeof(enc1)-1),
- -1 /* expected result code -1: fail */
- );
- ExpectIntEQ( outl, 0);
- ExpectIntEQ(EVP_DecodeBlock(NULL, NULL, 0), -1);
- /* pass zero length input */
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- decOutBuff,
- &outl,
- enc1,
- 0), /* pass zero as input len */
- 1 /* expected result code 1: success */
- );
- /* decode correct base64 string */
- {
- static const unsigned char enc2[] =
- {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
- static const unsigned char plain2[] =
- {"This is a base64 decoding test."};
- EVP_EncodeInit(ctx);
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- decOutBuff,
- &outl,
- enc2,
- sizeof(enc2)-1),
- 0 /* expected result code 0: success */
- );
- ExpectIntEQ(outl,sizeof(plain2) -1);
- ExpectIntEQ(
- EVP_DecodeFinal(
- ctx,
- decOutBuff + outl,
- &outl),
- 1 /* expected result code 1: success */
- );
- ExpectIntEQ(outl, 0); /* expected DecodeFinal output no data */
- ExpectIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff,
- sizeof(plain2) -1 ),0);
- ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc2, sizeof(enc2)),
- sizeof(plain2)-1);
- ExpectIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff,
- sizeof(plain2) -1 ),0);
- }
- /* decode correct base64 string which does not have '\n' in its last*/
- {
- static const unsigned char enc3[] =
- {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */
- static const unsigned char plain3[] =
- {"This is a base64 decoding test."}; /* 31 chars */
- EVP_EncodeInit(ctx);
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- decOutBuff,
- &outl,
- enc3,
- sizeof(enc3)-1),
- 0 /* expected result code 0: success */
- );
- ExpectIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */
- ExpectIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff,
- sizeof(plain3) -1 ),0);
- ExpectIntEQ(
- EVP_DecodeFinal(
- ctx,
- decOutBuff + outl,
- &outl),
- 1 /* expected result code 1: success */
- );
- ExpectIntEQ(outl,0 );
- ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc3, sizeof(enc3)-1),
- sizeof(plain3)-1);
- ExpectIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff,
- sizeof(plain3) -1 ),0);
- }
- /* decode string which has a padding char ('=') in the illegal position*/
- {
- static const unsigned char enc4[] =
- {"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"};
- EVP_EncodeInit(ctx);
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- decOutBuff,
- &outl,
- enc4,
- sizeof(enc4)-1),
- -1 /* expected result code -1: error */
- );
- ExpectIntEQ(outl,0);
- ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc4, sizeof(enc4)-1), -1);
- }
- /* small data decode test */
- {
- static const unsigned char enc00[] = {"VG"};
- static const unsigned char enc01[] = {"g=\n"};
- static const unsigned char plain4[] = {"Th"};
- EVP_EncodeInit(ctx);
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- decOutBuff,
- &outl,
- enc00,
- sizeof(enc00)-1),
- 1 /* expected result code 1: success */
- );
- ExpectIntEQ(outl,0);
- ExpectIntEQ(
- EVP_DecodeUpdate(
- ctx,
- decOutBuff + outl,
- &outl,
- enc01,
- sizeof(enc01)-1),
- 0 /* expected result code 0: success */
- );
- ExpectIntEQ(outl,sizeof(plain4)-1);
- /* test with illegal parameters */
- ExpectIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1);
- ExpectIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1);
- ExpectIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1);
- ExpectIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1);
- if (EXPECT_SUCCESS()) {
- EVP_DecodeFinal(
- ctx,
- decOutBuff + outl,
- &outl);
- }
- ExpectIntEQ( outl, 0);
- ExpectIntEQ(
- XSTRNCMP(
- (const char*)decOutBuff,
- (const char*)plain4,sizeof(plain4)-1 ),
- 0);
- }
- EVP_ENCODE_CTX_free(ctx);
- #endif /* OPENSSL && WOLFSSL_BASE_DECODE */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_DecodeFinal(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
- /* tests for wolfSSL_EVP_DecodeFinal are included in
- * test_wolfSSL_EVP_DecodeUpdate
- */
- res = TEST_SUCCESS;
- #endif /* OPENSSL && WOLFSSL_BASE_DECODE */
- return res;
- }
- /* Test function for wolfSSL_EVP_get_cipherbynid.
- */
- #ifdef OPENSSL_EXTRA
- static int test_wolfSSL_EVP_get_cipherbynid(void)
- {
- EXPECT_DECLS;
- #ifndef NO_AES
- const WOLFSSL_EVP_CIPHER* c;
- c = wolfSSL_EVP_get_cipherbynid(419);
- #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
- defined(WOLFSSL_AES_128)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_128_CBC", c));
- #else
- ExpectNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(423);
- #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
- defined(WOLFSSL_AES_192)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_192_CBC", c));
- #else
- ExpectNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(427);
- #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
- defined(WOLFSSL_AES_256)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_256_CBC", c));
- #else
- ExpectNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(904);
- #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_128_CTR", c));
- #else
- ExpectNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(905);
- #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_192_CTR", c));
- #else
- ExpectNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(906);
- #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_256_CTR", c));
- #else
- ExpectNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(418);
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_128_ECB", c));
- #else
- ExpectNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(422);
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_192_ECB", c));
- #else
- ExpectNull(c);
- #endif
- c = wolfSSL_EVP_get_cipherbynid(426);
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- ExpectNotNull(c);
- ExpectNotNull(XSTRCMP("EVP_AES_256_ECB", c));
- #else
- ExpectNull(c);
- #endif
- #endif /* !NO_AES */
- #ifndef NO_DES3
- ExpectNotNull(XSTRCMP("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
- #ifdef WOLFSSL_DES_ECB
- ExpectNotNull(XSTRCMP("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29)));
- #endif
- ExpectNotNull(XSTRCMP("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44)));
- #ifdef WOLFSSL_DES_ECB
- ExpectNotNull(XSTRCMP("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
- #endif
- #endif /* !NO_DES3 */
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- ExpectNotNull(XSTRCMP("EVP_CHACHA20_POLY13O5", EVP_get_cipherbynid(1018)));
- #endif
- /* test for nid is out of range */
- ExpectNull(wolfSSL_EVP_get_cipherbynid(1));
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_CIPHER_CTX(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
- const EVP_CIPHER *init = EVP_aes_128_cbc();
- const EVP_CIPHER *test;
- byte key[AES_BLOCK_SIZE] = {0};
- byte iv[AES_BLOCK_SIZE] = {0};
- ExpectNotNull(ctx);
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- test = EVP_CIPHER_CTX_cipher(ctx);
- ExpectTrue(init == test);
- ExpectIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
- ExpectIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
- EVP_CIPHER_CTX_free(ctx);
- /* test EVP_CIPHER_CTX_cleanup with NULL */
- ExpectIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS);
- #endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
- return EXPECT_RESULT();
- }
- #endif /* OPENSSL_EXTRA */
- /*----------------------------------------------------------------------------*
- | IO
- *----------------------------------------------------------------------------*/
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- #ifdef WOLFSSL_HAVE_TLS_UNIQUE
- #ifdef WC_SHA512_DIGEST_SIZE
- #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
- #else
- #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
- #endif
- byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
- byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
- byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
- byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */
- #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
- /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
- #if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
- defined(HAVE_AES_CBC)
- typedef struct openssl_key_ctx {
- byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
- byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
- byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */
- byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */
- } openssl_key_ctx;
- static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx;
- static THREAD_LS_T WC_RNG myOpenSSLKey_rng;
- static WC_INLINE int OpenSSLTicketInit(void)
- {
- int ret = wc_InitRng(&myOpenSSLKey_rng);
- if (ret != 0) return ret;
- ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name,
- sizeof(myOpenSSLKey_ctx.name));
- if (ret != 0) return ret;
- ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key,
- sizeof(myOpenSSLKey_ctx.key));
- if (ret != 0) return ret;
- ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey,
- sizeof(myOpenSSLKey_ctx.hmacKey));
- if (ret != 0) return ret;
- ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv,
- sizeof(myOpenSSLKey_ctx.iv));
- if (ret != 0) return ret;
- return 0;
- }
- static int myTicketEncCbOpenSSL(WOLFSSL* ssl,
- byte name[WOLFSSL_TICKET_NAME_SZ],
- byte iv[WOLFSSL_TICKET_IV_SZ],
- WOLFSSL_EVP_CIPHER_CTX *ectx,
- WOLFSSL_HMAC_CTX *hctx, int enc) {
- (void)ssl;
- if (enc) {
- XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name));
- XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv));
- }
- else if (XMEMCMP(name, myOpenSSLKey_ctx.name,
- sizeof(myOpenSSLKey_ctx.name)) != 0 ||
- XMEMCMP(iv, myOpenSSLKey_ctx.iv,
- sizeof(myOpenSSLKey_ctx.iv)) != 0) {
- return 0;
- }
- HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL);
- if (enc)
- EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
- else
- EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
- return 1;
- }
- static WC_INLINE void OpenSSLTicketCleanup(void)
- {
- wc_FreeRng(&myOpenSSLKey_rng);
- }
- #endif
- #endif
- /* helper functions */
- #ifdef HAVE_SSL_MEMIO_TESTS_DEPENDENCIES
- static WC_INLINE int test_ssl_memio_write_cb(WOLFSSL *ssl, char *data, int sz,
- void *ctx)
- {
- struct test_ssl_memio_ctx *test_ctx;
- byte *buf;
- int *len;
- test_ctx = (struct test_ssl_memio_ctx*)ctx;
- if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
- buf = test_ctx->c_buff;
- len = &test_ctx->c_len;
- }
- else {
- buf = test_ctx->s_buff;
- len = &test_ctx->s_len;
- }
- if ((unsigned)(*len + sz) > TEST_SSL_MEMIO_BUF_SZ)
- return WOLFSSL_CBIO_ERR_WANT_WRITE;
- XMEMCPY(buf + *len, data, sz);
- *len += sz;
- #ifdef WOLFSSL_DUMP_MEMIO_STREAM
- {
- /* This can be imported into Wireshark by transforming the file with
- * od -Ax -tx1 -v test_output.dump > test_output.dump.hex
- * And then loading test_output.dump.hex into Wireshark using the
- * "Import from Hex Dump..." option ion and selecting the TCP
- * encapsulation option. */
- char dump_file_name[64];
- WOLFSSL_BIO *dump_file;
- sprintf(dump_file_name, "%s/%s.dump", tmpDirName, currentTestName);
- dump_file = wolfSSL_BIO_new_file(dump_file_name, "a");
- if (dump_file != NULL) {
- (void)wolfSSL_BIO_write(dump_file, data, sz);
- wolfSSL_BIO_free(dump_file);
- }
- }
- #endif
- return sz;
- }
- static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
- void *ctx)
- {
- struct test_ssl_memio_ctx *test_ctx;
- int read_sz;
- byte *buf;
- int *len;
- test_ctx = (struct test_ssl_memio_ctx*)ctx;
- if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
- buf = test_ctx->s_buff;
- len = &test_ctx->s_len;
- }
- else {
- buf = test_ctx->c_buff;
- len = &test_ctx->c_len;
- }
- if (*len == 0)
- return WOLFSSL_CBIO_ERR_WANT_READ;
- read_sz = sz < *len ? sz : *len;
- XMEMCPY(data, buf, read_sz);
- XMEMMOVE(buf, buf + read_sz, *len - read_sz);
- *len -= read_sz;
- return read_sz;
- }
- static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- int c_sharedCtx = 0;
- int s_sharedCtx = 0;
- #endif
- const char* clientCertFile = cliCertFile;
- const char* clientKeyFile = cliKeyFile;
- const char* serverCertFile = svrCertFile;
- const char* serverKeyFile = svrKeyFile;
- /********************************
- * Create WOLFSSL_CTX for client.
- ********************************/
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (ctx->c_ctx != NULL) {
- c_sharedCtx = ctx->c_cb.isSharedCtx;
- }
- else
- #endif
- {
- WOLFSSL_METHOD* method = NULL;
- if (ctx->c_cb.method != NULL) {
- method = ctx->c_cb.method();
- }
- else {
- method = wolfSSLv23_client_method();
- }
- ExpectNotNull(ctx->c_ctx = wolfSSL_CTX_new(method));
- }
- wolfSSL_SetIORecv(ctx->c_ctx, test_ssl_memio_read_cb);
- wolfSSL_SetIOSend(ctx->c_ctx, test_ssl_memio_write_cb);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx->c_ctx, PasswordCallBack);
- #endif
- if (ctx->c_cb.caPemFile != NULL)
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->c_ctx,
- ctx->c_cb.caPemFile, 0), WOLFSSL_SUCCESS);
- else
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->c_ctx,
- caCertFile, 0), WOLFSSL_SUCCESS);
- if (ctx->c_cb.certPemFile != NULL) {
- clientCertFile = ctx->c_cb.certPemFile;
- }
- if (ctx->c_cb.keyPemFile != NULL) {
- clientKeyFile = ctx->c_cb.keyPemFile;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!c_sharedCtx)
- #endif
- {
- ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->c_ctx,
- clientCertFile), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, clientKeyFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- }
- #ifdef HAVE_CRL
- if (ctx->c_cb.crlPemFile != NULL) {
- ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx->c_ctx, WOLFSSL_CRL_CHECKALL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx->c_ctx, ctx->c_cb.crlPemFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- }
- #endif
- if (ctx->c_ciphers != NULL) {
- ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx->c_ctx, ctx->c_ciphers),
- WOLFSSL_SUCCESS);
- }
- if (ctx->c_cb.ctx_ready != NULL) {
- ExpectIntEQ(ctx->c_cb.ctx_ready(ctx->c_ctx), TEST_SUCCESS);
- }
- /********************************
- * Create WOLFSSL_CTX for server.
- ********************************/
- if (ctx->s_ctx != NULL) {
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- s_sharedCtx = 1;
- #endif
- ctx->s_cb.isSharedCtx = 1;
- }
- else
- {
- WOLFSSL_METHOD* method = NULL;
- if (ctx->s_cb.method != NULL) {
- method = ctx->s_cb.method();
- }
- else {
- method = wolfSSLv23_server_method();
- }
- ExpectNotNull(ctx->s_ctx = wolfSSL_CTX_new(method));
- ctx->s_cb.isSharedCtx = 0;
- }
- if (!ctx->s_cb.ticNoInit && (ctx->s_ctx != NULL)) {
- #if defined(HAVE_SESSION_TICKET) && \
- ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
- #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
- OpenSSLTicketInit();
- wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx->s_ctx, myTicketEncCbOpenSSL);
- #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
- TicketInit();
- wolfSSL_CTX_set_TicketEncCb(ctx->s_ctx, myTicketEncCb);
- #endif
- #endif
- }
- wolfSSL_SetIORecv(ctx->s_ctx, test_ssl_memio_read_cb);
- wolfSSL_SetIOSend(ctx->s_ctx, test_ssl_memio_write_cb);
- wolfSSL_CTX_set_verify(ctx->s_ctx, WOLFSSL_VERIFY_PEER |
- WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- if (ctx->s_cb.caPemFile != NULL)
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->s_ctx,
- ctx->s_cb.caPemFile, 0), WOLFSSL_SUCCESS);
- else
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->s_ctx,
- cliCertFile, 0), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx->s_ctx, PasswordCallBack);
- #endif
- if (ctx->s_cb.certPemFile != NULL) {
- serverCertFile = ctx->s_cb.certPemFile;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!s_sharedCtx)
- #endif
- {
- ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->s_ctx,
- serverCertFile), WOLFSSL_SUCCESS);
- }
- if (ctx->s_cb.keyPemFile != NULL) {
- serverKeyFile = ctx->s_cb.keyPemFile;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!s_sharedCtx)
- #endif
- {
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->s_ctx, serverKeyFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- }
- if (ctx->s_ciphers != NULL) {
- ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx->s_ctx, ctx->s_ciphers),
- WOLFSSL_SUCCESS);
- }
- if (ctx->s_cb.ctx_ready != NULL) {
- ExpectIntEQ(ctx->s_cb.ctx_ready(ctx->s_ctx), TEST_SUCCESS);
- }
- /****************************
- * Create WOLFSSL for client.
- ****************************/
- ExpectNotNull(ctx->c_ssl = wolfSSL_new(ctx->c_ctx));
- wolfSSL_SetIOWriteCtx(ctx->c_ssl, ctx);
- wolfSSL_SetIOReadCtx(ctx->c_ssl, ctx);
- if (0
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- || c_sharedCtx
- #endif
- )
- {
- ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl,
- clientCertFile), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, clientKeyFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- }
- if (ctx->c_cb.ssl_ready != NULL) {
- ExpectIntEQ(ctx->c_cb.ssl_ready(ctx->c_ssl), TEST_SUCCESS);
- }
- /****************************
- * Create WOLFSSL for server.
- ****************************/
- ExpectNotNull(ctx->s_ssl = wolfSSL_new(ctx->s_ctx));
- wolfSSL_SetIOWriteCtx(ctx->s_ssl, ctx);
- wolfSSL_SetIOReadCtx(ctx->s_ssl, ctx);
- if (0
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- || s_sharedCtx
- #endif
- )
- {
- ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl,
- serverCertFile), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, serverKeyFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
- wolfSSL_SetTmpDH_file(ctx->s_ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- #elif !defined(NO_DH)
- /* will repick suites with DHE, higher priority than PSK */
- SetDH(ctx->s_ssl);
- #endif
- if (ctx->s_cb.ssl_ready != NULL) {
- ExpectIntEQ(ctx->s_cb.ssl_ready(ctx->s_ssl), TEST_SUCCESS);
- }
- return EXPECT_RESULT();
- }
- static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
- int* rounds)
- {
- int handshake_complete = 0;
- int hs_c = 0;
- int hs_s = 0;
- int failing_s = 0;
- int failing_c = 0;
- int ret;
- int err;
- if (rounds != NULL) {
- *rounds = 0;
- }
- while ((!handshake_complete) && (max_rounds > 0)) {
- if (!hs_c) {
- wolfSSL_SetLoggingPrefix("client");
- ret = wolfSSL_connect(ctx->c_ssl);
- wolfSSL_SetLoggingPrefix(NULL);
- if (ret == WOLFSSL_SUCCESS) {
- hs_c = 1;
- }
- else {
- err = wolfSSL_get_error(ctx->c_ssl, ret);
- if (err != WOLFSSL_ERROR_WANT_READ &&
- err != WOLFSSL_ERROR_WANT_WRITE) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- failing_c = 1;
- hs_c = 1;
- if (failing_c && failing_s) {
- break;
- }
- }
- }
- }
- if (!hs_s) {
- wolfSSL_SetLoggingPrefix("server");
- ret = wolfSSL_accept(ctx->s_ssl);
- wolfSSL_SetLoggingPrefix(NULL);
- if (ret == WOLFSSL_SUCCESS) {
- hs_s = 1;
- }
- else {
- err = wolfSSL_get_error(ctx->s_ssl, ret);
- if (err != WOLFSSL_ERROR_WANT_READ &&
- err != WOLFSSL_ERROR_WANT_WRITE) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- failing_s = 1;
- hs_s = 1;
- if (failing_c && failing_s) {
- break;
- }
- }
- }
- }
- handshake_complete = hs_c && hs_s;
- max_rounds--;
- if (rounds != NULL) {
- *rounds += 1;
- }
- }
- if (!handshake_complete || failing_c || failing_s) {
- return TEST_FAIL;
- }
- return TEST_SUCCESS;
- }
- static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
- {
- EXPECT_DECLS;
- char input[1024];
- int idx = 0;
- const char* msg_c = "hello wolfssl!";
- int msglen_c = (int)XSTRLEN(msg_c);
- const char* msg_s = "I hear you fa shizzle!";
- int msglen_s = (int)XSTRLEN(msg_s);
- if (ctx->c_msg != NULL) {
- msg_c = ctx->c_msg;
- msglen_c = ctx->c_msglen;
- }
- if (ctx->s_msg != NULL) {
- msg_s = ctx->s_msg;
- msglen_s = ctx->s_msglen;
- }
- wolfSSL_SetLoggingPrefix("client");
- ExpectIntEQ(wolfSSL_write(ctx->c_ssl, msg_c, msglen_c), msglen_c);
- wolfSSL_SetLoggingPrefix("server");
- ExpectIntGT(idx = wolfSSL_read(ctx->s_ssl, input, sizeof(input) - 1), 0);
- if (idx >= 0) {
- input[idx] = '\0';
- }
- ExpectIntGT(fprintf(stderr, "Client message: %s\n", input), 0);
- ExpectIntEQ(wolfSSL_write(ctx->s_ssl, msg_s, msglen_s), msglen_s);
- ctx->s_cb.return_code = EXPECT_RESULT();
- wolfSSL_SetLoggingPrefix("client");
- ExpectIntGT(idx = wolfSSL_read(ctx->c_ssl, input, sizeof(input) - 1), 0);
- wolfSSL_SetLoggingPrefix(NULL);
- if (idx >= 0) {
- input[idx] = '\0';
- }
- ExpectIntGT(fprintf(stderr, "Server response: %s\n", input), 0);
- ctx->c_cb.return_code = EXPECT_RESULT();
- if (ctx->c_cb.on_result != NULL) {
- ExpectIntEQ(ctx->c_cb.on_result(ctx->c_ssl), TEST_SUCCESS);
- }
- if (ctx->s_cb.on_result != NULL) {
- ExpectIntEQ(ctx->s_cb.on_result(ctx->s_ssl), TEST_SUCCESS);
- }
- return EXPECT_RESULT();
- }
- static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
- {
- ctx->c_cb.last_err = wolfSSL_get_error(ctx->c_ssl, 0);
- ctx->s_cb.last_err = wolfSSL_get_error(ctx->s_ssl, 0);
- if (ctx->c_cb.on_cleanup != NULL) {
- ctx->c_cb.on_cleanup(ctx->c_ssl);
- }
- if (ctx->s_cb.on_cleanup != NULL) {
- ctx->s_cb.on_cleanup(ctx->s_ssl);
- }
- wolfSSL_shutdown(ctx->s_ssl);
- wolfSSL_shutdown(ctx->c_ssl);
- wolfSSL_free(ctx->s_ssl);
- wolfSSL_free(ctx->c_ssl);
- if (ctx->c_cb.on_ctx_cleanup != NULL) {
- ctx->c_cb.on_ctx_cleanup(ctx->c_ctx);
- }
- if (!ctx->c_cb.isSharedCtx) {
- wolfSSL_CTX_free(ctx->c_ctx);
- ctx->c_ctx = NULL;
- }
- if (ctx->s_cb.on_ctx_cleanup != NULL) {
- ctx->s_cb.on_ctx_cleanup(ctx->s_ctx);
- }
- if (!ctx->s_cb.isSharedCtx) {
- wolfSSL_CTX_free(ctx->s_ctx);
- ctx->s_ctx = NULL;
- }
- if (!ctx->s_cb.ticNoInit) {
- #if defined(HAVE_SESSION_TICKET) && \
- ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
- #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
- OpenSSLTicketCleanup();
- #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
- TicketCleanup();
- #endif
- #endif
- }
- }
- int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
- test_ssl_cbf* server_cb, cbType client_on_handshake)
- {
- EXPECT_DECLS;
- struct test_ssl_memio_ctx test_ctx;
- #ifdef WOLFSSL_HAVE_TLS_UNIQUE
- size_t msg_len;
- #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- XMEMCPY(&test_ctx.c_cb, client_cb, sizeof(test_ssl_cbf));
- XMEMCPY(&test_ctx.s_cb, server_cb, sizeof(test_ssl_cbf));
- test_ctx.c_ctx = client_cb->ctx;
- test_ctx.s_ctx = server_cb->ctx;
- test_ctx.c_cb.return_code = TEST_FAIL;
- test_ctx.s_cb.return_code = TEST_FAIL;
- ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS);
- ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
- if (client_on_handshake != NULL) {
- ExpectIntEQ(client_on_handshake(test_ctx.c_ctx, test_ctx.c_ssl),
- TEST_SUCCESS);
- }
- if (client_cb->on_handshake != NULL) {
- ExpectIntEQ(client_cb->on_handshake(&test_ctx.c_ctx, &test_ctx.c_ssl),
- TEST_SUCCESS);
- }
- if (server_cb->on_handshake != NULL) {
- ExpectIntEQ(server_cb->on_handshake(&test_ctx.s_ctx, &test_ctx.s_ssl),
- TEST_SUCCESS);
- }
- #ifdef WOLFSSL_HAVE_TLS_UNIQUE
- XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
- msg_len = wolfSSL_get_peer_finished(test_ctx.s_ssl, server_side_msg2,
- MD_MAX_SIZE);
- ExpectIntGE(msg_len, 0);
- XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
- msg_len = wolfSSL_get_finished(test_ctx.s_ssl, server_side_msg1,
- MD_MAX_SIZE);
- ExpectIntGE(msg_len, 0);
- #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
- ExpectIntEQ(test_ssl_memio_read_write(&test_ctx), TEST_SUCCESS);
- test_ssl_memio_cleanup(&test_ctx);
- client_cb->return_code = test_ctx.c_cb.return_code;
- client_cb->last_err = test_ctx.c_cb.last_err;
- server_cb->return_code = test_ctx.s_cb.return_code;
- server_cb->last_err = test_ctx.s_cb.last_err;
- return EXPECT_RESULT();
- }
- #endif
- #ifdef HAVE_IO_TESTS_DEPENDENCIES
- #ifdef WOLFSSL_SESSION_EXPORT
- #ifdef WOLFSSL_DTLS
- /* set up function for sending session information */
- static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx)
- {
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- AssertNotNull(inSsl);
- AssertNotNull(buf);
- AssertIntNE(0, sz);
- /* Set ctx to DTLS 1.2 */
- ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
- AssertNotNull(ctx);
- ssl = wolfSSL_new(ctx);
- AssertNotNull(ssl);
- AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- (void)userCtx;
- return 0;
- }
- #endif
- /* returns negative value on fail and positive (including 0) on success */
- static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
- {
- int ret, err, loop_count, count, timeout = 10;
- char msg[] = "I hear you fa shizzle!";
- char input[1024];
- loop_count = ((func_args*)args)->argc;
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_accept(ssl);
- err = wolfSSL_get_error(ssl, 0);
- if (err == WOLFSSL_ERROR_WANT_READ ||
- err == WOLFSSL_ERROR_WANT_WRITE) {
- int select_ret;
- err = WC_PENDING_E;
- select_ret = tcp_select(*sockfd, timeout);
- if (select_ret == TEST_TIMEOUT) {
- return WOLFSSL_FATAL_ERROR;
- }
- }
- } while (err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- return ret;
- }
- for (count = 0; count < loop_count; count++) {
- int select_ret;
- select_ret = tcp_select(*sockfd, timeout);
- if (select_ret == TEST_TIMEOUT) {
- ret = WOLFSSL_FATAL_ERROR;
- break;
- }
- do {
- ret = wolfSSL_read(ssl, input, sizeof(input)-1);
- if (ret > 0) {
- input[ret] = '\0';
- fprintf(stderr, "Client message: %s\n", input);
- }
- } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
- do {
- if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) {
- return WOLFSSL_FATAL_ERROR;
- }
- err = wolfSSL_get_error(ssl, ret);
- } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
- }
- return ret;
- }
- #endif /* WOLFSSL_SESSION_EXPORT */
- static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
- {
- SOCKET_T sockfd = 0;
- SOCKET_T clientfd = 0;
- word16 port;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- func_args* opts = (func_args*)args;
- char msg[] = "I hear you fa shizzle!";
- char input[1024];
- int idx;
- int ret, err = 0;
- int sharedCtx = 0;
- int doUdp = 0;
- SOCKADDR_IN_T cliAddr;
- socklen_t cliLen;
- const char* certFile = svrCertFile;
- const char* keyFile = svrKeyFile;
- #ifdef WOLFSSL_HAVE_TLS_UNIQUE
- size_t msg_len = 0;
- #endif
- wolfSSL_SetLoggingPrefix("server");
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- opts->return_code = TEST_FAIL;
- cbf = opts->callbacks;
- if (cbf != NULL && cbf->ctx) {
- ctx = cbf->ctx;
- sharedCtx = 1;
- }
- else
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfSSLv23_server_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- if (ctx == NULL) {
- /* Release the wait for TCP ready. */
- signal_ready(opts->signal);
- goto done;
- }
- if (cbf == NULL || !cbf->ticNoInit) {
- #if defined(HAVE_SESSION_TICKET) && \
- ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
- #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
- OpenSSLTicketInit();
- wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
- #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
- TicketInit();
- wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
- #endif
- #endif
- }
- #if defined(USE_WINDOWS_API)
- port = opts->signal->port;
- #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
- !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
- /* Let tcp_listen assign port */
- port = 0;
- #else
- /* Use default port */
- port = wolfSSLPort;
- #endif
- if (cbf != NULL)
- doUdp = cbf->doUdp;
- /* do it here to detect failure */
- tcp_accept(
- &sockfd, &clientfd, opts, port, 0, doUdp, 0, 0, 1, 0, 0);
- if (doUdp) {
- cliLen = sizeof(cliAddr);
- idx = (int)recvfrom(sockfd, input, sizeof(input), MSG_PEEK,
- (struct sockaddr*)&cliAddr, &cliLen);
- AssertIntGT(idx, 0);
- }
- else {
- CloseSocket(sockfd);
- }
- wolfSSL_CTX_set_verify(ctx,
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
- != WOLFSSL_SUCCESS) {
- /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
- goto done;
- }
- if (cbf != NULL && cbf->certPemFile != NULL)
- certFile = cbf->certPemFile;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, certFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_CTX_use_certificate_file(ctx, certFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load server cert chain file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (cbf != NULL && cbf->keyPemFile != NULL)
- keyFile = cbf->keyPemFile;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load server key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #ifdef HAVE_CRL
- if (cbf != NULL && cbf->crlPemFile != NULL) {
- if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS)
- goto done;
- if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, WOLFSSL_FILETYPE_PEM)
- != WOLFSSL_SUCCESS)
- goto done;
- }
- #endif
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- goto done;
- }
- if (doUdp) {
- err = wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
- if (err != WOLFSSL_SUCCESS)
- goto done;
- }
- #ifdef WOLFSSL_SESSION_EXPORT
- /* only add in more complex nonblocking case with session export tests */
- if (args && opts->argc > 0) {
- /* set as nonblock and time out for waiting on read/write */
- tcp_set_nonblocking(&clientfd);
- wolfSSL_dtls_set_using_nonblock(ssl, 1);
- }
- #endif
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (sharedCtx && wolfSSL_use_certificate_file(ssl, certFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_use_certificate_file(ssl, certFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load server cert chain file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, keyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_use_PrivateKey_file(ssl, keyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load server key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
- wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- #elif !defined(NO_DH)
- SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
- #endif
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- #ifdef WOLFSSL_SESSION_EXPORT
- /* only add in more complex nonblocking case with session export tests */
- if (opts->argc > 0) {
- ret = nonblocking_accept_read(args, ssl, &clientfd);
- if (ret >= 0) {
- opts->return_code = TEST_SUCCESS;
- }
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- goto done;
- }
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_negotiate(ssl);
- err = wolfSSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_accept failed");*/
- goto done;
- }
- #ifdef WOLFSSL_HAVE_TLS_UNIQUE
- XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
- msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE);
- AssertIntGE(msg_len, 0);
- XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
- msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE);
- AssertIntGE(msg_len, 0);
- #endif /* WOLFSSL_HAVE_TLS_UNIQUE */
- idx = wolfSSL_read(ssl, input, sizeof(input)-1);
- if (idx > 0) {
- input[idx] = '\0';
- fprintf(stderr, "Client message: %s\n", input);
- }
- else if (idx < 0) {
- goto done;
- }
- if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
- /*err_sys("SSL_write failed");*/
- goto done;
- }
- if (cbf != NULL && cbf->on_result != NULL)
- cbf->on_result(ssl);
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- opts->return_code = TEST_SUCCESS;
- done:
- if (cbf != NULL)
- cbf->last_err = err;
- if (cbf != NULL && cbf->on_cleanup != NULL)
- cbf->on_cleanup(ssl);
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- if (!sharedCtx)
- wolfSSL_CTX_free(ctx);
- CloseSocket(clientfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- if (cbf == NULL || !cbf->ticNoInit) {
- #if defined(HAVE_SESSION_TICKET) && \
- ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
- #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
- OpenSSLTicketCleanup();
- #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
- TicketCleanup();
- #endif
- #endif
- }
- wolfSSL_SetLoggingPrefix(NULL);
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
- !defined(WOLFSSL_NO_TLS12)
- static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
- {
- SOCKET_T sockfd = 0;
- SOCKET_T clientfd = 0;
- word16 port;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- char msg[] = "I hear you fa shizzle!";
- char input[1024];
- int idx;
- int ret, err = 0;
- int sharedCtx = 0;
- func_args* opts = (func_args*)args;
- int loop_count = opts->argc;
- int count = 0;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- opts->return_code = TEST_FAIL;
- cbf = opts->callbacks;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (cbf != NULL && cbf->ctx) {
- ctx = cbf->ctx;
- sharedCtx = 1;
- }
- else
- #endif
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfSSLv23_server_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- #if defined(USE_WINDOWS_API)
- port = opts->signal->port;
- #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
- !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
- /* Let tcp_listen assign port */
- port = 0;
- #else
- /* Use default port */
- port = wolfSSLPort;
- #endif
- wolfSSL_CTX_set_verify(ctx,
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
- != WOLFSSL_SUCCESS) {
- /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
- /* Release the wait for TCP ready. */
- signal_ready(opts->signal);
- goto done;
- }
- if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load server cert chain file, "
- "Please run from wolfSSL home dir");*/
- /* Release the wait for TCP ready. */
- signal_ready(opts->signal);
- goto done;
- }
- if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load server key file, "
- "Please run from wolfSSL home dir");*/
- /* Release the wait for TCP ready. */
- signal_ready(opts->signal);
- goto done;
- }
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- while (count != loop_count) {
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- signal_ready(opts->signal);
- goto done;
- }
- if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load server cert chain file, "
- "Please run from wolfSSL home dir");*/
- /* Release the wait for TCP ready. */
- signal_ready(opts->signal);
- goto done;
- }
- if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load server key file, "
- "Please run from wolfSSL home dir");*/
- /* Release the wait for TCP ready. */
- signal_ready(opts->signal);
- goto done;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
- wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- #elif !defined(NO_DH)
- SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
- #endif
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- /* do it here to detect failure */
- tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0,
- 0);
- CloseSocket(sockfd);
- if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_accept(ssl);
- err = wolfSSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_accept failed");*/
- goto done;
- }
- idx = wolfSSL_read(ssl, input, sizeof(input)-1);
- if (idx > 0) {
- input[idx] = '\0';
- fprintf(stderr, "Client message: %s\n", input);
- }
- if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
- /*err_sys("SSL_write failed");*/
- goto done;
- }
- /* free ssl for this connection */
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl); ssl = NULL;
- CloseSocket(clientfd);
- count++;
- }
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- opts->return_code = TEST_SUCCESS;
- done:
- if (ssl != NULL) {
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- }
- if (!sharedCtx)
- wolfSSL_CTX_free(ctx);
- CloseSocket(clientfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
- static int test_client_nofail(void* args, cbType cb)
- {
- #if !defined(NO_WOLFSSL_CLIENT)
- SOCKET_T sockfd = 0;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- WOLFSSL_CIPHER* cipher;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- int input;
- int msgSz = (int)XSTRLEN(msg);
- int ret, err = 0;
- int cipherSuite;
- int sharedCtx = 0;
- int doUdp = 0;
- const char* cipherName1, *cipherName2;
- wolfSSL_SetLoggingPrefix("client");
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- cbf = ((func_args*)args)->callbacks;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (cbf != NULL && cbf->ctx) {
- ctx = cbf->ctx;
- sharedCtx = cbf->isSharedCtx;
- }
- else
- #endif
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfSSLv23_client_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- if (cbf != NULL)
- doUdp = cbf->doUdp;
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- /* Do connect here so server detects failures */
- tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
- doUdp, 0, NULL);
- /* Connect the socket so that we don't have to set the peer later on */
- if (doUdp)
- udp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port);
- if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
- {
- /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load client cert file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load client key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #ifdef HAVE_CRL
- if (cbf != NULL && cbf->crlPemFile != NULL) {
- if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS)
- goto done;
- if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, WOLFSSL_FILETYPE_PEM)
- != WOLFSSL_SUCCESS)
- goto done;
- }
- #endif
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_use_certificate_file(ssl, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load client cert file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #else
- if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- #endif
- /*err_sys("can't load client key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (!doUdp) {
- if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- }
- else {
- #ifdef WOLFSSL_DTLS
- if (wolfSSL_set_dtls_fd_connected(ssl, sockfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- #else
- goto done;
- #endif
- }
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_negotiate(ssl);
- err = wolfSSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_connect failed");*/
- goto done;
- }
- /* test the various get cipher methods */
- /* Internal cipher suite names */
- cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
- cipherName1 = wolfSSL_get_cipher_name(ssl);
- cipherName2 = wolfSSL_get_cipher_name_from_suite(
- (cipherSuite >> 8), cipherSuite & 0xFF);
- AssertStrEQ(cipherName1, cipherName2);
- /* IANA Cipher Suites Names */
- /* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS,
- then it's the internal cipher suite name */
- cipher = wolfSSL_get_current_cipher(ssl);
- cipherName1 = wolfSSL_CIPHER_get_name(cipher);
- cipherName2 = wolfSSL_get_cipher(ssl);
- AssertStrEQ(cipherName1, cipherName2);
- #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
- !defined(WOLFSSL_QT)
- cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
- (cipherSuite >> 8), cipherSuite & 0xFF);
- AssertStrEQ(cipherName1, cipherName2);
- #endif
- if (cb != NULL)
- (cb)(ctx, ssl);
- if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
- /*err_sys("SSL_write failed");*/
- goto done;
- }
- input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
- if (input > 0) {
- reply[input] = '\0';
- fprintf(stderr, "Server response: %s\n", reply);
- }
- if (cbf != NULL && cbf->on_result != NULL)
- cbf->on_result(ssl);
- ((func_args*)args)->return_code = TEST_SUCCESS;
- done:
- if (cbf != NULL)
- cbf->last_err = err;
- if (cbf != NULL && cbf->on_cleanup != NULL)
- cbf->on_cleanup(ssl);
- wolfSSL_free(ssl);
- if (!sharedCtx)
- wolfSSL_CTX_free(ctx);
- CloseSocket(sockfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- #else
- (void)args;
- (void)cb;
- #endif /* !NO_WOLFSSL_CLIENT */
- wolfSSL_SetLoggingPrefix(NULL);
- return 0;
- }
- void test_wolfSSL_client_server_nofail_ex(callback_functions* client_cb,
- callback_functions* server_cb, cbType client_on_handshake)
- {
- func_args client_args;
- func_args server_args;
- tcp_ready ready;
- THREAD_TYPE serverThread;
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- server_args.callbacks = server_cb;
- client_args.signal = &ready;
- client_args.callbacks = client_cb;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, client_on_handshake);
- join_thread(serverThread);
- client_cb->return_code = client_args.return_code;
- server_cb->return_code = server_args.return_code;
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- }
- void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
- callback_functions* server_cb)
- {
- test_wolfSSL_client_server_nofail_ex(client_cb, server_cb, NULL);
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
- !defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT)
- static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
- void* server_args)
- {
- SOCKET_T sockfd = 0;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- WOLFSSL_SESSION* session = NULL;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- int input;
- int msgSz = (int)XSTRLEN(msg);
- int ret, err = 0;
- int sharedCtx = 0;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- cbf = ((func_args*)args)->callbacks;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
- if (cbf != NULL && cbf->ctx) {
- ctx = cbf->ctx;
- sharedCtx = 1;
- }
- else
- #endif
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfSSLv23_client_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- /* Do connect here so server detects failures */
- tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 0, 0, NULL);
- if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) !=
- WOLFSSL_SUCCESS) {
- /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
- goto done;
- }
- if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load client cert file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load client key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- goto done;
- }
- /* keep handshake resources for re-using WOLFSSL obj */
- wolfSSL_KeepArrays(ssl);
- if (wolfSSL_KeepHandshakeResources(ssl)) {
- /* err_sys("SSL_KeepHandshakeResources failed"); */
- goto done;
- }
- if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load client cert file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- /*err_sys("can't load client key file, "
- "Please run from wolfSSL home dir");*/
- goto done;
- }
- if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_connect(ssl);
- err = wolfSSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_connect failed");*/
- goto done;
- }
- /* Build first session */
- if (cb != NULL)
- cb(ctx, ssl);
- if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
- /*err_sys("SSL_write failed");*/
- goto done;
- }
- input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
- if (input > 0) {
- reply[input] = '\0';
- fprintf(stderr, "Server response: %s\n", reply);
- }
- /* Session Resumption by re-using WOLFSSL object */
- wolfSSL_set_quiet_shutdown(ssl, 1);
- if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
- /* err_sys ("SSL shutdown failed"); */
- goto done;
- }
- session = wolfSSL_get1_session(ssl);
- if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
- wolfSSL_SESSION_free(session);
- /* err_sys ("SSL_clear failed"); */
- goto done;
- }
- wolfSSL_set_session(ssl, session);
- wolfSSL_SESSION_free(session);
- session = NULL;
- /* close socket once */
- CloseSocket(sockfd);
- sockfd = 0;
- /* wait until server ready */
- wait_tcp_ready((func_args*)server_args);
- fprintf(stderr, "session resumption\n");
- /* Do re-connect */
- tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 0, 0, NULL);
- if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
- /*err_sys("SSL_set_fd failed");*/
- goto done;
- }
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_connect(ssl);
- err = wolfSSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_connect failed");*/
- goto done;
- }
- /* Build first session */
- if (cb != NULL)
- cb(ctx, ssl);
- if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
- /*err_sys("SSL_write failed");*/
- goto done;
- }
- input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
- if (input > 0) {
- reply[input] = '\0';
- fprintf(stderr, "Server response: %s\n", reply);
- }
- ((func_args*)args)->return_code = TEST_SUCCESS;
- done:
- wolfSSL_free(ssl);
- if (!sharedCtx)
- wolfSSL_CTX_free(ctx);
- CloseSocket(sockfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- return;
- }
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) &&
- !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) */
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \
- defined(HAVE_ALPN) && defined(HAVE_SNI) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_BIO)
- #define HAVE_ALPN_PROTOS_SUPPORT
- #endif
- /* Generic TLS client / server with callbacks for API unit tests
- * Used by SNI / ALPN / crypto callback helper functions */
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- (defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \
- defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY)
- #define ENABLE_TLS_CALLBACK_TEST
- #endif
- #if defined(ENABLE_TLS_CALLBACK_TEST) || \
- (defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT))
- /* TLS server for API unit testing - generic */
- static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
- {
- callback_functions* callbacks = ((func_args*)args)->callbacks;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- SOCKET_T sfd = 0;
- SOCKET_T cfd = 0;
- word16 port;
- char msg[] = "I hear you fa shizzle!";
- int len = (int) XSTRLEN(msg);
- char input[1024];
- int idx;
- int ret, err = 0;
- ((func_args*)args)->return_code = TEST_FAIL;
- #if defined(USE_WINDOWS_API)
- port = ((func_args*)args)->signal->port;
- #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
- !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
- /* Let tcp_listen assign port */
- port = 0;
- #else
- /* Use default port */
- port = wolfSSLPort;
- #endif
- #ifdef WOLFSSL_DTLS
- if (callbacks->method == wolfDTLS_server_method
- #ifdef WOLFSSL_STATIC_MEMORY
- || callbacks->method_ex == wolfDTLS_server_method_ex
- #endif
- #ifndef NO_OLD_TLS
- || callbacks->method == wolfDTLSv1_server_method
- #ifdef WOLFSSL_STATIC_MEMORY
- || callbacks->method_ex == wolfDTLSv1_server_method_ex
- #endif
- #endif
- #ifndef WOLFSSL_NO_TLS12
- || callbacks->method == wolfDTLSv1_2_server_method
- #ifdef WOLFSSL_STATIC_MEMORY
- || callbacks->method_ex == wolfDTLSv1_2_server_method_ex
- #endif
- #endif
- #ifdef WOLFSSL_DTLS13
- || callbacks->method == wolfDTLSv1_3_server_method
- #ifdef WOLFSSL_STATIC_MEMORY
- || callbacks->method_ex == wolfDTLSv1_3_server_method_ex
- #endif
- #endif
- ) {
- tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0);
- }
- else
- #endif
- {
- tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
- }
- #ifdef WOLFSSL_STATIC_MEMORY
- if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
- callbacks->memSz > 0) {
- ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
- callbacks->mem, callbacks->memSz, 0, 1);
- if (ret != WOLFSSL_SUCCESS) {
- fprintf(stderr, "CTX static new failed %d\n", ret);
- goto cleanup;
- }
- }
- #else
- ctx = wolfSSL_CTX_new(callbacks->method());
- #endif
- if (ctx == NULL) {
- fprintf(stderr, "CTX new failed\n");
- goto cleanup;
- }
- /* set defaults */
- if (callbacks->caPemFile == NULL)
- callbacks->caPemFile = cliCertFile;
- if (callbacks->certPemFile == NULL)
- callbacks->certPemFile = svrCertFile;
- if (callbacks->keyPemFile == NULL)
- callbacks->keyPemFile = svrKeyFile;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
- wolfSSL_CTX_set_verify(ctx,
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- #if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS)
- if (callbacks->method == wolfDTLSv1_2_server_method) {
- if (wolfSSL_CTX_dtls_set_export(ctx, test_export) != WOLFSSL_SUCCESS)
- goto cleanup;
- }
- #endif
- if (wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0) !=
- WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- #ifdef HAVE_CRL
- if (callbacks->crlPemFile != NULL) {
- if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- }
- #endif
- if (callbacks->ctx_ready)
- callbacks->ctx_ready(ctx);
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- fprintf(stderr, "SSL new failed\n");
- goto cleanup;
- }
- if (wolfSSL_dtls(ssl)) {
- SOCKADDR_IN_T cliAddr;
- socklen_t cliLen;
- cliLen = sizeof(cliAddr);
- idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
- (struct sockaddr*)&cliAddr, &cliLen);
- if (idx <= 0) {
- goto cleanup;
- }
- wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
- }
- else {
- CloseSocket(sfd);
- }
- if (wolfSSL_set_fd(ssl, cfd) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- if (callbacks->loadToSSL) {
- wolfSSL_SetDevId(ssl, callbacks->devId);
- if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- }
- #ifdef NO_PSK
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
- wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- #elif !defined(NO_DH)
- SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
- #endif
- #endif
- if (callbacks->ssl_ready)
- callbacks->ssl_ready(ssl);
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_accept(ssl);
- err = wolfSSL_get_error(ssl, ret);
- } while (err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "accept error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_accept failed");*/
- }
- else {
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- idx = wolfSSL_read(ssl, input, sizeof(input)-1);
- err = wolfSSL_get_error(ssl, idx);
- } while (err == WC_PENDING_E);
- if (idx > 0) {
- input[idx] = 0;
- fprintf(stderr, "Client message: %s\n", input);
- }
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_write(ssl, msg, len);
- err = wolfSSL_get_error(ssl, ret);
- } while (err == WC_PENDING_E);
- if (len != ret) {
- goto cleanup;
- }
- #if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \
- defined(WOLFSSL_DTLS)
- if (wolfSSL_dtls(ssl)) {
- byte* import;
- word32 sz;
- wolfSSL_dtls_export(ssl, NULL, &sz);
- import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (import == NULL) {
- goto cleanup;
- }
- idx = wolfSSL_dtls_export(ssl, import, &sz);
- if (idx < 0) {
- goto cleanup;
- }
- if (wolfSSL_dtls_import(ssl, import, idx) < 0) {
- goto cleanup;
- }
- XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- ((func_args*)args)->return_code = TEST_SUCCESS;
- }
- if (callbacks->on_result)
- callbacks->on_result(ssl);
- wolfSSL_shutdown(ssl);
- cleanup:
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(cfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- /* TLS Client for API unit testing - generic */
- static void run_wolfssl_client(void* args)
- {
- callback_functions* callbacks = ((func_args*)args)->callbacks;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- SOCKET_T sfd = 0;
- char msg[] = "hello wolfssl server!";
- int len = (int) XSTRLEN(msg);
- char input[1024];
- int ret, err = 0;
- ((func_args*)args)->return_code = TEST_FAIL;
- /* set defaults */
- if (callbacks->caPemFile == NULL)
- callbacks->caPemFile = caCertFile;
- if (callbacks->certPemFile == NULL)
- callbacks->certPemFile = cliCertFile;
- if (callbacks->keyPemFile == NULL)
- callbacks->keyPemFile = cliKeyFile;
- #ifdef WOLFSSL_STATIC_MEMORY
- if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
- callbacks->memSz > 0) {
- ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
- callbacks->mem, callbacks->memSz, 0, 1);
- if (ret != WOLFSSL_SUCCESS) {
- fprintf(stderr, "CTX static new failed %d\n", ret);
- goto cleanup;
- }
- }
- #else
- ctx = wolfSSL_CTX_new(callbacks->method());
- #endif
- if (ctx == NULL) {
- fprintf(stderr, "CTX new failed\n");
- goto cleanup;
- }
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- if (!callbacks->loadToSSL) {
- wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- if (wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0) !=
- WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- if (!callbacks->loadToSSL) {
- if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- }
- #ifdef HAVE_CRL
- if (callbacks->crlPemFile != NULL) {
- if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- }
- #endif
- if (callbacks->ctx_ready)
- callbacks->ctx_ready(ctx);
- ssl = wolfSSL_new(ctx);
- if (wolfSSL_dtls(ssl)) {
- tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 1, 0, ssl);
- }
- else {
- tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
- 0, 0, ssl);
- }
- if (wolfSSL_set_fd(ssl, sfd) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- if (callbacks->loadToSSL) {
- wolfSSL_SetDevId(ssl, callbacks->devId);
- if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
- goto cleanup;
- }
- }
- if (callbacks->ssl_ready)
- callbacks->ssl_ready(ssl);
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_connect(ssl);
- err = wolfSSL_get_error(ssl, ret);
- } while (err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err,
- wolfSSL_ERR_error_string(err, buff));
- /*err_sys("SSL_connect failed");*/
- }
- else {
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_write(ssl, msg, len);
- err = wolfSSL_get_error(ssl, ret);
- } while (err == WC_PENDING_E);
- if (len != ret)
- goto cleanup;
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_read(ssl, input, sizeof(input)-1);
- err = wolfSSL_get_error(ssl, ret);
- } while (err == WC_PENDING_E);
- if (ret > 0) {
- input[ret] = '\0'; /* null term */
- fprintf(stderr, "Server response: %s\n", input);
- }
- ((func_args*)args)->return_code = TEST_SUCCESS;
- }
- if (callbacks->on_result)
- callbacks->on_result(ssl);
- cleanup:
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(sfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- }
- #endif /* ENABLE_TLS_CALLBACK_TEST */
- static int test_wolfSSL_read_write(void)
- {
- /* The unit testing for read and write shall happen simultaneously, since
- * one can't do anything with one without the other. (Except for a failure
- * test case.) This function will call all the others that will set up,
- * execute, and report their test findings.
- *
- * Set up the success case first. This function will become the template
- * for the other tests. This should eventually be renamed
- *
- * The success case isn't interesting, how can this fail?
- * - Do not give the client context a CA certificate. The connect should
- * fail. Do not need server for this?
- * - Using NULL for the ssl object on server. Do not need client for this.
- * - Using NULL for the ssl object on client. Do not need server for this.
- * - Good ssl objects for client and server. Client write() without server
- * read().
- * - Good ssl objects for client and server. Server write() without client
- * read().
- * - Forgetting the password callback?
- */
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- EXPECT_DECLS;
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- client_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- ExpectTrue(client_args.return_code);
- ExpectTrue(server_args.return_code);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_reuse_WOLFSSLobj(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
- !defined(WOLFSSL_NO_TLS12)
- /* The unit test for session resumption by re-using WOLFSSL object.
- * WOLFSSL object is not cleared after first session. It reuse the object
- * for second connection.
- */
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- callback_functions client_cbf;
- callback_functions server_cbf;
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&client_cbf, 0, sizeof(callback_functions));
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- client_cbf.method = wolfTLSv1_2_client_method;
- server_cbf.method = wolfTLSv1_2_server_method;
- client_args.callbacks = &client_cbf;
- server_args.callbacks = &server_cbf;
- server_args.signal = &ready;
- client_args.signal = &ready;
- /* the var is used for loop number */
- server_args.argc = 2;
- start_thread(test_server_loop, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args);
- join_thread(serverThread);
- ExpectTrue(client_args.return_code);
- ExpectTrue(server_args.return_code);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) &&
- * !defined(WOLFSSL_TLS13) */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready(
- WOLFSSL_CTX* ctx)
- {
- wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
- myVerifyAction = VERIFY_USE_PREVERFIY;
- wolfSSL_CTX_set_verify_depth(ctx, 2);
- return TEST_SUCCESS;
- }
- #endif
- static int test_wolfSSL_CTX_verifyDepth_ServerClient_1(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- #ifdef WOLFSSL_TLS13
- client_cbf.method = wolfTLSv1_3_client_method;
- #endif /* WOLFSSL_TLS13 */
- client_cbf.ctx_ready =
- test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready;
- /* test case 1 verify depth is equal to peer chain */
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- #endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS &&
- * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready(
- WOLFSSL_CTX* ctx)
- {
- wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
- myVerifyAction = VERIFY_OVERRIDE_ERROR;
- wolfSSL_CTX_set_verify_depth(ctx, 0);
- return TEST_SUCCESS;
- }
- #endif
- static int test_wolfSSL_CTX_verifyDepth_ServerClient_2(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- #ifdef WOLFSSL_TLS13
- client_cbf.method = wolfTLSv1_3_client_method;
- #endif /* WOLFSSL_TLS13 */
- client_cbf.ctx_ready =
- test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready;
- /* test case 2
- * verify depth is zero, number of peer's chain is 2.
- * verify result becomes MAX_CHAIN_ERROR, but it is overridden in
- * callback.
- */
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- #endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS &&
- * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready(
- WOLFSSL_CTX* ctx)
- {
- wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
- myVerifyAction = VERIFY_USE_PREVERFIY;
- wolfSSL_CTX_set_verify_depth(ctx, 0);
- return TEST_SUCCESS;
- }
- #endif
- static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- #ifdef WOLFSSL_TLS13
- client_cbf.method = wolfTLSv1_3_client_method;
- #endif /* WOLFSSL_TLS13 */
- client_cbf.ctx_ready =
- test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready;
- /* test case 3
- * verify depth is zero, number of peer's chain is 2
- * verify result becomes MAX_CHAIN_ERRO. call-back returns failure.
- * therefore, handshake becomes failure.
- */
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_FAIL);
- ExpectIntEQ(client_cbf.return_code, TEST_FAIL);
- ExpectIntEQ(server_cbf.return_code, TEST_FAIL);
- ExpectIntEQ(client_cbf.last_err, MAX_CHAIN_ERROR);
- ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
- #endif /* OPENSSL_EXTRA && !WOLFSSL_TIRTOS &&
- * HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_ALL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \
- && !defined(NO_SHA256) && defined(HAVE_ECC)
- static int test_wolfSSL_CTX_set_cipher_list_server_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "DEFAULT:!NULL"));
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_set_cipher_list_client_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"));
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_CTX_set_cipher_list(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \
- && !defined(NO_SHA256) && defined(HAVE_ECC)
- WOLFSSL_CTX* ctxClient = NULL;
- WOLFSSL* sslClient = NULL;
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- server_cbf.method = wolfTLSv1_2_server_method;
- server_cbf.ctx_ready = test_wolfSSL_CTX_set_cipher_list_server_ctx_ready;
- client_cbf.method = wolfTLSv1_2_client_method;
- client_cbf.ctx_ready = test_wolfSSL_CTX_set_cipher_list_client_ctx_ready;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- /* check with cipher string that has '+' */
- ExpectNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method())));
- ExpectTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM"));
- ExpectNotNull((sslClient = wolfSSL_new(ctxClient)));
- /* check for the existence of an ECDHE ECDSA cipher suite */
- if (EXPECT_SUCCESS()) {
- int i = 0;
- int found = 0;
- const char* suite;
- WOLF_STACK_OF(WOLFSSL_CIPHER)* sk = NULL;
- WOLFSSL_CIPHER* current;
- ExpectNotNull((sk = wolfSSL_get_ciphers_compat(sslClient)));
- do {
- current = wolfSSL_sk_SSL_CIPHER_value(sk, i++);
- if (current) {
- suite = wolfSSL_CIPHER_get_name(current);
- if (suite && XSTRSTR(suite, "ECDSA")) {
- found = 1;
- break;
- }
- }
- } while (current);
- ExpectIntEQ(found, 1);
- }
- wolfSSL_free(sslClient);
- wolfSSL_CTX_free(ctxClient);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- defined(WOLFSSL_HAVE_TLS_UNIQUE)
- static int test_wolfSSL_get_finished_client_on_handshake(WOLFSSL_CTX* ctx,
- WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- size_t msg_len;
- (void)ctx;
- /* get_finished test */
- /* 1. get own sent message */
- XMEMSET(client_side_msg1, 0, MD_MAX_SIZE);
- msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE);
- ExpectIntGE(msg_len, 0);
- /* 2. get peer message */
- XMEMSET(client_side_msg2, 0, MD_MAX_SIZE);
- msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE);
- ExpectIntGE(msg_len, 0);
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_get_finished(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- defined(WOLFSSL_HAVE_TLS_UNIQUE)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, test_wolfSSL_get_finished_client_on_handshake),
- TEST_SUCCESS);
- /* test received msg vs sent msg */
- ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE));
- ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE));
- #endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_HAVE_TLS_UNIQUE */
- return EXPECT_RESULT();
- }
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \
- !defined(NO_SESSION_CACHE)
- /* Sessions to restore/store */
- static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_client_sess;
- static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_server_sess;
- static WOLFSSL_CTX* test_wolfSSL_CTX_add_session_server_ctx;
- static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx)
- {
- /* Don't store sessions. Lookup is still enabled. */
- AssertIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx,
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS);
- #ifdef OPENSSL_EXTRA
- AssertIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) &
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE,
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE);
- #endif
- /* Require both peers to provide certs */
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- }
- static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
- {
- WOLFSSL_SESSION** sess;
- if (wolfSSL_is_server(ssl))
- sess = &test_wolfSSL_CTX_add_session_server_sess;
- else
- sess = &test_wolfSSL_CTX_add_session_client_sess;
- if (*sess == NULL) {
- #ifdef NO_SESSION_CACHE_REF
- AssertNotNull(*sess = wolfSSL_get1_session(ssl));
- #else
- /* Test for backwards compatibility */
- if (wolfSSL_is_server(ssl)) {
- AssertNotNull(*sess = wolfSSL_get1_session(ssl));
- }
- else {
- AssertNotNull(*sess = wolfSSL_get_session(ssl));
- }
- #endif
- /* Now save the session in the internal store to make it available
- * for lookup. For TLS 1.3, we can't save the session without
- * WOLFSSL_TICKET_HAVE_ID because there is no way to retrieve the
- * session from cache. */
- if (wolfSSL_is_server(ssl)
- #ifndef WOLFSSL_TICKET_HAVE_ID
- && wolfSSL_version(ssl) != TLS1_3_VERSION
- #endif
- )
- AssertIntEQ(wolfSSL_CTX_add_session(wolfSSL_get_SSL_CTX(ssl),
- *sess), WOLFSSL_SUCCESS);
- }
- else {
- /* If we have a session retrieved then remaining connections should be
- * resuming on that session */
- AssertIntEQ(wolfSSL_session_reused(ssl), 1);
- }
- /* Save CTX to be able to decrypt tickets */
- if (wolfSSL_is_server(ssl) &&
- test_wolfSSL_CTX_add_session_server_ctx == NULL) {
- AssertNotNull(test_wolfSSL_CTX_add_session_server_ctx
- = wolfSSL_get_SSL_CTX(ssl));
- AssertIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)),
- WOLFSSL_SUCCESS);
- }
- #ifdef SESSION_CERTS
- #ifndef WOLFSSL_TICKET_HAVE_ID
- if (wolfSSL_version(ssl) != TLS1_3_VERSION &&
- wolfSSL_session_reused(ssl))
- #endif
- {
- /* With WOLFSSL_TICKET_HAVE_ID the peer certs should be available
- * for all connections. TLS 1.3 only has tickets so if we don't
- * include the session id in the ticket then the certificates
- * will not be available on resumption. */
- WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
- AssertNotNull(peer);
- wolfSSL_X509_free(peer);
- AssertNotNull(wolfSSL_SESSION_get_peer_chain(*sess));
- #ifdef OPENSSL_EXTRA
- AssertNotNull(SSL_SESSION_get0_peer(*sess));
- #endif
- }
- #endif /* SESSION_CERTS */
- }
- static void test_wolfSSL_CTX_add_session_ssl_ready(WOLFSSL* ssl)
- {
- /* Set the session to reuse for the client */
- AssertIntEQ(wolfSSL_set_session(ssl,
- test_wolfSSL_CTX_add_session_client_sess), WOLFSSL_SUCCESS);
- }
- #endif
- static int test_wolfSSL_CTX_add_session(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \
- !defined(NO_SESSION_CACHE)
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- callback_functions client_cb;
- callback_functions server_cb;
- method_provider methods[][2] = {
- #if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
- !defined(NO_DES3))
- /* Without AES there are almost no ciphersuites available. This leads
- * to no ciphersuites being available and an error. */
- { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method },
- #endif
- #ifndef WOLFSSL_NO_TLS12
- { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method },
- #endif
- /* Needs the default ticket callback since it is tied to the
- * connection context and this makes it easy to carry over the ticket
- * crypto context between connections */
- #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
- defined(HAVE_SESSION_TICKET)
- { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method },
- #endif
- };
- const size_t methodsLen = sizeof(methods)/sizeof(*methods);
- size_t i, j;
- for (i = 0; i < methodsLen; i++) {
- /* First run creates a connection while the second+ run will attempt
- * to resume the connection. The trick is that the internal cache
- * is turned off. wolfSSL_CTX_add_session should put the session in
- * the cache anyway. */
- test_wolfSSL_CTX_add_session_client_sess = NULL;
- test_wolfSSL_CTX_add_session_server_sess = NULL;
- test_wolfSSL_CTX_add_session_server_ctx = NULL;
- #ifdef NO_SESSION_CACHE_REF
- for (j = 0; j < 4; j++) {
- #else
- /* The session may be overwritten in this case. Do only one resumption
- * to stop this test from failing intermittently. */
- for (j = 0; j < 2; j++) {
- #endif
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- client_cb.method = methods[i][0];
- server_cb.method = methods[i][1];
- server_args.signal = &ready;
- server_args.callbacks = &server_cb;
- client_args.signal = &ready;
- client_args.callbacks = &client_cb;
- if (test_wolfSSL_CTX_add_session_server_ctx != NULL) {
- server_cb.ctx = test_wolfSSL_CTX_add_session_server_ctx;
- server_cb.isSharedCtx = 1;
- }
- server_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready;
- client_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready;
- if (j != 0)
- client_cb.ssl_ready = test_wolfSSL_CTX_add_session_ssl_ready;
- server_cb.on_result = test_wolfSSL_CTX_add_session_on_result;
- client_cb.on_result = test_wolfSSL_CTX_add_session_on_result;
- server_cb.ticNoInit = 1; /* Use default builtin */
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- test_client_nofail(&client_args, NULL);
- join_thread(serverThread);
- ExpectTrue(client_args.return_code);
- ExpectTrue(server_args.return_code);
- FreeTcpReady(&ready);
- if (EXPECT_FAIL())
- break;
- }
- wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_client_sess);
- wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_server_sess);
- wolfSSL_CTX_free(test_wolfSSL_CTX_add_session_server_ctx);
- if (EXPECT_FAIL())
- break;
- }
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
- defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \
- defined(HAVE_SESSION_TICKET) && \
- !defined(TITAN_SESSION_CACHE) && \
- !defined(HUGE_SESSION_CACHE) && \
- !defined(BIG_SESSION_CACHE) && \
- !defined(MEDIUM_SESSION_CACHE)
- /* twcase - prefix for test_wolfSSL_CTX_add_session_ext */
- /* Sessions to restore/store */
- static WOLFSSL_SESSION* twcase_server_first_session_ptr;
- static WOLFSSL_SESSION* twcase_client_first_session_ptr;
- static WOLFSSL_CTX* twcase_server_current_ctx_ptr;
- static int twcase_new_session_called = 0;
- static int twcase_remove_session_called = 0;
- static int twcase_get_session_called = 0;
- /* Test default, SESSIONS_PER_ROW*SESSION_ROWS = 3*11, see ssl.c */
- #define SESSION_CACHE_SIZE 33
- typedef struct {
- const byte* key; /* key, altSessionID, session ID, NULL if empty */
- WOLFSSL_SESSION* value;
- } hashTable_entry;
- typedef struct {
- hashTable_entry entries[SESSION_CACHE_SIZE]; /* hash slots */
- size_t capacity; /* size of entries */
- size_t length; /* number of items in the hash table */
- wolfSSL_Mutex htLock; /* lock */
- }hashTable;
- static hashTable server_sessionCache;
- static int twcase_new_sessionCb(WOLFSSL *ssl, WOLFSSL_SESSION *sess)
- {
- int i;
- unsigned int len;
- (void)ssl;
- /*
- * This example uses a hash table.
- * Steps you should take for a non-demo code:
- * - acquire a lock for the file named according to the session id
- * - open the file
- * - encrypt and write the SSL_SESSION object to the file
- * - release the lock
- *
- * Return:
- * 0: The callback does not wish to hold a reference of the sess
- * 1: The callback wants to hold a reference of the sess. The callback is
- * now also responsible for calling wolfSSL_SESSION_free() on sess.
- */
- if (sess == NULL)
- return 0;
- if (wc_LockMutex(&server_sessionCache.htLock) != 0) {
- return 0;
- }
- for (i = 0; i < SESSION_CACHE_SIZE; i++) {
- if (server_sessionCache.entries[i].value == NULL) {
- server_sessionCache.entries[i].key = SSL_SESSION_get_id(sess, &len);
- server_sessionCache.entries[i].value = sess;
- server_sessionCache.length++;
- break;
- }
- }
- ++twcase_new_session_called;
- wc_UnLockMutex(&server_sessionCache.htLock);
- fprintf(stderr, "\t\ttwcase_new_session_called %d\n",
- twcase_new_session_called);
- return 1;
- }
- static void twcase_remove_sessionCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
- {
- int i;
- (void)ctx;
- (void)sess;
- if (sess == NULL)
- return;
- /*
- * This example uses a hash table.
- * Steps you should take for a non-demo code:
- * - acquire a lock for the file named according to the session id
- * - remove the file
- * - release the lock
- */
- if (wc_LockMutex(&server_sessionCache.htLock) != 0) {
- return;
- }
- for (i = 0; i < SESSION_CACHE_SIZE; i++) {
- if (server_sessionCache.entries[i].key != NULL &&
- XMEMCMP(server_sessionCache.entries[i].key,
- sess->sessionID, SSL_MAX_SSL_SESSION_ID_LENGTH) == 0) {
- wolfSSL_SESSION_free(server_sessionCache.entries[i].value);
- server_sessionCache.entries[i].value = NULL;
- server_sessionCache.entries[i].key = NULL;
- server_sessionCache.length--;
- break;
- }
- }
- ++twcase_remove_session_called;
- wc_UnLockMutex(&server_sessionCache.htLock);
- fprintf(stderr, "\t\ttwcase_remove_session_called %d\n",
- twcase_remove_session_called);
- }
- static WOLFSSL_SESSION *twcase_get_sessionCb(WOLFSSL *ssl,
- const unsigned char *id, int len, int *ref)
- {
- int i;
- (void)ssl;
- (void)id;
- (void)len;
- /*
- * This example uses a hash table.
- * Steps you should take for a non-demo code:
- * - acquire a lock for the file named according to the session id in the
- * 2nd arg
- * - read and decrypt contents of file and create a new SSL_SESSION
- * - object release the lock
- * - return the new session object
- */
- fprintf(stderr, "\t\ttwcase_get_session_called %d\n",
- ++twcase_get_session_called);
- /* This callback want to retain a copy of the object. If we want wolfSSL to
- * be responsible for the pointer then set to 0. */
- *ref = 1;
- for (i = 0; i < SESSION_CACHE_SIZE; i++) {
- if (server_sessionCache.entries[i].key != NULL &&
- XMEMCMP(server_sessionCache.entries[i].key, id,
- SSL_MAX_SSL_SESSION_ID_LENGTH) == 0) {
- return server_sessionCache.entries[i].value;
- }
- }
- return NULL;
- }
- static int twcase_get_sessionCb_cleanup(void)
- {
- int i;
- int cnt = 0;
- /* If twcase_get_sessionCb sets *ref = 1, the application is responsible
- * for freeing sessions */
- for (i = 0; i < SESSION_CACHE_SIZE; i++) {
- if (server_sessionCache.entries[i].value != NULL) {
- wolfSSL_SESSION_free(server_sessionCache.entries[i].value);
- cnt++;
- }
- }
- fprintf(stderr, "\t\ttwcase_get_sessionCb_cleanup freed %d sessions\n",
- cnt);
- return TEST_SUCCESS;
- }
- static int twcase_cache_intOff_extOff(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- /* off - Disable internal cache */
- ExpectIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx,
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS);
- #ifdef OPENSSL_EXTRA
- ExpectIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) &
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE,
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE);
- #endif
- /* off - Do not setup external cache */
- /* Require both peers to provide certs */
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- return EXPECT_RESULT();
- }
- static int twcase_cache_intOn_extOff(WOLFSSL_CTX* ctx)
- {
- /* on - internal cache is on by default */
- /* off - Do not setup external cache */
- /* Require both peers to provide certs */
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- return TEST_SUCCESS;
- }
- static int twcase_cache_intOff_extOn(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- /* off - Disable internal cache */
- ExpectIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx,
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS);
- #ifdef OPENSSL_EXTRA
- ExpectIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) &
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE,
- WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE);
- #endif
- /* on - Enable external cache */
- wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb);
- wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb);
- wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb);
- /* Require both peers to provide certs */
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- return EXPECT_RESULT();
- }
- static int twcase_cache_intOn_extOn(WOLFSSL_CTX* ctx)
- {
- /* on - internal cache is on by default */
- /* on - Enable external cache */
- wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb);
- wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb);
- wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb);
- /* Require both peers to provide certs */
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- return TEST_SUCCESS;
- }
- static int twcase_cache_intOn_extOn_noTicket(WOLFSSL_CTX* ctx)
- {
- /* on - internal cache is on by default */
- /* on - Enable external cache */
- wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb);
- wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb);
- wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb);
- wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TICKET);
- /* Require both peers to provide certs */
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- return TEST_SUCCESS;
- }
- static int twcase_server_sess_ctx_pre_shutdown(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- WOLFSSL_SESSION** sess;
- if (wolfSSL_is_server(ssl))
- sess = &twcase_server_first_session_ptr;
- else
- return TEST_SUCCESS;
- if (*sess == NULL) {
- ExpectNotNull(*sess = wolfSSL_get1_session(ssl));
- /* Now save the session in the internal store to make it available
- * for lookup. For TLS 1.3, we can't save the session without
- * WOLFSSL_TICKET_HAVE_ID because there is no way to retrieve the
- * session from cache. */
- if (wolfSSL_is_server(ssl)
- #ifndef WOLFSSL_TICKET_HAVE_ID
- && wolfSSL_version(ssl) != TLS1_3_VERSION
- && wolfSSL_version(ssl) != DTLS1_3_VERSION
- #endif
- ) {
- ExpectIntEQ(wolfSSL_CTX_add_session(wolfSSL_get_SSL_CTX(ssl),
- *sess), WOLFSSL_SUCCESS);
- }
- }
- /* Save CTX to be able to decrypt tickets */
- if (twcase_server_current_ctx_ptr == NULL) {
- ExpectNotNull(twcase_server_current_ctx_ptr = wolfSSL_get_SSL_CTX(ssl));
- ExpectIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)),
- WOLFSSL_SUCCESS);
- }
- #ifdef SESSION_CERTS
- #ifndef WOLFSSL_TICKET_HAVE_ID
- if (wolfSSL_version(ssl) != TLS1_3_VERSION &&
- wolfSSL_session_reused(ssl))
- #endif
- {
- /* With WOLFSSL_TICKET_HAVE_ID the peer certs should be available
- * for all connections. TLS 1.3 only has tickets so if we don't
- * include the session id in the ticket then the certificates
- * will not be available on resumption. */
- WOLFSSL_X509* peer = NULL;
- ExpectNotNull(peer = wolfSSL_get_peer_certificate(ssl));
- wolfSSL_X509_free(peer);
- ExpectNotNull(wolfSSL_SESSION_get_peer_chain(*sess));
- }
- #endif
- return EXPECT_RESULT();
- }
- static int twcase_client_sess_ctx_pre_shutdown(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- WOLFSSL_SESSION** sess;
- sess = &twcase_client_first_session_ptr;
- if (*sess == NULL) {
- ExpectNotNull(*sess = wolfSSL_get1_session(ssl));
- }
- else {
- /* If we have a session retrieved then remaining connections should be
- * resuming on that session */
- ExpectIntEQ(wolfSSL_session_reused(ssl), 1);
- }
- #ifdef SESSION_CERTS
- #ifndef WOLFSSL_TICKET_HAVE_ID
- if (wolfSSL_version(ssl) != TLS1_3_VERSION &&
- wolfSSL_session_reused(ssl))
- #endif
- {
- WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
- ExpectNotNull(peer);
- wolfSSL_X509_free(peer);
- ExpectNotNull(wolfSSL_SESSION_get_peer_chain(*sess));
- #ifdef OPENSSL_EXTRA
- ExpectNotNull(wolfSSL_SESSION_get0_peer(*sess));
- #endif
- }
- #endif
- return EXPECT_RESULT();
- }
- static int twcase_client_set_sess_ssl_ready(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- /* Set the session to reuse for the client */
- ExpectNotNull(ssl);
- ExpectNotNull(twcase_client_first_session_ptr);
- ExpectIntEQ(wolfSSL_set_session(ssl,twcase_client_first_session_ptr),
- WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- struct test_add_session_ext_params {
- method_provider client_meth;
- method_provider server_meth;
- const char* tls_version;
- };
- static int test_wolfSSL_CTX_add_session_ext(
- struct test_add_session_ext_params* param)
- {
- EXPECT_DECLS;
- /* Test the default 33 sessions */
- int j;
- /* Clear cache before starting */
- wolfSSL_CTX_flush_sessions(NULL, -1);
- XMEMSET(&server_sessionCache, 0, sizeof(hashTable));
- if (wc_InitMutex(&server_sessionCache.htLock) != 0)
- return BAD_MUTEX_E;
- server_sessionCache.capacity = SESSION_CACHE_SIZE;
- fprintf(stderr, "\tBegin %s\n", param->tls_version);
- for (j = 0; j < 5; j++) {
- int tls13 = XSTRSTR(param->tls_version, "TLSv1_3") != NULL;
- int dtls = XSTRSTR(param->tls_version, "DTLS") != NULL;
- test_ssl_cbf client_cb;
- test_ssl_cbf server_cb;
- (void)dtls;
- /* Test five cache configurations */
- twcase_client_first_session_ptr = NULL;
- twcase_server_first_session_ptr = NULL;
- twcase_server_current_ctx_ptr = NULL;
- twcase_new_session_called = 0;
- twcase_remove_session_called = 0;
- twcase_get_session_called = 0;
- /* connection 1 - first connection */
- fprintf(stderr, "\tconnect: %s: j=%d\n", param->tls_version, j);
- XMEMSET(&client_cb, 0, sizeof(client_cb));
- XMEMSET(&server_cb, 0, sizeof(server_cb));
- client_cb.method = param->client_meth;
- server_cb.method = param->server_meth;
- if (dtls)
- client_cb.doUdp = server_cb.doUdp = 1;
- /* Setup internal and external cache */
- switch (j) {
- case 0:
- /* SSL_OP_NO_TICKET stateful ticket case */
- server_cb.ctx_ready = twcase_cache_intOn_extOn_noTicket;
- break;
- case 1:
- server_cb.ctx_ready = twcase_cache_intOn_extOn;
- break;
- case 2:
- server_cb.ctx_ready = twcase_cache_intOff_extOn;
- break;
- case 3:
- server_cb.ctx_ready = twcase_cache_intOn_extOff;
- break;
- case 4:
- server_cb.ctx_ready = twcase_cache_intOff_extOff;
- break;
- }
- client_cb.ctx_ready = twcase_cache_intOff_extOff;
- /* Add session to internal cache and save SSL session for testing */
- server_cb.on_result = twcase_server_sess_ctx_pre_shutdown;
- /* Save client SSL session for testing */
- client_cb.on_result = twcase_client_sess_ctx_pre_shutdown;
- server_cb.ticNoInit = 1; /* Use default builtin */
- /* Don't free/release ctx */
- server_cb.ctx = twcase_server_current_ctx_ptr;
- server_cb.isSharedCtx = 1;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb,
- &server_cb, NULL), TEST_SUCCESS);
- ExpectIntEQ(twcase_get_session_called, 0);
- if (EXPECT_FAIL()) {
- wolfSSL_SESSION_free(twcase_client_first_session_ptr);
- wolfSSL_SESSION_free(twcase_server_first_session_ptr);
- wolfSSL_CTX_free(twcase_server_current_ctx_ptr);
- break;
- }
- switch (j) {
- case 0:
- case 1:
- case 2:
- /* cache cannot be searched with out a connection */
- /* Add a new session */
- ExpectIntEQ(twcase_new_session_called, 1);
- /* In twcase_server_sess_ctx_pre_shutdown
- * wolfSSL_CTX_add_session which evicts the existing session
- * in cache and adds it back in */
- ExpectIntLE(twcase_remove_session_called, 1);
- break;
- case 3:
- case 4:
- /* no external cache */
- ExpectIntEQ(twcase_new_session_called, 0);
- ExpectIntEQ(twcase_remove_session_called, 0);
- break;
- }
- /* connection 2 - session resume */
- fprintf(stderr, "\tresume: %s: j=%d\n", param->tls_version, j);
- twcase_new_session_called = 0;
- twcase_remove_session_called = 0;
- twcase_get_session_called = 0;
- server_cb.on_result = 0;
- client_cb.on_result = 0;
- server_cb.ticNoInit = 1; /* Use default builtin */
- server_cb.ctx = twcase_server_current_ctx_ptr;
- /* try session resumption */
- client_cb.ssl_ready = twcase_client_set_sess_ssl_ready;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb,
- &server_cb, NULL), TEST_SUCCESS);
- /* Clear cache before checking */
- wolfSSL_CTX_flush_sessions(NULL, -1);
- switch (j) {
- case 0:
- if (tls13) {
- /* (D)TLSv1.3 stateful case */
- /* cache hit */
- /* DTLS accesses cache once for stateless parsing and
- * once for stateful parsing */
- ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2);
- /* (D)TLSv1.3 creates a new ticket,
- * updates both internal and external cache */
- ExpectIntEQ(twcase_new_session_called, 1);
- /* A new session ID is created for a new ticket */
- ExpectIntEQ(twcase_remove_session_called, 2);
- }
- else {
- /* non (D)TLSv1.3 case, no update */
- /* DTLS accesses cache once for stateless parsing and
- * once for stateful parsing */
- #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME
- ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2);
- #else
- ExpectIntEQ(twcase_get_session_called, 1);
- #endif
- ExpectIntEQ(twcase_new_session_called, 0);
- /* Called on session added in
- * twcase_server_sess_ctx_pre_shutdown */
- ExpectIntEQ(twcase_remove_session_called, 1);
- }
- break;
- case 1:
- if (tls13) {
- /* (D)TLSv1.3 case */
- /* cache hit */
- ExpectIntEQ(twcase_get_session_called, 1);
- /* (D)TLSv1.3 creates a new ticket,
- * updates both internal and external cache */
- ExpectIntEQ(twcase_new_session_called, 1);
- /* Called on session added in
- * twcase_server_sess_ctx_pre_shutdown and by wolfSSL */
- ExpectIntEQ(twcase_remove_session_called, 1);
- }
- else {
- /* non (D)TLSv1.3 case */
- /* cache hit */
- /* DTLS accesses cache once for stateless parsing and
- * once for stateful parsing */
- #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME
- ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2);
- #else
- ExpectIntEQ(twcase_get_session_called, 1);
- #endif
- ExpectIntEQ(twcase_new_session_called, 0);
- /* Called on session added in
- * twcase_server_sess_ctx_pre_shutdown */
- ExpectIntEQ(twcase_remove_session_called, 1);
- }
- break;
- case 2:
- if (tls13) {
- /* (D)TLSv1.3 case */
- /* cache hit */
- ExpectIntEQ(twcase_get_session_called, 1);
- /* (D)TLSv1.3 creates a new ticket,
- * updates both internal and external cache */
- ExpectIntEQ(twcase_new_session_called, 1);
- /* Called on session added in
- * twcase_server_sess_ctx_pre_shutdown and by wolfSSL */
- ExpectIntEQ(twcase_remove_session_called, 1);
- }
- else {
- /* non (D)TLSv1.3 case */
- /* cache hit */
- /* DTLS accesses cache once for stateless parsing and
- * once for stateful parsing */
- #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME
- ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2);
- #else
- ExpectIntEQ(twcase_get_session_called, 1);
- #endif
- ExpectIntEQ(twcase_new_session_called, 0);
- /* Called on session added in
- * twcase_server_sess_ctx_pre_shutdown */
- ExpectIntEQ(twcase_remove_session_called, 1);
- }
- break;
- case 3:
- case 4:
- /* no external cache */
- ExpectIntEQ(twcase_get_session_called, 0);
- ExpectIntEQ(twcase_new_session_called, 0);
- ExpectIntEQ(twcase_remove_session_called, 0);
- break;
- }
- wolfSSL_SESSION_free(twcase_client_first_session_ptr);
- wolfSSL_SESSION_free(twcase_server_first_session_ptr);
- wolfSSL_CTX_free(twcase_server_current_ctx_ptr);
- if (EXPECT_FAIL())
- break;
- }
- twcase_get_sessionCb_cleanup();
- XMEMSET(&server_sessionCache.entries, 0,
- sizeof(server_sessionCache.entries));
- fprintf(stderr, "\tEnd %s\n", param->tls_version);
- wc_FreeMutex(&server_sessionCache.htLock);
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_CTX_add_session_ext_tls13(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
- defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \
- defined(HAVE_SESSION_TICKET) && \
- !defined(TITAN_SESSION_CACHE) && \
- !defined(HUGE_SESSION_CACHE) && \
- !defined(BIG_SESSION_CACHE) && \
- !defined(MEDIUM_SESSION_CACHE)
- #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
- defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID)
- struct test_add_session_ext_params param[1] = {
- { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" }
- };
- ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_add_session_ext_dtls13(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
- defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \
- defined(HAVE_SESSION_TICKET) && \
- !defined(TITAN_SESSION_CACHE) && \
- !defined(HUGE_SESSION_CACHE) && \
- !defined(BIG_SESSION_CACHE) && \
- !defined(MEDIUM_SESSION_CACHE)
- #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
- defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID)
- #ifdef WOLFSSL_DTLS13
- struct test_add_session_ext_params param[1] = {
- { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" }
- };
- ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS);
- #endif
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_add_session_ext_tls12(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
- defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \
- defined(HAVE_SESSION_TICKET) && \
- !defined(TITAN_SESSION_CACHE) && \
- !defined(HUGE_SESSION_CACHE) && \
- !defined(BIG_SESSION_CACHE) && \
- !defined(MEDIUM_SESSION_CACHE)
- #ifndef WOLFSSL_NO_TLS12
- struct test_add_session_ext_params param[1] = {
- { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" }
- };
- ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_add_session_ext_dtls12(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
- defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \
- defined(HAVE_SESSION_TICKET) && \
- !defined(TITAN_SESSION_CACHE) && \
- !defined(HUGE_SESSION_CACHE) && \
- !defined(BIG_SESSION_CACHE) && \
- !defined(MEDIUM_SESSION_CACHE)
- #ifndef WOLFSSL_NO_TLS12
- #ifdef WOLFSSL_DTLS
- struct test_add_session_ext_params param[1] = {
- { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" }
- };
- ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS);
- #endif
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_add_session_ext_tls11(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
- defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \
- defined(HAVE_SESSION_TICKET) && \
- !defined(TITAN_SESSION_CACHE) && \
- !defined(HUGE_SESSION_CACHE) && \
- !defined(BIG_SESSION_CACHE) && \
- !defined(MEDIUM_SESSION_CACHE)
- #if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
- !defined(NO_DES3))
- struct test_add_session_ext_params param[1] = {
- { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" }
- };
- ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_add_session_ext_dtls1(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
- defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \
- defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \
- defined(HAVE_SESSION_TICKET) && \
- !defined(TITAN_SESSION_CACHE) && \
- !defined(HUGE_SESSION_CACHE) && \
- !defined(BIG_SESSION_CACHE) && \
- !defined(MEDIUM_SESSION_CACHE)
- #if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
- !defined(NO_DES3))
- #ifdef WOLFSSL_DTLS
- struct test_add_session_ext_params param[1] = {
- { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" }
- };
- ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS);
- #endif
- #endif
- #endif
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
- /* canned export of a session using older version 3 */
- static unsigned char version_3[] = {
- 0xA5, 0xA3, 0x01, 0x88, 0x00, 0x3c, 0x00, 0x01,
- 0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00,
- 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30,
- 0x05, 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05,
- 0xFE, 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00,
- 0x00, 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01,
- 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05,
- 0x12, 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D,
- 0x31, 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B,
- 0xF3, 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98,
- 0x91, 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0,
- 0x00, 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74,
- 0xDF, 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26,
- 0xA5, 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9,
- 0xEF, 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04,
- 0xAA, 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0x0C, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D,
- 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00,
- 0x10, 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01,
- 0x30, 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00,
- 0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30,
- 0x2E, 0x31, 0xED, 0x4F
- };
- #endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */
- static int test_wolfSSL_dtls_export(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- callback_functions server_cbf;
- callback_functions client_cbf;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- /* set using dtls */
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- XMEMSET(&client_cbf, 0, sizeof(callback_functions));
- server_cbf.method = wolfDTLSv1_2_server_method;
- client_cbf.method = wolfDTLSv1_2_client_method;
- server_args.callbacks = &server_cbf;
- client_args.callbacks = &client_cbf;
- server_args.signal = &ready;
- client_args.signal = &ready;
- start_thread(run_wolfssl_server, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- run_wolfssl_client(&client_args);
- join_thread(serverThread);
- ExpectTrue(client_args.return_code);
- ExpectTrue(server_args.return_code);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- if (EXPECT_SUCCESS()) {
- SOCKET_T sockfd = 0;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- int msgSz = (int)XSTRLEN(msg);
- byte *session, *window;
- unsigned int sessionSz = 0;
- unsigned int windowSz = 0;
- #ifndef TEST_IPV6
- struct sockaddr_in peerAddr;
- #else
- struct sockaddr_in6 peerAddr;
- #endif /* TEST_IPV6 */
- int i;
- /* Set ctx to DTLS 1.2 */
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* test importing version 3 */
- ExpectIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
- /* test importing bad length and bad version */
- version_3[2] += 1;
- ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
- version_3[2] -= 1; version_3[1] = 0XA0;
- ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- /* check storing client state after connection and storing window only */
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- /* set using dtls */
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- server_cbf.method = wolfDTLSv1_2_server_method;
- server_cbf.doUdp = 1;
- server_args.callbacks = &server_cbf;
- server_args.argc = 3; /* set loop_count to 3 */
- server_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- /* create and connect with client */
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 1, 0, NULL);
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
- /* store server information connected too */
- XMEMSET(&peerAddr, 0, sizeof(peerAddr));
- #ifndef TEST_IPV6
- peerAddr.sin_family = AF_INET;
- ExpectIntEQ(XINET_PTON(AF_INET, wolfSSLIP, &peerAddr.sin_addr),1);
- peerAddr.sin_port = XHTONS(server_args.signal->port);
- #else
- peerAddr.sin6_family = AF_INET6;
- ExpectIntEQ(
- XINET_PTON(AF_INET6, wolfSSLIP, &peerAddr.sin6_addr),1);
- peerAddr.sin6_port = XHTONS(server_args.signal->port);
- #endif
- ExpectIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0);
- session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ExpectIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0);
- ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
- ExpectIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
- ExpectIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0);
- window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ExpectIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
- wolfSSL_free(ssl);
- for (i = 1; EXPECT_SUCCESS() && i < server_args.argc; i++) {
- /* restore state */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0);
- ExpectIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0);
- ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
- ExpectIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
- ExpectIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
- wolfSSL_free(ssl);
- }
- XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_CTX_free(ctx);
- fprintf(stderr, "done and waiting for server\n");
- join_thread(serverThread);
- ExpectIntEQ(server_args.return_code, TEST_SUCCESS);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- }
- #endif
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
- #ifdef WOLFSSL_TLS13
- static const byte canned_client_tls13_session[] = {
- 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00,
- 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
- 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01,
- 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
- 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
- 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00,
- 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
- 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00,
- 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
- 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
- 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
- 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
- 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
- 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
- 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
- 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
- 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
- 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
- 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
- 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
- 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
- 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
- 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
- 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
- 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0,
- 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A,
- 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06,
- 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
- 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
- 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x03
- };
- static const byte canned_server_tls13_session[] = {
- 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00,
- 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
- 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
- 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F,
- 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
- 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
- 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
- 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
- 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
- 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
- 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
- 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
- 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
- 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
- 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
- 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
- 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
- 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
- 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
- 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
- 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
- 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
- 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D,
- 0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3,
- 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1,
- 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
- 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
- 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x04
- };
- #endif /* WOLFSSL_TLS13 */
- static const byte canned_client_session[] = {
- 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
- 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01,
- 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
- 0x27, 0x0A, 0x0D, 0x10, 0x01, 0x01, 0x0A, 0x00,
- 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
- 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00,
- 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
- 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
- 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
- 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
- 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
- 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
- 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
- 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
- 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
- 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
- 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
- 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
- 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
- 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
- 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
- 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
- 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
- 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
- 0x28, 0x00, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
- 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
- 0x43, 0xF3, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
- 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
- 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x03
- };
- static const byte canned_server_session[] = {
- 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
- 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
- 0x27, 0x08, 0x0F, 0x10, 0x01, 0x01, 0x00, 0x11,
- 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
- 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x02, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
- 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
- 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
- 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
- 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
- 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
- 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
- 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
- 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
- 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
- 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
- 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
- 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
- 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
- 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
- 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
- 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
- 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
- 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
- 0x28, 0x00, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
- 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
- 0x14, 0x63, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
- 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
- 0x43, 0xF3, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x04
- };
- static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args)
- {
- SOCKET_T sockfd = 0;
- SOCKET_T clientfd = 0;
- word16 port;
- callback_functions* cbf;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- char msg[] = "I hear you fa shizzle!";
- char input[1024];
- int idx;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ((func_args*)args)->return_code = TEST_FAIL;
- cbf = ((func_args*)args)->callbacks;
- #if defined(USE_WINDOWS_API)
- port = ((func_args*)args)->signal->port;
- #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
- !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
- /* Let tcp_listen assign port */
- port = 0;
- #else
- /* Use default port */
- port = wolfSSLPort;
- #endif
- /* do it here to detect failure */
- tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
- CloseSocket(sockfd);
- {
- WOLFSSL_METHOD* method = NULL;
- if (cbf != NULL && cbf->method != NULL) {
- method = cbf->method();
- }
- else {
- method = wolfTLSv1_2_server_method();
- }
- ctx = wolfSSL_CTX_new(method);
- }
- if (ctx == NULL) {
- goto done;
- }
- wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
- /* call ctx setup callback */
- if (cbf != NULL && cbf->ctx_ready != NULL) {
- cbf->ctx_ready(ctx);
- }
- ssl = wolfSSL_new(ctx);
- if (ssl == NULL) {
- goto done;
- }
- wolfSSL_set_fd(ssl, clientfd);
- /* call ssl setup callback */
- if (cbf != NULL && cbf->ssl_ready != NULL) {
- cbf->ssl_ready(ssl);
- }
- idx = wolfSSL_read(ssl, input, sizeof(input)-1);
- if (idx > 0) {
- input[idx] = '\0';
- fprintf(stderr, "Client message export/import: %s\n", input);
- }
- else {
- fprintf(stderr, "ret = %d error = %d\n", idx,
- wolfSSL_get_error(ssl, idx));
- goto done;
- }
- if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
- /*err_sys("SSL_write failed");*/
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- #ifdef WOLFSSL_TIRTOS
- Task_yield();
- #endif
- ((func_args*)args)->return_code = TEST_SUCCESS;
- done:
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(clientfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- #if defined(HAVE_SESSION_TICKET) && \
- ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
- #if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
- OpenSSLTicketCleanup();
- #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
- TicketCleanup();
- #endif
- #endif
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- static void load_tls12_canned_server(WOLFSSL* ssl)
- {
- int clientfd = wolfSSL_get_fd(ssl);
- AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session,
- sizeof(canned_server_session)), sizeof(canned_server_session));
- wolfSSL_set_fd(ssl, clientfd);
- }
- #ifdef WOLFSSL_TLS13
- static void load_tls13_canned_server(WOLFSSL* ssl)
- {
- int clientfd = wolfSSL_get_fd(ssl);
- AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session,
- sizeof(canned_server_tls13_session)),
- sizeof(canned_server_tls13_session));
- wolfSSL_set_fd(ssl, clientfd);
- }
- #endif
- /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
- static int test_wolfSSL_tls_export_run(int v)
- {
- EXPECT_DECLS;
- SOCKET_T sockfd = 0;
- WOLFSSL_CTX* ctx = 0;
- WOLFSSL* ssl = 0;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- word32 replySz;
- int msgSz = (int)XSTRLEN(msg);
- const byte* clientSession = NULL;
- int clientSessionSz = 0;
- tcp_ready ready;
- func_args server_args;
- THREAD_TYPE serverThread;
- callback_functions server_cbf;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- switch (v) {
- case WOLFSSL_TLSV1_2:
- server_cbf.method = wolfTLSv1_2_server_method;
- server_cbf.ssl_ready = load_tls12_canned_server;
- /* setup the client side */
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
- wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
- clientSession = canned_client_session;
- clientSessionSz = sizeof(canned_client_session);
- break;
- #ifdef WOLFSSL_TLS13
- case WOLFSSL_TLSV1_3:
- server_cbf.method = wolfTLSv1_3_server_method;
- server_cbf.ssl_ready = load_tls13_canned_server;
- /* setup the client side */
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- clientSession = canned_client_tls13_session;
- clientSessionSz = sizeof(canned_client_tls13_session);
- break;
- #endif
- }
- server_args.callbacks = &server_cbf;
- server_args.signal = &ready;
- start_thread(tls_export_server, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
- ExpectIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz),
- clientSessionSz);
- replySz = sizeof(reply);
- ExpectIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0);
- #if !defined(NO_PSK) && defined(HAVE_ANON)
- /* index 20 has is setting if PSK was on and 49 is if anon is allowed */
- ExpectIntEQ(XMEMCMP(reply, clientSession, replySz), 0);
- #endif
- wolfSSL_set_fd(ssl, sockfd);
- ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
- ExpectIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(sockfd);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
- && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- join_thread(serverThread);
- ExpectIntEQ(server_args.return_code, TEST_SUCCESS);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_tls_export(void)
- {
- int res = TEST_SKIPPED;
- #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
- test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2);
- #ifdef WOLFSSL_TLS13
- test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3);
- #endif
- res = TEST_RES_CHECK(1);
- #endif
- return res;
- }
- /*----------------------------------------------------------------------------*
- | TLS extensions tests
- *----------------------------------------------------------------------------*/
- #ifdef ENABLE_TLS_CALLBACK_TEST
- /* Connection test runner - generic */
- static void test_wolfSSL_client_server(callback_functions* client_callbacks,
- callback_functions* server_callbacks)
- {
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- client_args.callbacks = client_callbacks;
- server_args.callbacks = server_callbacks;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- /* RUN Server side */
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- client_args.signal = &ready;
- start_thread(run_wolfssl_server, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- /* RUN Client side */
- run_wolfssl_client(&client_args);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- client_callbacks->return_code = client_args.return_code;
- server_callbacks->return_code = server_args.return_code;
- }
- #endif /* ENABLE_TLS_CALLBACK_TEST */
- #ifdef HAVE_SNI
- static int test_wolfSSL_UseSNI_params(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- ExpectNotNull(ctx);
- ExpectNotNull(ssl);
- /* invalid [ctx|ssl] */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
- /* invalid type */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
- /* invalid data */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
- /* success case */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT */
- return EXPECT_RESULT();
- }
- /* BEGIN of connection tests callbacks */
- static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
- {
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
- }
- static void use_SNI_at_ssl(WOLFSSL* ssl)
- {
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
- }
- static void different_SNI_at_ssl(WOLFSSL* ssl)
- {
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
- }
- static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
- {
- use_SNI_at_ssl(ssl);
- wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
- }
- static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
- {
- use_SNI_at_ssl(ssl);
- wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_ANSWER_ON_MISMATCH);
- }
- static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
- {
- use_SNI_at_ctx(ctx);
- wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_ABORT_ON_ABSENCE);
- }
- static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
- {
- use_SNI_at_ssl(ssl);
- wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_ABORT_ON_ABSENCE);
- }
- static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
- {
- use_SNI_at_ctx(ctx);
- wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
- WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
- }
- static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
- {
- AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
- }
- static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
- {
- AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
- }
- static void verify_SNI_no_matching(WOLFSSL* ssl)
- {
- byte type = WOLFSSL_SNI_HOST_NAME;
- void* request = (void*) &type; /* to be overwritten */
- AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
- AssertNotNull(request);
- AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, &request));
- AssertNull(request);
- }
- static void verify_SNI_real_matching(WOLFSSL* ssl)
- {
- byte type = WOLFSSL_SNI_HOST_NAME;
- void* request = NULL;
- AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
- AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, &request));
- AssertNotNull(request);
- AssertStrEQ("www.wolfssl.com", (char*)request);
- }
- static void verify_SNI_fake_matching(WOLFSSL* ssl)
- {
- byte type = WOLFSSL_SNI_HOST_NAME;
- void* request = NULL;
- AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
- AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, &request));
- AssertNotNull(request);
- AssertStrEQ("ww2.wolfssl.com", (char*)request);
- }
- static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
- {
- AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
- }
- /* END of connection tests callbacks */
- static int test_wolfSSL_UseSNI_connection(void)
- {
- int res = TEST_SKIPPED;
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- callback_functions client_cb;
- callback_functions server_cb;
- size_t i;
- #ifdef WOLFSSL_STATIC_MEMORY
- byte cliMem[TEST_TLS_STATIC_MEMSZ];
- byte svrMem[TEST_TLS_STATIC_MEMSZ];
- #endif
- struct {
- method_provider client_meth;
- method_provider server_meth;
- #ifdef WOLFSSL_STATIC_MEMORY
- wolfSSL_method_func client_meth_ex;
- wolfSSL_method_func server_meth_ex;
- #endif
- } methods[] = {
- #if defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_TLS13)
- {wolfSSLv23_client_method, wolfSSLv23_server_method
- #ifdef WOLFSSL_STATIC_MEMORY
- ,wolfSSLv23_client_method_ex, wolfSSLv23_server_method_ex
- #endif
- },
- #endif
- #ifndef WOLFSSL_NO_TLS12
- {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method
- #ifdef WOLFSSL_STATIC_MEMORY
- ,wolfTLSv1_2_client_method_ex, wolfTLSv1_2_server_method_ex
- #endif
- },
- #endif
- #ifdef WOLFSSL_TLS13
- {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method
- #ifdef WOLFSSL_STATIC_MEMORY
- ,wolfTLSv1_3_client_method_ex, wolfTLSv1_3_server_method_ex
- #endif
- },
- #endif
- };
- size_t methodsSz = sizeof(methods) / sizeof(*methods);
- for (i = 0; i < methodsSz; i++) {
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- client_cb.method = methods[i].client_meth;
- server_cb.method = methods[i].server_meth;
- client_cb.devId = testDevId;
- server_cb.devId = testDevId;
- #ifdef WOLFSSL_STATIC_MEMORY
- client_cb.method_ex = methods[i].client_meth_ex;
- server_cb.method_ex = methods[i].server_meth_ex;
- client_cb.mem = cliMem;
- client_cb.memSz = (word32)sizeof(cliMem);
- server_cb.mem = svrMem;
- server_cb.memSz = (word32)sizeof(svrMem);;
- #endif
- /* success case at ctx */
- fprintf(stderr, "\n\tsuccess case at ctx\n");
- client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
- server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* success case at ssl */
- fprintf(stderr, "\tsuccess case at ssl\n");
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* default mismatch behavior */
- fprintf(stderr, "\tdefault mismatch behavior\n");
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* continue on mismatch */
- fprintf(stderr, "\tcontinue on mismatch\n");
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* fake answer on mismatch */
- fprintf(stderr, "\tfake answer on mismatch\n");
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* sni abort - success */
- fprintf(stderr, "\tsni abort - success\n");
- client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
- server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* sni abort - abort when absent (ctx) */
- fprintf(stderr, "\tsni abort - abort when absent (ctx)\n");
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
- server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* sni abort - abort when absent (ssl) */
- fprintf(stderr, "\tsni abort - abort when absent (ssl)\n");
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* sni abort - success when overwritten */
- fprintf(stderr, "\tsni abort - success when overwritten\n");
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
- server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* sni abort - success when allowing mismatches */
- fprintf(stderr, "\tsni abort - success when allowing mismatches\n");
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
- server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- }
- res = TEST_RES_CHECK(1);
- #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
- return res;
- }
- static int test_wolfSSL_SNI_GetFromBuffer(void)
- {
- EXPECT_DECLS;
- byte buff[] = { /* www.paypal.com */
- 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
- 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
- 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
- 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b,
- 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
- 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21,
- 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77,
- 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00,
- 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
- };
- byte buff2[] = { /* api.textmate.org */
- 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
- 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
- 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
- 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
- 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
- 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
- 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
- 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
- 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
- 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
- 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
- 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
- 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
- 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
- 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
- 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
- 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
- };
- byte buff3[] = { /* no sni extension */
- 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
- 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
- 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
- 0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b,
- 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
- 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a,
- 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
- };
- byte buff4[] = { /* last extension has zero size */
- 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
- 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
- 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
- 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
- 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
- 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
- 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
- 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
- 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
- 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
- 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
- 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
- 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
- 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
- 0x12, 0x00, 0x00
- };
- byte buff5[] = { /* SSL v2.0 client hello */
- 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
- /* dummy bytes below, just to pass size check */
- 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
- 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
- 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
- };
- byte result[32] = {0};
- word32 length = 32;
- ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4),
- 0, result, &length));
- ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3),
- 0, result, &length));
- ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
- 1, result, &length));
- ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
- 0, result, &length));
- buff[0] = 0x16;
- ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
- 0, result, &length));
- buff[1] = 0x03;
- ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
- sizeof(buff), 0, result, &length));
- buff[2] = 0x03;
- ExpectIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
- sizeof(buff), 0, result, &length));
- buff[4] = 0x64;
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
- 0, result, &length));
- if (EXPECT_SUCCESS())
- result[length] = 0;
- ExpectStrEQ("www.paypal.com", (const char*) result);
- length = 32;
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
- 0, result, &length));
- if (EXPECT_SUCCESS())
- result[length] = 0;
- ExpectStrEQ("api.textmate.org", (const char*) result);
- /* SSL v2.0 tests */
- ExpectIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
- sizeof(buff5), 0, result, &length));
- buff5[2] = 0x02;
- ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
- sizeof(buff5), 0, result, &length));
- buff5[2] = 0x01; buff5[6] = 0x08;
- ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
- sizeof(buff5), 0, result, &length));
- buff5[6] = 0x09; buff5[8] = 0x01;
- ExpectIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
- sizeof(buff5), 0, result, &length));
- return EXPECT_RESULT();
- }
- #endif /* HAVE_SNI */
- #endif /* HAVE_IO_TESTS_DEPENDENCIES */
- #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- /* Dummy peer functions to satisfy the exporter/importer */
- static int test_wolfSSL_dtls_export_peers_get_peer(WOLFSSL* ssl, char* ip,
- int* ipSz, unsigned short* port, int* fam)
- {
- (void)ssl;
- ip[0] = -1;
- *ipSz = 1;
- *port = 1;
- *fam = 2;
- return 1;
- }
- static int test_wolfSSL_dtls_export_peers_set_peer(WOLFSSL* ssl, char* ip,
- int ipSz, unsigned short port, int fam)
- {
- (void)ssl;
- if (ip[0] != -1 || ipSz != 1 || port != 1 || fam != 2)
- return 0;
- return 1;
- }
- static int test_wolfSSL_dtls_export_peers_on_handshake(WOLFSSL_CTX **ctx,
- WOLFSSL **ssl)
- {
- EXPECT_DECLS;
- unsigned char* sessionBuf = NULL;
- unsigned int sessionSz = 0;
- void* ioWriteCtx = wolfSSL_GetIOWriteCtx(*ssl);
- void* ioReadCtx = wolfSSL_GetIOReadCtx(*ssl);
- wolfSSL_CTX_SetIOGetPeer(*ctx, test_wolfSSL_dtls_export_peers_get_peer);
- wolfSSL_CTX_SetIOSetPeer(*ctx, test_wolfSSL_dtls_export_peers_set_peer);
- ExpectIntGE(wolfSSL_dtls_export(*ssl, NULL, &sessionSz), 0);
- ExpectNotNull(sessionBuf =
- (unsigned char*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntGE(wolfSSL_dtls_export(*ssl, sessionBuf, &sessionSz), 0);
- wolfSSL_free(*ssl);
- *ssl = NULL;
- ExpectNotNull(*ssl = wolfSSL_new(*ctx));
- ExpectIntGE(wolfSSL_dtls_import(*ssl, sessionBuf, sessionSz), 0);
- wolfSSL_SetIOWriteCtx(*ssl, ioWriteCtx);
- wolfSSL_SetIOReadCtx(*ssl, ioReadCtx);
- XFREE(sessionBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_dtls_export_peers(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- size_t i, j;
- struct test_params {
- method_provider client_meth;
- method_provider server_meth;
- const char* dtls_version;
- } params[] = {
- #ifndef NO_OLD_TLS
- {wolfDTLSv1_client_method, wolfDTLSv1_server_method, "1.0"},
- #endif
- {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "1.2"},
- /* TODO DTLS 1.3 exporting not supported
- #ifdef WOLFSSL_DTLS13
- {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "1.3"},
- #endif
- */
- };
- for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
- for (j = 0; j <= 0b11; j++) {
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- printf("\n\tTesting DTLS %s connection;", params[i].dtls_version);
- client_cbf.method = params[i].client_meth;
- server_cbf.method = params[i].server_meth;
- if (j & 0b01) {
- client_cbf.on_handshake =
- test_wolfSSL_dtls_export_peers_on_handshake;
- printf(" With client export;");
- }
- if (j & 0b10) {
- server_cbf.on_handshake =
- test_wolfSSL_dtls_export_peers_on_handshake;
- printf(" With server export;");
- }
- printf("\n");
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- if (!EXPECT_SUCCESS())
- break;
- }
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_UseTrustedCA(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
- && !defined(NO_RSA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- byte id[20];
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())));
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- #else
- ExpectNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())));
- #endif
- ExpectNotNull((ssl = wolfSSL_new(ctx)));
- XMEMSET(id, 0, sizeof(id));
- /* error cases */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
- #ifdef NO_SHA
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
- #endif
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));
- /* success cases */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
- #ifndef NO_SHA
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
- #endif
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
- WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* HAVE_TRUSTED_CA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_UseMaxFragment(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- #ifndef NO_WOLFSSL_SERVER
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- #else
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- #endif
- WOLFSSL *ssl = NULL;
- #ifdef OPENSSL_EXTRA
- int (*UseMaxFragment)(SSL *s, uint8_t mode);
- int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode);
- #else
- int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode);
- int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- #endif
- ExpectNotNull(ctx);
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- #ifdef OPENSSL_EXTRA
- CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length;
- UseMaxFragment = SSL_set_tlsext_max_fragment_length;
- #else
- UseMaxFragment = wolfSSL_UseMaxFragment;
- CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment;
- #endif
- /* error cases */
- ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
- ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
- ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1));
- ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1));
- ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1));
- ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1));
- /* success case */
- #ifdef OPENSSL_EXTRA
- ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
- #else
- ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
- #endif
- ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
- ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
- ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
- ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
- #ifdef OPENSSL_EXTRA
- ExpectIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
- ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
- #else
- ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
- ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
- #endif
- ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
- ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
- ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
- ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
- #ifdef OPENSSL_EXTRA
- ExpectIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
- #else
- ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
- #endif
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_UseTruncatedHMAC(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- #ifndef NO_WOLFSSL_SERVER
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
- #else
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- #endif
- WOLFSSL *ssl = NULL;
- ExpectNotNull(ctx);
- #ifndef NO_WOLFSSL_SERVER
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- #endif
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* error cases */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
- /* success case */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_UseSupportedCurve(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && \
- !defined(NO_TLS)
- WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- ExpectNotNull(ctx);
- ExpectNotNull(ssl);
- /* error cases */
- ExpectIntNE(WOLFSSL_SUCCESS,
- wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
- ExpectIntNE(WOLFSSL_SUCCESS,
- wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
- /* success case */
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES)
- static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
- {
- AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
- }
- static void use_ALPN_all(WOLFSSL* ssl)
- {
- /* http/1.1,spdy/1,spdy/2,spdy/3 */
- char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- }
- static void use_ALPN_all_continue(WOLFSSL* ssl)
- {
- /* http/1.1,spdy/1,spdy/2,spdy/3 */
- char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
- WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
- }
- static void use_ALPN_one(WOLFSSL* ssl)
- {
- /* spdy/2 */
- char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- }
- static void use_ALPN_unknown(WOLFSSL* ssl)
- {
- /* http/2.0 */
- char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- }
- static void use_ALPN_unknown_continue(WOLFSSL* ssl)
- {
- /* http/2.0 */
- char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
- WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
- }
- static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl)
- {
- /* spdy/3 */
- char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- char *proto = NULL;
- word16 protoSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
- /* check value */
- AssertIntNE(1, sizeof(nego_proto) == protoSz);
- if (proto) {
- AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto)));
- }
- }
- static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
- {
- char *proto = NULL;
- word16 protoSz = 0;
- AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
- wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
- /* check value */
- AssertIntEQ(1, (0 == protoSz));
- AssertIntEQ(1, (NULL == proto));
- }
- static void verify_ALPN_matching_http1(WOLFSSL* ssl)
- {
- /* http/1.1 */
- char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
- char *proto;
- word16 protoSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
- /* check value */
- AssertIntEQ(1, sizeof(nego_proto) == protoSz);
- AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
- }
- static void verify_ALPN_matching_spdy2(WOLFSSL* ssl)
- {
- /* spdy/2 */
- char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
- char *proto;
- word16 protoSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
- /* check value */
- AssertIntEQ(1, sizeof(nego_proto) == protoSz);
- AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
- }
- static void verify_ALPN_client_list(WOLFSSL* ssl)
- {
- /* http/1.1,spdy/1,spdy/2,spdy/3 */
- char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
- 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- char *clist = NULL;
- word16 clistSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist,
- &clistSz));
- /* check value */
- AssertIntEQ(1, sizeof(alpn_list) == clistSz);
- AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz));
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist));
- }
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
- /* ALPN select callback, success with spdy/2 */
- static int select_ALPN_spdy2(WOLFSSL *ssl, const unsigned char **out,
- unsigned char *outlen, const unsigned char *in,
- unsigned int inlen, void *arg)
- {
- /* spdy/2 */
- const char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
- (void)ssl;
- (void)arg;
- /* adding +1 since LEN byte comes first */
- if (inlen < sizeof(proto) + 1) {
- return SSL_TLSEXT_ERR_ALERT_FATAL;
- }
- if (XMEMCMP(in + 1, proto, sizeof(proto)) == 0) {
- *out = in + 1;
- *outlen = (unsigned char)sizeof(proto);
- return SSL_TLSEXT_ERR_OK;
- }
- return SSL_TLSEXT_ERR_ALERT_FATAL;
- }
- /* ALPN select callback, force failure */
- static int select_ALPN_failure(WOLFSSL *ssl, const unsigned char **out,
- unsigned char *outlen, const unsigned char *in,
- unsigned int inlen, void *arg)
- {
- (void)ssl;
- (void)out;
- (void)outlen;
- (void)in;
- (void)inlen;
- (void)arg;
- return SSL_TLSEXT_ERR_ALERT_FATAL;
- }
- static void use_ALPN_spdy2_callback(WOLFSSL* ssl)
- {
- wolfSSL_set_alpn_select_cb(ssl, select_ALPN_spdy2, NULL);
- }
- static void use_ALPN_failure_callback(WOLFSSL* ssl)
- {
- wolfSSL_set_alpn_select_cb(ssl, select_ALPN_failure, NULL);
- }
- #endif /* OPENSSL_ALL | NGINX | HAPROXY | LIGHTY | QUIC */
- static int test_wolfSSL_UseALPN_connection(void)
- {
- int res = TEST_SKIPPED;
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- callback_functions client_cb;
- callback_functions server_cb;
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- client_cb.method = wolfSSLv23_client_method;
- server_cb.method = wolfSSLv23_server_method;
- client_cb.devId = testDevId;
- server_cb.devId = testDevId;
- /* success case same list */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_http1;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* success case only one for server */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_matching_spdy2;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* success case only one for client */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_one; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_spdy2;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* success case none for client */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = NULL;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* success case mismatch behavior but option 'continue' set */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all_continue; client_cb.on_result = verify_ALPN_not_matching_continue;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown_continue; server_cb.on_result = NULL;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* success case read protocol send by client */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_client_list;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* mismatch behavior with same list
- * the first and only this one must be taken */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_not_matching_spdy3;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* default mismatch behavior */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
- /* WOLFSSL-level ALPN select callback tests */
- /* Callback: success (one protocol, spdy/2) */
- client_cb.ctx_ready = NULL;
- client_cb.ssl_ready = use_ALPN_one;
- client_cb.on_result = verify_ALPN_matching_spdy2;
- server_cb.ctx_ready = NULL;
- server_cb.ssl_ready = use_ALPN_spdy2_callback;
- server_cb.on_result = verify_ALPN_matching_spdy2;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* Callback: failure (one client protocol, spdy/2) */
- client_cb.ctx_ready = NULL;
- client_cb.ssl_ready = use_ALPN_one;
- client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL;
- server_cb.ssl_ready = use_ALPN_failure_callback;
- server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- #endif /* OPENSSL_ALL | NGINX | HAPROXY | LIGHTY */
- res = TEST_RES_CHECK(1);
- #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
- return res;
- }
- static int test_wolfSSL_UseALPN_params(void)
- {
- EXPECT_DECLS;
- #ifndef NO_WOLFSSL_CLIENT
- /* "http/1.1" */
- char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
- /* "spdy/1" */
- char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31};
- /* "spdy/2" */
- char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
- /* "spdy/3" */
- char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- char buff[256];
- word32 idx;
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- ExpectNotNull(ctx);
- ExpectNotNull(ssl);
- /* error cases */
- ExpectIntNE(WOLFSSL_SUCCESS,
- wolfSSL_UseALPN(NULL, http1, sizeof(http1),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0,
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- /* success case */
- /* http1 only */
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_UseALPN(ssl, http1, sizeof(http1),
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- /* http1, spdy1 */
- XMEMCPY(buff, http1, sizeof(http1));
- idx = sizeof(http1);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
- idx += sizeof(spdy1);
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- /* http1, spdy2, spdy1 */
- XMEMCPY(buff, http1, sizeof(http1));
- idx = sizeof(http1);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
- idx += sizeof(spdy2);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
- idx += sizeof(spdy1);
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
- WOLFSSL_ALPN_FAILED_ON_MISMATCH));
- /* spdy3, http1, spdy2, spdy1 */
- XMEMCPY(buff, spdy3, sizeof(spdy3));
- idx = sizeof(spdy3);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, http1, sizeof(http1));
- idx += sizeof(http1);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
- idx += sizeof(spdy2);
- buff[idx++] = ',';
- XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
- idx += sizeof(spdy1);
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
- WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* HAVE_ALPN */
- #ifdef HAVE_ALPN_PROTOS_SUPPORT
- static void CTX_set_alpn_protos(SSL_CTX *ctx)
- {
- unsigned char p[] = {
- 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
- 6, 's', 'p', 'd', 'y', '/', '2',
- 6, 's', 'p', 'd', 'y', '/', '1',
- };
- unsigned char p_len = sizeof(p);
- int ret;
- ret = SSL_CTX_set_alpn_protos(ctx, p, p_len);
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- AssertIntEQ(ret, 0);
- #else
- AssertIntEQ(ret, SSL_SUCCESS);
- #endif
- }
- static void set_alpn_protos(SSL* ssl)
- {
- unsigned char p[] = {
- 6, 's', 'p', 'd', 'y', '/', '3',
- 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
- 6, 's', 'p', 'd', 'y', '/', '2',
- 6, 's', 'p', 'd', 'y', '/', '1',
- };
- unsigned char p_len = sizeof(p);
- int ret;
- ret = SSL_set_alpn_protos(ssl, p, p_len);
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- AssertIntEQ(ret, 0);
- #else
- AssertIntEQ(ret, SSL_SUCCESS);
- #endif
- }
- static void verify_alpn_matching_spdy3(WOLFSSL* ssl)
- {
- /* "spdy/3" */
- char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
- const unsigned char *proto;
- unsigned int protoSz = 0;
- SSL_get0_alpn_selected(ssl, &proto, &protoSz);
- /* check value */
- AssertIntEQ(1, sizeof(nego_proto) == protoSz);
- AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
- }
- static void verify_alpn_matching_http1(WOLFSSL* ssl)
- {
- /* "http/1.1" */
- char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
- const unsigned char *proto;
- unsigned int protoSz = 0;
- SSL_get0_alpn_selected(ssl, &proto, &protoSz);
- /* check value */
- AssertIntEQ(1, sizeof(nego_proto) == protoSz);
- AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
- }
- static int test_wolfSSL_set_alpn_protos(void)
- {
- int res = TEST_SKIPPED;
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- callback_functions client_cb;
- callback_functions server_cb;
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- client_cb.method = wolfSSLv23_client_method;
- server_cb.method = wolfSSLv23_server_method;
- client_cb.devId = testDevId;
- server_cb.devId = testDevId;
- /* use CTX_alpn_protos */
- client_cb.ctx_ready = CTX_set_alpn_protos; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
- server_cb.ctx_ready = CTX_set_alpn_protos; server_cb.ssl_ready = NULL; server_cb.on_result = verify_alpn_matching_http1;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- /* use set_alpn_protos */
- client_cb.ctx_ready = NULL; client_cb.ssl_ready = set_alpn_protos; client_cb.on_result = NULL;
- server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3;
- test_wolfSSL_client_server(&client_cb, &server_cb);
- res = TEST_SUCCESS;
- #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
- return res;
- }
- #endif /* HAVE_ALPN_PROTOS_SUPPORT */
- static int test_wolfSSL_DisableExtendedMasterSecret(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- ExpectNotNull(ctx);
- ExpectNotNull(ssl);
- /* error cases */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
- /* success cases */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- ExpectNotNull(ctx);
- ExpectNotNull(ssl);
- /* error cases */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL));
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL));
- /* success cases */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- /* Test reconnecting with a different ciphersuite after a renegotiation. */
- static int test_wolfSSL_SCR_Reconnect(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SECURE_RENEGOTIATION) && \
- defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) && \
- defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) && \
- defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
- byte data;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- test_ctx.c_ciphers = "ECDHE-RSA-AES256-GCM-SHA384";
- test_ctx.s_ciphers =
- "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305";
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_s));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s));
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- /* WOLFSSL_FATAL_ERROR since it will block */
- ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c);
- ssl_c = NULL;
- wolfSSL_free(ssl_s);
- ssl_s = NULL;
- wolfSSL_CTX_free(ctx_c);
- ctx_c = NULL;
- test_ctx.c_ciphers = "ECDHE-RSA-CHACHA20-POLY1305";
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_s);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_s);
- wolfSSL_CTX_free(ctx_c);
- #endif
- return EXPECT_RESULT();
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \
- (!defined(NO_RSA) || defined(HAVE_ECC))
- /* Called when writing. */
- static int DummySend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
- {
- (void)ssl;
- (void)buf;
- (void)sz;
- (void)ctx;
- /* Force error return from wolfSSL_accept_TLSv13(). */
- return WANT_WRITE;
- }
- /* Called when reading. */
- static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
- {
- WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx;
- int len = (int)msg->length;
- (void)ssl;
- (void)sz;
- /* Pass back as much of message as will fit in buffer. */
- if (len > sz)
- len = sz;
- XMEMCPY(buf, msg->buffer, len);
- /* Move over returned data. */
- msg->buffer += len;
- msg->length -= len;
- /* Amount actually copied. */
- return len;
- }
- #endif
- /* Test the detection of duplicate known TLS extensions.
- * Specifically in a ClientHello.
- */
- static int test_tls_ext_duplicate(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
- !defined(NO_FILESYSTEM)
- const unsigned char clientHelloDupTlsExt[] = {
- 0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00,
- 0x66, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
- 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55,
- 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8,
- 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c,
- 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b,
- 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda,
- 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x13, 0x01,
- 0x00, 0x9e, 0x01, 0x00,
- /* Extensions - duplicate signature algorithms. */
- 0x00, 0x19, 0x00, 0x0d,
- 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, 0x00, 0x0d,
- 0x00, 0x04, 0x00, 0x02, 0x04, 0x01,
- /* Supported Versions extension for TLS 1.3. */
- 0x00, 0x2b,
- 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03
- };
- WOLFSSL_BUFFER_INFO msg;
- const char* testCertFile;
- const char* testKeyFile;
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #endif
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- WOLFSSL_FILETYPE_PEM));
- /* Read from 'msg'. */
- wolfSSL_SetIORecv(ctx, BufferInfoRecv);
- /* No where to send to - dummy sender. */
- wolfSSL_SetIOSend(ctx, DummySend);
- ssl = wolfSSL_new(ctx);
- ExpectNotNull(ssl);
- msg.buffer = (unsigned char*)clientHelloDupTlsExt;
- msg.length = (unsigned int)sizeof(clientHelloDupTlsExt);
- wolfSSL_SetIOReadCtx(ssl, &msg);
- ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
- /* can return duplicate ext error or socket error if the peer closed down
- * while sending alert */
- if (wolfSSL_get_error(ssl, 0) != SOCKET_ERROR_E) {
- ExpectIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E);
- }
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- /*----------------------------------------------------------------------------*
- | X509 Tests
- *----------------------------------------------------------------------------*/
- static int test_wolfSSL_X509_NAME_get_entry(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_RSA)
- #if defined(OPENSSL_ALL) || \
- (defined(OPENSSL_EXTRA) && \
- (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
- /* use openssl like name to test mapping */
- X509_NAME_ENTRY* ne = NULL;
- X509_NAME* name = NULL;
- X509* x509 = NULL;
- #ifndef NO_FILESYSTEM
- ASN1_STRING* asn = NULL;
- char* subCN = NULL;
- #endif
- int idx = 0;
- ASN1_OBJECT *object = NULL;
- #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \
- defined(WOLFSSL_NGINX)
- #ifndef NO_BIO
- BIO* bio = NULL;
- #endif
- #endif
- #ifndef NO_FILESYSTEM
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = X509_get_subject_name(x509));
- ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
- ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
- ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne));
- ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn));
- wolfSSL_FreeX509(x509);
- x509 = NULL;
- #endif
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = X509_get_subject_name(x509));
- ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
- #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \
- defined(WOLFSSL_NGINX)
- #ifndef NO_BIO
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(bio, name, 4,
- (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4,
- (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
- BIO_free(bio);
- #endif
- #endif
- ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
- ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne));
- wolfSSL_FreeX509(x509);
- #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */
- #endif /* !NO_CERTS && !NO_RSA */
- return EXPECT_RESULT();
- }
- /* Testing functions dealing with PKCS12 parsing out X509 certs */
- static int test_wolfSSL_PKCS12(void)
- {
- EXPECT_DECLS;
- /* .p12 file is encrypted with DES3 */
- #ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
- * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
- * Password Key
- */
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
- !defined(NO_STDIO_FILESYSTEM) && \
- !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
- !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO)
- byte buf[6000];
- char file[] = "./certs/test-servercert.p12";
- char order[] = "./certs/ecc-rsa-server.p12";
- #ifdef WC_RC2
- char rc2p12[] = "./certs/test-servercert-rc2.p12";
- #endif
- char pass[] = "a password";
- const char goodPsw[] = "wolfSSL test";
- const char badPsw[] = "bad";
- #ifdef HAVE_ECC
- WOLFSSL_X509_NAME *subject = NULL;
- WOLFSSL_X509 *x509 = NULL;
- #endif
- XFILE f = XBADFILE;
- int bytes = 0, ret = 0, goodPswLen = 0, badPswLen = 0;
- WOLFSSL_BIO *bio = NULL;
- WOLFSSL_EVP_PKEY *pkey = NULL;
- WC_PKCS12 *pkcs12 = NULL;
- WC_PKCS12 *pkcs12_2 = NULL;
- WOLFSSL_X509 *cert = NULL;
- WOLFSSL_X509 *tmp = NULL;
- WOLF_STACK_OF(WOLFSSL_X509) *ca = NULL;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
- || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
- #endif
- ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- goodPswLen = (int)XSTRLEN(goodPsw);
- badPswLen = (int)XSTRLEN(badPsw);
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */
- ExpectNotNull(d2i_PKCS12_bio(bio, &pkcs12));
- ExpectNotNull(pkcs12);
- BIO_free(bio);
- bio = NULL;
- /* check verify MAC directly */
- ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen), 1);
- /* check verify MAC fail case directly */
- ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen), 0);
- /* check verify MAC fail case */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0);
- ExpectNull(pkey);
- ExpectNull(cert);
- /* check parse with no extra certs kept */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL),
- 1);
- ExpectNotNull(pkey);
- ExpectNotNull(cert);
- wolfSSL_EVP_PKEY_free(pkey);
- pkey = NULL;
- wolfSSL_X509_free(cert);
- cert = NULL;
- /* check parse with extra certs kept */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
- 1);
- ExpectNotNull(pkey);
- ExpectNotNull(cert);
- ExpectNotNull(ca);
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
- || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
- /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- /* Copy stack structure */
- ExpectNotNull(tmp_ca = X509_chain_up_ref(ca));
- ExpectIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
- /* CTX now owns the tmp_ca stack structure */
- tmp_ca = NULL;
- ExpectIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
- ExpectNotNull(tmp_ca);
- ExpectIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
- /* Check that the main cert is also set */
- ExpectNotNull(SSL_CTX_get0_certificate(ctx));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectNotNull(SSL_get_certificate(ssl));
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- ctx = NULL;
- #endif
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- /* should be 2 other certs on stack */
- ExpectNotNull(tmp = sk_X509_pop(ca));
- X509_free(tmp);
- ExpectNotNull(tmp = sk_X509_pop(ca));
- X509_free(tmp);
- ExpectNull(sk_X509_pop(ca));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- X509_free(cert);
- cert = NULL;
- sk_X509_pop_free(ca, X509_free);
- ca = NULL;
- /* check PKCS12_create */
- ExpectNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0));
- ExpectIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
- SSL_SUCCESS);
- ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
- -1, -1, 100, -1, 0)));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- X509_free(cert);
- cert = NULL;
- sk_X509_pop_free(ca, NULL);
- ca = NULL;
- ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
- SSL_SUCCESS);
- PKCS12_free(pkcs12_2);
- pkcs12_2 = NULL;
- ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- 2000, 1, 0)));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- X509_free(cert);
- cert = NULL;
- sk_X509_pop_free(ca, NULL);
- ca = NULL;
- /* convert to DER then back and parse */
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
- PKCS12_free(pkcs12_2);
- pkcs12_2 = NULL;
- ExpectNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
- BIO_free(bio);
- bio = NULL;
- ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
- SSL_SUCCESS);
- /* should be 2 other certs on stack */
- ExpectNotNull(tmp = sk_X509_pop(ca));
- X509_free(tmp);
- ExpectNotNull(tmp = sk_X509_pop(ca));
- X509_free(tmp);
- ExpectNull(sk_X509_pop(ca));
- #ifndef NO_RC4
- PKCS12_free(pkcs12_2);
- pkcs12_2 = NULL;
- ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL,
- NID_pbe_WithSHA1And128BitRC4,
- NID_pbe_WithSHA1And128BitRC4,
- 2000, 1, 0)));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- X509_free(cert);
- cert = NULL;
- sk_X509_pop_free(ca, NULL);
- ca = NULL;
- ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
- SSL_SUCCESS);
- #endif /* NO_RC4 */
- EVP_PKEY_free(pkey);
- pkey = NULL;
- X509_free(cert);
- cert = NULL;
- PKCS12_free(pkcs12);
- pkcs12 = NULL;
- PKCS12_free(pkcs12_2);
- pkcs12_2 = NULL;
- sk_X509_pop_free(ca, NULL);
- ca = NULL;
- #ifdef HAVE_ECC
- /* test order of parsing */
- ExpectTrue((f = XFOPEN(order, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
- ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
- ExpectIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
- WOLFSSL_SUCCESS);
- /* check use of pkey after parse */
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
- || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
- SSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- ExpectNotNull(pkey);
- ExpectNotNull(cert);
- ExpectNotNull(ca);
- /* compare subject lines of certificates */
- ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert));
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
- SSL_FILETYPE_PEM));
- ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
- (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
- X509_free(x509);
- x509 = NULL;
- /* test expected fail case */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
- SSL_FILETYPE_PEM));
- ExpectIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
- (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
- X509_free(x509);
- x509 = NULL;
- X509_free(cert);
- cert = NULL;
- /* get subject line from ca stack */
- ExpectNotNull(cert = sk_X509_pop(ca));
- ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert));
- /* compare subject from certificate in ca to expected */
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
- SSL_FILETYPE_PEM));
- ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
- (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- X509_free(x509);
- x509 = NULL;
- X509_free(cert);
- cert = NULL;
- BIO_free(bio);
- bio = NULL;
- PKCS12_free(pkcs12);
- pkcs12 = NULL;
- sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */
- ca = NULL;
- /* test order of parsing */
- ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
- ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- /* check verify MAC fail case */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0);
- ExpectNull(pkey);
- ExpectNull(cert);
- /* check parse with no extra certs kept */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL),
- 1);
- ExpectNotNull(pkey);
- ExpectNotNull(cert);
- wolfSSL_EVP_PKEY_free(pkey);
- pkey = NULL;
- wolfSSL_X509_free(cert);
- cert = NULL;
- /* check parse with extra certs kept */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
- 1);
- ExpectNotNull(pkey);
- ExpectNotNull(cert);
- ExpectNotNull(ca);
- wolfSSL_EVP_PKEY_free(pkey);
- pkey = NULL;
- wolfSSL_X509_free(cert);
- cert = NULL;
- sk_X509_pop_free(ca, NULL);
- ca = NULL;
- PKCS12_free(pkcs12);
- pkcs12 = NULL;
- #endif /* HAVE_ECC */
- #ifdef WC_RC2
- /* test PKCS#12 with RC2 encryption */
- ExpectTrue((f = XFOPEN(rc2p12, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
- ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
- /* check verify MAC fail case */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0);
- ExpectNull(pkey);
- ExpectNull(cert);
- /* check parse with not extra certs kept */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL),
- WOLFSSL_SUCCESS);
- ExpectNotNull(pkey);
- ExpectNotNull(cert);
- wolfSSL_EVP_PKEY_free(pkey);
- pkey = NULL;
- wolfSSL_X509_free(cert);
- cert = NULL;
- /* check parse with extra certs kept */
- ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
- WOLFSSL_SUCCESS);
- ExpectNotNull(pkey);
- ExpectNotNull(cert);
- ExpectNotNull(ca);
- wolfSSL_EVP_PKEY_free(pkey);
- wolfSSL_X509_free(cert);
- sk_X509_pop_free(ca, NULL);
- BIO_free(bio);
- bio = NULL;
- PKCS12_free(pkcs12);
- pkcs12 = NULL;
- #endif /* WC_RC2 */
- /* Test i2d_PKCS12_bio */
- ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
- ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(ret = i2d_PKCS12_bio(bio, pkcs12), 1);
- ExpectIntEQ(ret = i2d_PKCS12_bio(NULL, pkcs12), 0);
- ExpectIntEQ(ret = i2d_PKCS12_bio(bio, NULL), 0);
- PKCS12_free(pkcs12);
- BIO_free(bio);
- (void)order;
- #endif /* OPENSSL_EXTRA */
- #endif /* HAVE_FIPS */
- return EXPECT_RESULT();
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
- defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \
- (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5)
- #define TEST_PKCS8_ENC
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
- && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
- /* used to keep track if FailTestCallback was called */
- static int failTestCallbackCalled = 0;
- static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
- {
- (void)passwd;
- (void)sz;
- (void)rw;
- (void)userdata;
- /* mark called, test_wolfSSL_no_password_cb() will check and fail if set */
- failTestCallbackCalled = 1;
- return -1;
- }
- #endif
- static int test_wolfSSL_no_password_cb(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
- && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
- WOLFSSL_CTX* ctx = NULL;
- byte buff[FOURK_BUF];
- const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
- const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
- XFILE f = XBADFILE;
- int bytes = 0;
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
- #endif
- wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
- ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectIntLE(bytes, sizeof(buff));
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectIntLE(bytes, sizeof(buff));
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- /* Password callback should not be called by default */
- ExpectIntEQ(failTestCallbackCalled, 0);
- #endif
- return EXPECT_RESULT();
- }
- #ifdef TEST_PKCS8_ENC
- /* for PKCS8 test case */
- static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
- {
- int flag = 0;
- (void)rw;
- if (userdata != NULL) {
- flag = *((int*)userdata); /* user set data */
- }
- switch (flag) {
- case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata
- * can be anything the user wishes to be passed to the callback
- * associated with the WOLFSSL_CTX */
- XSTRNCPY(passwd, "yassl123", sz);
- return 8;
- default:
- return BAD_FUNC_ARG;
- }
- }
- #endif /* TEST_PKCS8_ENC */
- /* Testing functions dealing with PKCS8 */
- static int test_wolfSSL_PKCS8(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
- !defined(WOLFCRYPT_ONLY)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- byte buff[FOURK_BUF];
- byte der[FOURK_BUF];
- #ifndef NO_RSA
- const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
- const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
- #endif
- const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
- #ifdef HAVE_ECC
- const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
- #endif
- XFILE f = XBADFILE;
- int bytes = 0;
- WOLFSSL_CTX* ctx = NULL;
- #if defined(HAVE_ECC) && !defined(NO_CODING)
- int ret;
- ecc_key key;
- word32 x = 0;
- #endif
- #ifdef TEST_PKCS8_ENC
- #if !defined(NO_RSA) && !defined(NO_SHA)
- const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
- const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
- #endif
- #if defined(HAVE_ECC) && !defined(NO_SHA)
- const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem";
- const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der";
- #endif
- int flag;
- #endif
- (void)der;
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- #endif
- #else
- #ifndef WOLFSSL_NO_TLS12
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- #endif
- #endif
- #ifdef TEST_PKCS8_ENC
- wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack);
- wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
- flag = 1; /* used by password callback as return code */
- #if !defined(NO_RSA) && !defined(NO_SHA)
- /* test loading PEM PKCS8 encrypted file */
- ExpectTrue((f = XFOPEN(serverKeyPkcs8EncPemFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* this next case should fail because of password callback return code */
- flag = 0; /* used by password callback as return code */
- ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
- ExpectIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
- "yassl123"), 0);
- /* test that error value is returned with a bad password */
- ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
- "bad"), 0);
- /* test loading PEM PKCS8 encrypted file */
- ExpectTrue((f = XFOPEN(serverKeyPkcs8EncDerFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- flag = 1; /* used by password callback as return code */
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* this next case should fail because of password callback return code */
- flag = 0; /* used by password callback as return code */
- ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #endif /* !NO_RSA && !NO_SHA */
- #if defined(HAVE_ECC) && !defined(NO_SHA)
- /* test loading PEM PKCS8 encrypted ECC Key file */
- ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- flag = 1; /* used by password callback as return code */
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* this next case should fail because of password callback return code */
- flag = 0; /* used by password callback as return code */
- ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
- ExpectIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
- "yassl123"), 0);
- /* test that error value is returned with a bad password */
- ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
- "bad"), 0);
- /* test loading DER PKCS8 encrypted ECC Key file */
- ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- flag = 1; /* used by password callback as return code */
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* this next case should fail because of password callback return code */
- flag = 0; /* used by password callback as return code */
- ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* leave flag as "okay" */
- flag = 1;
- #endif /* HAVE_ECC && !NO_SHA */
- #endif /* TEST_PKCS8_ENC */
- #ifndef NO_RSA
- /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
- ExpectTrue((f = XFOPEN(serverKeyPkcs8DerFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* test loading PEM PKCS8 private key file (not encrypted) */
- ExpectTrue((f = XFOPEN(serverKeyPkcs8PemFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- #endif /* !NO_RSA */
- /* Test PKCS8 PEM ECC key no crypt */
- ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- #ifdef HAVE_ECC
- /* Test PKCS8 PEM ECC key no crypt */
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- #ifndef NO_CODING
- /* decrypt PKCS8 PEM to key in DER format */
- ExpectIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
- (word32)sizeof(der), NULL)), 0);
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
- wc_ecc_free(&key);
- }
- ExpectIntEQ(ret, 0);
- #endif
- /* Test PKCS8 DER ECC key no crypt */
- ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- /* Test using a PKCS8 ECC PEM */
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- #else
- /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
- ExpectIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
- (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
- #endif /* HAVE_ECC */
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PKCS8_ED25519(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
- defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- const byte encPrivKey[] = \
- "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
- "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
- "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
- "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
- "2L9W4v7swXkV+X+a1ww=\n"
- "-----END ENCRYPTED PRIVATE KEY-----\n";
- const char password[] = "abcdefghijklmnopqrstuvwxyz";
- byte der[FOURK_BUF];
- WOLFSSL_CTX* ctx = NULL;
- int bytes;
- XMEMSET(der, 0, sizeof(der));
- ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
- (word32)sizeof(der), password)), 0);
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PKCS8_ED448(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
- defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
- defined(HAVE_ED448_KEY_IMPORT)
- const byte encPrivKey[] = \
- "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
- "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n"
- "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n"
- "Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n"
- "T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n"
- "-----END ENCRYPTED PRIVATE KEY-----\n";
- const char password[] = "abcdefghijklmnopqrstuvwxyz";
- byte der[FOURK_BUF];
- WOLFSSL_CTX* ctx = NULL;
- int bytes;
- XMEMSET(der, 0, sizeof(der));
- ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
- (word32)sizeof(der), password)), 0);
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- return EXPECT_RESULT();
- }
- /* Testing functions dealing with PKCS5 */
- static int test_wolfSSL_PKCS5(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
- #ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
- const char* passwd = "myfipsPa$$W0rd";
- #else
- const char *passwd = "pass1234";
- #endif
- const unsigned char *salt = (unsigned char *)"salt1234";
- unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- int ret = 0;
- ExpectNotNull(out);
- ExpectIntEQ(ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt,
- (int)XSTRLEN((const char *) salt), 10, WC_SHA_DIGEST_SIZE,out),
- WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_SHA512
- ExpectIntEQ(ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt,
- (int)XSTRLEN((const char *) salt), 10, wolfSSL_EVP_sha512(),
- WC_SHA_DIGEST_SIZE, out), SSL_SUCCESS);
- #endif
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */
- return EXPECT_RESULT();
- }
- /* test parsing URI from certificate */
- static int test_wolfSSL_URI(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
- && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
- defined(OPENSSL_EXTRA))
- WOLFSSL_X509* x509 = NULL;
- const char uri[] = "./certs/client-uri-cert.pem";
- const char urn[] = "./certs/client-absolute-urn.pem";
- const char badUri[] = "./certs/client-relative-uri.pem";
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(uri,
- WOLFSSL_FILETYPE_PEM));
- wolfSSL_FreeX509(x509);
- x509 = NULL;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(urn,
- WOLFSSL_FILETYPE_PEM));
- wolfSSL_FreeX509(x509);
- x509 = NULL;
- #if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT) \
- && !defined(WOLFSSL_FPKI)
- ExpectNull(x509 = wolfSSL_X509_load_certificate_file(badUri,
- WOLFSSL_FILETYPE_PEM));
- #else
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(badUri,
- WOLFSSL_FILETYPE_PEM));
- #endif
- wolfSSL_FreeX509(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_TBS(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
- && defined(OPENSSL_EXTRA)
- WOLFSSL_X509* x509 = NULL;
- const unsigned char* tbs;
- int tbsSz;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz));
- ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, NULL));
- ExpectNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
- ExpectIntEQ(tbsSz, 1003);
- wolfSSL_FreeX509(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_verify(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
- defined(OPENSSL_EXTRA)
- WOLFSSL_X509* ca = NULL;
- WOLFSSL_X509* serv = NULL;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- unsigned char buf[2048];
- const unsigned char* pt = NULL;
- int bufSz;
- ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(bufSz, 294);
- bufSz = 2048;
- ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
- ExpectNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- /* success case */
- pt = buf;
- ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
- ExpectIntEQ(i2d_PUBKEY(pkey, NULL), bufSz);
- ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS);
- wolfSSL_EVP_PKEY_free(pkey);
- pkey = NULL;
- /* fail case */
- bufSz = 2048;
- ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz),
- WOLFSSL_SUCCESS);
- pt = buf;
- ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
- ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
- wolfSSL_EVP_PKEY_free(pkey);
- wolfSSL_FreeX509(ca);
- wolfSSL_FreeX509(serv);
- #endif
- return EXPECT_RESULT();
- }
- #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
- /* create certificate with version 2 */
- static int test_set_x509_badversion(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- WOLFSSL_X509 *x509 = NULL, *x509v2 = NULL;
- WOLFSSL_EVP_PKEY *priv = NULL, *pub = NULL;
- unsigned char *der = NULL, *key = NULL, *pt;
- char *header = NULL, *name = NULL;
- int derSz;
- long keySz;
- XFILE fp = XBADFILE;
- WOLFSSL_ASN1_TIME *notBefore = NULL, *notAfter = NULL;
- time_t t;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue((fp = XFOPEN(cliKeyFile, "rb")) != XBADFILE);
- ExpectIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz),
- WOLFSSL_SUCCESS);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- pt = key;
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- (const unsigned char**)&pt, keySz));
- /* create the version 2 certificate */
- ExpectNotNull(x509v2 = X509_new());
- ExpectIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_subject_name(x509v2,
- wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509v2,
- wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS);
- ExpectNotNull(pub = wolfSSL_X509_get_pubkey(x509));
- ExpectIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS);
- t = time(NULL);
- ExpectNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
- ExpectNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
- ExpectTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore));
- ExpectTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter));
- ExpectIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0);
- derSz = wolfSSL_i2d_X509(x509v2, &der);
- ExpectIntGT(derSz, 0);
- ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
- WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
- /* TODO: Replace with API call */
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_X509_free(x509);
- wolfSSL_X509_free(x509v2);
- wolfSSL_EVP_PKEY_free(priv);
- wolfSSL_EVP_PKEY_free(pub);
- wolfSSL_ASN1_TIME_free(notBefore);
- wolfSSL_ASN1_TIME_free(notAfter);
- return EXPECT_RESULT();
- }
- /* override certificate version error */
- static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
- {
- EXPECT_DECLS;
- #ifndef OPENSSL_COMPATIBLE_DEFAULTS
- ExpectIntEQ(store->error, ASN_VERSION_E);
- #else
- ExpectIntEQ(store->error, 0);
- #endif
- ExpectIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1);
- (void)preverify;
- return EXPECT_RESULT() == TEST_SUCCESS;
- }
- /* set verify callback that will override bad certificate version */
- static int test_set_override_x509(WOLFSSL_CTX* ctx)
- {
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509);
- return TEST_SUCCESS;
- }
- #endif
- static int test_wolfSSL_X509_TLS_version_test_1(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
- test_ssl_cbf func_cb_client;
- test_ssl_cbf func_cb_server;
- /* test server rejects a client certificate that is not version 3 */
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- func_cb_client.ctx_ready = &test_set_x509_badversion;
- #ifndef WOLFSSL_NO_TLS12
- func_cb_client.method = wolfTLSv1_2_client_method;
- #else
- func_cb_client.method = wolfTLSv1_3_client_method;
- #endif
- #ifndef WOLFSSL_NO_TLS12
- func_cb_server.method = wolfTLSv1_2_server_method;
- #else
- func_cb_server.method = wolfTLSv1_3_server_method;
- #endif
- #ifndef OPENSSL_COMPATIBLE_DEFAULTS
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_FAIL);
- #else
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_TLS_version_test_2(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
- test_ssl_cbf func_cb_client;
- test_ssl_cbf func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- func_cb_client.ctx_ready = &test_set_x509_badversion;
- func_cb_server.ctx_ready = &test_set_override_x509;
- #ifndef WOLFSSL_NO_TLS12
- func_cb_client.method = wolfTLSv1_2_client_method;
- #else
- func_cb_client.method = wolfTLSv1_3_client_method;
- #endif
- #ifndef WOLFSSL_NO_TLS12
- func_cb_server.method = wolfTLSv1_2_server_method;
- #else
- func_cb_server.method = wolfTLSv1_3_server_method;
- #endif
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
- * version allowed.
- * POST: 1 on success.
- */
- static int test_wolfSSL_CTX_SetMinVersion(void)
- {
- int res = TEST_SKIPPED;
- #ifndef NO_WOLFSSL_CLIENT
- int failFlag = WOLFSSL_SUCCESS;
- WOLFSSL_CTX* ctx;
- int itr;
- #ifndef NO_OLD_TLS
- const int versions[] = {
- #ifdef WOLFSSL_ALLOW_TLSV10
- WOLFSSL_TLSV1,
- #endif
- WOLFSSL_TLSV1_1,
- WOLFSSL_TLSV1_2 };
- #elif !defined(WOLFSSL_NO_TLS12)
- const int versions[] = { WOLFSSL_TLSV1_2 };
- #elif defined(WOLFSSL_TLS13)
- const int versions[] = { WOLFSSL_TLSV1_3 };
- #else
- const int versions[0];
- #endif
- ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
- for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++) {
- if (wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr))
- != WOLFSSL_SUCCESS) {
- failFlag = WOLFSSL_FAILURE;
- }
- }
- wolfSSL_CTX_free(ctx);
- res = TEST_RES_CHECK(failFlag == WOLFSSL_SUCCESS);
- #endif
- return res;
- } /* END test_wolfSSL_CTX_SetMinVersion */
- /*----------------------------------------------------------------------------*
- | OCSP Stapling
- *----------------------------------------------------------------------------*/
- /* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
- * need to contact the CA, lowering the cost of cert revocation checking.
- * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
- * POST: 1 returned for success.
- */
- static int test_wolfSSL_UseOCSPStapling(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- #endif
- #else
- #ifndef WOLFSSL_NO_TLS12
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- #endif
- #endif
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
- #else
- ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
- #endif
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- } /* END test_wolfSSL_UseOCSPStapling */
- /* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP
- * stapling eliminates the need to contact the CA and lowers cert revocation
- * check.
- * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
- */
- static int test_wolfSSL_UseOCSPStaplingV2(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- #endif
- #else
- #ifndef WOLFSSL_NO_TLS12
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- #endif
- #endif
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
- #else
- ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE), BAD_FUNC_ARG);
- #endif
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- } /* END test_wolfSSL_UseOCSPStaplingV2 */
- /*----------------------------------------------------------------------------*
- | Multicast Tests
- *----------------------------------------------------------------------------*/
- static int test_wolfSSL_mcast(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \
- (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER))
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- byte preMasterSecret[512];
- byte clientRandom[32];
- byte serverRandom[32];
- byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
- byte buf[256];
- word16 newId;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
- ExpectIntEQ(wolfSSL_CTX_mcast_set_member_id(ctx, 0), WOLFSSL_SUCCESS);
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
- XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
- XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
- ExpectIntEQ(wolfSSL_set_secret(ssl, 23, preMasterSecret,
- sizeof(preMasterSecret), clientRandom, serverRandom, suite),
- WOLFSSL_SUCCESS);
- ExpectIntLE(wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf)), 0);
- ExpectIntLE(newId, 100);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 ||
- * WOLFSSL_SNIFFER) */
- return EXPECT_RESULT();
- }
- /*----------------------------------------------------------------------------*
- | Wolfcrypt
- *----------------------------------------------------------------------------*/
- /*
- * Unit test for the wc_InitBlake2b()
- */
- static int test_wc_InitBlake2b(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_BLAKE2
- Blake2b blake;
- /* Test good arg. */
- ExpectIntEQ(wc_InitBlake2b(&blake, 64), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitBlake2b(NULL, 64), BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitBlake2b(NULL, 128), BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitBlake2b(&blake, 128), BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitBlake2b(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitBlake2b(&blake, 0), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitBlake2b*/
- /*
- * Unit test for the wc_InitBlake2b_WithKey()
- */
- static int test_wc_InitBlake2b_WithKey(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_BLAKE2
- Blake2b blake;
- word32 digestSz = BLAKE2B_KEYBYTES;
- byte key[BLAKE2B_KEYBYTES];
- word32 keylen = BLAKE2B_KEYBYTES;
- XMEMSET(key, 0, sizeof(key));
- /* Test good arg. */
- ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, 256),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0);
- #endif
- return EXPECT_RESULT();
- } /* END wc_InitBlake2b_WithKey*/
- /*
- * Unit test for the wc_InitBlake2s_WithKey()
- */
- static int test_wc_InitBlake2s_WithKey(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_BLAKE2S
- Blake2s blake;
- word32 digestSz = BLAKE2S_KEYBYTES;
- byte *key = (byte*)"01234567890123456789012345678901";
- word32 keylen = BLAKE2S_KEYBYTES;
- /* Test good arg. */
- ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, 256),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0);
- #endif
- return EXPECT_RESULT();
- } /* END wc_InitBlake2s_WithKey*/
- /*
- * Unit test for the wc_InitMd5()
- */
- static int test_wc_InitMd5(void)
- {
- EXPECT_DECLS;
- #ifndef NO_MD5
- wc_Md5 md5;
- /* Test good arg. */
- ExpectIntEQ(wc_InitMd5(&md5), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitMd5(NULL), BAD_FUNC_ARG);
- wc_Md5Free(&md5);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitMd5 */
- /*
- * Testing wc_UpdateMd5()
- */
- static int test_wc_Md5Update(void)
- {
- EXPECT_DECLS;
- #ifndef NO_MD5
- wc_Md5 md5;
- byte hash[WC_MD5_DIGEST_SIZE];
- testVector a, b, c;
- ExpectIntEQ(wc_InitMd5(&md5), 0);
- /* Input */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_Md5Final(&md5, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
- "\x72";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen), 0);
- ExpectIntEQ(wc_Md5Final(&md5, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
- /* Pass in bad values. */
- b.input = NULL;
- b.inLen = 0;
- ExpectIntEQ(wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen), 0);
- c.input = NULL;
- c.inLen = WC_MD5_DIGEST_SIZE;
- ExpectIntEQ(wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- wc_Md5Free(&md5);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Md5Update() */
- /*
- * Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
- */
- static int test_wc_Md5Final(void)
- {
- EXPECT_DECLS;
- #ifndef NO_MD5
- /* Instantiate */
- wc_Md5 md5;
- byte* hash_test[3];
- byte hash1[WC_MD5_DIGEST_SIZE];
- byte hash2[2*WC_MD5_DIGEST_SIZE];
- byte hash3[5*WC_MD5_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitMd5(&md5), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test)/sizeof(byte*);
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Md5Final(&md5, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_Md5Final(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Md5Final(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Md5Final(&md5, NULL), BAD_FUNC_ARG);
- wc_Md5Free(&md5);
- #endif
- return EXPECT_RESULT();
- }
- /*
- * Unit test for the wc_InitSha()
- */
- static int test_wc_InitSha(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA
- wc_Sha sha;
- /* Test good arg. */
- ExpectIntEQ(wc_InitSha(&sha), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitSha(NULL), BAD_FUNC_ARG);
- wc_ShaFree(&sha);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitSha */
- /*
- * Tesing wc_ShaUpdate()
- */
- static int test_wc_ShaUpdate(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA
- wc_Sha sha;
- byte hash[WC_SHA_DIGEST_SIZE];
- testVector a, b, c;
- ExpectIntEQ(wc_InitSha(&sha), 0);
- /* Input. */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_ShaUpdate(&sha, NULL, 0), 0);
- ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, 0), 0);
- ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
- "\x6C\x9C\xD0\xD8\x9D";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
- /* Try passing in bad values. */
- b.input = NULL;
- b.inLen = 0;
- ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen), 0);
- c.input = NULL;
- c.inLen = WC_SHA_DIGEST_SIZE;
- ExpectIntEQ(wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- wc_ShaFree(&sha);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ShaUpdate() */
- /*
- * Unit test on wc_ShaFinal
- */
- static int test_wc_ShaFinal(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA
- wc_Sha sha;
- byte* hash_test[3];
- byte hash1[WC_SHA_DIGEST_SIZE];
- byte hash2[2*WC_SHA_DIGEST_SIZE];
- byte hash3[5*WC_SHA_DIGEST_SIZE];
- int times, i;
- /* Initialize*/
- ExpectIntEQ(wc_InitSha(&sha), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test)/sizeof(byte*);
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_ShaFinal(&sha, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_ShaFinal(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ShaFinal(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ShaFinal(&sha, NULL), BAD_FUNC_ARG);
- wc_ShaFree(&sha);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ShaFinal */
- /*
- * Unit test for wc_InitSha256()
- */
- static int test_wc_InitSha256(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- /* Test good arg. */
- ExpectIntEQ(wc_InitSha256(&sha256), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitSha256(NULL), BAD_FUNC_ARG);
- wc_Sha256Free(&sha256);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitSha256 */
- /*
- * Unit test for wc_Sha256Update()
- */
- static int test_wc_Sha256Update(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hash_unaligned[WC_SHA256_DIGEST_SIZE+1];
- testVector a, b, c;
- ExpectIntEQ(wc_InitSha256(&sha256), 0);
- /* Input. */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_Sha256Update(&sha256, NULL, 0), 0);
- ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, 0), 0);
- ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_Sha256Final(&sha256, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_Sha256Final(&sha256, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
- /* Unaligned check. */
- ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)a.input+1, (word32)a.inLen-1),
- 0);
- ExpectIntEQ(wc_Sha256Final(&sha256, hash_unaligned + 1), 0);
- /* Try passing in bad values */
- b.input = NULL;
- b.inLen = 0;
- ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen), 0);
- c.input = NULL;
- c.inLen = WC_SHA256_DIGEST_SIZE;
- ExpectIntEQ(wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- wc_Sha256Free(&sha256);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256Update */
- /*
- * Unit test function for wc_Sha256Final()
- */
- static int test_wc_Sha256Final(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- byte* hash_test[3];
- byte hash1[WC_SHA256_DIGEST_SIZE];
- byte hash2[2*WC_SHA256_DIGEST_SIZE];
- byte hash3[5*WC_SHA256_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitSha256(&sha256), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte*);
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Sha256Final(&sha256, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_Sha256Final(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256Final(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256Final(&sha256, NULL), BAD_FUNC_ARG);
- wc_Sha256Free(&sha256);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256Final */
- /*
- * Unit test function for wc_Sha256FinalRaw()
- */
- static int test_wc_Sha256FinalRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
- !defined(WOLFSSL_NO_HASH_RAW)
- wc_Sha256 sha256;
- byte* hash_test[3];
- byte hash1[WC_SHA256_DIGEST_SIZE];
- byte hash2[2*WC_SHA256_DIGEST_SIZE];
- byte hash3[5*WC_SHA256_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitSha256(&sha256), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte*);
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Sha256FinalRaw(&sha256, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_Sha256FinalRaw(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256FinalRaw(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256FinalRaw(&sha256, NULL), BAD_FUNC_ARG);
- wc_Sha256Free(&sha256);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256FinalRaw */
- /*
- * Unit test function for wc_Sha256GetFlags()
- */
- static int test_wc_Sha256GetFlags(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sha256 sha256;
- word32 flags = 0;
- /* Initialize */
- ExpectIntEQ(wc_InitSha256(&sha256), 0);
- ExpectIntEQ(wc_Sha256GetFlags(&sha256, &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
- wc_Sha256Free(&sha256);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256GetFlags */
- /*
- * Unit test function for wc_Sha256Free()
- */
- static int test_wc_Sha256Free(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA256
- wc_Sha256Free(NULL);
- /* Set result to SUCCESS. */
- ExpectTrue(1);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256Free */
- /*
- * Unit test function for wc_Sha256GetHash()
- */
- static int test_wc_Sha256GetHash(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- byte hash1[WC_SHA256_DIGEST_SIZE];
- /* Initialize */
- ExpectIntEQ(wc_InitSha256(&sha256), 0);
- ExpectIntEQ(wc_Sha256GetHash(&sha256, hash1), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha256GetHash(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256GetHash(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256GetHash(&sha256, NULL), BAD_FUNC_ARG);
- wc_Sha256Free(&sha256);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256GetHash */
- /*
- * Unit test function for wc_Sha256Copy()
- */
- static int test_wc_Sha256Copy(void)
- {
- EXPECT_DECLS;
- #ifndef NO_SHA256
- wc_Sha256 sha256;
- wc_Sha256 temp;
- XMEMSET(&sha256, 0, sizeof(sha256));
- XMEMSET(&temp, 0, sizeof(temp));
- /* Initialize */
- ExpectIntEQ(wc_InitSha256(&sha256), 0);
- ExpectIntEQ(wc_InitSha256(&temp), 0);
- ExpectIntEQ(wc_Sha256Copy(&sha256, &temp), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha256Copy(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256Copy(NULL, &temp), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256Copy(&sha256, NULL), BAD_FUNC_ARG);
- wc_Sha256Free(&sha256);
- wc_Sha256Free(&temp);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256Copy */
- /*
- * Testing wc_InitSha512()
- */
- static int test_wc_InitSha512(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA512
- wc_Sha512 sha512;
- /* Test good arg. */
- ExpectIntEQ(wc_InitSha512(&sha512), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitSha512(NULL), BAD_FUNC_ARG);
- wc_Sha512Free(&sha512);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitSha512 */
- /*
- * wc_Sha512Update() test.
- */
- static int test_wc_Sha512Update(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA512
- wc_Sha512 sha512;
- byte hash[WC_SHA512_DIGEST_SIZE];
- byte hash_unaligned[WC_SHA512_DIGEST_SIZE + 1];
- testVector a, b, c;
- ExpectIntEQ(wc_InitSha512(&sha512), 0);
- /* Input. */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_Sha512Update(&sha512, NULL, 0), 0);
- ExpectIntEQ(wc_Sha512Update(&sha512,(byte*)a.input, 0), 0);
- ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_Sha512Final(&sha512, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
- "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
- "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
- "\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen), 0);
- ExpectIntEQ(wc_Sha512Final(&sha512, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE), 0);
- /* Unaligned check. */
- ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)a.input+1, (word32)a.inLen-1),
- 0);
- ExpectIntEQ(wc_Sha512Final(&sha512, hash_unaligned+1), 0);
- /* Try passing in bad values */
- b.input = NULL;
- b.inLen = 0;
- ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen), 0);
- c.input = NULL;
- c.inLen = WC_SHA512_DIGEST_SIZE;
- ExpectIntEQ(wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- wc_Sha512Free(&sha512);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha512Update */
- #ifdef WOLFSSL_SHA512
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
- /* Performs test for
- * - wc_Sha512Final/wc_Sha512FinalRaw
- * - wc_Sha512_224Final/wc_Sha512_224Final
- * - wc_Sha512_256Final/wc_Sha512_256Final
- * parameter:
- * - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or
- * WC_HASH_TYPE_SHA512_256
- * - isRaw: if is non-zero, xxxFinalRaw function will be tested
- *return 0 on success
- */
- static int test_Sha512_Family_Final(int type, int isRaw)
- {
- EXPECT_DECLS;
- wc_Sha512 sha512;
- byte* hash_test[3];
- byte hash1[WC_SHA512_DIGEST_SIZE];
- byte hash2[2*WC_SHA512_DIGEST_SIZE];
- byte hash3[5*WC_SHA512_DIGEST_SIZE];
- int times, i;
- int(*initFp)(wc_Sha512*);
- int(*finalFp)(wc_Sha512*, byte*);
- void(*freeFp)(wc_Sha512*);
- if (type == WC_HASH_TYPE_SHA512) {
- initFp = wc_InitSha512;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_NO_HASH_RAW)
- finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final;
- #else
- finalFp = (isRaw)? NULL : wc_Sha512Final;
- #endif
- freeFp = wc_Sha512Free;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if !defined(WOLFSSL_NOSHA512_224)
- else if (type == WC_HASH_TYPE_SHA512_224) {
- initFp = wc_InitSha512_224;
- #if !defined(WOLFSSL_NO_HASH_RAW)
- finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final;
- #else
- finalFp = (isRaw)? NULL : wc_Sha512_224Final;
- #endif
- freeFp = wc_Sha512_224Free;
- }
- #endif
- #if !defined(WOLFSSL_NOSHA512_256)
- else if (type == WC_HASH_TYPE_SHA512_256) {
- initFp = wc_InitSha512_256;
- #if !defined(WOLFSSL_NO_HASH_RAW)
- finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final;
- #else
- finalFp = (isRaw)? NULL : wc_Sha512_256Final;
- #endif
- freeFp = wc_Sha512_256Free;
- }
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- else
- return TEST_FAIL;
- /* Initialize */
- ExpectIntEQ(initFp(&sha512), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte *);
- /* Good test args. */
- for (i = 0; i < times; i++) {
- ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(finalFp(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(finalFp(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(finalFp(&sha512, NULL), BAD_FUNC_ARG);
- freeFp(&sha512);
- return EXPECT_RESULT();
- }
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
- (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
- #endif /* WOLFSSL_SHA512 */
- /*
- * Unit test function for wc_Sha512Final()
- */
- static int test_wc_Sha512Final(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA512
- wc_Sha512 sha512;
- byte* hash_test[3];
- byte hash1[WC_SHA512_DIGEST_SIZE];
- byte hash2[2*WC_SHA512_DIGEST_SIZE];
- byte hash3[5*WC_SHA512_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitSha512(&sha512), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte *);
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Sha512Final(&sha512, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_Sha512Final(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512Final(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512Final(&sha512, NULL), BAD_FUNC_ARG);
- wc_Sha512Free(&sha512);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha512Final */
- /*
- * Unit test function for wc_Sha512GetFlags()
- */
- static int test_wc_Sha512GetFlags(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sha512 sha512;
- word32 flags = 0;
- /* Initialize */
- ExpectIntEQ(wc_InitSha512(&sha512), 0);
- ExpectIntEQ(wc_Sha512GetFlags(&sha512, &flags), 0);
- ExpectIntEQ((flags & WC_HASH_FLAG_ISCOPY), 0);
- wc_Sha512Free(&sha512);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha512GetFlags */
- /*
- * Unit test function for wc_Sha512FinalRaw()
- */
- static int test_wc_Sha512FinalRaw(void)
- {
- EXPECT_DECLS;
- #if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
- !defined(WOLFSSL_NO_HASH_RAW)
- wc_Sha512 sha512;
- byte* hash_test[3];
- byte hash1[WC_SHA512_DIGEST_SIZE];
- byte hash2[2*WC_SHA512_DIGEST_SIZE];
- byte hash3[5*WC_SHA512_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitSha512(&sha512), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Sha512FinalRaw(&sha512, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_Sha512FinalRaw(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512FinalRaw(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512FinalRaw(&sha512, NULL), BAD_FUNC_ARG);
- wc_Sha512Free(&sha512);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha512FinalRaw */
- /*
- * Unit test function for wc_Sha512Free()
- */
- static int test_wc_Sha512Free(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA512
- wc_Sha512Free(NULL);
- /* Set result to SUCCESS. */
- ExpectTrue(1);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha512Free */
- #ifdef WOLFSSL_SHA512
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
- static int test_Sha512_Family_GetHash(int type )
- {
- EXPECT_DECLS;
- int(*initFp)(wc_Sha512*);
- int(*ghashFp)(wc_Sha512*, byte*);
- wc_Sha512 sha512;
- byte hash1[WC_SHA512_DIGEST_SIZE];
- if (type == WC_HASH_TYPE_SHA512) {
- initFp = wc_InitSha512;
- ghashFp = wc_Sha512GetHash;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if !defined(WOLFSSL_NOSHA512_224)
- else if (type == WC_HASH_TYPE_SHA512_224) {
- initFp = wc_InitSha512_224;
- ghashFp = wc_Sha512_224GetHash;
- }
- #endif
- #if !defined(WOLFSSL_NOSHA512_256)
- else if (type == WC_HASH_TYPE_SHA512_256) {
- initFp = wc_InitSha512_256;
- ghashFp = wc_Sha512_256GetHash;
- }
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- else {
- initFp = NULL;
- ghashFp = NULL;
- }
- if (initFp == NULL || ghashFp == NULL)
- return TEST_FAIL;
- ExpectIntEQ(initFp(&sha512), 0);
- ExpectIntEQ(ghashFp(&sha512, hash1), 0);
- /* test bad arguments*/
- ExpectIntEQ(ghashFp(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(ghashFp(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(ghashFp(&sha512, NULL), BAD_FUNC_ARG);
- wc_Sha512Free(&sha512);
- return EXPECT_RESULT();
- }
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
- (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
- #endif /* WOLFSSL_SHA512 */
- /*
- * Unit test function for wc_Sha512GetHash()
- */
- static int test_wc_Sha512GetHash(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA512
- wc_Sha512 sha512;
- byte hash1[WC_SHA512_DIGEST_SIZE];
- /* Initialize */
- ExpectIntEQ(wc_InitSha512(&sha512), 0);
- ExpectIntEQ(wc_Sha512GetHash(&sha512, hash1), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha512GetHash(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512GetHash(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512GetHash(&sha512, NULL), BAD_FUNC_ARG);
- wc_Sha512Free(&sha512);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha512GetHash */
- /*
- * Unit test function for wc_Sha512Copy()
- */
- static int test_wc_Sha512Copy(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA512
- wc_Sha512 sha512;
- wc_Sha512 temp;
- XMEMSET(&sha512, 0, sizeof(wc_Sha512));
- XMEMSET(&temp, 0, sizeof(wc_Sha512));
- /* Initialize */
- ExpectIntEQ(wc_InitSha512(&sha512), 0);
- ExpectIntEQ(wc_InitSha512(&temp), 0);
- ExpectIntEQ(wc_Sha512Copy(&sha512, &temp), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha512Copy(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512Copy(NULL, &temp), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512Copy(&sha512, NULL), BAD_FUNC_ARG);
- wc_Sha512Free(&sha512);
- wc_Sha512Free(&temp);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha512Copy */
- static int test_wc_InitSha512_224(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
- wc_Sha512 sha512;
- /* Test good arg. */
- ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitSha512_224(NULL), BAD_FUNC_ARG);
- wc_Sha512_224Free(&sha512);
- #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_224Update(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
- wc_Sha512 sha512;
- byte hash[WC_SHA512_DIGEST_SIZE];
- testVector a, c;
- ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
- /* Input. */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_Sha512_224Update(&sha512, NULL, 0), 0);
- ExpectIntEQ(wc_Sha512_224Update(&sha512,(byte*)a.input, 0), 0);
- ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen),
- 0);
- ExpectIntEQ(wc_Sha512_224Final(&sha512, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08"
- "\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen),
- 0);
- ExpectIntEQ(wc_Sha512_224Final(&sha512, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE), 0);
- c.input = NULL;
- c.inLen = WC_SHA512_224_DIGEST_SIZE;
- ExpectIntEQ(wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- wc_Sha512_224Free(&sha512);
- #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_224Final(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
- ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0),
- TEST_SUCCESS);
- #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_224GetFlags(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sha512 sha512;
- wc_Sha512 copy;
- word32 flags = 0;
- XMEMSET(&sha512, 0, sizeof(wc_Sha512));
- XMEMSET(©, 0, sizeof(wc_Sha512));
- /* Initialize */
- ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
- ExpectIntEQ(wc_InitSha512_224(©), 0);
- ExpectIntEQ(wc_Sha512_224GetFlags(&sha512, &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
- ExpectIntEQ(wc_Sha512_224Copy(&sha512, ©), 0);
- ExpectIntEQ(wc_Sha512_224GetFlags(©, &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == WC_HASH_FLAG_ISCOPY);
- wc_Sha512_224Free(©);
- wc_Sha512_224Free(&sha512);
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_224FinalRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
- !defined(WOLFSSL_NO_HASH_RAW)
- ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1),
- TEST_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_224Free(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
- wc_Sha512_224Free(NULL);
- /* Set result to SUCCESS. */
- ExpectTrue(1);
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_224GetHash(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
- ExpectIntEQ(test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224),
- TEST_SUCCESS);
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_224Copy(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
- wc_Sha512 sha512;
- wc_Sha512 temp;
- XMEMSET(&sha512, 0, sizeof(wc_Sha512));
- XMEMSET(&temp, 0, sizeof(wc_Sha512));
- /* Initialize */
- ExpectIntEQ(wc_InitSha512_224(&sha512), 0);
- ExpectIntEQ(wc_InitSha512_224(&temp), 0);
- ExpectIntEQ(wc_Sha512_224Copy(&sha512, &temp), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha512_224Copy(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_224Copy(NULL, &temp), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_224Copy(&sha512, NULL), BAD_FUNC_ARG);
- wc_Sha512_224Free(&sha512);
- wc_Sha512_224Free(&temp);
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_InitSha512_256(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
- wc_Sha512 sha512;
- /* Test good arg. */
- ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitSha512_256(NULL), BAD_FUNC_ARG);
- wc_Sha512_256Free(&sha512);
- #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_256Update(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
- wc_Sha512 sha512;
- byte hash[WC_SHA512_DIGEST_SIZE];
- testVector a, c;
- ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
- /* Input. */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_Sha512_256Update(&sha512, NULL, 0), 0);
- ExpectIntEQ(wc_Sha512_256Update(&sha512,(byte*)a.input, 0), 0);
- ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen),
- 0);
- ExpectIntEQ(wc_Sha512_256Final(&sha512, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c"
- "\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31"
- "\x07\xe7\xaf\x23";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen),
- 0);
- ExpectIntEQ(wc_Sha512_256Final(&sha512, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE), 0);
- c.input = NULL;
- c.inLen = WC_SHA512_256_DIGEST_SIZE;
- ExpectIntEQ(wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- wc_Sha512_256Free(&sha512);
- #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_256Final(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
- ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0),
- TEST_SUCCESS);
- #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_256GetFlags(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sha512 sha512, copy;
- word32 flags = 0;
- XMEMSET(&sha512, 0, sizeof(wc_Sha512));
- XMEMSET(©, 0, sizeof(wc_Sha512));
- /* Initialize */
- ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
- ExpectIntEQ(wc_InitSha512_256(©), 0);
- ExpectIntEQ(wc_Sha512_256GetFlags(&sha512, &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
- ExpectIntEQ(wc_Sha512_256Copy(&sha512, ©), 0);
- ExpectIntEQ(wc_Sha512_256GetFlags(©, &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == WC_HASH_FLAG_ISCOPY);
- wc_Sha512_256Free(&sha512);
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_256FinalRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
- !defined(WOLFSSL_NO_HASH_RAW)
- ExpectIntEQ(test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1),
- TEST_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_256Free(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
- wc_Sha512_256Free(NULL);
- /* Set result to SUCCESS. */
- ExpectTrue(1);
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_256GetHash(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
- ExpectIntEQ(test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256),
- TEST_SUCCESS);
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wc_Sha512_256Copy(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
- wc_Sha512 sha512;
- wc_Sha512 temp;
- XMEMSET(&sha512, 0, sizeof(wc_Sha512));
- XMEMSET(&temp, 0, sizeof(wc_Sha512));
- /* Initialize */
- ExpectIntEQ(wc_InitSha512_256(&sha512), 0);
- ExpectIntEQ(wc_InitSha512_256(&temp), 0);
- ExpectIntEQ(wc_Sha512_256Copy(&sha512, &temp), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha512_256Copy(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_256Copy(NULL, &temp), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_256Copy(&sha512, NULL), BAD_FUNC_ARG);
- wc_Sha512_256Free(&sha512);
- wc_Sha512_256Free(&temp);
- #endif
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- /*
- * Testing wc_InitSha384()
- */
- static int test_wc_InitSha384(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA384
- wc_Sha384 sha384;
- /* Test good arg. */
- ExpectIntEQ(wc_InitSha384(&sha384), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitSha384(NULL), BAD_FUNC_ARG);
- wc_Sha384Free(&sha384);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitSha384 */
- /*
- * test wc_Sha384Update()
- */
- static int test_wc_Sha384Update(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA384
- wc_Sha384 sha384;
- byte hash[WC_SHA384_DIGEST_SIZE];
- testVector a, b, c;
- ExpectIntEQ(wc_InitSha384(&sha384), 0);
- /* Input */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_Sha384Update(&sha384, NULL, 0), 0);
- ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, 0), 0);
- ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_Sha384Final(&sha384, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_Sha384Final(&sha384, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
- /* Pass in bad values. */
- b.input = NULL;
- b.inLen = 0;
- ExpectIntEQ(wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen), 0);
- c.input = NULL;
- c.inLen = WC_SHA384_DIGEST_SIZE;
- ExpectIntEQ( wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- wc_Sha384Free(&sha384);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384Update */
- /*
- * Unit test function for wc_Sha384Final();
- */
- static int test_wc_Sha384Final(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA384
- wc_Sha384 sha384;
- byte* hash_test[3];
- byte hash1[WC_SHA384_DIGEST_SIZE];
- byte hash2[2*WC_SHA384_DIGEST_SIZE];
- byte hash3[5*WC_SHA384_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitSha384(&sha384), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Sha384Final(&sha384, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_Sha384Final(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384Final(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384Final(&sha384, NULL), BAD_FUNC_ARG);
- wc_Sha384Free(&sha384);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384Final */
- /*
- * Unit test function for wc_Sha384GetFlags()
- */
- static int test_wc_Sha384GetFlags(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sha384 sha384;
- word32 flags = 0;
- /* Initialize */
- ExpectIntEQ(wc_InitSha384(&sha384), 0);
- ExpectIntEQ(wc_Sha384GetFlags(&sha384, &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
- wc_Sha384Free(&sha384);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384GetFlags */
- /*
- * Unit test function for wc_Sha384FinalRaw()
- */
- static int test_wc_Sha384FinalRaw(void)
- {
- EXPECT_DECLS;
- #if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
- !defined(WOLFSSL_NO_HASH_RAW)
- wc_Sha384 sha384;
- byte* hash_test[3];
- byte hash1[WC_SHA384_DIGEST_SIZE];
- byte hash2[2*WC_SHA384_DIGEST_SIZE];
- byte hash3[5*WC_SHA384_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitSha384(&sha384), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Sha384FinalRaw(&sha384, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_Sha384FinalRaw(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384FinalRaw(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384FinalRaw(&sha384, NULL), BAD_FUNC_ARG);
- wc_Sha384Free(&sha384);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384FinalRaw */
- /*
- * Unit test function for wc_Sha384Free()
- */
- static int test_wc_Sha384Free(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA384
- wc_Sha384Free(NULL);
- /* Set result to SUCCESS. */
- ExpectTrue(1);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384Free */
- /*
- * Unit test function for wc_Sha384GetHash()
- */
- static int test_wc_Sha384GetHash(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA384
- wc_Sha384 sha384;
- byte hash1[WC_SHA384_DIGEST_SIZE];
- /* Initialize */
- ExpectIntEQ(wc_InitSha384(&sha384), 0);
- ExpectIntEQ(wc_Sha384GetHash(&sha384, hash1), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha384GetHash(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384GetHash(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384GetHash(&sha384, NULL), BAD_FUNC_ARG);
- wc_Sha384Free(&sha384);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384GetHash */
- /*
- * Unit test function for wc_Sha384Copy()
- */
- static int test_wc_Sha384Copy(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA384
- wc_Sha384 sha384;
- wc_Sha384 temp;
- XMEMSET(&sha384, 0, sizeof(wc_Sha384));
- XMEMSET(&temp, 0, sizeof(wc_Sha384));
- /* Initialize */
- ExpectIntEQ(wc_InitSha384(&sha384), 0);
- ExpectIntEQ(wc_InitSha384(&temp), 0);
- ExpectIntEQ(wc_Sha384Copy(&sha384, &temp), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha384Copy(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384Copy(NULL, &temp), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha384Copy(&sha384, NULL), BAD_FUNC_ARG);
- wc_Sha384Free(&sha384);
- wc_Sha384Free(&temp);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384Copy */
- /*
- * Testing wc_InitSha224();
- */
- static int test_wc_InitSha224(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA224
- wc_Sha224 sha224;
- /* Test good arg. */
- ExpectIntEQ(wc_InitSha224(&sha224), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitSha224(NULL), BAD_FUNC_ARG);
- wc_Sha224Free(&sha224);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitSha224 */
- /*
- * Unit test on wc_Sha224Update
- */
- static int test_wc_Sha224Update(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA224
- wc_Sha224 sha224;
- byte hash[WC_SHA224_DIGEST_SIZE];
- testVector a, b, c;
- ExpectIntEQ(wc_InitSha224(&sha224), 0);
- /* Input. */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_Sha224Update(&sha224, NULL, 0), 0);
- ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, 0), 0);
- ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_Sha224Final(&sha224, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
- "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_Sha224Final(&sha224, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
- /* Pass in bad values. */
- b.input = NULL;
- b.inLen = 0;
- ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen), 0);
- c.input = NULL;
- c.inLen = WC_SHA224_DIGEST_SIZE;
- ExpectIntEQ(wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- wc_Sha224Free(&sha224);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224Update */
- /*
- * Unit test for wc_Sha224Final();
- */
- static int test_wc_Sha224Final(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA224
- wc_Sha224 sha224;
- byte* hash_test[3];
- byte hash1[WC_SHA224_DIGEST_SIZE];
- byte hash2[2*WC_SHA224_DIGEST_SIZE];
- byte hash3[5*WC_SHA224_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitSha224(&sha224), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte*);
- /* Good test args. */
- /* Testing oversized buffers. */
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Sha224Final(&sha224, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_Sha224Final(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha224Final(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha224Final(&sha224, NULL), BAD_FUNC_ARG);
- wc_Sha224Free(&sha224);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224Final */
- /*
- * Unit test function for wc_Sha224SetFlags()
- */
- static int test_wc_Sha224SetFlags(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sha224 sha224;
- word32 flags = WC_HASH_FLAG_WILLCOPY;
- /* Initialize */
- ExpectIntEQ(wc_InitSha224(&sha224), 0);
- ExpectIntEQ(wc_Sha224SetFlags(&sha224, flags), 0);
- flags = 0;
- ExpectIntEQ(wc_Sha224GetFlags(&sha224, &flags), 0);
- ExpectTrue(flags == WC_HASH_FLAG_WILLCOPY);
- wc_Sha224Free(&sha224);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224SetFlags */
- /*
- * Unit test function for wc_Sha224GetFlags()
- */
- static int test_wc_Sha224GetFlags(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sha224 sha224;
- word32 flags = 0;
- /* Initialize */
- ExpectIntEQ(wc_InitSha224(&sha224), 0);
- ExpectIntEQ(wc_Sha224GetFlags(&sha224, &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
- wc_Sha224Free(&sha224);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224GetFlags */
- /*
- * Unit test function for wc_Sha224Free()
- */
- static int test_wc_Sha224Free(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA224
- wc_Sha224Free(NULL);
- /* Set result to SUCCESS. */
- ExpectTrue(1);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224Free */
- /*
- * Unit test function for wc_Sha224GetHash()
- */
- static int test_wc_Sha224GetHash(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA224
- wc_Sha224 sha224;
- byte hash1[WC_SHA224_DIGEST_SIZE];
- /* Initialize */
- ExpectIntEQ(wc_InitSha224(&sha224), 0);
- ExpectIntEQ(wc_Sha224GetHash(&sha224, hash1), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha224GetHash(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha224GetHash(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha224GetHash(&sha224, NULL), BAD_FUNC_ARG);
- wc_Sha224Free(&sha224);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224GetHash */
- /*
- * Unit test function for wc_Sha224Copy()
- */
- static int test_wc_Sha224Copy(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHA224
- wc_Sha224 sha224;
- wc_Sha224 temp;
- XMEMSET(&sha224, 0, sizeof(wc_Sha224));
- XMEMSET(&temp, 0, sizeof(wc_Sha224));
- /* Initialize */
- ExpectIntEQ(wc_InitSha224(&sha224), 0);
- ExpectIntEQ(wc_InitSha224(&temp), 0);
- ExpectIntEQ(wc_Sha224Copy(&sha224, &temp), 0);
- /* test bad arguments*/
- ExpectIntEQ(wc_Sha224Copy(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha224Copy(NULL, &temp), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha224Copy(&sha224, NULL), BAD_FUNC_ARG);
- wc_Sha224Free(&sha224);
- wc_Sha224Free(&temp);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224Copy */
- /*
- * Testing wc_InitRipeMd()
- */
- static int test_wc_InitRipeMd(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_RIPEMD
- RipeMd ripemd;
- /* Test good arg. */
- ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
- /* Test bad arg. */
- ExpectIntEQ(wc_InitRipeMd(NULL), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitRipeMd */
- /*
- * Testing wc_RipeMdUpdate()
- */
- static int test_wc_RipeMdUpdate(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_RIPEMD
- RipeMd ripemd;
- byte hash[RIPEMD_DIGEST_SIZE];
- testVector a, b, c;
- ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
- /* Input */
- a.input = "a";
- a.inLen = XSTRLEN(a.input);
- ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
- /* Update input. */
- a.input = "abc";
- a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
- "\xb0\x87\xf1\x5a\x0b\xfc";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE), 0);
- /* Pass in bad values. */
- b.input = NULL;
- b.inLen = 0;
- ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen), 0);
- c.input = NULL;
- c.inLen = RIPEMD_DIGEST_SIZE;
- ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RipeMdUdpate */
- /*
- * Unit test function for wc_RipeMdFinal()
- */
- static int test_wc_RipeMdFinal(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_RIPEMD
- RipeMd ripemd;
- byte* hash_test[3];
- byte hash1[RIPEMD_DIGEST_SIZE];
- byte hash2[2*RIPEMD_DIGEST_SIZE];
- byte hash3[5*RIPEMD_DIGEST_SIZE];
- int times, i;
- /* Initialize */
- ExpectIntEQ(wc_InitRipeMd(&ripemd), 0);
- hash_test[0] = hash1;
- hash_test[1] = hash2;
- hash_test[2] = hash3;
- times = sizeof(hash_test) / sizeof(byte*);
- /* Testing oversized buffers. */
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash_test[i]), 0);
- }
- /* Test bad args. */
- ExpectIntEQ(wc_RipeMdFinal(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RipeMdFinal(NULL, hash1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RipeMdFinal(&ripemd, NULL), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RipeMdFinal */
- /*
- * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
- * wc_InitSha3_512
- */
- static int test_wc_InitSha3(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3)
- wc_Sha3 sha3;
- (void)sha3;
- #if !defined(WOLFSSL_NOSHA3_224)
- ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_InitSha3_224(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
- wc_Sha3_224_Free(&sha3);
- #endif /* NOSHA3_224 */
- #if !defined(WOLFSSL_NOSHA3_256)
- ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_InitSha3_256(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
- wc_Sha3_256_Free(&sha3);
- #endif /* NOSHA3_256 */
- #if !defined(WOLFSSL_NOSHA3_384)
- ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_InitSha3_384(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
- wc_Sha3_384_Free(&sha3);
- #endif /* NOSHA3_384 */
- #if !defined(WOLFSSL_NOSHA3_512)
- ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_InitSha3_512(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
- wc_Sha3_512_Free(&sha3);
- #endif /* NOSHA3_512 */
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitSha3 */
- /*
- * Testing wc_Sha3_Update()
- */
- static int testing_wc_Sha3_Update(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
- !defined(WOLFSSL_AFALG_XILINX)
- wc_Sha3 sha3;
- byte msg[] = "Everybody's working for the weekend.";
- byte msg2[] = "Everybody gets Friday off.";
- byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
- "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
- "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
- "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
- "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
- word32 msglen = sizeof(msg) - 1;
- word32 msg2len = sizeof(msg2);
- word32 msgCmplen = sizeof(msgCmp);
- #if !defined(WOLFSSL_NOSHA3_224)
- ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg, msglen), 0);
- ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
- ExpectTrue(sha3.i == msglen);
- ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
- /* Pass bad args. */
- ExpectIntEQ(wc_Sha3_224_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_224_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
- wc_Sha3_224_Free(&sha3);
- ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_224_Update(&sha3, NULL, 0), 0);
- ExpectIntEQ(wc_Sha3_224_Update(&sha3, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
- wc_Sha3_224_Free(&sha3);
- #endif /* SHA3_224 */
- #if !defined(WOLFSSL_NOSHA3_256)
- ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg, msglen), 0);
- ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
- ExpectTrue(sha3.i == msglen);
- ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
- /* Pass bad args. */
- ExpectIntEQ(wc_Sha3_256_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_256_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
- wc_Sha3_256_Free(&sha3);
- ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_256_Update(&sha3, NULL, 0), 0);
- ExpectIntEQ(wc_Sha3_256_Update(&sha3, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
- wc_Sha3_256_Free(&sha3);
- #endif /* SHA3_256 */
- #if !defined(WOLFSSL_NOSHA3_384)
- ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg, msglen), 0);
- ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
- ExpectTrue(sha3.i == msglen);
- ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
- /* Pass bad args. */
- ExpectIntEQ(wc_Sha3_384_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_384_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
- wc_Sha3_384_Free(&sha3);
- ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_384_Update(&sha3, NULL, 0), 0);
- ExpectIntEQ(wc_Sha3_384_Update(&sha3, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
- wc_Sha3_384_Free(&sha3);
- #endif /* SHA3_384 */
- #if !defined(WOLFSSL_NOSHA3_512)
- ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg, msglen), 0);
- ExpectIntEQ(XMEMCMP(msg, sha3.t, msglen), 0);
- ExpectTrue(sha3.i == msglen);
- ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(sha3.t, msgCmp, msgCmplen), 0);
- /* Pass bad args. */
- ExpectIntEQ(wc_Sha3_512_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_512_Update(&sha3, NULL, 5), BAD_FUNC_ARG);
- wc_Sha3_512_Free(&sha3);
- ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_512_Update(&sha3, NULL, 0), 0);
- ExpectIntEQ(wc_Sha3_512_Update(&sha3, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(msg2, sha3.t, msg2len), 0);
- wc_Sha3_512_Free(&sha3);
- #endif /* SHA3_512 */
- #endif /* WOLFSSL_SHA3 */
- return EXPECT_RESULT();
- } /* END testing_wc_Sha3_Update */
- /*
- * Testing wc_Sha3_224_Final()
- */
- static int test_wc_Sha3_224_Final(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
- wc_Sha3 sha3;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
- "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
- "\x64\xea\xd0\xfc\xce\x33";
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashRet[WC_SHA3_224_DIGEST_SIZE];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
- ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
- ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_224_Final(NULL, hash), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_224_Final(&sha3, NULL), BAD_FUNC_ARG);
- wc_Sha3_224_Free(&sha3);
- ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashRet, 0, sizeof(hashRet));
- ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
- ExpectIntEQ(wc_Sha3_224_GetHash(&sha3, hashRet), 0);
- ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_224_GetHash(NULL, hashRet), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_224_GetHash(&sha3, NULL), BAD_FUNC_ARG);
- wc_Sha3_224_Free(&sha3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_224_Final */
- /*
- * Testing wc_Sha3_256_Final()
- */
- static int test_wc_Sha3_256_Final(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wc_Sha3 sha3;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
- "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
- "\xdd\x97\x49\x6d\x33\x76";
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashRet[WC_SHA3_256_DIGEST_SIZE];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
- ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
- ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_256_Final(NULL, hash), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_256_Final(&sha3, NULL), BAD_FUNC_ARG);
- wc_Sha3_256_Free(&sha3);
- ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashRet, 0, sizeof(hashRet));
- ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
- ExpectIntEQ(wc_Sha3_256_GetHash(&sha3, hashRet), 0);
- ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_256_GetHash(NULL, hashRet), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_256_GetHash(&sha3, NULL), BAD_FUNC_ARG);
- wc_Sha3_256_Free(&sha3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_256_Final */
- /*
- * Testing wc_Sha3_384_Final()
- */
- static int test_wc_Sha3_384_Final(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
- wc_Sha3 sha3;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
- "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
- "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
- "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- byte hashRet[WC_SHA3_384_DIGEST_SIZE];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
- ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
- ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_384_Final(NULL, hash), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_384_Final(&sha3, NULL), BAD_FUNC_ARG);
- wc_Sha3_384_Free(&sha3);
- ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashRet, 0, sizeof(hashRet));
- ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
- ExpectIntEQ(wc_Sha3_384_GetHash(&sha3, hashRet), 0);
- ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_384_GetHash(NULL, hashRet), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_384_GetHash(&sha3, NULL), BAD_FUNC_ARG);
- wc_Sha3_384_Free(&sha3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_384_Final */
- /*
- * Testing wc_Sha3_512_Final()
- */
- static int test_wc_Sha3_512_Final(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
- !defined(WOLFSSL_NOSHA3_384)
- wc_Sha3 sha3;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
- "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
- "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
- "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
- "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashRet[WC_SHA3_512_DIGEST_SIZE];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
- ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
- ExpectIntEQ(XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_512_Final(NULL, hash), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_512_Final(&sha3, NULL), BAD_FUNC_ARG);
- wc_Sha3_512_Free(&sha3);
- ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashRet, 0, sizeof(hashRet));
- ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)), 0);
- ExpectIntEQ(wc_Sha3_512_GetHash(&sha3, hashRet), 0);
- ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_512_GetHash(NULL, hashRet), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_512_GetHash(&sha3, NULL), BAD_FUNC_ARG);
- wc_Sha3_512_Free(&sha3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_512_Final */
- /*
- * Testing wc_Sha3_224_Copy()
- */
- static int test_wc_Sha3_224_Copy(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
- wc_Sha3 sha3, sha3Cpy;
- const char* msg = TEST_STRING;
- word32 msglen = (word32)TEST_STRING_SZ;
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashCpy[WC_SHA3_224_DIGEST_SIZE];
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- XMEMSET(&sha3, 0, sizeof(wc_Sha3));
- XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
- ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_InitSha3_224(&sha3Cpy, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_224_Update(&sha3, (byte*)msg, msglen), 0);
- ExpectIntEQ(wc_Sha3_224_Copy(&sha3Cpy, &sha3), 0);
- ExpectIntEQ(wc_Sha3_224_Final(&sha3, hash), 0);
- ExpectIntEQ(wc_Sha3_224_Final(&sha3Cpy, hashCpy), 0);
- ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_224_Copy(NULL, &sha3), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_224_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
- wc_Sha3_224_Free(&sha3);
- wc_Sha3_224_Free(&sha3Cpy);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_224_Copy */
- /*
- * Testing wc_Sha3_256_Copy()
- */
- static int test_wc_Sha3_256_Copy(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- wc_Sha3 sha3, sha3Cpy;
- const char* msg = TEST_STRING;
- word32 msglen = (word32)TEST_STRING_SZ;
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashCpy[WC_SHA3_256_DIGEST_SIZE];
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- XMEMSET(&sha3, 0, sizeof(wc_Sha3));
- XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
- ExpectIntEQ(wc_InitSha3_256(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_InitSha3_256(&sha3Cpy, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_256_Update(&sha3, (byte*)msg, msglen), 0);
- ExpectIntEQ(wc_Sha3_256_Copy(&sha3Cpy, &sha3), 0);
- ExpectIntEQ(wc_Sha3_256_Final(&sha3, hash), 0);
- ExpectIntEQ(wc_Sha3_256_Final(&sha3Cpy, hashCpy), 0);
- ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_256_Copy(NULL, &sha3), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_256_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
- wc_Sha3_256_Free(&sha3);
- wc_Sha3_256_Free(&sha3Cpy);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_256_Copy */
- /*
- * Testing wc_Sha3_384_Copy()
- */
- static int test_wc_Sha3_384_Copy(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
- wc_Sha3 sha3, sha3Cpy;
- const char* msg = TEST_STRING;
- word32 msglen = (word32)TEST_STRING_SZ;
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- byte hashCpy[WC_SHA3_384_DIGEST_SIZE];
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- XMEMSET(&sha3, 0, sizeof(wc_Sha3));
- XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
- ExpectIntEQ(wc_InitSha3_384(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_InitSha3_384(&sha3Cpy, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_384_Update(&sha3, (byte*)msg, msglen), 0);
- ExpectIntEQ(wc_Sha3_384_Copy(&sha3Cpy, &sha3), 0);
- ExpectIntEQ(wc_Sha3_384_Final(&sha3, hash), 0);
- ExpectIntEQ(wc_Sha3_384_Final(&sha3Cpy, hashCpy), 0);
- ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_384_Copy(NULL, &sha3), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_384_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
- wc_Sha3_384_Free(&sha3);
- wc_Sha3_384_Free(&sha3Cpy);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_384_Copy */
- /*
- * Testing wc_Sha3_512_Copy()
- */
- static int test_wc_Sha3_512_Copy(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
- wc_Sha3 sha3, sha3Cpy;
- const char* msg = TEST_STRING;
- word32 msglen = (word32)TEST_STRING_SZ;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashCpy[WC_SHA3_512_DIGEST_SIZE];
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- XMEMSET(&sha3, 0, sizeof(wc_Sha3));
- XMEMSET(&sha3Cpy, 0, sizeof(wc_Sha3));
- ExpectIntEQ(wc_InitSha3_512(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_InitSha3_512(&sha3Cpy, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_512_Update(&sha3, (byte*)msg, msglen), 0);
- ExpectIntEQ(wc_Sha3_512_Copy(&sha3Cpy, &sha3), 0);
- ExpectIntEQ(wc_Sha3_512_Final(&sha3, hash), 0);
- ExpectIntEQ(wc_Sha3_512_Final(&sha3Cpy, hashCpy), 0);
- ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Sha3_512_Copy(NULL, &sha3), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha3_512_Copy(&sha3Cpy, NULL), BAD_FUNC_ARG);
- wc_Sha3_512_Free(&sha3);
- wc_Sha3_512_Free(&sha3Cpy);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_512_Copy */
- /*
- * Unit test function for wc_Sha3_GetFlags()
- */
- static int test_wc_Sha3_GetFlags(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sha3 sha3;
- word32 flags = 0;
- /* Initialize */
- ExpectIntEQ(wc_InitSha3_224(&sha3, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Sha3_GetFlags(&sha3, &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
- wc_Sha3_224_Free(&sha3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha3_GetFlags */
- static int test_wc_InitShake256(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHAKE256
- wc_Shake shake;
- ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_InitShake256(NULL, HEAP_HINT, testDevId), BAD_FUNC_ARG);
- wc_Shake256_Free(&shake);
- #endif
- return EXPECT_RESULT();
- }
- static int testing_wc_Shake256_Update(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHAKE256
- wc_Shake shake;
- byte msg[] = "Everybody's working for the weekend.";
- byte msg2[] = "Everybody gets Friday off.";
- byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
- "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
- "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
- "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
- "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
- word32 msglen = sizeof(msg) - 1;
- word32 msg2len = sizeof(msg2);
- word32 msgCmplen = sizeof(msgCmp);
- ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Shake256_Update(&shake, msg, msglen), 0);
- ExpectIntEQ(XMEMCMP(msg, shake.t, msglen), 0);
- ExpectTrue(shake.i == msglen);
- ExpectIntEQ(wc_Shake256_Update(&shake, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(shake.t, msgCmp, msgCmplen), 0);
- /* Pass bad args. */
- ExpectIntEQ(wc_Shake256_Update(NULL, msg2, msg2len), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Shake256_Update(&shake, NULL, 5), BAD_FUNC_ARG);
- wc_Shake256_Free(&shake);
- ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Shake256_Update(&shake, NULL, 0), 0);
- ExpectIntEQ(wc_Shake256_Update(&shake, msg2, msg2len), 0);
- ExpectIntEQ(XMEMCMP(msg2, shake.t, msg2len), 0);
- wc_Shake256_Free(&shake);
- #endif /* WOLFSSL_SHAKE256 */
- return EXPECT_RESULT();
- }
- static int test_wc_Shake256_Final(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHAKE256
- wc_Shake shake;
- const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
- "nopnopq";
- const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
- "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
- "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
- "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
- "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
- "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
- "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
- "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
- "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
- byte hash[114];
- /* Init stack variables. */
- XMEMSET(hash, 0, sizeof(hash));
- ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg)),
- 0);
- ExpectIntEQ(wc_Shake256_Final(&shake, hash, (word32)sizeof(hash)), 0);
- ExpectIntEQ(XMEMCMP(expOut, hash, (word32)sizeof(hash)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Shake256_Final(NULL, hash, (word32)sizeof(hash)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash)),
- BAD_FUNC_ARG);
- wc_Shake256_Free(&shake);
- #endif
- return EXPECT_RESULT();
- }
- /*
- * Testing wc_Shake256_Copy()
- */
- static int test_wc_Shake256_Copy(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHAKE256
- wc_Shake shake, shakeCpy;
- const char* msg = TEST_STRING;
- word32 msglen = (word32)TEST_STRING_SZ;
- byte hash[144];
- byte hashCpy[144];
- word32 hashLen = sizeof(hash);
- word32 hashLenCpy = sizeof(hashCpy);
- XMEMSET(hash, 0, sizeof(hash));
- XMEMSET(hashCpy, 0, sizeof(hashCpy));
- ExpectIntEQ(wc_InitShake256(&shake, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_InitShake256(&shakeCpy, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_Shake256_Update(&shake, (byte*)msg, msglen), 0);
- ExpectIntEQ(wc_Shake256_Copy(&shakeCpy, &shake), 0);
- ExpectIntEQ(wc_Shake256_Final(&shake, hash, hashLen), 0);
- ExpectIntEQ(wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy), 0);
- ExpectIntEQ(XMEMCMP(hash, hashCpy, sizeof(hash)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Shake256_Copy(NULL, &shake), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Shake256_Copy(&shakeCpy, NULL), BAD_FUNC_ARG);
- wc_Shake256_Free(&shake);
- wc_Shake256_Free(&shakeCpy);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Shake256_Copy */
- /*
- * Unit test function for wc_Shake256Hash()
- */
- static int test_wc_Shake256Hash(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SHAKE256
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- word32 len = sizeof(data);
- byte hash[144];
- word32 hashLen = sizeof(hash);
- ExpectIntEQ(wc_Shake256Hash(data, len, hash, hashLen), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Shake256Hash */
- /*
- * Testing wc_InitSm3(), wc_Sm3Free()
- */
- static int test_wc_InitSm3Free(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SM3
- wc_Sm3 sm3;
- /* Invalid Parameters */
- ExpectIntEQ(wc_InitSm3(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
- /* Valid Parameters */
- ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
- wc_Sm3Free(NULL);
- wc_Sm3Free(&sm3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitSm3 */
- /*
- * Testing wc_Sm3Update(), wc_Sm3Final()
- */
- static int test_wc_Sm3UpdateFinal(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SM3
- wc_Sm3 sm3;
- byte data[WC_SM3_BLOCK_SIZE * 4];
- byte hash[WC_SM3_DIGEST_SIZE];
- byte calcHash[WC_SM3_DIGEST_SIZE];
- byte expHash[WC_SM3_DIGEST_SIZE] = {
- 0x38, 0x48, 0x15, 0xa7, 0x0e, 0xae, 0x0b, 0x27,
- 0x5c, 0xde, 0x9d, 0xa5, 0xd1, 0xa4, 0x30, 0xa1,
- 0xca, 0xd4, 0x54, 0x58, 0x44, 0xa2, 0x96, 0x1b,
- 0xd7, 0x14, 0x80, 0x3f, 0x80, 0x1a, 0x07, 0xb6
- };
- word32 chunk;
- word32 i;
- XMEMSET(data, 0, sizeof(data));
- ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
- /* Invalid Parameters */
- ExpectIntEQ(wc_Sm3Update(NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3Update(NULL, data, 1), BAD_FUNC_ARG);
- /* Valid Parameters */
- ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0);
- ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
- ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
- ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE - 2), 0);
- ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_BLOCK_SIZE * 2), 0);
- /* Ensure too many bytes for lengths. */
- ExpectIntEQ(wc_Sm3Update(&sm3, data, WC_SM3_PAD_SIZE), 0);
- /* Invalid Parameters */
- ExpectIntEQ(wc_Sm3Final(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3Final(&sm3, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3Final(NULL, hash), BAD_FUNC_ARG);
- /* Valid Parameters */
- ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
- ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE);
- /* Chunk tests. */
- ExpectIntEQ(wc_Sm3Update(&sm3, data, sizeof(data)), 0);
- ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
- for (chunk = 1; chunk <= WC_SM3_BLOCK_SIZE + 1; chunk++) {
- for (i = 0; i + chunk <= (word32)sizeof(data); i += chunk) {
- ExpectIntEQ(wc_Sm3Update(&sm3, data + i, chunk), 0);
- }
- if (i < (word32)sizeof(data)) {
- ExpectIntEQ(wc_Sm3Update(&sm3, data + i, (word32)sizeof(data) - i),
- 0);
- }
- ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
- ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
- }
- /* Not testing when the low 32-bit length overflows. */
- wc_Sm3Free(&sm3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sm3Update */
- /*
- * Testing wc_Sm3GetHash()
- */
- static int test_wc_Sm3GetHash(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_SM3
- wc_Sm3 sm3;
- byte hash[WC_SM3_DIGEST_SIZE];
- byte calcHash[WC_SM3_DIGEST_SIZE];
- byte data[WC_SM3_BLOCK_SIZE];
- XMEMSET(data, 0, sizeof(data));
- ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
- /* Invalid Parameters */
- ExpectIntEQ(wc_Sm3GetHash(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3GetHash(&sm3, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3GetHash(NULL, hash), BAD_FUNC_ARG);
- /* Valid Parameters */
- ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
- ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
- /* With update. */
- ExpectIntEQ(wc_Sm3Update(&sm3, data, sizeof(data)), 0);
- ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0);
- ExpectIntEQ(wc_Sm3Final(&sm3, calcHash), 0);
- ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
- wc_Sm3Free(&sm3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sm3Update */
- /*
- * Testing wc_Sm3Copy()
- */
- static int test_wc_Sm3Copy(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sm3 sm3;
- wc_Sm3 sm3Copy;
- byte hash[WC_SM3_DIGEST_SIZE];
- byte hashCopy[WC_SM3_DIGEST_SIZE];
- byte data[WC_SM3_BLOCK_SIZE + 1];
- int i;
- ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_InitSm3(&sm3Copy, NULL, INVALID_DEVID), 0);
- /* Invalid Parameters */
- ExpectIntEQ(wc_Sm3Copy(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3Copy(&sm3, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3Copy(NULL, &sm3Copy), BAD_FUNC_ARG);
- /* Valid Parameters */
- ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
- /* Ensure all parts of data updated during hashing are copied. */
- for (i = 0; i < WC_SM3_BLOCK_SIZE + 1; i++) {
- ExpectIntEQ(wc_Sm3Update(&sm3, data, i), 0);
- ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
- ExpectIntEQ(wc_Sm3Update(&sm3, data, 1), 0);
- ExpectIntEQ(wc_Sm3Update(&sm3Copy, data, 1), 0);
- ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0);
- ExpectIntEQ(wc_Sm3Final(&sm3Copy, hashCopy), 0);
- ExpectBufEQ(hash, hashCopy, WC_SM3_DIGEST_SIZE);
- }
- wc_Sm3Free(&sm3Copy);
- wc_Sm3Free(&sm3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sm3Copy */
- /*
- * Testing wc_Sm3FinalRaw()
- */
- static int test_wc_Sm3FinalRaw(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SM3) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
- !defined(WOLFSSL_NO_HASH_RAW)
- wc_Sm3 sm3;
- byte hash1[WC_SM3_DIGEST_SIZE];
- byte hash2[WC_SM3_DIGEST_SIZE];
- byte hash3[WC_SM3_DIGEST_SIZE];
- byte* hash_test[3] = { hash1, hash2, hash3 };
- int times;
- int i;
- XMEMSET(&sm3, 0, sizeof(sm3));
- /* Initialize */
- ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
- /* Invalid Parameters */
- ExpectIntEQ(wc_Sm3FinalRaw(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3FinalRaw(&sm3, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3FinalRaw(NULL, hash1), BAD_FUNC_ARG);
- times = sizeof(hash_test) / sizeof(byte*);
- for (i = 0; i < times; i++) {
- ExpectIntEQ(wc_Sm3FinalRaw(&sm3, hash_test[i]), 0);
- }
- wc_Sm3Free(&sm3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sm3FinalRaw */
- /*
- * Testing wc_Sm3GetFlags, wc_Sm3SetFlags()
- */
- static int test_wc_Sm3GetSetFlags(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
- wc_Sm3 sm3;
- wc_Sm3 sm3Copy;
- word32 flags = 0;
- ExpectIntEQ(wc_InitSm3(&sm3, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_InitSm3(&sm3Copy, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0);
- ExpectIntEQ(flags, 0);
- ExpectIntEQ(wc_Sm3SetFlags(NULL, WC_HASH_FLAG_WILLCOPY), 0);
- ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0);
- ExpectIntEQ(flags, 0);
- ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
- ExpectIntEQ(flags, 0);
- ExpectIntEQ(wc_Sm3SetFlags(&sm3, WC_HASH_FLAG_WILLCOPY), 0);
- ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0);
- ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY);
- ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3Copy), 0);
- ExpectIntEQ(wc_Sm3GetFlags(&sm3Copy, &flags), 0);
- ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY | WC_HASH_FLAG_WILLCOPY);
- wc_Sm3Free(&sm3Copy);
- wc_Sm3Free(&sm3);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sm3Update */
- /*
- * Testing wc_Sm3Hash()
- */
- static int test_wc_Sm3Hash(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS)
- byte data[WC_SM3_BLOCK_SIZE];
- byte hash[WC_SM3_DIGEST_SIZE];
- /* Invalid parameters. */
- ExpectIntEQ(wc_Sm3Hash(NULL, sizeof(data), hash), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), NULL), BAD_FUNC_ARG);
- /* Valid parameters. */
- ExpectIntEQ(wc_Sm3Hash(data, sizeof(data), hash), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sm3Hash */
- /*
- * Test function for wc_HmacSetKey
- */
- static int test_wc_Md5HmacSetKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_MD5)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- for (itr = 0; itr < times; itr++) {
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr]));
- #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
- wc_HmacFree(&hmac);
- ExpectIntEQ(ret, BAD_FUNC_ARG);
- #else
- ExpectIntEQ(ret, 0);
- #endif
- }
- /* Bad args. */
- ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
- #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
- ExpectIntEQ(ret, BAD_FUNC_ARG);
- #elif defined(HAVE_FIPS)
- ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
- #else
- ExpectIntEQ(ret, 0);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Md5HmacSetKey */
- /*
- * testing wc_HmacSetKey() on wc_Sha hash.
- */
- static int test_wc_ShaHmacSetKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- for (itr = 0; itr < times; itr++) {
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr])), 0);
- }
- /* Bad args. */
- ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
- #else
- ExpectIntEQ(ret, 0);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ShaHmacSetKey() */
- /*
- * testing wc_HmacSetKey() on Sha224 hash.
- */
- static int test_wc_Sha224HmacSetKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- for (itr = 0; itr < times; itr++) {
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr])), 0);
- }
- /* Bad args. */
- ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
- #else
- ExpectIntEQ(ret, 0);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224HmacSetKey() */
- /*
- * testing wc_HmacSetKey() on Sha256 hash
- */
- static int test_wc_Sha256HmacSetKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- for (itr = 0; itr < times; itr++) {
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr])), 0);
- }
- /* Bad args. */
- ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
- #else
- ExpectIntEQ(ret, 0);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256HmacSetKey() */
- /*
- * testing wc_HmacSetKey on Sha384 hash.
- */
- static int test_wc_Sha384HmacSetKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- Hmac hmac;
- int ret, times, itr;
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- #ifndef HAVE_FIPS
- "Jefe", /* smaller than minimum FIPS key size */
- #endif
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- times = sizeof(keys) / sizeof(char*);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- for (itr = 0; itr < times; itr++) {
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
- (word32)XSTRLEN(keys[itr])), 0);
- }
- /* Bad args. */
- ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0],
- (word32)XSTRLEN(keys[0])), BAD_FUNC_ARG);
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
- #ifdef HAVE_FIPS
- ExpectIntEQ(ret, HMAC_MIN_KEYLEN_E);
- #else
- ExpectIntEQ(ret, 0);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384HmacSetKey() */
- /*
- * testing wc_HmacUpdate on wc_Md5 hash.
- */
- static int test_wc_Md5HmacUpdate(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
- Hmac hmac;
- testVector a, b;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys,
- (word32)XSTRLEN(keys)), 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
- /* Update Hmac. */
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Md5HmacUpdate */
- /*
- * testing wc_HmacUpdate on SHA hash.
- */
- static int test_wc_ShaHmacUpdate(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- Hmac hmac;
- testVector a, b;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys,
- (word32)XSTRLEN(keys)), 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
- /* Update Hmac. */
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ShaHmacUpdate */
- /*
- * testing wc_HmacUpdate on SHA224 hash.
- */
- static int test_wc_Sha224HmacUpdate(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- Hmac hmac;
- testVector a, b;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys,
- (word32)XSTRLEN(keys)), 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
- /* Update Hmac. */
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224HmacUpdate */
- /*
- * testing wc_HmacUpdate on SHA256 hash.
- */
- static int test_wc_Sha256HmacUpdate(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- Hmac hmac;
- testVector a, b;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys,
- (word32)XSTRLEN(keys)), 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
- /* Update Hmac. */
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256HmacUpdate */
- /*
- * testing wc_HmacUpdate on SHA384 hash.
- */
- static int test_wc_Sha384HmacUpdate(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- Hmac hmac;
- testVector a, b;
- #ifdef HAVE_FIPS
- const char* keys =
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- #else
- const char* keys = "Jefe";
- #endif
- a.input = "what do ya want for nothing?";
- a.inLen = XSTRLEN(a.input);
- b.input = "Hi There";
- b.inLen = XSTRLEN(b.input);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys,
- (word32)XSTRLEN(keys)), 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0);
- /* Update Hmac. */
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0);
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384HmacUpdate */
- /*
- * Testing wc_HmacFinal() with MD5
- */
- static int test_wc_Md5HmacFinal(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
- Hmac hmac;
- byte hash[WC_MD5_DIGEST_SIZE];
- testVector a;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
- "\x9d";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)),
- 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0);
- /* Try bad parameters. */
- ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
- #ifndef HAVE_FIPS
- ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Md5HmacFinal */
- /*
- * Testing wc_HmacFinal() with SHA
- */
- static int test_wc_ShaHmacFinal(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- Hmac hmac;
- byte hash[WC_SHA_DIGEST_SIZE];
- testVector a;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
- "\x8e\xf1\x46\xbe\x00";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)),
- 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0);
- /* Try bad parameters. */
- ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
- #ifndef HAVE_FIPS
- ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ShaHmacFinal */
- /*
- * Testing wc_HmacFinal() with SHA224
- */
- static int test_wc_Sha224HmacFinal(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- Hmac hmac;
- byte hash[WC_SHA224_DIGEST_SIZE];
- testVector a;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
- "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key,
- (word32)XSTRLEN(key)), 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0);
- /* Try bad parameters. */
- ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
- #ifndef HAVE_FIPS
- ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha224HmacFinal */
- /*
- * Testing wc_HmacFinal() with SHA256
- */
- static int test_wc_Sha256HmacFinal(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- Hmac hmac;
- byte hash[WC_SHA256_DIGEST_SIZE];
- testVector a;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
- "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
- "\xcf\xf7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key,
- (word32)XSTRLEN(key)), 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0);
- /* Try bad parameters. */
- ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
- #ifndef HAVE_FIPS
- ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha256HmacFinal */
- /*
- * Testing wc_HmacFinal() with SHA384
- */
- static int test_wc_Sha384HmacFinal(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- Hmac hmac;
- byte hash[WC_SHA384_DIGEST_SIZE];
- testVector a;
- const char* key;
- key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b";
- a.input = "Hi There";
- a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
- "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
- "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
- "\xfa\x9c\xb6";
- a.inLen = XSTRLEN(a.input);
- a.outLen = XSTRLEN(a.output);
- ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key,
- (word32)XSTRLEN(key)), 0);
- ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0);
- ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0);
- ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0);
- /* Try bad parameters. */
- ExpectIntEQ(wc_HmacFinal(NULL, hash), BAD_FUNC_ARG);
- #ifndef HAVE_FIPS
- ExpectIntEQ(wc_HmacFinal(&hmac, NULL), BAD_FUNC_ARG);
- #endif
- wc_HmacFree(&hmac);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Sha384HmacFinal */
- /*
- * Testing wc_InitCmac()
- */
- static int test_wc_InitCmac(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- Cmac cmac1;
- Cmac cmac2;
- Cmac cmac3;
- /* AES 128 key. */
- byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x09\x10\x11\x12\x13\x14\x15\x16";
- /* AES 192 key. */
- byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x09\x01\x11\x12\x13\x14\x15\x16"
- "\x01\x02\x03\x04\x05\x06\x07\x08";
- /* AES 256 key. */
- byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x09\x01\x11\x12\x13\x14\x15\x16"
- "\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x09\x01\x11\x12\x13\x14\x15\x16";
- word32 key1Sz = (word32)sizeof(key1) - 1;
- word32 key2Sz = (word32)sizeof(key2) - 1;
- word32 key3Sz = (word32)sizeof(key3) - 1;
- int type = WC_CMAC_AES;
- (void)key1;
- (void)key1Sz;
- (void)key2;
- (void)key2Sz;
- XMEMSET(&cmac1, 0, sizeof(Cmac));
- XMEMSET(&cmac2, 0, sizeof(Cmac));
- XMEMSET(&cmac3, 0, sizeof(Cmac));
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(wc_InitCmac(&cmac1, key1, key1Sz, type, NULL), 0);
- #endif
- #ifdef WOLFSSL_AES_192
- wc_AesFree(&cmac1.aes);
- ExpectIntEQ(wc_InitCmac(&cmac2, key2, key2Sz, type, NULL), 0);
- #endif
- #ifdef WOLFSSL_AES_256
- wc_AesFree(&cmac2.aes);
- ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, type, NULL), 0);
- #endif
- wc_AesFree(&cmac3.aes);
- /* Test bad args. */
- ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitCmac */
- /*
- * Testing wc_CmacUpdate()
- */
- static int test_wc_CmacUpdate(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
- Cmac cmac;
- byte key[] = {
- 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
- 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
- };
- byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
- "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
- "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
- "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
- "\xf4";
- word32 inSz = (word32)sizeof(in) - 1;
- word32 keySz = (word32)sizeof(key);
- int type = WC_CMAC_AES;
- XMEMSET(&cmac, 0, sizeof(Cmac));
- ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
- ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), BAD_FUNC_ARG);
- wc_AesFree(&cmac.aes);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_CmacUpdate */
- /*
- * Testing wc_CmacFinal()
- */
- static int test_wc_CmacFinal(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
- Cmac cmac;
- byte key[] = {
- 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
- 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
- };
- byte msg[] = {
- 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
- 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
- 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
- 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
- 0xf4
- };
- /* Test vectors from CMACGenAES128.rsp from
- * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
- * Per RFC4493 truncation of lsb is possible.
- */
- byte expMac[] = {
- 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
- 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
- };
- byte mac[AES_BLOCK_SIZE];
- word32 msgSz = (word32)sizeof(msg);
- word32 keySz = (word32)sizeof(key);
- word32 macSz = sizeof(mac);
- word32 badMacSz = 17;
- int expMacSz = sizeof(expMac);
- int type = WC_CMAC_AES;
- XMEMSET(&cmac, 0, sizeof(Cmac));
- XMEMSET(mac, 0, macSz);
- ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0);
- ExpectIntEQ(wc_CmacUpdate(&cmac, msg, msgSz), 0);
- #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- /* Pass in bad args. */
- ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz), BUFFER_E);
- /* For the last call, use the API with implicit wc_CmacFree(). */
- ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
- ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
- #else /* !HAVE_FIPS || FIPS>=5.3 */
- ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0);
- ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), BUFFER_E);
- #endif /* !HAVE_FIPS || FIPS>=5.3 */
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_CmacFinal */
- /*
- * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
- */
- static int test_wc_AesCmacGenerate(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
- byte key[] = {
- 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
- 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
- };
- byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
- "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
- byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
- "\x3d\x32\x65\x4c\x66\x23\xc5";
- byte mac[AES_BLOCK_SIZE];
- word32 keySz = sizeof(key);
- word32 macSz = sizeof(mac);
- word32 msgSz = sizeof(msg) - 1;
- word32 expMacSz = sizeof(expMac) - 1;
- XMEMSET(mac, 0, macSz);
- ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz), 0);
- ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz),
- BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_AesCmacGenerate */
- /*
- * Testing streaming AES-GCM API.
- */
- static int test_wc_AesGcmStream(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
- defined(WOLFSSL_AESGCM_STREAM)
- int i;
- WC_RNG rng[1];
- Aes aesEnc[1];
- Aes aesDec[1];
- byte tag[AES_BLOCK_SIZE];
- byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
- byte out[AES_BLOCK_SIZE * 3 + 2];
- byte plain[AES_BLOCK_SIZE * 3 + 2];
- byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
- byte key[AES_128_KEY_SIZE] = { 0, };
- byte iv[AES_IV_SIZE] = { 1, };
- byte ivOut[AES_IV_SIZE];
- static const byte expTagAAD1[AES_BLOCK_SIZE] = {
- 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
- 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
- };
- static const byte expTagPlain1[AES_BLOCK_SIZE] = {
- 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
- 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
- };
- static const byte expTag[AES_BLOCK_SIZE] = {
- 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
- 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
- };
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(&aesEnc, 0, sizeof(Aes));
- XMEMSET(&aesDec, 0, sizeof(Aes));
- /* Create a random for generating IV/nonce. */
- ExpectIntEQ(wc_InitRng(rng), 0);
- /* Initialize data structures. */
- ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
- /* BadParameters to streaming init. */
- ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
- BAD_FUNC_ARG);
- /* Bad parameters to encrypt update. */
- ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
- BAD_FUNC_ARG);
- /* Bad parameters to decrypt update. */
- ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
- BAD_FUNC_ARG);
- /* Bad parameters to encrypt final. */
- ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
- BAD_FUNC_ARG);
- /* Bad parameters to decrypt final. */
- ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
- BAD_FUNC_ARG);
- /* Check calling final before setting key fails. */
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
- /* Check calling update before setting key else fails. */
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
- MISSING_KEY);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
- MISSING_KEY);
- /* Set key but not IV. */
- ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
- ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
- /* Check calling final before setting IV fails. */
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
- /* Check calling update before setting IV else fails. */
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
- MISSING_IV);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
- MISSING_IV);
- /* Set IV using fixed part IV and external IV APIs. */
- ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
- rng), 0);
- ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
- GCM_NONCE_MID_SZ), 0);
- ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
- ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
- /* Encrypt and decrypt data. */
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
- ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
- /* Finalize and check tag matches. */
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
- /* Set key and IV through streaming init API. */
- wc_AesFree(aesEnc);
- wc_AesFree(aesDec);
- ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
- ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
- /* Encrypt/decrypt one block and AAD of one block. */
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
- AES_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
- AES_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
- /* Finalize and check tag matches. */
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
- /* Set key and IV through streaming init API. */
- wc_AesFree(aesEnc);
- wc_AesFree(aesDec);
- ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
- ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
- /* No data to encrypt/decrypt one byte of AAD. */
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
- /* Finalize and check tag matches. */
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
- /* Set key and IV through streaming init API. */
- wc_AesFree(aesEnc);
- wc_AesFree(aesDec);
- ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
- ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
- /* Encrypt/decrypt one byte and no AAD. */
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
- ExpectIntEQ(XMEMCMP(plain, in, 1), 0);
- /* Finalize and check tag matches. */
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
- /* Set key and IV through streaming init API. */
- wc_AesFree(aesEnc);
- wc_AesFree(aesDec);
- ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
- ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
- /* Encryption AES is one byte at a time */
- for (i = 0; i < (int)sizeof(aad); i++) {
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
- 0);
- }
- for (i = 0; i < (int)sizeof(in); i++) {
- ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
- 0);
- }
- /* Decryption AES is two bytes at a time */
- for (i = 0; i < (int)sizeof(aad); i += 2) {
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
- 0);
- }
- for (i = 0; i < (int)sizeof(aad); i += 2) {
- ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
- 0), 0);
- }
- ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
- /* Finalize and check tag matches. */
- ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
- /* Check streaming encryption can be decrypted with one shot. */
- wc_AesFree(aesDec);
- ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
- ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
- ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
- AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
- wc_AesFree(aesEnc);
- wc_AesFree(aesDec);
- wc_FreeRng(rng);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_AesGcmStream */
- /*
- * Testing streaming SM4 API.
- */
- static int test_wc_Sm4(void)
- {
- int res = TEST_SKIPPED;
- #ifdef WOLFSSL_SM4
- EXPECT_DECLS;
- wc_Sm4 sm4;
- #if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
- defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
- unsigned char key[SM4_KEY_SIZE];
- #endif
- #if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
- unsigned char iv[SM4_IV_SIZE];
- #endif
- /* Invalid parameters - wc_Sm4Init */
- ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4Init */
- ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
- #if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \
- defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM)
- XMEMSET(key, 0, sizeof(key));
- /* Invalid parameters - wc_Sm4SetKey. */
- ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4SetKey. */
- ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
- #endif
- #if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR)
- XMEMSET(iv, 0, sizeof(iv));
- /* Invalid parameters - wc_Sm4SetIV. */
- ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetIV(NULL, iv), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4SetIV. */
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- #endif
- /* Valid cases - wc_Sm4Free */
- wc_Sm4Free(NULL);
- wc_Sm4Free(&sm4);
- res = EXPECT_RESULT();
- #endif
- return res;
- } /* END test_wc_Sm4 */
- /*
- * Testing block based SM4-ECB API.
- */
- static int test_wc_Sm4Ecb(void)
- {
- int res = TEST_SKIPPED;
- #ifdef WOLFSSL_SM4_ECB
- EXPECT_DECLS;
- wc_Sm4 sm4;
- unsigned char key[SM4_KEY_SIZE];
- unsigned char in[SM4_BLOCK_SIZE * 2];
- unsigned char out[SM4_BLOCK_SIZE * 2];
- unsigned char out2[SM4_BLOCK_SIZE];
- XMEMSET(key, 0, sizeof(key));
- XMEMSET(in, 0, sizeof(in));
- ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), MISSING_KEY);
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), MISSING_KEY);
- /* Tested in test_wc_Sm4. */
- ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
- /* Invalid parameters - wc_Sm4EcbEncrypt. */
- ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4EcbEncrypt. */
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0);
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
- /* In and out are same pointer. */
- ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
- /* Invalid parameters - wc_Sm4EcbDecrypt. */
- ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4EcbDecrypt. */
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0);
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
- /* In and out are same pointer. */
- ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
- wc_Sm4Free(&sm4);
- res = EXPECT_RESULT();
- #endif
- return res;
- } /* END test_wc_Sm4Ecb */
- /*
- * Testing block based SM4-CBC API.
- */
- static int test_wc_Sm4Cbc(void)
- {
- int res = TEST_SKIPPED;
- #ifdef WOLFSSL_SM4_CBC
- EXPECT_DECLS;
- wc_Sm4 sm4;
- unsigned char key[SM4_KEY_SIZE];
- unsigned char iv[SM4_IV_SIZE];
- unsigned char in[SM4_BLOCK_SIZE * 2];
- unsigned char out[SM4_BLOCK_SIZE * 2];
- unsigned char out2[SM4_BLOCK_SIZE];
- XMEMSET(key, 0, sizeof(key));
- XMEMSET(iv, 0, sizeof(iv));
- XMEMSET(in, 0, sizeof(in));
- ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), MISSING_KEY);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), MISSING_KEY);
- /* Tested in test_wc_Sm4. */
- ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), MISSING_IV);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), MISSING_IV);
- /* Tested in test_wc_Sm4. */
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- /* Invalid parameters - wc_Sm4CbcEncrypt. */
- ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4CbcEncrypt. */
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
- /* In and out are same pointer. */
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
- /* Invalid parameters - wc_Sm4CbcDecrypt. */
- ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- /* Valid cases - wc_Sm4CbcDecrypt. */
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), 0);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
- /* In and out are same pointer. */
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
- wc_Sm4Free(&sm4);
- res = EXPECT_RESULT();
- #endif
- return res;
- } /* END test_wc_Sm4Cbc */
- /*
- * Testing streaming SM4-CTR API.
- */
- static int test_wc_Sm4Ctr(void)
- {
- int res = TEST_SKIPPED;
- #ifdef WOLFSSL_SM4_CTR
- EXPECT_DECLS;
- wc_Sm4 sm4;
- unsigned char key[SM4_KEY_SIZE];
- unsigned char iv[SM4_IV_SIZE];
- unsigned char in[SM4_BLOCK_SIZE * 4];
- unsigned char out[SM4_BLOCK_SIZE * 4];
- unsigned char out2[SM4_BLOCK_SIZE * 4];
- word32 chunk;
- word32 i;
- XMEMSET(key, 0, sizeof(key));
- XMEMSET(iv, 0, sizeof(iv));
- XMEMSET(in, 0, sizeof(in));
- ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), MISSING_KEY);
- /* Tested in test_wc_Sm4. */
- ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), MISSING_IV);
- /* Tested in test_wc_Sm4. */
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- /* Invalid parameters - wc_Sm4CtrEncrypt. */
- ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4CtrEncrypt. */
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, 1), 0);
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 2), 0);
- ExpectIntEQ(XMEMCMP(out, out2, 1), 0);
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(out2, out, 2), 0);
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0);
- /* In and out are same pointer. Also check encrypt of cipher text produces
- * plaintext.
- */
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, out, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0);
- /* Chunking tests. */
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, (word32)sizeof(in)), 0);
- for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- for (i = 0; i + chunk <= (word32)sizeof(in); i += chunk) {
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, chunk), 0);
- }
- if (i < (word32)sizeof(in)) {
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i,
- (word32)sizeof(in) - i), 0);
- }
- ExpectIntEQ(XMEMCMP(out, out2, (word32)sizeof(out)), 0);
- }
- for (i = 0; i < (word32)sizeof(iv); i++) {
- iv[i] = 0xff;
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0);
- ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, out, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(XMEMCMP(out2, in, SM4_BLOCK_SIZE * 2), 0);
- }
- wc_Sm4Free(&sm4);
- res = EXPECT_RESULT();
- #endif
- return res;
- } /* END test_wc_Sm4Ctr */
- /*
- * Testing stream SM4-GCM API.
- */
- static int test_wc_Sm4Gcm(void)
- {
- int res = TEST_SKIPPED;
- #ifdef WOLFSSL_SM4_GCM
- EXPECT_DECLS;
- wc_Sm4 sm4;
- unsigned char key[SM4_KEY_SIZE];
- unsigned char nonce[GCM_NONCE_MAX_SZ];
- unsigned char in[SM4_BLOCK_SIZE * 2];
- unsigned char in2[SM4_BLOCK_SIZE * 2];
- unsigned char out[SM4_BLOCK_SIZE * 2];
- unsigned char out2[SM4_BLOCK_SIZE * 2];
- unsigned char dec[SM4_BLOCK_SIZE * 2];
- unsigned char tag[SM4_BLOCK_SIZE];
- unsigned char aad[SM4_BLOCK_SIZE * 2];
- word32 i;
- XMEMSET(key, 0, sizeof(key));
- XMEMSET(nonce, 0, sizeof(nonce));
- XMEMSET(in, 0, sizeof(in));
- XMEMSET(in2, 0, sizeof(in2));
- XMEMSET(aad, 0, sizeof(aad));
- ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
- /* Invalid parameters - wc_Sm4GcmSetKey. */
- ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE), BAD_FUNC_ARG);
- /* Valid parameters - wc_Sm4GcmSetKey. */
- ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0);
- /* Invalid parameters - wc_Sm4GcmEncrypt. */
- ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
- NULL, 0, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
- SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
- NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
- WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
- SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
- /* Invalid parameters - wc_Sm4GcmDecrypt. */
- ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ,
- NULL, 0, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
- SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ,
- NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
- WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag,
- SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
- /* Check vald values of nonce - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
- GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
- GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
- GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
- SM4_GCM_AUTH_E);
- /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */
- for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) {
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0);
- }
- /* Check different in/out sizes. */
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce,
- GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
- XMEMCPY(out2, out, i - 1);
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, i, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, dec, out, i, nonce, GCM_NONCE_MID_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(in, dec, i), 0);
- }
- /* Force the counter to roll over in first byte. */
- {
- static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
- static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
- ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
- nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
- nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
- }
- wc_Sm4Free(&sm4);
- res = EXPECT_RESULT();
- #endif
- return res;
- } /* END test_wc_Sm4Gcm */
- /*
- * Testing stream SM4-CCM API.
- */
- static int test_wc_Sm4Ccm(void)
- {
- int res = TEST_SKIPPED;
- #ifdef WOLFSSL_SM4_CCM
- EXPECT_DECLS;
- wc_Sm4 sm4;
- unsigned char key[SM4_KEY_SIZE];
- unsigned char nonce[CCM_NONCE_MAX_SZ];
- unsigned char in[SM4_BLOCK_SIZE * 2];
- unsigned char in2[SM4_BLOCK_SIZE * 2];
- unsigned char out[SM4_BLOCK_SIZE * 2];
- unsigned char out2[SM4_BLOCK_SIZE * 2];
- unsigned char dec[SM4_BLOCK_SIZE * 2];
- unsigned char tag[SM4_BLOCK_SIZE];
- unsigned char aad[SM4_BLOCK_SIZE * 2];
- word32 i;
- XMEMSET(key, 0, sizeof(key));
- XMEMSET(nonce, 0, sizeof(nonce));
- XMEMSET(in, 0, sizeof(in));
- XMEMSET(in2, 0, sizeof(in2));
- XMEMSET(aad, 0, sizeof(aad));
- ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), MISSING_KEY);
- ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0);
- /* Invalid parameters - wc_Sm4CcmEncrypt. */
- ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
- NULL, 0, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
- SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
- NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
- WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
- SM4_BLOCK_SIZE+1, aad, sizeof(aad)), BAD_FUNC_ARG);
- /* Invalid parameters - wc_Sm4CcmDecrypt. */
- ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL,
- 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
- NULL, 0, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag,
- SM4_BLOCK_SIZE, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag,
- SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ,
- NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
- WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag,
- SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
- /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0);
- /* Check vald values of nonce - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
- for (i = CCM_NONCE_MIN_SZ; i <= CCM_NONCE_MAX_SZ; i++) {
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- }
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)),
- SM4_CCM_AUTH_E);
- /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */
- for (i = 0; i < 4; i++) {
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
- }
- /* Odd values in range 4..SM4_BLOCK_SIZE. */
- for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), BAD_FUNC_ARG);
- }
- /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt.
- * Even values in range 4..SM4_BLOCK_SIZE.
- */
- for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) {
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce,
- CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0);
- }
- /* Check different in/out sizes. */
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce,
- CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0);
- for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) {
- XMEMCPY(out2, out, i - 1);
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, i, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, dec, out, i, nonce, CCM_NONCE_MAX_SZ,
- tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(in, dec, i), 0);
- }
- /* Force the counter to roll over in first byte. */
- {
- static unsigned char largeIn[256 * SM4_BLOCK_SIZE];
- static unsigned char largeOut[256 * SM4_BLOCK_SIZE];
- ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn),
- nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn),
- nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0);
- ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0);
- }
- wc_Sm4Free(&sm4);
- res = EXPECT_RESULT();
- #endif
- return res;
- } /* END test_wc_Sm4Ccm */
- /*
- * unit test for wc_Des3_SetIV()
- */
- static int test_wc_Des3_SetIV(void)
- {
- EXPECT_DECLS;
- #ifndef NO_DES3
- Des3 des;
- const byte key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- const byte iv[] = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- XMEMSET(&des, 0, sizeof(Des3));
- ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
- /* DES_ENCRYPTION or DES_DECRYPTION */
- ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
- ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
- #ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
- /* Test explicitly wc_Des3_SetIV() */
- ExpectIntEQ(wc_Des3_SetIV(NULL, iv), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0);
- #endif
- wc_Des3Free(&des);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Des3_SetIV */
- /*
- * unit test for wc_Des3_SetKey()
- */
- static int test_wc_Des3_SetKey(void)
- {
- EXPECT_DECLS;
- #ifndef NO_DES3
- Des3 des;
- const byte key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- const byte iv[] = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- XMEMSET(&des, 0, sizeof(Des3));
- ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
- /* DES_ENCRYPTION or DES_DECRYPTION */
- ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
- ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1), BAD_FUNC_ARG);
- /* Default case. Should return 0. */
- ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0);
- wc_Des3Free(&des);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Des3_SetKey */
- /*
- * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
- */
- static int test_wc_Des3_CbcEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- #ifndef NO_DES3
- Des3 des;
- byte cipher[24];
- byte plain[24];
- const byte key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- const byte iv[] = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- XMEMSET(&des, 0, sizeof(Des3));
- ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
- ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, 24), 0);
- ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION), 0);
- ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, 24), 0);
- ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24), BAD_FUNC_ARG);
- wc_Des3Free(&des);
- #endif
- return EXPECT_RESULT();
- } /* END wc_Des3_CbcEncrypt */
- /*
- * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
- */
- static int test_wc_Des3_CbcEncryptDecryptWithKey(void)
- {
- EXPECT_DECLS;
- #ifndef NO_DES3
- word32 vectorSz, cipherSz;
- byte cipher[24];
- byte plain[24];
- byte vector[] = { /* Now is the time for all w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- byte iv[] = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- vectorSz = sizeof(byte) * 24;
- cipherSz = sizeof(byte) * 24;
- ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv),
- 0);
- ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv), 0);
- ExpectIntEQ(XMEMCMP(plain, vector, 24), 0);
- /* pass in bad args. */
- ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL),
- 0);
- ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL),
- 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Des3_CbcEncryptDecryptWithKey */
- /*
- * Unit test for wc_Des3_EcbEncrypt
- */
- static int test_wc_Des3_EcbEncrypt(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
- Des3 des;
- byte cipher[24];
- word32 cipherSz = sizeof(cipher);
- const byte key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- const byte iv[] = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- XMEMSET(&des, 0, sizeof(Des3));
- ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0);
- /* Bad Cases */
- ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0);
- /* Good Cases */
- ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz), 0);
- wc_Des3Free(&des);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Des3_EcbEncrypt */
- /*
- * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
- */
- static int test_wc_Chacha_SetKey(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_CHACHA
- ChaCha ctx;
- const byte key[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- word32 keySz = (word32)(sizeof(key)/sizeof(byte));
- byte cipher[128];
- XMEMSET(cipher, 0, sizeof(cipher));
- ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Chacha_SetKey */
- /*
- * unit test for wc_Poly1305SetKey()
- */
- static int test_wc_Poly1305SetKey(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_POLY1305
- Poly1305 ctx;
- const byte key[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- word32 keySz = (word32)(sizeof(key)/sizeof(byte));
- ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Poly1305_SetKey() */
- /*
- * Testing wc_Chacha_Process()
- */
- static int test_wc_Chacha_Process(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_CHACHA
- ChaCha enc, dec;
- byte cipher[128];
- byte plain[128];
- const byte key[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- const char* input = "Everybody gets Friday off.";
- word32 keySz = sizeof(key)/sizeof(byte);
- unsigned long int inlen = XSTRLEN(input);
- /* Initialize stack variables. */
- XMEMSET(cipher, 0, 128);
- XMEMSET(plain, 0, 128);
- ExpectIntEQ(wc_Chacha_SetKey(&enc, key, keySz), 0);
- ExpectIntEQ(wc_Chacha_SetKey(&dec, key, keySz), 0);
- ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
- ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
- ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen),
- 0);
- ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0);
- ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0);
- #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
- /* test checking and using leftovers, currently just in C code */
- ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0);
- ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0);
- ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input,
- (word32)inlen - 2), 0);
- ExpectIntEQ(wc_Chacha_Process(&enc, cipher + (inlen - 2),
- (byte*)input + (inlen - 2), 2), 0);
- ExpectIntEQ(wc_Chacha_Process(&dec, plain, (byte*)cipher,
- (word32)inlen - 2), 0);
- ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2),
- (byte*)input + (inlen - 2), 2), 0);
- ExpectIntEQ(XMEMCMP(input, plain, (int)inlen), 0);
- /* check edge cases with counter increment */
- {
- /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
- const byte expected[] = {
- 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
- 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
- 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
- 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
- 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
- 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
- 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
- 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
- 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
- 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
- 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
- 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
- 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
- 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
- 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
- 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
- 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
- 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
- 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
- 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
- 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
- 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
- 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
- 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
- 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
- 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
- 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
- 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
- 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
- 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
- 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
- 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
- };
- const byte iv2[] = {
- 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
- 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
- };
- byte input2[256];
- int i;
- for (i = 0; i < 256; i++)
- input2[i] = i;
- ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0);
- ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2, 64), 0);
- ExpectIntEQ(XMEMCMP(expected, cipher, 64), 0);
- ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 64, 128), 0);
- ExpectIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
- /* partial */
- ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 192, 32), 0);
- ExpectIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
- ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 224, 32), 0);
- ExpectIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
- }
- #endif
- /* Test bad args. */
- ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen),
- BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Chacha_Process */
- /*
- * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
- */
- static int test_wc_ChaCha20Poly1305_aead(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- const byte key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- const byte plaintext[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
- 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
- 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
- 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
- 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
- 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
- 0x74, 0x2e
- };
- const byte iv[] = {
- 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47
- };
- const byte aad[] = { /* additional data */
- 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
- 0xc4, 0xc5, 0xc6, 0xc7
- };
- const byte cipher[] = { /* expected output from operation */
- 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
- 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
- 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
- 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
- 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
- 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
- 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
- 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
- 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
- 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
- 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
- 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
- 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
- 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
- 0x61, 0x16
- };
- const byte authTag[] = { /* expected output from operation */
- 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
- 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
- };
- byte generatedCiphertext[272];
- byte generatedPlaintext[272];
- byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
- /* Initialize stack variables. */
- XMEMSET(generatedCiphertext, 0, 272);
- XMEMSET(generatedPlaintext, 0, 272);
- /* Test Encrypt */
- ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
- plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
- 0);
- ExpectIntEQ(XMEMCMP(generatedCiphertext, cipher,
- sizeof(cipher)/sizeof(byte)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad),
- plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
- plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
- sizeof(plaintext), generatedCiphertext, generatedAuthTag),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
- NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
- plaintext, sizeof(plaintext), NULL, generatedAuthTag), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
- plaintext, sizeof(plaintext), generatedCiphertext, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
- sizeof(cipher), authTag, generatedPlaintext), 0);
- ExpectIntEQ(XMEMCMP(generatedPlaintext, plaintext,
- sizeof(plaintext)/sizeof(byte)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
- sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
- cipher, sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
- sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
- sizeof(cipher), NULL, generatedPlaintext), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
- sizeof(cipher), authTag, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
- sizeof(cipher), authTag, generatedPlaintext), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ChaCha20Poly1305_aead */
- /*
- * Testing function for wc_Rc2SetKey().
- */
- static int test_wc_Rc2SetKey(void)
- {
- EXPECT_DECLS;
- #ifdef WC_RC2
- Rc2 rc2;
- byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
- byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- /* valid key and IV */
- ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
- iv, 40), 0);
- /* valid key, no IV */
- ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
- NULL, 40), 0);
- /* bad arguments */
- /* null Rc2 struct */
- ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
- iv, 40), BAD_FUNC_ARG);
- /* null key */
- ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
- iv, 40), BAD_FUNC_ARG);
- /* key size == 0 */
- ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40), WC_KEY_SIZE_E);
- /* key size > 128 */
- ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40), WC_KEY_SIZE_E);
- /* effective bits == 0 */
- ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
- iv, 0), WC_KEY_SIZE_E);
- /* effective bits > 1024 */
- ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
- iv, 1025), WC_KEY_SIZE_E);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Rc2SetKey */
- /*
- * Testing function for wc_Rc2SetIV().
- */
- static int test_wc_Rc2SetIV(void)
- {
- EXPECT_DECLS;
- #ifdef WC_RC2
- Rc2 rc2;
- byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- /* valid IV */
- ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
- /* valid NULL IV */
- ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0);
- /* bad arguments */
- ExpectIntEQ(wc_Rc2SetIV(NULL, iv), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Rc2SetIV */
- /*
- * Testing function for wc_Rc2EcbEncrypt() and wc_Rc2EcbDecrypt().
- */
- static int test_wc_Rc2EcbEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- #ifdef WC_RC2
- Rc2 rc2;
- int effectiveKeyBits = 63;
- byte cipher[RC2_BLOCK_SIZE];
- byte plain[RC2_BLOCK_SIZE];
- byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
- byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
- byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
- NULL, effectiveKeyBits), 0);
- ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(cipher, output, RC2_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(plain, input, RC2_BLOCK_SIZE), 0);
- /* Rc2EcbEncrypt bad arguments */
- /* null Rc2 struct */
- ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE),
- BAD_FUNC_ARG);
- /* null out buffer */
- ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE),
- BAD_FUNC_ARG);
- /* null input buffer */
- ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE),
- BAD_FUNC_ARG);
- /* output buffer sz != RC2_BLOCK_SIZE (8) */
- ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7), BUFFER_E);
- /* Rc2EcbDecrypt bad arguments */
- /* null Rc2 struct */
- ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE),
- BAD_FUNC_ARG);
- /* null out buffer */
- ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE),
- BAD_FUNC_ARG);
- /* null input buffer */
- ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE),
- BAD_FUNC_ARG);
- /* output buffer sz != RC2_BLOCK_SIZE (8) */
- ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7), BUFFER_E);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Rc2EcbEncryptDecrypt */
- /*
- * Testing function for wc_Rc2CbcEncrypt() and wc_Rc2CbcDecrypt().
- */
- static int test_wc_Rc2CbcEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- #ifdef WC_RC2
- Rc2 rc2;
- int effectiveKeyBits = 63;
- byte cipher[RC2_BLOCK_SIZE*2];
- byte plain[RC2_BLOCK_SIZE*2];
- /* vector taken from test.c */
- byte key[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- byte iv[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- byte input[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- byte output[] = {
- 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
- 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
- };
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
- iv, effectiveKeyBits), 0);
- ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)), 0);
- ExpectIntEQ(XMEMCMP(cipher, output, sizeof(output)), 0);
- /* reset IV for decrypt */
- ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0);
- ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)), 0);
- ExpectIntEQ(XMEMCMP(plain, input, sizeof(input)), 0);
- /* Rc2CbcEncrypt bad arguments */
- /* null Rc2 struct */
- ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)),
- BAD_FUNC_ARG);
- /* null out buffer */
- ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)),
- BAD_FUNC_ARG);
- /* null input buffer */
- ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)),
- BAD_FUNC_ARG);
- /* Rc2CbcDecrypt bad arguments */
- /* in size is 0 */
- ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0);
- /* null Rc2 struct */
- ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)),
- BAD_FUNC_ARG);
- /* null out buffer */
- ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)),
- BAD_FUNC_ARG);
- /* null input buffer */
- ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)),
- BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Rc2CbcEncryptDecrypt */
- /*
- * Testing function for wc_AesSetIV
- */
- static int test_wc_AesSetIV(void)
- {
- int res = TEST_SKIPPED;
- #if !defined(NO_AES) && defined(WOLFSSL_AES_128)
- Aes aes;
- int ret = 0;
- byte key16[] =
- {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- byte iv1[] = "1234567890abcdef";
- byte iv2[] = "0987654321fedcba";
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- if (ret != 0)
- return ret;
- ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
- iv1, AES_ENCRYPTION);
- if (ret == 0) {
- ret = wc_AesSetIV(&aes, iv2);
- }
- /* Test bad args. */
- if (ret == 0) {
- ret = wc_AesSetIV(NULL, iv1);
- if (ret == BAD_FUNC_ARG) {
- /* NULL iv should return 0. */
- ret = wc_AesSetIV(&aes, NULL);
- }
- else {
- ret = WOLFSSL_FATAL_ERROR;
- }
- }
- wc_AesFree(&aes);
- res = TEST_RES_CHECK(ret == 0);
- #endif
- return res;
- } /* test_wc_AesSetIV */
- /*
- * Testing function for wc_AesSetKey().
- */
- static int test_wc_AesSetKey(void)
- {
- EXPECT_DECLS;
- #ifndef NO_AES
- Aes aes;
- byte key16[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #ifdef WOLFSSL_AES_192
- byte key24[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte key32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #endif
- byte badKey16[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
- };
- byte iv[] = "1234567890abcdef";
- XMEMSET(&aes, 0, sizeof(Aes));
- ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32)sizeof(key16) / sizeof(byte),
- iv, AES_ENCRYPTION), 0);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(wc_AesSetKey(&aes, key24, (word32)sizeof(key24) / sizeof(byte),
- iv, AES_ENCRYPTION), 0);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(wc_AesSetKey(&aes, key32, (word32)sizeof(key32) / sizeof(byte),
- iv, AES_ENCRYPTION), 0);
- #endif
- /* Pass in bad args. */
- ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte),
- iv, AES_ENCRYPTION), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesSetKey(&aes, badKey16,
- (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION),
- BAD_FUNC_ARG);
- wc_AesFree(&aes);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_AesSetKey */
- /*
- * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
- * and wc_AesCbcDecryptWithKey()
- */
- static int test_wc_AesCbcEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
- defined(WOLFSSL_AES_256)
- Aes aes;
- byte key32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- byte vector[] = { /* Now is the time for all good men w/o trailing 0 */
- 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
- 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
- 0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20,
- 0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e
- };
- byte iv[] = "1234567890abcdef";
- byte enc[sizeof(vector)];
- byte dec[sizeof(vector)];
- byte dec2[sizeof(vector)];
- /* Init stack variables. */
- XMEMSET(&aes, 0, sizeof(Aes));
- XMEMSET(enc, 0, sizeof(enc));
- XMEMSET(dec, 0, sizeof(vector));
- XMEMSET(dec2, 0, sizeof(vector));
- ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv,
- AES_ENCRYPTION), 0);
- ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)), 0);
- /* Re init for decrypt and set flag. */
- ExpectIntEQ(wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv,
- AES_DECRYPTION), 0);
- ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)), 0);
- ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
- ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, key32,
- sizeof(key32)/sizeof(byte), iv), 0);
- ExpectIntEQ(XMEMCMP(vector, dec2, AES_BLOCK_SIZE), 0);
- /* Pass in bad args */
- ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)),
- BAD_FUNC_ARG);
- #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
- ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1),
- BAD_LENGTH_E);
- #endif
- #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
- fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS "
- "mode (v2), skip test");
- #else
- /* Test passing in size of 0 */
- XMEMSET(enc, 0, sizeof(enc));
- ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, 0), 0);
- /* Check enc was not modified */
- {
- int i;
- for (i = 0; i < (int)sizeof(enc); i++)
- ExpectIntEQ(enc[i], 0);
- }
- #endif
- ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE),
- BAD_FUNC_ARG);
- #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
- ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1),
- BAD_LENGTH_E);
- #else
- ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1),
- BAD_FUNC_ARG);
- #endif
- /* Test passing in size of 0 */
- XMEMSET(dec, 0, sizeof(dec));
- ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, 0), 0);
- /* Check dec was not modified */
- {
- int i;
- for (i = 0; i < (int)sizeof(dec); i++)
- ExpectIntEQ(dec[i], 0);
- }
- ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
- key32, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
- key32, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
- NULL, sizeof(key32)/sizeof(byte), iv), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
- key32, sizeof(key32)/sizeof(byte), NULL), BAD_FUNC_ARG);
- wc_AesFree(&aes);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_AesCbcEncryptDecrypt */
- /*
- * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
- */
- static int test_wc_AesCtrEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
- Aes aesEnc;
- Aes aesDec;
- byte key32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- byte vector[] = { /* Now is the time for all w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte iv[] = "1234567890abcdef";
- byte enc[AES_BLOCK_SIZE * 2];
- byte dec[AES_BLOCK_SIZE * 2];
- /* Init stack variables. */
- XMEMSET(&aesEnc, 0, sizeof(Aes));
- XMEMSET(&aesDec, 0, sizeof(Aes));
- XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
- XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);
- ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2, iv,
- AES_ENCRYPTION), 0);
- ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector,
- sizeof(vector)/sizeof(byte)), 0);
- /* Decrypt with wc_AesCtrEncrypt() */
- ExpectIntEQ(wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2, iv,
- AES_ENCRYPTION), 0);
- ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)),
- 0);
- ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)),
- BAD_FUNC_ARG);
- wc_AesFree(&aesEnc);
- wc_AesFree(&aesDec);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_AesCtrEncryptDecrypt */
- /*
- * test function for wc_AesGcmSetKey()
- */
- static int test_wc_AesGcmSetKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- Aes aes;
- #ifdef WOLFSSL_AES_128
- byte key16[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte key24[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte key32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #endif
- byte badKey16[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
- };
- byte badKey24[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
- };
- byte badKey32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
- };
- ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
- #endif
- /* Pass in bad args. */
- ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)),
- BAD_FUNC_ARG);
- wc_AesFree(&aes);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_AesGcmSetKey */
- /*
- * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
- */
- static int test_wc_AesGcmEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- /* WOLFSSL_AFALG requires 12 byte IV */
- #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
- !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
- Aes aes;
- byte key32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- byte vector[] = { /* Now is the time for all w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- const byte a[] = {
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xab, 0xad, 0xda, 0xd2
- };
- byte iv[] = "1234567890a";
- byte longIV[] = "1234567890abcdefghij";
- byte enc[sizeof(vector)];
- byte resultT[AES_BLOCK_SIZE];
- byte dec[sizeof(vector)];
- /* Init stack variables. */
- XMEMSET(&aes, 0, sizeof(Aes));
- XMEMSET(enc, 0, sizeof(vector));
- XMEMSET(dec, 0, sizeof(vector));
- XMEMSET(resultT, 0, AES_BLOCK_SIZE);
- ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0);
- ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
- ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0);
- ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
- /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
- ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)),
- BAD_FUNC_ARG);
- #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
- defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
- /* FIPS does not check the lower bound of ivSz */
- #else
- ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0,
- resultT, sizeof(resultT), a, sizeof(a)), BAD_FUNC_ARG);
- #endif
- /* This case is now considered good. Long IVs are now allowed.
- * Except for the original FIPS release, it still has an upper
- * bound on the IV length. */
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
- !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
- ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
- sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
- 0);
- #else
- (void)longIV;
- #endif /* Old FIPS */
- /* END wc_AesGcmEncrypt */
- #ifdef HAVE_AES_DECRYPT
- ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
- sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)),
- BAD_FUNC_ARG);
- #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM))
- ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
- AES_GCM_AUTH_E);
- #else
- ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv,
- sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)),
- BAD_FUNC_ARG);
- #endif
- #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
- !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
- /* FIPS does not check the lower bound of ivSz */
- #else
- ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
- iv, 0, resultT, sizeof(resultT), a, sizeof(a)), BAD_FUNC_ARG);
- #endif
- #endif /* HAVE_AES_DECRYPT */
- wc_AesFree(&aes);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_AesGcmEncryptDecrypt */
- /*
- * test function for mixed (one-shot encrpytion + stream decryption) AES GCM
- * using a long IV (older FIPS does NOT support long IVs). Relates to zd15423
- */
- static int test_wc_AesGcmMixedEncDecLongIV(void)
- {
- EXPECT_DECLS;
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
- !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
- const byte key[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- const byte in[] = {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- const byte aad[] = {
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xab, 0xad, 0xda, 0xd2
- };
- Aes aesEnc;
- Aes aesDec;
- byte iv[] = "1234567890abcdefghij";
- byte out[sizeof(in)];
- byte plain[sizeof(in)];
- byte tag[AES_BLOCK_SIZE];
- XMEMSET(&aesEnc, 0, sizeof(Aes));
- XMEMSET(&aesDec, 0, sizeof(Aes));
- XMEMSET(out, 0, sizeof(out));
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(tag, 0, sizeof(tag));
- /* Perform one-shot encryption using long IV */
- ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0);
- ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv),
- tag, sizeof(tag), aad, sizeof(aad)), 0);
- /* Perform streaming decryption using long IV */
- ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0);
- ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad,
- sizeof(aad)), 0);
- ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0);
- ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
- /* Free resources */
- wc_AesFree(&aesEnc);
- wc_AesFree(&aesDec);
- #endif
- return EXPECT_RESULT();
- } /* END wc_AesGcmMixedEncDecLongIV */
- /*
- * unit test for wc_GmacSetKey()
- */
- static int test_wc_GmacSetKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- Gmac gmac;
- byte key16[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #ifdef WOLFSSL_AES_192
- byte key24[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte key32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- #endif
- byte badKey16[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
- };
- byte badKey24[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- byte badKey32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- XMEMSET(&gmac, 0, sizeof(Gmac));
- ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
- #endif
- /* Pass in bad args. */
- ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)),
- BAD_FUNC_ARG);
- wc_AesFree(&gmac.aes);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_GmacSetKey */
- /*
- * unit test for wc_GmacUpdate
- */
- static int test_wc_GmacUpdate(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- Gmac gmac;
- #ifdef WOLFSSL_AES_128
- const byte key16[] = {
- 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
- 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte key24[] = {
- 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
- 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
- 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte key32[] = {
- 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
- 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
- 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
- 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
- };
- #endif
- #ifdef WOLFSSL_AES_128
- const byte authIn[] = {
- 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
- 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
- };
- #endif
- #ifdef WOLFSSL_AES_192
- const byte authIn2[] = {
- 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
- 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
- };
- #endif
- const byte authIn3[] = {
- 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
- 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
- };
- #ifdef WOLFSSL_AES_128
- const byte tag1[] = { /* Known. */
- 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- #endif
- #ifdef WOLFSSL_AES_192
- const byte tag2[] = { /* Known */
- 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
- 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
- };
- #endif
- const byte tag3[] = { /* Known */
- 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
- 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
- };
- #ifdef WOLFSSL_AES_128
- const byte iv[] = {
- 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
- 0xe2, 0x8c, 0x8f, 0x16
- };
- #endif
- #ifdef WOLFSSL_AES_192
- const byte iv2[] = {
- 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
- 0x7e, 0x1a, 0x6f, 0xbc
- };
- #endif
- const byte iv3[] = {
- 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
- 0xc3, 0xfb, 0x6c, 0x8a
- };
- byte tagOut[16];
- byte tagOut2[24];
- byte tagOut3[32];
- /* Init stack variables. */
- XMEMSET(&gmac, 0, sizeof(Gmac));
- XMEMSET(tagOut, 0, sizeof(tagOut));
- XMEMSET(tagOut2, 0, sizeof(tagOut2));
- XMEMSET(tagOut3, 0, sizeof(tagOut3));
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0);
- ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
- tagOut, sizeof(tag1)), 0);
- ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0);
- wc_AesFree(&gmac.aes);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
- ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0);
- ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2),
- tagOut2, sizeof(tag2)), 0);
- ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0);
- wc_AesFree(&gmac.aes);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac)));
- ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0);
- ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
- tagOut3, sizeof(tag3)), 0);
- ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0);
- wc_AesFree(&gmac.aes);
- #endif
- /* Pass bad args. */
- ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
- tagOut3, sizeof(tag3)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
- tagOut3, sizeof(tag3) - 5), BAD_FUNC_ARG);
- ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3),
- tagOut3, sizeof(tag3) + 1), BAD_FUNC_ARG);
- wc_AesFree(&gmac.aes);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_GmacUpdate */
- /*
- * testing wc_CamelliaSetKey
- */
- static int test_wc_CamelliaSetKey(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_CAMELLIA
- Camellia camellia;
- /*128-bit key*/
- static const byte key16[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- /* 192-bit key */
- static const byte key24[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- /* 256-bit key */
- static const byte key32[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- static const byte iv[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv),
- 0);
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16),
- NULL), 0);
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
- 0);
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
- NULL), 0);
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv),
- 0);
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32),
- NULL), 0);
- /* Bad args. */
- ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv),
- BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_CammeliaSetKey */
- /*
- * Testing wc_CamelliaSetIV()
- */
- static int test_wc_CamelliaSetIV(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_CAMELLIA
- Camellia camellia;
- static const byte iv[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- ExpectIntEQ(wc_CamelliaSetIV(&camellia, iv), 0);
- ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0);
- /* Bad args. */
- ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_CamelliaSetIV*/
- /*
- * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
- */
- static int test_wc_CamelliaEncryptDecryptDirect(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_CAMELLIA
- Camellia camellia;
- static const byte key24[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- static const byte iv[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- static const byte plainT[] = {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- byte enc[sizeof(plainT)];
- byte dec[sizeof(enc)];
- /* Init stack variables.*/
- XMEMSET(enc, 0, 16);
- XMEMSET(enc, 0, 16);
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv),
- 0);
- ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, plainT), 0);
- ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, enc), 0);
- ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0);
- /* Pass bad args. */
- ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test-wc_CamelliaEncryptDecryptDirect */
- /*
- * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
- */
- static int test_wc_CamelliaCbcEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_CAMELLIA
- Camellia camellia;
- static const byte key24[] = {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- static const byte plainT[] = {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- byte enc[CAMELLIA_BLOCK_SIZE];
- byte dec[CAMELLIA_BLOCK_SIZE];
- /* Init stack variables. */
- XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
- XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
- NULL), 0);
- ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT,
- CAMELLIA_BLOCK_SIZE), 0);
- ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24),
- NULL), 0);
- ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE),
- 0);
- ExpectIntEQ(XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
- CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
- CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
- CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
- CAMELLIA_BLOCK_SIZE), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_CamelliaCbcEncryptDecrypt */
- /*
- * Testing wc_Arc4SetKey()
- */
- static int test_wc_Arc4SetKey(void)
- {
- EXPECT_DECLS;
- #ifndef NO_RC4
- Arc4 arc;
- const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- int keyLen = 8;
- ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, keyLen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, keyLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Arc4SetKey(&arc, NULL , keyLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0 ), BAD_FUNC_ARG);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Arc4SetKey */
- /*
- * Testing wc_Arc4Process for ENC/DEC.
- */
- static int test_wc_Arc4Process(void)
- {
- EXPECT_DECLS;
- #ifndef NO_RC4
- Arc4 enc;
- Arc4 dec;
- const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- int keyLen = 8;
- const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- byte cipher[8];
- byte plain[8];
- /* Init stack variables */
- XMEMSET(&enc, 0, sizeof(Arc4));
- XMEMSET(&dec, 0, sizeof(Arc4));
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- /* Use for async. */
- ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, keyLen), 0);
- ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, keyLen), 0);
- ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, keyLen), 0);
- ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, keyLen), 0);
- ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0);
- /* Bad args. */
- ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, keyLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, keyLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, keyLen), BAD_FUNC_ARG);
- wc_Arc4Free(&enc);
- wc_Arc4Free(&dec);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_Arc4Process */
- /*
- * Testing wc_Init RsaKey()
- */
- static int test_wc_InitRsaKey(void)
- {
- EXPECT_DECLS;
- #ifndef NO_RSA
- RsaKey key;
- XMEMSET(&key, 0, sizeof(RsaKey));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitRsaKey */
- /*
- * Testing wc_RsaPrivateKeyDecode()
- */
- static int test_wc_RsaPrivateKeyDecode(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
- || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
- RsaKey key;
- byte* tmp = NULL;
- word32 idx = 0;
- int bytes = 0;
- XMEMSET(&key, 0, sizeof(RsaKey));
- ExpectNotNull(tmp = (byte*)XMALLOC(FOURK_BUF, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- if (tmp != NULL) {
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
- bytes = sizeof_client_key_der_1024;
- #else
- XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
- bytes = sizeof_client_key_der_2048;
- #endif /* Use cert buffers. */
- }
- ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes),
- BAD_FUNC_ARG);
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaPrivateKeyDecode */
- /*
- * Testing wc_RsaPublicKeyDecode()
- */
- static int test_wc_RsaPublicKeyDecode(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
- || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
- RsaKey keyPub;
- byte* tmp = NULL;
- word32 idx = 0;
- int bytes = 0;
- word32 keySz = 0;
- word32 tstKeySz = 0;
- #if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
- XFILE f = XBADFILE;
- const char* rsaPssPubKey = "./certs/rsapss/ca-rsapss-key.der";
- const char* rsaPssPubKeyNoParams = "./certs/rsapss/ca-3072-rsapss-key.der";
- byte buf[4096];
- #endif
- XMEMSET(&keyPub, 0, sizeof(RsaKey));
- ExpectNotNull(tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wc_InitRsaKey(&keyPub, HEAP_HINT), 0);
- if (tmp != NULL) {
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- bytes = sizeof_client_keypub_der_1024;
- keySz = 1024;
- #else
- XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- bytes = sizeof_client_keypub_der_2048;
- keySz = 2048;
- #endif
- }
- ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes),
- BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRsaKey(&keyPub), 0);
- /* Test for getting modulus key size */
- idx = 0;
- ExpectIntEQ(wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
- &tstKeySz, NULL, NULL), 0);
- ExpectIntEQ(tstKeySz, keySz/8);
- #if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
- ExpectTrue((f = XFOPEN(rsaPssPubKey, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- idx = 0;
- ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
- NULL), 0);
- ExpectTrue((f = XFOPEN(rsaPssPubKeyNoParams, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- idx = 0;
- ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
- NULL), 0);
- #endif
- XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaPublicKeyDecode */
- /*
- * Testing wc_RsaPublicKeyDecodeRaw()
- */
- static int test_wc_RsaPublicKeyDecodeRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA)
- RsaKey key;
- const byte n = 0x23;
- const byte e = 0x03;
- int nSz = sizeof(n);
- int eSz = sizeof(e);
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL),
- BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaPublicKeyDecodeRaw */
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
- * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
- * trying until it gets a probable prime. */
- #ifdef HAVE_FIPS
- static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
- {
- int ret;
- for (;;) {
- ret = wc_MakeRsaKey(key, size, e, rng);
- if (ret != PRIME_GEN_E) break;
- fprintf(stderr, "MakeRsaKey couldn't find prime; "
- "trying again.\n");
- }
- return ret;
- }
- #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
- #else
- #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
- #endif
- #endif
- /*
- * Testing wc_MakeRsaKey()
- */
- static int test_wc_MakeRsaKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey genKey;
- WC_RNG rng;
- #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
- int bits = 1024;
- #else
- int bits = 2048;
- #endif
- XMEMSET(&genKey, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey(&genKey, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
- DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
- /* Test bad args. */
- ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), BAD_FUNC_ARG);
- ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL),
- BAD_FUNC_ARG);
- /* e < 3 */
- ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), BAD_FUNC_ARG);
- /* e & 1 == 0 */
- ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_MakeRsaKey */
- /*
- * Test the bounds checking on the cipher text versus the key modulus.
- * 1. Make a new RSA key.
- * 2. Set c to 1.
- * 3. Decrypt c into k. (error)
- * 4. Copy the key modulus to c and sub 1 from the copy.
- * 5. Decrypt c into k. (error)
- * Valid bounds test cases are covered by all the other RSA tests.
- */
- static int test_RsaDecryptBoundsCheck(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
- (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
- defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
- WC_RNG rng;
- RsaKey key;
- byte flatC[256];
- word32 flatCSz;
- byte out[256];
- word32 outSz = sizeof(out);
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- if (EXPECT_SUCCESS()) {
- const byte* derKey;
- word32 derKeySz;
- word32 idx = 0;
- #ifdef USE_CERT_BUFFERS_1024
- derKey = server_key_der_1024;
- derKeySz = (word32)sizeof_server_key_der_1024;
- flatCSz = 128;
- #else
- derKey = server_key_der_2048;
- derKeySz = (word32)sizeof_server_key_der_2048;
- flatCSz = 256;
- #endif
- ExpectIntEQ(wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz), 0);
- }
- if (EXPECT_SUCCESS()) {
- XMEMSET(flatC, 0, flatCSz);
- flatC[flatCSz-1] = 1;
- ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
- RSA_PRIVATE_DECRYPT, &rng), RSA_OUT_OF_RANGE_E);
- if (EXPECT_SUCCESS()) {
- mp_int c;
- ExpectIntEQ(mp_init_copy(&c, &key.n), 0);
- ExpectIntEQ(mp_sub_d(&c, 1, &c), 0);
- ExpectIntEQ(mp_to_unsigned_bin(&c, flatC), 0);
- ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
- RSA_PRIVATE_DECRYPT, NULL), RSA_OUT_OF_RANGE_E);
- mp_clear(&c);
- }
- }
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaDecryptBoundsCheck */
- /*
- * Testing wc_SetKeyUsage()
- */
- static int test_wc_SetKeyUsage(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS)
- Cert myCert;
- ExpectIntEQ(wc_InitCert(&myCert), 0);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement"), 0);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation"), 0);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly"), 0);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, "decipherOnly"), 0);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign"), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_SetKeyUsage(NULL, "decipherOnly"), BAD_FUNC_ARG);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, ""), KEYUSAGE_E);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, ","), KEYUSAGE_E);
- ExpectIntEQ(wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign"),
- KEYUSAGE_E);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_SetKeyUsage */
- /*
- * Testing wc_CheckProbablePrime()
- */
- static int test_wc_CheckProbablePrime(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
- #define CHECK_PROBABLE_PRIME_KEY_BITS 2048
- RsaKey key;
- WC_RNG rng;
- byte e[3];
- word32 eSz = (word32)sizeof(e);
- byte n[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
- word32 nSz = (word32)sizeof(n);
- byte d[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
- word32 dSz = (word32)sizeof(d);
- byte p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
- word32 pSz = (word32)sizeof(p);
- byte q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
- word32 qSz = (word32)sizeof(q);
- int nlen = CHECK_PROBABLE_PRIME_KEY_BITS;
- int* isPrime;
- int test[5];
- isPrime = test;
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
- ExpectIntEQ(wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS,
- WC_RSA_EXPONENT, &rng), 0);
- PRIVATE_KEY_UNLOCK();
- ExpectIntEQ(wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q,
- &qSz), 0);
- PRIVATE_KEY_LOCK();
- /* Bad cases */
- ExpectIntEQ(wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz, nlen, isPrime),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CheckProbablePrime(p, 0, q, qSz, e, eSz, nlen, isPrime),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz, nlen, isPrime),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, 0, e, eSz, nlen, isPrime),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz, nlen, isPrime),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, 0, nlen, isPrime),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0, nlen, isPrime),
- BAD_FUNC_ARG);
- /* Good case */
- ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz, nlen, isPrime),
- 0);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- wc_FreeRng(&rng);
- #undef CHECK_PROBABLE_PRIME_KEY_BITS
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_CheckProbablePrime */
- /*
- * Testing wc_RsaPSS_Verify()
- */
- static int test_wc_RsaPSS_Verify(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
- RsaKey key;
- WC_RNG rng;
- int sz = 256;
- const char* szMessage = "This is the string to be signed";
- unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
- unsigned char pDecrypted[2048/8];
- byte* pt = pDecrypted;
- word32 outLen = sizeof(pDecrypted);
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
- ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
- ExpectIntGT(sz = wc_RsaPSS_Sign((byte*)szMessage,
- (word32)XSTRLEN(szMessage)+1, pSignature, sizeof(pSignature),
- WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
- /* Bad cases */
- ExpectIntEQ(wc_RsaPSS_Verify(NULL, sz, pt, outLen,
- WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
- WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_Verify(pSignature, sz, NULL, outLen,
- WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
- WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- /* Good case */
- ExpectIntGT(wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
- WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- wc_FreeRng(&rng);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaPSS_Verify */
- /*
- * Testing wc_RsaPSS_VerifyCheck()
- */
- static int test_wc_RsaPSS_VerifyCheck(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
- RsaKey key;
- WC_RNG rng;
- int sz = 256; /* 2048/8 */
- byte digest[32];
- word32 digestSz = sizeof(digest);
- unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
- word32 pSignatureSz = sizeof(pSignature);
- unsigned char pDecrypted[2048/8];
- byte* pt = pDecrypted;
- word32 outLen = sizeof(pDecrypted);
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(digest, 0, sizeof(digest));
- XMEMSET(pSignature, 0, sizeof(pSignature));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
- ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
- ExpectTrue((digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0);
- ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz),
- 0);
- ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
- WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
- /* Bad cases */
- ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- /* Good case */
- ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
- ExpectIntEQ(wc_FreeRsaKey(&key), 0);
- wc_FreeRng(&rng);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaPSS_VerifyCheck */
- /*
- * Testing wc_RsaPSS_VerifyCheckInline()
- */
- static int test_wc_RsaPSS_VerifyCheckInline(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
- RsaKey key;
- WC_RNG rng;
- int sz = 256;
- byte digest[32];
- word32 digestSz = sizeof(digest);
- unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
- unsigned char pDecrypted[2048/8];
- byte* pt = pDecrypted;
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(digest, 0, sizeof(digest));
- XMEMSET(pSignature, 0, sizeof(pSignature));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
- ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
- ExpectTrue((digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > 0);
- ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz),
- 0);
- ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature,
- sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
- /* Bad Cases */
- ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest,
- digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key), BAD_FUNC_ARG);
- /* Good case */
- ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest,
- digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- wc_FreeRng(&rng);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaPSS_VerifyCheckInline */
- #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- static void sample_mutex_cb (int flag, int type, const char* file, int line)
- {
- (void)flag;
- (void)type;
- (void)file;
- (void)line;
- }
- #endif
- /*
- * Testing wc_LockMutex_ex
- */
- static int test_wc_LockMutex_ex(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- int flag = CRYPTO_LOCK;
- int type = 0;
- const char* file = "./test-LockMutex_ex.txt";
- int line = 0;
- /* without SetMutexCb */
- ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), BAD_STATE_E);
- /* with SetMutexCb */
- ExpectIntEQ(wc_SetMutexCb(sample_mutex_cb), 0);
- ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), 0);
- ExpectIntEQ(wc_SetMutexCb(NULL), 0);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_LockMutex_ex*/
- /*
- * Testing wc_SetMutexCb
- */
- static int test_wc_SetMutexCb(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
- ExpectIntEQ(wc_SetMutexCb(sample_mutex_cb), 0);
- ExpectIntEQ(wc_SetMutexCb(NULL), 0);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_SetMutexCb*/
- /*
- * Testing wc_RsaKeyToDer()
- */
- static int test_wc_RsaKeyToDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey genKey;
- WC_RNG rng;
- byte* der = NULL;
- #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
- int bits = 1024;
- word32 derSz = 611;
- /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
- + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
- #else
- int bits = 2048;
- word32 derSz = 1196;
- /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
- + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
- #endif
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&genKey, 0, sizeof(genKey));
- ExpectNotNull(der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
- /* Init structures. */
- ExpectIntEQ(wc_InitRsaKey(&genKey, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- /* Make key. */
- ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
- ExpectIntGT(wc_RsaKeyToDer(&genKey, der, derSz), 0);
- /* Pass good/bad args. */
- ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
- /* Get just the output length */
- ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
- /* Try Public Key. */
- genKey.type = 0;
- ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF), BAD_FUNC_ARG);
- #ifdef WOLFSSL_CHECK_MEM_ZERO
- /* Put back to Private Key */
- genKey.type = 1;
- #endif
- XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaKeyToDer */
- /*
- * Testing wc_RsaKeyToPublicDer()
- */
- static int test_wc_RsaKeyToPublicDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- byte* der = NULL;
- #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
- int bits = 1024;
- word32 derLen = 162;
- #else
- int bits = 2048;
- word32 derLen = 294;
- #endif
- int ret;
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ExpectNotNull(der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
- /* test getting size only */
- ExpectIntGT(wc_RsaKeyToPublicDer(&key, NULL, derLen), 0);
- ExpectIntGT(wc_RsaKeyToPublicDer(&key, der, derLen), 0);
- /* test getting size only */
- ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0), 0);
- ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), BAD_FUNC_ARG);
- ExpectIntLT(ret = wc_RsaKeyToPublicDer(&key, der, -1), 0);
- ExpectTrue((ret == BUFFER_E) || (ret == BAD_FUNC_ARG));
- XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaKeyToPublicDer */
- /*
- * Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
- */
- static int test_wc_RsaPublicEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- const char inStr[] = TEST_STRING;
- const word32 plainLen = (word32)TEST_STRING_SZ;
- const word32 inLen = (word32)TEST_STRING_SZ;
- int bits = TEST_RSA_BITS;
- const word32 cipherLen = TEST_RSA_BYTES;
- word32 cipherLenResult = cipherLen;
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
- WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
- WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
- WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
- WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
- WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- ExpectNotNull(in);
- ExpectNotNull(plain);
- ExpectNotNull(cipher);
- #endif
- ExpectNotNull(XMEMCPY(in, inStr, inLen));
- /* Initialize stack structures. */
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
- /* Encrypt. */
- ExpectIntGT(cipherLenResult = wc_RsaPublicEncrypt(in, inLen, cipher,
- cipherLen, &key, &rng), 0);
- /* Pass bad args - tested in another testing function.*/
- /* Decrypt */
- #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
- /* Bind rng */
- ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
- #endif
- ExpectIntGE(wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen,
- &key), 0);
- ExpectIntEQ(XMEMCMP(plain, inStr, plainLen), 0);
- /* Pass bad args - tested in another testing function.*/
- WC_FREE_VAR(in, NULL);
- WC_FREE_VAR(plain, NULL);
- WC_FREE_VAR(cipher, NULL);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaPublicEncryptDecrypt */
- /*
- * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
- */
- static int test_wc_RsaPublicEncryptDecrypt_ex(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
- && !defined(WC_NO_RSA_OAEP) && !defined(NO_SHA256)
- RsaKey key;
- WC_RNG rng;
- const char inStr[] = TEST_STRING;
- const word32 inLen = (word32)TEST_STRING_SZ;
- const word32 plainSz = (word32)TEST_STRING_SZ;
- byte* res = NULL;
- int idx = 0;
- int bits = TEST_RSA_BITS;
- const word32 cipherSz = TEST_RSA_BYTES;
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
- WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
- WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
- WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
- WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
- WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- ExpectNotNull(in);
- ExpectNotNull(plain);
- ExpectNotNull(cipher);
- #endif
- ExpectNotNull(XMEMCPY(in, inStr, inLen));
- /* Initialize stack structures. */
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
- /* Encrypt */
- ExpectIntGE(idx = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key,
- &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
- /* Pass bad args - tested in another testing function.*/
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- /* Decrypt */
- #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
- ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
- #endif
- ExpectIntGE(wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, plain, plainSz,
- &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
- ExpectIntEQ(XMEMCMP(plain, inStr, plainSz), 0);
- /* Pass bad args - tested in another testing function.*/
- ExpectIntGE(wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, &res, &key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0);
- ExpectIntEQ(XMEMCMP(inStr, res, plainSz), 0);
- #endif
- WC_FREE_VAR(in, NULL);
- WC_FREE_VAR(plain, NULL);
- WC_FREE_VAR(cipher, NULL);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaPublicEncryptDecrypt_ex */
- /*
- * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
- */
- static int test_wc_RsaSSL_SignVerify(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- const char inStr[] = TEST_STRING;
- const word32 plainSz = (word32)TEST_STRING_SZ;
- const word32 inLen = (word32)TEST_STRING_SZ;
- word32 idx = 0;
- int bits = TEST_RSA_BITS;
- const word32 outSz = TEST_RSA_BYTES;
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
- WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
- WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
- WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
- WC_ALLOC_VAR(out, byte, TEST_RSA_BYTES, NULL);
- WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- ExpectNotNull(in);
- ExpectNotNull(out);
- ExpectNotNull(plain);
- #endif
- ExpectNotNull(XMEMCPY(in, inStr, inLen));
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
- /* Sign. */
- ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng), (int)outSz);
- idx = (int)outSz;
- /* Test bad args. */
- ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng),
- BAD_FUNC_ARG);
- /* Verify. */
- ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, &key), (int)inLen);
- /* Pass bad args. */
- ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL),
- BAD_FUNC_ARG);
- WC_FREE_VAR(in, NULL);
- WC_FREE_VAR(out, NULL);
- WC_FREE_VAR(plain, NULL);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaSSL_SignVerify */
- /*
- * Testing wc_RsaEncryptSize()
- */
- static int test_wc_RsaEncryptSize(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
- ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0);
- ExpectIntEQ(wc_RsaEncryptSize(&key), 128);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- #endif
- ExpectIntEQ(MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
- ExpectIntEQ(wc_RsaEncryptSize(&key), 256);
- /* Pass in bad arg. */
- ExpectIntEQ(wc_RsaEncryptSize(NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaEncryptSize*/
- /*
- * Testing wc_RsaFlattenPublicKey()
- */
- static int test_wc_RsaFlattenPublicKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RsaKey key;
- WC_RNG rng;
- byte e[256];
- byte n[256];
- word32 eSz = sizeof(e);
- word32 nSz = sizeof(n);
- #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
- int bits = 1024;
- #else
- int bits = 2048;
- #endif
- XMEMSET(&key, 0, sizeof(RsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
- ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz), 0);
- /* Pass bad args. */
- ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL),
- BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_RsaFlattenPublicKey */
- /*
- * unit test for wc_AesCcmSetKey
- */
- static int test_wc_AesCcmSetKey(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_AESCCM
- Aes aes;
- const byte key16[] = {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- const byte key24[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
- };
- const byte key32[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
- };
- XMEMSET(&aes, 0, sizeof(Aes));
- ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0);
- #endif
- /* Test bad args. */
- ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), BAD_FUNC_ARG);
- wc_AesFree(&aes);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_AesCcmSetKey */
- /*
- * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
- */
- static int test_wc_AesCcmEncryptDecrypt(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- Aes aes;
- const byte key16[] = {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- /* plaintext */
- const byte plainT[] = {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
- };
- /* nonce */
- const byte iv[] = {
- 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
- 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
- };
- const byte c[] = { /* cipher text. */
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
- };
- const byte t[] = { /* Auth tag */
- 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
- };
- const byte authIn[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- byte cipherOut[sizeof(plainT)];
- byte authTag[sizeof(t)];
- #ifdef HAVE_AES_DECRYPT
- byte plainOut[sizeof(cipherOut)];
- #endif
- XMEMSET(&aes, 0, sizeof(Aes));
- ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0);
- ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0);
- ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0);
- ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0);
- ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0);
- #ifdef HAVE_AES_DECRYPT
- ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
- iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0);
- ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0);
- #endif
- /* Pass in bad args. Encrypt*/
- ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
- iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
- iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
- iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)),
- BAD_FUNC_ARG);
- #ifdef HAVE_AES_DECRYPT
- /* Pass in bad args. Decrypt*/
- ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
- iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
- iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
- iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
- NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
- iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
- iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut),
- iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)),
- BAD_FUNC_ARG);
- #endif
- wc_AesFree(&aes);
- #endif /* HAVE_AESCCM */
- return EXPECT_RESULT();
- } /* END test_wc_AesCcmEncryptDecrypt */
- #if defined(WOLFSSL_AES_EAX) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- /*
- * Testing test_wc_AesEaxVectors()
- */
- static int test_wc_AesEaxVectors(void)
- {
- EXPECT_DECLS;
- typedef struct {
- byte key[AES_256_KEY_SIZE];
- int key_length;
- byte iv[AES_BLOCK_SIZE];
- int iv_length;
- byte aad[AES_BLOCK_SIZE * 2];
- int aad_length;
- byte msg[AES_BLOCK_SIZE * 5];
- int msg_length;
- byte ct[AES_BLOCK_SIZE * 5];
- int ct_length;
- byte tag[AES_BLOCK_SIZE];
- int tag_length;
- int valid;
- } AadVector;
- /* Test vectors obtained from Google wycheproof project
- * https://github.com/google/wycheproof
- * from testvectors/aes_eax_test.json
- */
- const AadVector vectors[] = {
- {
- /* key, key length */
- {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
- 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
- /* iv, iv length */
- {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
- 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
- /* aad, aad length */
- {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
- /* msg, msg length */
- {0x00}, 0,
- /* ct, ct length */
- {0x00}, 0,
- /* tag, tag length */
- {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
- 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
- 0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16,
- /* iv, iv length */
- {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84,
- 0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16,
- /* aad, aad length */
- {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8,
- /* msg, msg length */
- {0xf7, 0xfb}, 2,
- /* ct, ct length */
- {0x19, 0xdd}, 2,
- /* tag, tag length */
- {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda,
- 0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7,
- 0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16,
- /* iv, iv length */
- {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84,
- 0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16,
- /* aad, aad length */
- {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8,
- /* msg, msg length */
- {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5,
- /* ct, ct length */
- {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5,
- /* tag, tag length */
- {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19,
- 0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd,
- 0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16,
- /* iv, iv length */
- {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12,
- 0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16,
- /* aad, aad length */
- {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8,
- /* msg, msg length */
- {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5,
- /* ct, ct length */
- {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5,
- /* tag, tag length */
- {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f,
- 0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1,
- 0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16,
- /* iv, iv length */
- {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c,
- 0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16,
- /* aad, aad length */
- {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8,
- /* msg, msg length */
- {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6,
- /* ct, ct length */
- {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6,
- /* tag, tag length */
- {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe,
- 0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2,
- 0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16,
- /* iv, iv length */
- {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85,
- 0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16,
- /* aad, aad length */
- {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8,
- /* msg, msg length */
- {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24,
- 0x5b, 0xd1, 0xfb, 0x7d}, 12,
- /* ct, ct length */
- {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35,
- 0x0e, 0x72, 0x84, 0x14}, 12,
- /* tag, tag length */
- {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69,
- 0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac,
- 0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16,
- /* iv, iv length */
- {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39,
- 0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16,
- /* aad, aad length */
- {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8,
- /* msg, msg length */
- {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed,
- 0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16,
- 0x36}, 17,
- /* ct, ct length */
- {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48,
- 0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda,
- 0x30}, 17,
- /* tag, tag length */
- {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa,
- 0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca,
- 0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16,
- /* iv, iv length */
- {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d,
- 0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16,
- /* aad, aad length */
- {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8,
- /* msg, msg length */
- {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba,
- 0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd,
- 0x2d, 0x56}, 18,
- /* ct, ct length */
- {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89,
- 0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae,
- 0x8c, 0xc3}, 18,
- /* tag, tag length */
- {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9,
- 0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5,
- 0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16,
- /* iv, iv length */
- {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8,
- 0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16,
- /* aad, aad length */
- {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8,
- /* msg, msg length */
- {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13,
- 0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5,
- 0xef, 0x11}, 18,
- /* ct, ct length */
- {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a,
- 0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38,
- 0xb1, 0xe8}, 18,
- /* tag, tag length */
- {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f,
- 0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6,
- 0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16,
- /* iv, iv length */
- {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93,
- 0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16,
- /* aad, aad length */
- {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8,
- /* msg, msg length */
- {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa,
- 0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f,
- 0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21,
- /* ct, ct length */
- {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf,
- 0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97,
- 0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21,
- /* tag, tag length */
- {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52,
- 0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
- 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
- /* ct, ct length */
- {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
- 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
- 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
- 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
- /* tag, tag length */
- {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
- 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9,
- 0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
- /* ct, ct length */
- {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91,
- 0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20,
- 0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3,
- 0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32,
- /* tag, tag length */
- {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed,
- 0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d,
- 0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
- /* ct, ct length */
- {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5,
- 0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0,
- 0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd,
- 0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32,
- /* tag, tag length */
- {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a,
- 0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2,
- 0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
- /* ct, ct length */
- {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e,
- 0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8,
- 0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2,
- 0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32,
- /* tag, tag length */
- {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac,
- 0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83,
- 0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
- /* ct, ct length */
- {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e,
- 0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac,
- 0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0,
- 0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32,
- /* tag, tag length */
- {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e,
- 0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47,
- 0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
- /* ct, ct length */
- {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8,
- 0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e,
- 0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22,
- 0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32,
- /* tag, tag length */
- {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4,
- 0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a,
- 0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
- 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
- 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
- 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64,
- /* ct, ct length */
- {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6,
- 0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3,
- 0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37,
- 0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66,
- 0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3,
- 0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40,
- 0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4,
- 0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64,
- /* tag, tag length */
- {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd,
- 0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55,
- 0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
- 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
- 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
- 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
- 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
- 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
- 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80,
- /* ct, ct length */
- {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3,
- 0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f,
- 0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46,
- 0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb,
- 0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f,
- 0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36,
- 0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb,
- 0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d,
- 0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77,
- 0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80,
- /* tag, tag length */
- {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a,
- 0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37,
- 0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16,
- /* iv, iv length */
- {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc,
- 0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x00}, 0,
- /* ct, ct length */
- {0x00}, 0,
- /* tag, tag length */
- {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69,
- 0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10,
- 0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16,
- /* iv, iv length */
- {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1,
- 0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x01}, 1,
- /* ct, ct length */
- {0x1d}, 1,
- /* tag, tag length */
- {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02,
- 0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32,
- 0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16,
- /* iv, iv length */
- {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97,
- 0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60,
- 0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15,
- /* ct, ct length */
- {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98,
- 0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15,
- /* tag, tag length */
- {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e,
- 0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5,
- 0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16,
- /* iv, iv length */
- {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51,
- 0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32,
- 0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea,
- 0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22,
- /* ct, ct length */
- {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d,
- 0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd,
- 0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22,
- /* tag, tag length */
- {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74,
- 0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d,
- 0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16,
- /* iv, iv length */
- {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee,
- 0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16,
- /* aad, aad length */
- {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8,
- /* msg, msg length */
- {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c,
- 0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16,
- /* ct, ct length */
- {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd,
- 0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16,
- /* tag, tag length */
- {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad,
- 0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41,
- 0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16,
- /* iv, iv length */
- {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a,
- 0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16,
- /* aad, aad length */
- {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52,
- 0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15,
- /* msg, msg length */
- {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73,
- 0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16,
- /* ct, ct length */
- {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38,
- 0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16,
- /* tag, tag length */
- {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2,
- 0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e,
- 0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16,
- /* iv, iv length */
- {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a,
- 0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16,
- /* aad, aad length */
- {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1,
- 0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16,
- /* msg, msg length */
- {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0,
- 0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16,
- /* ct, ct length */
- {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61,
- 0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16,
- /* tag, tag length */
- {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a,
- 0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4,
- 0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16,
- /* iv, iv length */
- {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf,
- 0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16,
- /* aad, aad length */
- {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a,
- 0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8,
- 0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24,
- /* msg, msg length */
- {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d,
- 0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16,
- /* ct, ct length */
- {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c,
- 0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16,
- /* tag, tag length */
- {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36,
- 0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16,
- /* valid */
- 1,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
- 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72,
- 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d,
- 0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72,
- 0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16,
- /* valid */
- 0,
- },
- {
- /* key, key length */
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
- /* iv, iv length */
- {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
- /* aad, aad length */
- {0x00}, 0,
- /* msg, msg length */
- {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
- /* ct, ct length */
- {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
- 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
- /* tag, tag length */
- {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3,
- 0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16,
- /* valid */
- 0,
- },
- };
- byte ciphertext[sizeof(vectors[0].ct)];
- byte authtag[sizeof(vectors[0].tag)];
- int i;
- int len;
- int ret;
- for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
- XMEMSET(ciphertext, 0, sizeof(ciphertext));
- len = sizeof(authtag);
- ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length,
- ciphertext,
- vectors[i].msg, vectors[i].msg_length,
- vectors[i].iv, vectors[i].iv_length,
- authtag, len,
- vectors[i].aad, vectors[i].aad_length),
- 0);
- /* check ciphertext matches vector */
- ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length),
- 0);
- /* check that computed tag matches vector only for vectors marked as valid */
- ret = XMEMCMP(authtag, vectors[i].tag, len);
- if (vectors[i].valid) {
- ExpectIntEQ(ret, 0);
- }
- else {
- ExpectIntNE(ret, 0);
- }
- XMEMSET(ciphertext, 0, sizeof(ciphertext));
- /* Decrypt, checking that the computed auth tags match */
- ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length,
- ciphertext,
- vectors[i].ct, vectors[i].ct_length,
- vectors[i].iv, vectors[i].iv_length,
- authtag, len,
- vectors[i].aad, vectors[i].aad_length),
- 0);
- /* check decrypted ciphertext matches vector plaintext */
- ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length),
- 0);
- }
- return EXPECT_RESULT();
- } /* END test_wc_AesEaxVectors */
- /*
- * Testing test_wc_AesEaxEncryptAuth()
- */
- static int test_wc_AesEaxEncryptAuth(void)
- {
- EXPECT_DECLS;
- const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
- const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
- const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
- const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04};
- byte ciphertext[sizeof(msg)];
- byte authtag[AES_BLOCK_SIZE];
- int i;
- int len;
- len = sizeof(authtag);
- ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
- ciphertext,
- msg, sizeof(msg),
- iv, sizeof(iv),
- authtag, len,
- aad, sizeof(aad)),
- 0);
- /* Test null checking */
- ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key),
- ciphertext,
- msg, sizeof(msg),
- iv, sizeof(iv),
- authtag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
- NULL,
- msg, sizeof(msg),
- iv, sizeof(iv),
- authtag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
- ciphertext,
- NULL, sizeof(msg),
- iv, sizeof(iv),
- authtag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
- ciphertext,
- msg, sizeof(msg),
- NULL, sizeof(iv),
- authtag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
- ciphertext,
- msg, sizeof(msg),
- iv, sizeof(iv),
- NULL, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
- ciphertext,
- msg, sizeof(msg),
- iv, sizeof(iv),
- authtag, len,
- NULL, sizeof(aad)),
- BAD_FUNC_ARG);
- /* Test bad key lengths */
- for (i = 0; i <= 32; i++) {
- int exp_ret;
- if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
- || i == AES_256_KEY_SIZE) {
- exp_ret = 0;
- }
- else {
- exp_ret = BAD_FUNC_ARG;
- }
- ExpectIntEQ(wc_AesEaxEncryptAuth(key, i,
- ciphertext,
- msg, sizeof(msg),
- iv, sizeof(iv),
- authtag, len,
- aad, sizeof(aad)),
- exp_ret);
- }
- /* Test auth tag size out of range */
- len = AES_BLOCK_SIZE + 1;
- ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key),
- ciphertext,
- msg, sizeof(msg),
- iv, sizeof(iv),
- authtag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- return EXPECT_RESULT();
- } /* END test_wc_AesEaxEncryptAuth() */
- /*
- * Testing test_wc_AesEaxDecryptAuth()
- */
- static int test_wc_AesEaxDecryptAuth(void)
- {
- EXPECT_DECLS;
- const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
- const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
- const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
- const byte ct[] = {0x00, 0x01, 0x02, 0x03, 0x04};
- /* Garbage tag that should always fail for above aad */
- const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE,
- 0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF};
- byte plaintext[sizeof(ct)];
- int i;
- int len;
- len = sizeof(tag);
- ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
- plaintext,
- ct, sizeof(ct),
- iv, sizeof(iv),
- tag, len,
- aad, sizeof(aad)),
- AES_EAX_AUTH_E);
- /* Test null checking */
- ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key),
- plaintext,
- ct, sizeof(ct),
- iv, sizeof(iv),
- tag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
- NULL,
- ct, sizeof(ct),
- iv, sizeof(iv),
- tag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
- plaintext,
- NULL, sizeof(ct),
- iv, sizeof(iv),
- tag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
- plaintext,
- ct, sizeof(ct),
- NULL, sizeof(iv),
- tag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
- plaintext,
- ct, sizeof(ct),
- iv, sizeof(iv),
- NULL, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
- plaintext,
- ct, sizeof(ct),
- iv, sizeof(iv),
- tag, len,
- NULL, sizeof(aad)),
- BAD_FUNC_ARG);
- /* Test bad key lengths */
- for (i = 0; i <= 32; i++) {
- int exp_ret;
- if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
- || i == AES_256_KEY_SIZE) {
- exp_ret = AES_EAX_AUTH_E;
- }
- else {
- exp_ret = BAD_FUNC_ARG;
- }
- ExpectIntEQ(wc_AesEaxDecryptAuth(key, i,
- plaintext,
- ct, sizeof(ct),
- iv, sizeof(iv),
- tag, len,
- aad, sizeof(aad)),
- exp_ret);
- }
- /* Test auth tag size out of range */
- len = AES_BLOCK_SIZE + 1;
- ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key),
- plaintext,
- ct, sizeof(ct),
- iv, sizeof(iv),
- tag, len,
- aad, sizeof(aad)),
- BAD_FUNC_ARG);
- return EXPECT_RESULT();
- } /* END test_wc_AesEaxDecryptAuth() */
- #endif /* WOLFSSL_AES_EAX &&
- * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST
- */
- /*
- * Testing wc_InitDsaKey()
- */
- static int test_wc_InitDsaKey(void)
- {
- EXPECT_DECLS;
- #ifndef NO_DSA
- DsaKey key;
- XMEMSET(&key, 0, sizeof(DsaKey));
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_InitDsaKey(NULL), BAD_FUNC_ARG);
- wc_FreeDsaKey(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_InitDsaKey */
- /*
- * Testing wc_DsaSign() and wc_DsaVerify()
- */
- static int test_wc_DsaSignVerify(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA)
- DsaKey key;
- WC_RNG rng;
- wc_Sha sha;
- byte signature[DSA_SIG_SIZE];
- byte hash[WC_SHA_DIGEST_SIZE];
- word32 idx = 0;
- word32 bytes;
- int answer;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- byte tmp[TWOK_BUF];
- XFILE fp = XBADFILE;
- XMEMSET(tmp, 0, sizeof(tmp));
- ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
- ExpectTrue((bytes = (word32)XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- ExpectIntEQ(wc_InitSha(&sha), 0);
- ExpectIntEQ(wc_ShaUpdate(&sha, tmp, bytes), 0);
- ExpectIntEQ(wc_ShaFinal(&sha, hash), 0);
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- /* Sign. */
- ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_DsaSign(NULL, signature, &key, &rng), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaSign(hash, NULL, &key, &rng), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaSign(hash, signature, NULL, &rng), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaSign(hash, signature, &key, NULL), BAD_FUNC_ARG);
- /* Verify. */
- ExpectIntEQ(wc_DsaVerify(hash, signature, &key, &answer), 0);
- ExpectIntEQ(answer, 1);
- /* Pass in bad args. */
- ExpectIntEQ(wc_DsaVerify(NULL, signature, &key, &answer), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaVerify(hash, NULL, &key, &answer), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), BAD_FUNC_ARG);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
- /* hard set q to 0 and test fail case */
- mp_free(&key.q);
- mp_init(&key.q);
- ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
- mp_set(&key.q, 1);
- ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
- #endif
- DoExpectIntEQ(wc_FreeRng(&rng),0);
- wc_FreeDsaKey(&key);
- wc_ShaFree(&sha);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_DsaSign */
- /*
- * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
- */
- static int test_wc_DsaPublicPrivateKeyDecode(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA)
- DsaKey key;
- word32 bytes = 0;
- word32 idx = 0;
- int ret = 0;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- byte tmp[TWOK_BUF];
- XFILE fp = XBADFILE;
- XMEMSET(tmp, 0, sizeof(tmp));
- ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
- ExpectTrue((bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes), BAD_FUNC_ARG);
- ExpectIntLT(ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
- ExpectTrue((ret == ASN_PARSE_E) || (ret == BUFFER_E));
- wc_FreeDsaKey(&key);
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- idx = 0; /* Reset */
- ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes), BAD_FUNC_ARG);
- ExpectIntLT(ret = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0);
- ExpectTrue((ret == ASN_PARSE_E) || (ret == BUFFER_E));
- wc_FreeDsaKey(&key);
- #endif /* !NO_DSA */
- return EXPECT_RESULT();
- } /* END test_wc_DsaPublicPrivateKeyDecode */
- /*
- * Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
- */
- static int test_wc_MakeDsaKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- DsaKey genKey;
- WC_RNG rng;
- XMEMSET(&genKey, 0, sizeof(genKey));
- XMEMSET(&rng, 0, sizeof(rng));
- ExpectIntEQ(wc_InitDsaKey(&genKey), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey), BAD_FUNC_ARG);
- ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_MakeDsaKey(&rng, &genKey), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_MakeDsaKey(NULL, &genKey), BAD_FUNC_ARG);
- ExpectIntEQ(wc_MakeDsaKey(&rng, NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_FreeDsaKey(&genKey);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_MakeDsaKey */
- /*
- * Testing wc_DsaKeyToDer()
- */
- static int test_wc_DsaKeyToDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- DsaKey key;
- word32 bytes;
- word32 idx = 0;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- byte der[ONEK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMSET(der, 0, sizeof(der));
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- byte der[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMSET(der, 0, sizeof(der));
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- byte tmp[TWOK_BUF];
- byte der[TWOK_BUF];
- XFILE fp = XBADFILE;
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMSET(der, 0, sizeof(der));
- ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
- ExpectTrue((bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp)) > 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- XMEMSET(&key, 0, sizeof(DsaKey));
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0);
- ExpectIntGE(wc_DsaKeyToDer(&key, der, bytes), 0);
- ExpectIntEQ(XMEMCMP(der, tmp, bytes), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_DsaKeyToDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaKeyToDer(&key, NULL, FOURK_BUF), BAD_FUNC_ARG);
- wc_FreeDsaKey(&key);
- #endif /* !NO_DSA && WOLFSSL_KEY_GEN */
- return EXPECT_RESULT();
- } /* END test_wc_DsaKeyToDer */
- /*
- * Testing wc_DsaKeyToPublicDer()
- * (indirectly testing setDsaPublicKey())
- */
- static int test_wc_DsaKeyToPublicDer(void)
- {
- EXPECT_DECLS;
- #ifndef HAVE_SELFTEST
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- DsaKey key;
- WC_RNG rng;
- byte* der = NULL;
- word32 sz = 0;
- word32 idx = 0;
- XMEMSET(&key, 0, sizeof(DsaKey));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectNotNull(der = (byte*)XMALLOC(ONEK_BUF, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &key), 0);
- ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0);
- ExpectIntGE(sz = wc_DsaKeyToPublicDer(&key, der, ONEK_BUF), 0);
- wc_FreeDsaKey(&key);
- idx = 0;
- ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
- /* Test without the SubjectPublicKeyInfo header */
- ExpectIntGE(sz = wc_SetDsaPublicKey(der, &key, ONEK_BUF, 0), 0);
- wc_FreeDsaKey(&key);
- idx = 0;
- ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DsaKeyToPublicDer(&key, NULL, FOURK_BUF), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_FreeDsaKey(&key);
- XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* !NO_DSA && WOLFSSL_KEY_GEN */
- #endif /* !HAVE_SELFTEST */
- return EXPECT_RESULT();
- } /* END test_wc_DsaKeyToPublicDer */
- /*
- * Testing wc_DsaImportParamsRaw()
- */
- static int test_wc_DsaImportParamsRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA)
- DsaKey key;
- /* [mod = L=1024, N=160], from CAVP KeyPair */
- const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
- "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
- "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
- "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
- "47123188f8dc551054ee162b634d60f097f719076640e209"
- "80a0093113a8bd73";
- const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
- const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
- "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
- "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
- "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
- "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
- "76341a7e7d9";
- /* invalid p and q parameters */
- const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
- const char* invalidQ = "96c5390a";
- XMEMSET(&key, 0, sizeof(DsaKey));
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, q, g), 0);
- /* test bad args */
- /* null key struct */
- ExpectIntEQ(wc_DsaImportParamsRaw(NULL, p, q, g), BAD_FUNC_ARG);
- /* null param pointers */
- ExpectIntEQ(wc_DsaImportParamsRaw(&key, NULL, NULL, NULL), BAD_FUNC_ARG);
- /* illegal p length */
- ExpectIntEQ(wc_DsaImportParamsRaw(&key, invalidP, q, g), BAD_FUNC_ARG);
- /* illegal q length */
- ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, invalidQ, g), BAD_FUNC_ARG);
- wc_FreeDsaKey(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_DsaImportParamsRaw */
- /*
- * Testing wc_DsaImportParamsRawCheck()
- */
- static int test_wc_DsaImportParamsRawCheck(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- DsaKey key;
- int trusted = 0;
- /* [mod = L=1024, N=160], from CAVP KeyPair */
- const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
- "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
- "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
- "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
- "47123188f8dc551054ee162b634d60f097f719076640e209"
- "80a0093113a8bd73";
- const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
- const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
- "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
- "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
- "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
- "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
- "76341a7e7d9";
- /* invalid p and q parameters */
- const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
- const char* invalidQ = "96c5390a";
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL), 0);
- /* test bad args */
- /* null key struct */
- ExpectIntEQ(wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL),
- BAD_FUNC_ARG);
- /* null param pointers */
- ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted,
- NULL), BAD_FUNC_ARG);
- /* illegal p length */
- ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL),
- BAD_FUNC_ARG);
- /* illegal q length */
- ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL),
- BAD_FUNC_ARG);
- wc_FreeDsaKey(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_DsaImportParamsRawCheck */
- /*
- * Testing wc_DsaExportParamsRaw()
- */
- static int test_wc_DsaExportParamsRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA)
- DsaKey key;
- /* [mod = L=1024, N=160], from CAVP KeyPair */
- const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
- "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
- "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
- "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
- "47123188f8dc551054ee162b634d60f097f719076640e209"
- "80a0093113a8bd73";
- const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
- const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
- "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
- "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
- "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
- "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
- "76341a7e7d9";
- const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
- "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
- "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
- "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
- "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
- "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
- "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
- "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
- "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
- "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
- "\x80\xa0\x09\x31\x13\xa8\xbd\x73";
- const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
- "\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
- const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
- "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
- "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
- "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
- "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
- "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
- "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
- "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
- "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
- "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
- "\x17\xfc\x07\x63\x41\xa7\xe7\xd9";
- byte pOut[MAX_DSA_PARAM_SIZE];
- byte qOut[MAX_DSA_PARAM_SIZE];
- byte gOut[MAX_DSA_PARAM_SIZE];
- word32 pOutSz;
- word32 qOutSz;
- word32 gOutSz;
- XMEMSET(&key, 0, sizeof(DsaKey));
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- /* first test using imported raw parameters, for expected */
- ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, q, g), 0);
- pOutSz = sizeof(pOut);
- qOutSz = sizeof(qOut);
- gOutSz = sizeof(gOut);
- ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
- &gOutSz), 0);
- /* validate exported parameters are correct */
- ExpectIntEQ(XMEMCMP(pOut, pCompare, pOutSz), 0);
- ExpectIntEQ(XMEMCMP(qOut, qCompare, qOutSz), 0);
- ExpectIntEQ(XMEMCMP(gOut, gCompare, gOutSz), 0);
- /* test bad args */
- /* null key struct */
- ExpectIntEQ(wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz, gOut,
- &gOutSz), BAD_FUNC_ARG);
- /* null output pointers */
- ExpectIntEQ(wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz, NULL,
- &gOutSz), LENGTH_ONLY_E);
- /* null output size pointers */
- ExpectIntEQ( wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL, gOut,
- NULL), BAD_FUNC_ARG);
- /* p output buffer size too small */
- pOutSz = 1;
- ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
- &gOutSz), BUFFER_E);
- pOutSz = sizeof(pOut);
- /* q output buffer size too small */
- qOutSz = 1;
- ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
- &gOutSz), BUFFER_E);
- qOutSz = sizeof(qOut);
- /* g output buffer size too small */
- gOutSz = 1;
- ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut,
- &gOutSz), BUFFER_E);
- wc_FreeDsaKey(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_DsaExportParamsRaw */
- /*
- * Testing wc_DsaExportKeyRaw()
- */
- static int test_wc_DsaExportKeyRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
- DsaKey key;
- WC_RNG rng;
- byte xOut[MAX_DSA_PARAM_SIZE];
- byte yOut[MAX_DSA_PARAM_SIZE];
- word32 xOutSz, yOutSz;
- XMEMSET(&key, 0, sizeof(key));
- XMEMSET(&rng, 0, sizeof(rng));
- ExpectIntEQ(wc_InitDsaKey(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_MakeDsaParameters(&rng, 1024, &key), 0);
- ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0);
- /* try successful export */
- xOutSz = sizeof(xOut);
- yOutSz = sizeof(yOut);
- ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), 0);
- /* test bad args */
- /* null key struct */
- ExpectIntEQ(wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz),
- BAD_FUNC_ARG);
- /* null output pointers */
- ExpectIntEQ(wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz),
- LENGTH_ONLY_E);
- /* null output size pointers */
- ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL),
- BAD_FUNC_ARG);
- /* x output buffer size too small */
- xOutSz = 1;
- ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
- BUFFER_E);
- xOutSz = sizeof(xOut);
- /* y output buffer size too small */
- yOutSz = 1;
- ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz),
- BUFFER_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_FreeDsaKey(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_DsaExportParamsRaw */
- /*
- * Testing wc_ed25519_make_key().
- */
- static int test_wc_ed25519_make_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY)
- ed25519_key key;
- WC_RNG rng;
- unsigned char pubkey[ED25519_PUB_KEY_SIZE+1];
- int pubkey_sz = ED25519_PUB_KEY_SIZE;
- XMEMSET(&key, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, pubkey_sz),
- ECC_PRIV_KEY_E);
- ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, pubkey_sz),
- ECC_PRIV_KEY_E);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key),
- BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed25519_make_key */
- /*
- * Testing wc_ed25519_init()
- */
- static int test_wc_ed25519_init(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519)
- ed25519_key key;
- XMEMSET(&key, 0, sizeof(ed25519_key));
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_init(NULL), BAD_FUNC_ARG);
- wc_ed25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed25519_init */
- /*
- * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
- */
- static int test_wc_ed25519_sign_msg(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
- WC_RNG rng;
- ed25519_key key;
- byte msg[] = "Everybody gets Friday off.\n";
- byte sig[ED25519_SIG_SIZE+1];
- word32 msglen = sizeof(msg);
- word32 siglen = ED25519_SIG_SIZE;
- word32 badSigLen = ED25519_SIG_SIZE - 1;
- #ifdef HAVE_ED25519_VERIFY
- int verify_ok = 0; /*1 = Verify success.*/
- #endif
- /* Initialize stack variables. */
- XMEMSET(&key, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(sig, 0, sizeof(sig));
- /* Initialize key. */
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key), 0);
- ExpectIntEQ(siglen, ED25519_SIG_SIZE);
- ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig+1, &siglen, &key), 0);
- ExpectIntEQ(siglen, ED25519_SIG_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key),
- BUFFER_E);
- ExpectIntEQ(badSigLen, ED25519_SIG_SIZE);
- badSigLen -= 1;
- #ifdef HAVE_ED25519_VERIFY
- ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
- &key), 0);
- ExpectIntEQ(verify_ok, 1);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen - 1, msg, msglen,
- &verify_ok, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen + 1, msg, msglen,
- &verify_ok, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
- &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, NULL, msglen, &verify_ok,
- &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, NULL, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_verify_msg(sig+1, badSigLen, msg, msglen, &verify_ok,
- &key), BAD_FUNC_ARG);
- #endif /* Verify. */
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed25519_sign_msg */
- /*
- * Testing wc_ed25519_import_public()
- */
- static int test_wc_ed25519_import_public(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
- ed25519_key pubKey;
- WC_RNG rng;
- const byte in[] = "Ed25519PublicKeyUnitTest......\n";
- word32 inlen = sizeof(in);
- XMEMSET(&pubKey, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&pubKey), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #ifdef HAVE_ED25519_MAKE_KEY
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey), 0);
- #endif
- ExpectIntEQ(wc_ed25519_import_public_ex(in, inlen, &pubKey, 1), 0);
- ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_import_public(NULL, inlen, &pubKey), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_import_public(in, inlen, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_import_public(in, inlen - 1, &pubKey), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&pubKey);
- #endif
- return EXPECT_RESULT();
- } /* END wc_ed25519_import_public */
- /*
- * Testing wc_ed25519_import_private_key()
- */
- static int test_wc_ed25519_import_private_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
- ed25519_key key;
- WC_RNG rng;
- const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
- const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n";
- word32 privKeySz = sizeof(privKey);
- word32 pubKeySz = sizeof(pubKey);
- #ifdef HAVE_ED25519_KEY_EXPORT
- byte bothKeys[sizeof(privKey) + sizeof(pubKey)];
- word32 bothKeysSz = sizeof(bothKeys);
- #endif
- XMEMSET(&key, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #ifdef HAVE_ED25519_MAKE_KEY
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
- #endif
- ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, privKeySz, pubKey,
- pubKeySz, &key, 1), 0);
- ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
- ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
- #ifdef HAVE_ED25519_KEY_EXPORT
- ExpectIntEQ(wc_ed25519_export_private(&key, bothKeys, &bothKeysSz), 0);
- ExpectIntEQ(wc_ed25519_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
- &key, 1), 0);
- ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
- ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
- #endif
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
- &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL,
- pubKeySz, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
- pubKeySz, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz - 1, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL, 0,
- &key), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed25519_import_private_key */
- /*
- * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
- */
- static int test_wc_ed25519_export(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- ed25519_key key;
- WC_RNG rng;
- byte priv[ED25519_PRV_KEY_SIZE];
- byte pub[ED25519_PUB_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #ifndef HAVE_ED25519_MAKE_KEY
- const byte privKey[] = {
- 0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
- 0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
- 0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
- 0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
- };
- const byte pubKey[] = {
- 0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
- 0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
- 0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
- 0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
- };
- #endif
- XMEMSET(&key, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #ifdef HAVE_ED25519_MAKE_KEY
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
- #else
- ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
- pubKey, sizeof(pubKey), &key, 1), 0);
- #endif
- ExpectIntEQ(wc_ed25519_export_public(&key, pub, &pubSz), 0);
- ExpectIntEQ(pubSz, ED25519_KEY_SIZE);
- ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_export_public(NULL, pub, &pubSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_public(&key, pub, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz), 0);
- ExpectIntEQ(privSz, ED25519_KEY_SIZE);
- ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_export_private_only(NULL, priv, &privSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_private_only(&key, NULL, &privSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, NULL),
- BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed25519_export */
- /*
- * Testing wc_ed25519_size()
- */
- static int test_wc_ed25519_size(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519)
- ed25519_key key;
- WC_RNG rng;
- #ifndef HAVE_ED25519_MAKE_KEY
- const byte privKey[] = {
- 0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
- 0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
- 0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
- 0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
- };
- const byte pubKey[] = {
- 0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
- 0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
- 0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
- 0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
- };
- #endif
- XMEMSET(&key, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #ifdef HAVE_ED25519_MAKE_KEY
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
- #else
- ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
- pubKey, sizeof(pubKey), &key, 1), 0);
- #endif
- ExpectIntEQ(wc_ed25519_size(&key), ED25519_KEY_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_size(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_sig_size(&key), ED25519_SIG_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_sig_size(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_pub_size(&key), ED25519_PUB_KEY_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_pub_size(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_priv_size(&key), ED25519_PRV_KEY_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_priv_size(NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed25519_size */
- /*
- * Testing wc_ed25519_export_private() and wc_ed25519_export_key()
- */
- static int test_wc_ed25519_exportKey(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- WC_RNG rng;
- ed25519_key key;
- byte priv[ED25519_PRV_KEY_SIZE];
- byte pub[ED25519_PUB_KEY_SIZE];
- byte privOnly[ED25519_PRV_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- word32 privOnlySz = sizeof(privOnly);
- #ifndef HAVE_ED25519_MAKE_KEY
- const byte privKey[] = {
- 0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c,
- 0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a,
- 0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42,
- 0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69
- };
- const byte pubKey[] = {
- 0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf,
- 0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa,
- 0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c,
- 0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d
- };
- #endif
- XMEMSET(&key, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #ifdef HAVE_ED25519_MAKE_KEY
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
- #else
- ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey),
- pubKey, sizeof(pubKey), &key, 1), 0);
- #endif
- ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, &privOnlySz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_export_private(NULL, privOnly, &privOnlySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_private(&key, NULL, &privOnlySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, NULL),
- BAD_FUNC_ARG);
- /* Cross check output. */
- ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed25519_exportKey */
- /*
- * Testing wc_Ed25519PublicKeyToDer
- */
- static int test_wc_Ed25519PublicKeyToDer(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
- ed25519_key key;
- byte derBuf[1024];
- XMEMSET(&key, 0, sizeof(ed25519_key));
- /* Test bad args */
- ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0), BUFFER_E);
- wc_ed25519_free(&key);
- /* Test good args */
- if (EXPECT_SUCCESS()) {
- WC_RNG rng;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0);
- ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&key);
- }
- #endif
- return EXPECT_RESULT();
- } /* END testing wc_Ed25519PublicKeyToDer */
- /*
- * Testing wc_curve25519_init and wc_curve25519_free.
- */
- static int test_wc_curve25519_init(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- /* Test bad args for wc_curve25519_init */
- ExpectIntEQ(wc_curve25519_init(NULL), BAD_FUNC_ARG);
- /* Test good args for wc_curve_25519_free */
- wc_curve25519_free(&key);
- /* Test bad args for wc_curve25519 free. */
- wc_curve25519_free(NULL);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_init and wc_curve_25519_free*/
- /*
- * Testing test_wc_curve25519_size.
- */
- static int test_wc_curve25519_size(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- /* Test good args for wc_curve25519_size */
- ExpectIntEQ(wc_curve25519_size(&key), CURVE25519_KEYSIZE);
- /* Test bad args for wc_curve25519_size */
- ExpectIntEQ(wc_curve25519_size(NULL), 0);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_size*/
- /*
- * Testing test_wc_curve25519_export_key_raw().
- */
- static int test_wc_curve25519_export_key_raw(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
- curve25519_key key;
- WC_RNG rng;
- byte privateKey[CURVE25519_KEYSIZE];
- byte publicKey[CURVE25519_KEYSIZE];
- word32 prvkSz;
- word32 pubkSz;
- byte prik[CURVE25519_KEYSIZE];
- byte pubk[CURVE25519_KEYSIZE];
- word32 prksz;
- word32 pbksz;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
- /* bad-argument-test cases - target function should return BAD_FUNC_ARG */
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw(NULL, privateKey, &prvkSz,
- publicKey, &pubkSz), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw(&key, NULL, &prvkSz, publicKey,
- &pubkSz), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, NULL,
- publicKey, &pubkSz), BAD_FUNC_ARG);
- /* prvkSz = CURVE25519_KEYSIZE; */
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
- NULL, &pubkSz), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
- publicKey, NULL), BAD_FUNC_ARG);
- /* cross-testing */
- prksz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_private_raw(&key, prik, &prksz), 0);
- pbksz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_public(&key, pubk, &pbksz), 0);
- prvkSz = CURVE25519_KEYSIZE;
- /* pubkSz = CURVE25519_KEYSIZE; */
- ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
- publicKey, &pubkSz), 0);
- ExpectIntEQ(prksz, CURVE25519_KEYSIZE);
- ExpectIntEQ(pbksz, CURVE25519_KEYSIZE);
- ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
- ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
- ExpectIntEQ(XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE), 0);
- ExpectIntEQ(XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* end of test_wc_curve25519_export_key_raw */
- /*
- * Testing test_wc_curve25519_export_key_raw_ex().
- */
- static int test_wc_curve25519_export_key_raw_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
- curve25519_key key;
- WC_RNG rng;
- byte privateKey[CURVE25519_KEYSIZE];
- byte publicKey[CURVE25519_KEYSIZE];
- word32 prvkSz;
- word32 pubkSz;
- byte prik[CURVE25519_KEYSIZE];
- byte pubk[CURVE25519_KEYSIZE];
- word32 prksz;
- word32 pbksz;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
- /* bad-argument-test cases - target function should return BAD_FUNC_ARG */
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
- &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
- &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
- NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
- /* prvkSz = CURVE25519_KEYSIZE; */
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
- &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
- &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- /* pubkSz = CURVE25519_KEYSIZE; */
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey,
- &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL,
- &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
- NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
- /* prvkSz = CURVE25519_KEYSIZE; */
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
- &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey,
- &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN), BAD_FUNC_ARG);
- /* illegal value for endian */
- prvkSz = CURVE25519_KEYSIZE;
- /* pubkSz = CURVE25519_KEYSIZE; */
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
- publicKey, NULL, EC25519_BIG_ENDIAN + 10), BAD_FUNC_ARG);
- /* cross-testing */
- prksz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_private_raw( &key, prik, &prksz), 0);
- pbksz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_public( &key, pubk, &pbksz), 0);
- prvkSz = CURVE25519_KEYSIZE;
- /* pubkSz = CURVE25519_KEYSIZE; */
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
- publicKey, &pubkSz, EC25519_BIG_ENDIAN), 0);
- ExpectIntEQ(prksz, CURVE25519_KEYSIZE);
- ExpectIntEQ(pbksz, CURVE25519_KEYSIZE);
- ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
- ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
- ExpectIntEQ(XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE), 0);
- ExpectIntEQ(XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE), 0);
- ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz,
- publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), 0);
- ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
- ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
- /* try once with another endian */
- prvkSz = CURVE25519_KEYSIZE;
- pubkSz = CURVE25519_KEYSIZE;
- ExpectIntEQ(wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
- publicKey, &pubkSz, EC25519_BIG_ENDIAN), 0);
- ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE);
- ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* end of test_wc_curve25519_export_key_raw_ex */
- /*
- * Testing wc_curve25519_make_key
- */
- static int test_wc_curve25519_make_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- WC_RNG rng;
- int keysize;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
- ExpectIntEQ(keysize = wc_curve25519_size(&key), CURVE25519_KEYSIZE);
- ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, &key), 0);
- /* test bad cases*/
- ExpectIntEQ(wc_curve25519_make_key(NULL, 0, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_make_key(NULL, keysize, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_make_key(&rng, 0, &key), ECC_BAD_ARG_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_make_key*/
- /*
- * Testing wc_curve25519_shared_secret_ex
- */
- static int test_wc_curve25519_shared_secret_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519)
- curve25519_key private_key;
- curve25519_key public_key;
- WC_RNG rng;
- byte out[CURVE25519_KEYSIZE];
- word32 outLen = sizeof(out);
- int endian = EC25519_BIG_ENDIAN;
- ExpectIntEQ(wc_curve25519_init(&private_key), 0);
- ExpectIntEQ(wc_curve25519_init(&public_key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key),
- 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key),
- 0);
- ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian), 0);
- /* test bad cases*/
- ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen,
- endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen,
- endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
- &outLen, endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
- NULL, endian), BAD_FUNC_ARG);
- /* curve25519.c is checking for public_key size less than or equal to 0x7f,
- * increasing to 0x8f checks for error being returned*/
- public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
- ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian), ECC_BAD_ARG_E);
- outLen = outLen - 2;
- ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve25519_free(&private_key);
- wc_curve25519_free(&public_key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_shared_secret_ex*/
- /*
- * Testing wc_curve25519_make_pub
- */
- static int test_wc_curve25519_make_pub(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_CURVE25519
- curve25519_key key;
- WC_RNG rng;
- byte out[CURVE25519_KEYSIZE];
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
- ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(out), out,
- (int)sizeof(key.k), key.k), 0);
- /* test bad cases*/
- ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k,
- (int)sizeof out, out), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
- NULL), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out - 1, out,
- (int)sizeof(key.k), key.k), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, NULL,
- (int)sizeof(key.k), key.k), ECC_BAD_ARG_E);
- /* verify clamping test */
- key.k[0] |= ~248;
- ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
- key.k), ECC_BAD_ARG_E);
- key.k[0] &= 248;
- /* repeat the expected-to-succeed test. */
- ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k),
- key.k), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_make_pub */
- /*
- * Testing test_wc_curve25519_export_public_ex
- */
- static int test_wc_curve25519_export_public_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- WC_RNG rng;
- byte out[CURVE25519_KEYSIZE];
- word32 outLen = sizeof(out);
- int endian = EC25519_BIG_ENDIAN;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
- ExpectIntEQ(wc_curve25519_export_public(&key, out, &outLen), 0);
- ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian), 0);
- /* test bad cases*/
- ExpectIntEQ(wc_curve25519_export_public_ex(NULL, NULL, NULL, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_export_public_ex(NULL, out, &outLen, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_export_public_ex(&key, NULL, &outLen, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, NULL, endian),
- BAD_FUNC_ARG);
- outLen = outLen - 2;
- ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian),
- ECC_BAD_ARG_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_export_public_ex*/
- /*
- * Testing test_wc_curve25519_import_private_raw_ex
- */
- static int test_wc_curve25519_import_private_raw_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- WC_RNG rng;
- byte priv[CURVE25519_KEYSIZE];
- byte pub[CURVE25519_KEYSIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- int endian = EC25519_BIG_ENDIAN;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
- ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, priv, &privSz,
- endian), 0);
- ExpectIntEQ(wc_curve25519_export_public(&key, pub, &pubSz), 0);
- ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
- &key, endian), 0);
- /* test bad cases*/
- ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
- endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
- &key, endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
- &key, endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
- NULL, endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
- &key, endian), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
- &key, endian), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
- &key, EC25519_LITTLE_ENDIAN), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_import_private_raw_ex*/
- /*
- * Testing test_wc_curve25519_import_private
- */
- static int test_wc_curve25519_import_private(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- WC_RNG rng;
- byte priv[CURVE25519_KEYSIZE];
- word32 privSz = sizeof(priv);
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0);
- ExpectIntEQ(wc_curve25519_export_private_raw(&key, priv, &privSz), 0);
- ExpectIntEQ(wc_curve25519_import_private(priv, privSz, &key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_import*/
- /*
- * Testing test_wc_curve25519_export_private_raw_ex
- */
- static int test_wc_curve25519_export_private_raw_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE25519)
- curve25519_key key;
- byte out[CURVE25519_KEYSIZE];
- word32 outLen = sizeof(out);
- int endian = EC25519_BIG_ENDIAN;
- ExpectIntEQ(wc_curve25519_init(&key), 0);
- ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian),
- 0);
- /* test bad cases*/
- ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, NULL, &outLen,
- endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, NULL, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen,
- EC25519_LITTLE_ENDIAN), 0);
- outLen = outLen - 2;
- ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian),
- ECC_BAD_ARG_E);
- wc_curve25519_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve25519_export_private_raw_ex*/
- /*
- * Testing wc_ed448_make_key().
- */
- static int test_wc_ed448_make_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448)
- ed448_key key;
- WC_RNG rng;
- unsigned char pubkey[ED448_PUB_KEY_SIZE];
- XMEMSET(&key, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_public(&key, pubkey, sizeof(pubkey)),
- ECC_PRIV_KEY_E);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key),
- BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed448_make_key */
- /*
- * Testing wc_ed448_init()
- */
- static int test_wc_ed448_init(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448)
- ed448_key key;
- XMEMSET(&key, 0, sizeof(ed448_key));
- ExpectIntEQ(wc_ed448_init(&key), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_init(NULL), BAD_FUNC_ARG);
- wc_ed448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed448_init */
- /*
- * Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
- */
- static int test_wc_ed448_sign_msg(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
- ed448_key key;
- WC_RNG rng;
- byte msg[] = "Everybody gets Friday off.\n";
- byte sig[ED448_SIG_SIZE];
- word32 msglen = sizeof(msg);
- word32 siglen = sizeof(sig);
- word32 badSigLen = sizeof(sig) - 1;
- #ifdef HAVE_ED448_VERIFY
- int verify_ok = 0; /*1 = Verify success.*/
- #endif
- /* Initialize stack variables. */
- XMEMSET(&key, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(sig, 0, siglen);
- /* Initialize key. */
- ExpectIntEQ(wc_ed448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0), 0);
- ExpectIntEQ(siglen, ED448_SIG_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0),
- BUFFER_E);
- ExpectIntEQ(badSigLen, ED448_SIG_SIZE);
- badSigLen -= 1;
- #ifdef HAVE_ED448_VERIFY
- ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key,
- NULL, 0), 0);
- ExpectIntEQ(verify_ok, 1);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok,
- &key, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok,
- &key, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
- &key, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, NULL, msglen, &verify_ok,
- &key, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, NULL,
- &key, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
- NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_verify_msg(sig, badSigLen, msg, msglen, &verify_ok,
- &key, NULL, 0), BAD_FUNC_ARG);
- #endif /* Verify. */
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed448_sign_msg */
- /*
- * Testing wc_ed448_import_public()
- */
- static int test_wc_ed448_import_public(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
- ed448_key pubKey;
- WC_RNG rng;
- const byte in[] =
- "Ed448PublicKeyUnitTest.................................\n";
- word32 inlen = sizeof(in);
- XMEMSET(&pubKey, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&pubKey), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey), 0);
- ExpectIntEQ(wc_ed448_import_public_ex(in, inlen, &pubKey, 1), 0);
- ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_import_public(NULL, inlen, &pubKey), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_import_public(in, inlen, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_import_public(in, inlen - 1, &pubKey), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&pubKey);
- #endif
- return EXPECT_RESULT();
- } /* END wc_ed448_import_public */
- /*
- * Testing wc_ed448_import_private_key()
- */
- static int test_wc_ed448_import_private_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
- ed448_key key;
- WC_RNG rng;
- const byte privKey[] =
- "Ed448PrivateKeyUnitTest................................\n";
- const byte pubKey[] =
- "Ed448PublicKeyUnitTest.................................\n";
- word32 privKeySz = sizeof(privKey);
- word32 pubKeySz = sizeof(pubKey);
- #ifdef HAVE_ED448_KEY_EXPORT
- byte bothKeys[sizeof(privKey) + sizeof(pubKey)];
- word32 bothKeysSz = sizeof(bothKeys);
- #endif
- XMEMSET(&key, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_ed448_import_private_key_ex(privKey, privKeySz, pubKey,
- pubKeySz, &key, 1), 0);
- ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
- ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
- #ifdef HAVE_ED448_KEY_EXPORT
- ExpectIntEQ(wc_ed448_export_private(&key, bothKeys, &bothKeysSz), 0);
- ExpectIntEQ(wc_ed448_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0,
- &key, 1), 0);
- ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0);
- ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0);
- #endif
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
- &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, pubKeySz,
- &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
- pubKeySz, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey,
- pubKeySz - 1, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, 0, &key),
- BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed448_import_private_key */
- /*
- * Testing wc_ed448_export_public() and wc_ed448_export_private_only()
- */
- static int test_wc_ed448_export(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- ed448_key key;
- WC_RNG rng;
- byte priv[ED448_PRV_KEY_SIZE];
- byte pub[ED448_PUB_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- XMEMSET(&key, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_ed448_export_public(&key, pub, &pubSz), 0);
- ExpectIntEQ(pubSz, ED448_KEY_SIZE);
- ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_export_public(NULL, pub, &pubSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), 0);
- ExpectIntEQ(privSz, ED448_KEY_SIZE);
- ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_export_private_only(NULL, priv, &privSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_private_only(&key, NULL, &privSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed448_export */
- /*
- * Testing wc_ed448_size()
- */
- static int test_wc_ed448_size(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448)
- ed448_key key;
- WC_RNG rng;
- XMEMSET(&key, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_ed448_size(&key), ED448_KEY_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_size(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_sig_size(&key), ED448_SIG_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_sig_size(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_pub_size(&key), ED448_PUB_KEY_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_pub_size(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_priv_size(&key), ED448_PRV_KEY_SIZE);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_priv_size(NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed448_size */
- /*
- * Testing wc_ed448_export_private() and wc_ed448_export_key()
- */
- static int test_wc_ed448_exportKey(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- ed448_key key;
- WC_RNG rng;
- byte priv[ED448_PRV_KEY_SIZE];
- byte pub[ED448_PUB_KEY_SIZE];
- byte privOnly[ED448_PRV_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- word32 privOnlySz = sizeof(privOnly);
- XMEMSET(&key, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_ed448_export_private(&key, privOnly, &privOnlySz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_export_private(NULL, privOnly, &privOnlySz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_private(&key, NULL, &privOnlySz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_private(&key, privOnly, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_key(&key, priv, NULL, pub, &pubSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, NULL),
- BAD_FUNC_ARG);
- /* Cross check output. */
- ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ed448_exportKey */
- /*
- * Testing wc_Ed448PublicKeyToDer
- */
- static int test_wc_Ed448PublicKeyToDer(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
- ed448_key key;
- byte derBuf[1024];
- XMEMSET(&key, 0, sizeof(ed448_key));
- /* Test bad args */
- ExpectIntEQ(wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ed448_init(&key), 0);
- ExpectIntEQ(wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0), BUFFER_E);
- wc_ed448_free(&key);
- /* Test good args */
- if (EXPECT_SUCCESS()) {
- WC_RNG rng;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0);
- ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&key);
- }
- #endif
- return EXPECT_RESULT();
- } /* END testing wc_Ed448PublicKeyToDer */
- /*
- * Testing wc_curve448_init and wc_curve448_free.
- */
- static int test_wc_curve448_init(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- /* Test bad args for wc_curve448_init */
- ExpectIntEQ(wc_curve448_init(&key), 0);
- /* Test bad args for wc_curve448_init */
- ExpectIntEQ(wc_curve448_init(NULL), BAD_FUNC_ARG);
- /* Test good args for wc_curve_448_free */
- wc_curve448_free(&key);
- /* Test bad args for wc_curve448_free */
- wc_curve448_free(NULL);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_init and wc_curve_448_free*/
- /*
- * Testing wc_curve448_make_key
- */
- static int test_wc_curve448_make_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- WC_RNG rng;
- int keysize;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
- ExpectIntEQ(keysize = wc_curve448_size(&key), CURVE448_KEY_SIZE);
- ExpectIntEQ(wc_curve448_make_key(&rng, keysize, &key), 0);
- /* test bad cases */
- ExpectIntEQ(wc_curve448_make_key(NULL, 0, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_make_key(&rng, keysize, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_make_key(NULL, keysize, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_make_key(&rng, 0, &key), ECC_BAD_ARG_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_make_key*/
- /*
- * Testing test_wc_curve448_shared_secret_ex
- */
- static int test_wc_curve448_shared_secret_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- curve448_key private_key;
- curve448_key public_key;
- WC_RNG rng;
- byte out[CURVE448_KEY_SIZE];
- word32 outLen = sizeof(out);
- int endian = EC448_BIG_ENDIAN;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve448_init(&private_key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key), 0);
- ExpectIntEQ(wc_curve448_init(&public_key), 0);
- ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key), 0);
- ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian), 0);
- /* test bad cases */
- ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, &public_key, out, &outLen,
- endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, NULL, out, &outLen,
- endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
- &outLen, endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
- NULL, endian), BAD_FUNC_ARG);
- outLen = outLen - 2;
- ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out,
- &outLen, endian), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve448_free(&private_key);
- wc_curve448_free(&public_key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_shared_secret_ex*/
- /*
- * Testing test_wc_curve448_export_public_ex
- */
- static int test_wc_curve448_export_public_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- WC_RNG rng;
- curve448_key key;
- byte out[CURVE448_KEY_SIZE];
- word32 outLen = sizeof(out);
- int endian = EC448_BIG_ENDIAN;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_curve448_export_public(&key, out, &outLen), 0);
- ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian), 0);
- /* test bad cases*/
- ExpectIntEQ(wc_curve448_export_public_ex(NULL, NULL, NULL, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_export_public_ex(NULL, out, &outLen, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_export_public_ex(&key, NULL, &outLen, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_export_public_ex(&key, out, NULL, endian),
- BAD_FUNC_ARG);
- outLen = outLen - 2;
- ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian),
- ECC_BAD_ARG_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_export_public_ex*/
- /*
- * Testing test_wc_curve448_export_private_raw_ex
- */
- static int test_wc_curve448_export_private_raw_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- byte out[CURVE448_KEY_SIZE];
- word32 outLen = sizeof(out);
- int endian = EC448_BIG_ENDIAN;
- ExpectIntEQ(wc_curve448_init(&key), 0);
- ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian),
- 0);
- /* test bad cases*/
- ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, NULL, endian),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen,
- EC448_LITTLE_ENDIAN), 0);
- outLen = outLen - 2;
- ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian),
- ECC_BAD_ARG_E);
- wc_curve448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_export_private_raw_ex*/
- /*
- * Testing test_wc_curve448_import_private_raw_ex
- */
- static int test_wc_curve448_import_private_raw_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- WC_RNG rng;
- byte priv[CURVE448_KEY_SIZE];
- byte pub[CURVE448_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- int endian = EC448_BIG_ENDIAN;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
- ExpectIntEQ(wc_curve448_export_public(&key, pub, &pubSz), 0);
- ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
- &key, endian), 0);
- /* test bad cases */
- ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
- &key, endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
- &key, endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
- NULL, endian), BAD_FUNC_ARG);
- ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
- &key, endian), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
- &key, endian), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
- &key, EC448_LITTLE_ENDIAN), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_import_private_raw_ex*/
- /*
- * Testing test_curve448_export_key_raw
- */
- static int test_wc_curve448_export_key_raw(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- WC_RNG rng;
- byte priv[CURVE448_KEY_SIZE];
- byte pub[CURVE448_KEY_SIZE];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
- ExpectIntEQ(wc_curve448_export_public(&key, pub, &pubSz), 0);
- ExpectIntEQ(wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz),
- 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_import_private_raw_ex*/
- /*
- * Testing test_wc_curve448_import_private
- */
- static int test_wc_curve448_import_private(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- WC_RNG rng;
- byte priv[CURVE448_KEY_SIZE];
- word32 privSz = sizeof(priv);
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_curve448_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0);
- ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0);
- ExpectIntEQ(wc_curve448_import_private(priv, privSz, &key), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_curve448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_import*/
- /*
- * Testing test_wc_curve448_size.
- */
- static int test_wc_curve448_size(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CURVE448)
- curve448_key key;
- ExpectIntEQ(wc_curve448_init(&key), 0);
- /* Test good args for wc_curve448_size */
- ExpectIntEQ(wc_curve448_size(&key), CURVE448_KEY_SIZE);
- /* Test bad args for wc_curve448_size */
- ExpectIntEQ(wc_curve448_size(NULL), 0);
- wc_curve448_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_curve448_size*/
- /*
- * Testing wc_ecc_make_key.
- */
- static int test_wc_ecc_make_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- int ret;
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY14, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_ecc_make_key(NULL, KEY14, &key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_make_key(&rng, KEY14, NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_make_key */
- /*
- * Testing wc_ecc_init()
- */
- static int test_wc_ecc_init(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_ECC
- ecc_key key;
- XMEMSET(&key, 0, sizeof(ecc_key));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_ecc_init(NULL), BAD_FUNC_ARG);
- wc_ecc_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_init */
- /*
- * Testing wc_ecc_check_key()
- */
- static int test_wc_ecc_check_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- int ret;
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY14, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_check_key(&key), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_ecc_check_key(NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_check_key */
- /*
- * Testing wc_ecc_get_generator()
- */
- static int test_wc_ecc_get_generator(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
- ecc_point* pt = NULL;
- ExpectNotNull(pt = wc_ecc_new_point());
- ExpectIntEQ(wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1)),
- MP_OKAY);
- /* Test bad args. */
- /* Returns Zero for bad arg. */
- ExpectIntNE(wc_ecc_get_generator(pt, -1), MP_OKAY);
- ExpectIntNE(wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1)),
- MP_OKAY);
- /* If we ever get to 1000 curves increase this number */
- ExpectIntNE(wc_ecc_get_generator(pt, 1000), MP_OKAY);
- ExpectIntNE(wc_ecc_get_generator(NULL, -1), MP_OKAY);
- wc_ecc_del_point(pt);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_get_generator */
- /*
- * Testing wc_ecc_size()
- */
- static int test_wc_ecc_size(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecc_key key;
- int ret;
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY14, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_size(&key), KEY14);
- /* Test bad args. */
- /* Returns Zero for bad arg. */
- ExpectIntEQ(wc_ecc_size(NULL), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_size */
- static int test_wc_ecc_params(void)
- {
- EXPECT_DECLS;
- /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
- It was added after certifications */
- #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- const ecc_set_type* ecc_set;
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- /* Test for SECP256R1 curve */
- int curve_id = ECC_SECP256R1;
- int curve_idx;
- ExpectIntNE(curve_idx = wc_ecc_get_curve_idx(curve_id), ECC_CURVE_INVALID);
- ExpectNotNull(ecc_set = wc_ecc_get_curve_params(curve_idx));
- ExpectIntEQ(ecc_set->id, curve_id);
- #endif
- /* Test case when SECP256R1 is not enabled */
- /* Test that we get curve params for index 0 */
- ExpectNotNull(ecc_set = wc_ecc_get_curve_params(0));
- #endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- /*
- * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
- */
- static int test_wc_ecc_signVerify_hash(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- int ret;
- #ifdef HAVE_ECC_VERIFY
- int verify = 0;
- #endif
- word32 siglen = ECC_BUFSIZE;
- byte sig[ECC_BUFSIZE];
- byte adjustedSig[ECC_BUFSIZE+1];
- byte digest[] = TEST_STRING;
- word32 digestlen = (word32)TEST_STRING_SZ;
- /* Init stack var */
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(sig, 0, siglen);
- XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);
- /* Init structs. */
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY14, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key),
- 0);
- /* Check bad args. */
- ExpectIntEQ(wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, NULL, &siglen, &rng, &key),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, NULL, &rng, &key),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, NULL, &key),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL),
- ECC_BAD_ARG_E);
- #ifdef HAVE_ECC_VERIFY
- ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
- &key), 0);
- ExpectIntEQ(verify, 1);
- /* test check on length of signature passed in */
- XMEMCPY(adjustedSig, sig, siglen);
- adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/
- #ifndef NO_STRICT_ECDSA_LEN
- ExpectIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
- &verify, &key), 0);
- #else
- /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
- * is allowed */
- ExpectIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
- &verify, &key), 0);
- #endif
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_verify_hash(NULL, siglen, digest, digestlen, &verify,
- &key), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, NULL, digestlen, &verify, &key),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, NULL, &key),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify,
- NULL), ECC_BAD_ARG_E);
- #endif /* HAVE_ECC_VERIFY */
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_sign_hash */
- /*
- * Testing wc_ecc_shared_secret()
- */
- static int test_wc_ecc_shared_secret(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
- ecc_key key;
- ecc_key pubKey;
- WC_RNG rng;
- #if defined(NO_ECC256)
- int ret;
- #endif
- byte out[KEY32];
- int keySz = sizeof(out);
- word32 outlen = (word32)sizeof(out);
- #if defined(HAVE_ECC) && !defined(NO_ECC256)
- const char* qx =
- "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
- const char* qy =
- "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
- const char* d =
- "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
- const char* curveName = "SECP256R1";
- const byte expected_shared_secret[] =
- {
- 0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75,
- 0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a,
- 0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf,
- 0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06
- };
- #endif
- PRIVATE_KEY_UNLOCK();
- /* Initialize variables. */
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&pubKey, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(out, 0, keySz);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_ecc_init(&pubKey), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #if !defined(NO_ECC256)
- ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0);
- ExpectIntEQ(wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName), 0);
- #else
- ret = wc_ecc_make_key(&rng, keySz, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ret = wc_ecc_make_key(&rng, keySz, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- #endif
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0);
- #endif
- ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen), 0);
- #if !defined(NO_ECC256)
- ExpectIntEQ(XMEMCMP(out, expected_shared_secret, outlen), 0);
- #endif
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_shared_secret(NULL, &pubKey, out, &outlen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_shared_secret(&key, NULL, out, &outlen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, NULL),
- BAD_FUNC_ARG);
- /* Invalid length */
- outlen = 1;
- ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen),
- BUFFER_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&pubKey);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- PRIVATE_KEY_LOCK();
- #endif
- return EXPECT_RESULT();
- } /* END tests_wc_ecc_shared_secret */
- /*
- * testint wc_ecc_export_x963()
- */
- static int test_wc_ecc_export_x963(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- byte out[ECC_ASN963_MAX_BUF_SZ];
- word32 outlen = sizeof(out);
- int ret;
- PRIVATE_KEY_UNLOCK();
- /* Initialize variables. */
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(out, 0, outlen);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY20, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_export_x963(NULL, out, &outlen), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_export_x963(&key, NULL, &outlen), LENGTH_ONLY_E);
- ExpectIntEQ(wc_ecc_export_x963(&key, out, NULL), ECC_BAD_ARG_E);
- key.idx = -4;
- ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), ECC_BAD_ARG_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- PRIVATE_KEY_LOCK();
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_export_x963 */
- /*
- * Testing wc_ecc_export_x963_ex()
- * compile with --enable-compkey will use compression.
- */
- static int test_wc_ecc_export_x963_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- int ret;
- byte out[ECC_ASN963_MAX_BUF_SZ];
- word32 outlen = sizeof(out);
- #ifdef HAVE_COMP_KEY
- word32 badOutLen = 5;
- #endif
- /* Init stack variables. */
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(out, 0, outlen);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY64, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- #ifdef HAVE_COMP_KEY
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), 0);
- #else
- ExpectIntEQ(ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP), 0);
- #endif
- /* Test bad args. */
- #ifdef HAVE_COMP_KEY
- ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, COMP), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP), BAD_FUNC_ARG);
- #if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3))
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), BUFFER_E);
- #else
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP),
- LENGTH_ONLY_E);
- #endif
- key.idx = -4;
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), ECC_BAD_ARG_E);
- #else
- ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP),
- LENGTH_ONLY_E);
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, 1), NOT_COMPILED_IN);
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP),
- ECC_BAD_ARG_E);
- key.idx = -4;
- ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP),
- ECC_BAD_ARG_E);
- #endif
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_export_x963_ex */
- /*
- * testing wc_ecc_import_x963()
- */
- static int test_wc_ecc_import_x963(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
- defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key pubKey;
- ecc_key key;
- WC_RNG rng;
- byte x963[ECC_ASN963_MAX_BUF_SZ];
- word32 x963Len = (word32)sizeof(x963);
- int ret;
- /* Init stack variables. */
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&pubKey, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(x963, 0, x963Len);
- ExpectIntEQ(wc_ecc_init(&pubKey), 0);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY24, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- PRIVATE_KEY_UNLOCK();
- ExpectIntEQ(wc_ecc_export_x963(&key, x963, &x963Len), 0);
- PRIVATE_KEY_LOCK();
- ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, &pubKey), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_import_x963(NULL, x963Len, &pubKey), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_x963(x963, x963Len + 1, &pubKey), ECC_BAD_ARG_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- wc_ecc_free(&pubKey);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END wc_ecc_import_x963 */
- /*
- * testing wc_ecc_import_private_key()
- */
- static int test_wc_ecc_import_private_key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
- defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key key;
- ecc_key keyImp;
- WC_RNG rng;
- byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
- byte x963Key[ECC_ASN963_MAX_BUF_SZ];
- word32 privKeySz = (word32)sizeof(privKey);
- word32 x963KeySz = (word32)sizeof(x963Key);
- int ret;
- /* Init stack variables. */
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&keyImp, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(privKey, 0, privKeySz);
- XMEMSET(x963Key, 0, x963KeySz);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_ecc_init(&keyImp), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY48, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- PRIVATE_KEY_UNLOCK();
- ExpectIntEQ(wc_ecc_export_x963(&key, x963Key, &x963KeySz), 0);
- PRIVATE_KEY_LOCK();
- ExpectIntEQ(wc_ecc_export_private_only(&key, privKey, &privKeySz), 0);
- ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key,
- x963KeySz, &keyImp), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key,
- x963KeySz, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz,
- &keyImp), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&keyImp);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_import_private_key */
- /*
- * Testing wc_ecc_export_private_only()
- */
- static int test_wc_ecc_export_private_only(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- byte out[ECC_PRIV_KEY_BUF];
- word32 outlen = sizeof(out);
- int ret;
- /* Init stack variables. */
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(out, 0, outlen);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY32, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_export_private_only(&key, out, &outlen), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_export_private_only */
- /*
- * Testing wc_ecc_rs_to_sig()
- */
- static int test_wc_ecc_rs_to_sig(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(NO_ASN)
- /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
- const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
- const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
- const char* zeroStr = "0";
- byte sig[ECC_MAX_SIG_SIZE];
- word32 siglen = (word32)sizeof(sig);
- /* R and S max size is the order of curve. 2^192.*/
- int keySz = KEY24;
- byte r[KEY24];
- byte s[KEY24];
- word32 rlen = (word32)sizeof(r);
- word32 slen = (word32)sizeof(s);
- /* Init stack variables. */
- XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
- XMEMSET(r, 0, keySz);
- XMEMSET(s, 0, keySz);
- ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, &siglen), 0);
- ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_rs_to_sig(NULL, S, sig, &siglen), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_rs_to_sig(R, NULL, sig, &siglen), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, NULL), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_rs_to_sig(R, S, NULL, &siglen), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen), MP_ZERO_E);
- ExpectIntEQ(wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen), MP_ZERO_E);
- ExpectIntEQ(wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL),
- ECC_BAD_ARG_E);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_rs_to_sig */
- static int test_wc_ecc_import_raw(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(NO_ECC256)
- ecc_key key;
- const char* qx =
- "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
- const char* qy =
- "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
- const char* d =
- "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
- const char* curveName = "SECP256R1";
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- const char* kNullStr = "";
- int ret;
- #endif
- XMEMSET(&key, 0, sizeof(ecc_key));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- /* Test good import */
- ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_import_raw(NULL, qx, qy, d, curveName), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_raw(&key, NULL, qy, d, curveName), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_raw(&key, qx, NULL, d, curveName), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, NULL), BAD_FUNC_ARG);
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
- wc_ecc_free(&key);
- #endif
- ExpectIntLT(ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr,
- curveName), 0);
- ExpectTrue((ret == ECC_INF_E) || (ret == BAD_FUNC_ARG));
- #endif
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
- wc_ecc_free(&key);
- #endif
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- ExpectIntLT(ret = wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
- ExpectTrue((ret == BAD_FUNC_ARG) || (ret == MP_VAL));
- #else
- ExpectIntEQ(wc_ecc_import_raw(&key, "0", qy, d, curveName), 0);
- #endif
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
- wc_ecc_free(&key);
- #endif
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- ExpectIntLT(ret = wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
- ExpectTrue((ret == BAD_FUNC_ARG) || (ret == MP_VAL));
- #else
- ExpectIntEQ(wc_ecc_import_raw(&key, qx, "0", d, curveName), 0);
- #endif
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
- wc_ecc_free(&key);
- #endif
- ExpectIntEQ(wc_ecc_import_raw(&key, "0", "0", d, curveName), ECC_INF_E);
- #endif
- wc_ecc_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_import_raw */
- static int test_wc_ecc_import_unsigned(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- HAVE_FIPS_VERSION >= 2))
- ecc_key key;
- const byte qx[] = {
- 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
- 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
- 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
- 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
- };
- const byte qy[] = {
- 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
- 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
- 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
- 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
- };
- const byte d[] = {
- 0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
- 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
- 0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
- 0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
- };
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- const byte nullBytes[32] = {0};
- int ret;
- #endif
- int curveId = ECC_SECP256R1;
- XMEMSET(&key, 0, sizeof(ecc_key));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
- curveId), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
- curveId), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
- curveId), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
- curveId), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
- ECC_CURVE_INVALID), BAD_FUNC_ARG);
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- ExpectIntLT(ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
- (byte*)nullBytes, (byte*)nullBytes, curveId), 0);
- ExpectTrue((ret == ECC_INF_E) || (ret == BAD_FUNC_ARG));
- #endif
- wc_ecc_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_import_unsigned */
- /*
- * Testing wc_ecc_sig_size()
- */
- static int test_wc_ecc_sig_size(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- int keySz = KEY16;
- int ret;
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&key, 0, sizeof(key));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, keySz, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntLE(wc_ecc_sig_size(&key),
- (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ));
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_sig_size */
- /*
- * Testing wc_ecc_ctx_new()
- */
- static int test_wc_ecc_ctx_new(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecEncCtx* cli = NULL;
- ecEncCtx* srv = NULL;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectNotNull(cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
- ExpectNotNull(srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng));
- wc_ecc_ctx_free(cli);
- cli = NULL;
- wc_ecc_ctx_free(srv);
- /* Test bad args. */
- /* wc_ecc_ctx_new_ex() will free if returned NULL. */
- ExpectNull(cli = wc_ecc_ctx_new(0, &rng));
- ExpectNull(cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL));
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_ctx_free(cli);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_ctx_new */
- /*
- * Tesing wc_ecc_reset()
- */
- static int test_wc_ecc_ctx_reset(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
- ecEncCtx* ctx = NULL;
- WC_RNG rng;
- XMEMSET(&rng, 0, sizeof(rng));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectNotNull(ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
- ExpectIntEQ(wc_ecc_ctx_reset(ctx, &rng), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_ecc_ctx_reset(NULL, &rng), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_ctx_reset(ctx, NULL), BAD_FUNC_ARG);
- wc_ecc_ctx_free(ctx);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_ctx_reset */
- /*
- * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
- */
- static int test_wc_ecc_ctx_set_peer_salt(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
- WC_RNG rng;
- ecEncCtx* cliCtx = NULL;
- ecEncCtx* servCtx = NULL;
- const byte* cliSalt = NULL;
- const byte* servSalt = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectNotNull(cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
- ExpectNotNull(servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng));
- /* Test bad args. */
- ExpectNull(cliSalt = wc_ecc_ctx_get_own_salt(NULL));
- ExpectNotNull(cliSalt = wc_ecc_ctx_get_own_salt(cliCtx));
- ExpectNotNull(servSalt = wc_ecc_ctx_get_own_salt(servCtx));
- ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, servSalt), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_ctx_set_peer_salt(NULL, servSalt), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, NULL), BAD_FUNC_ARG);
- wc_ecc_ctx_free(cliCtx);
- wc_ecc_ctx_free(servCtx);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_ctx_set_peer_salt */
- /*
- * Testing wc_ecc_ctx_set_info()
- */
- static int test_wc_ecc_ctx_set_info(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
- ecEncCtx* ctx = NULL;
- WC_RNG rng;
- const char* optInfo = "Optional Test Info.";
- int optInfoSz = (int)XSTRLEN(optInfo);
- const char* badOptInfo = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectNotNull(ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng));
- ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1), BAD_FUNC_ARG);
- wc_ecc_ctx_free(ctx);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_ctx_set_info */
- /*
- * Testing wc_ecc_encrypt() and wc_ecc_decrypt()
- */
- static int test_wc_ecc_encryptDecrypt(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- ecc_key srvKey;
- ecc_key cliKey;
- ecc_key tmpKey;
- WC_RNG rng;
- int ret;
- const char* msg = "EccBlock Size 16";
- word32 msgSz = (word32)XSTRLEN("EccBlock Size 16");
- #ifdef WOLFSSL_ECIES_OLD
- byte out[(sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- byte out[KEY20 * 2 + 1 + AES_BLOCK_SIZE +
- (sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE];
- #else
- byte out[KEY20 * 2 + 1 + (sizeof("EccBlock Size 16") - 1) +
- WC_SHA256_DIGEST_SIZE];
- #endif
- word32 outSz = (word32)sizeof(out);
- byte plain[sizeof("EccBlock Size 16")];
- word32 plainSz = (word32)sizeof(plain);
- int keySz = KEY20;
- /* Init stack variables. */
- XMEMSET(out, 0, outSz);
- XMEMSET(plain, 0, plainSz);
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(&srvKey, 0, sizeof(ecc_key));
- XMEMSET(&cliKey, 0, sizeof(ecc_key));
- XMEMSET(&tmpKey, 0, sizeof(ecc_key));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ecc_init(&cliKey), 0);
- ret = wc_ecc_make_key(&rng, keySz, &cliKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_init(&srvKey), 0);
- ret = wc_ecc_make_key(&rng, keySz, &srvKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &srvKey.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_init(&tmpKey), 0);
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ExpectIntEQ(wc_ecc_set_rng(&srvKey, &rng), 0);
- ExpectIntEQ(wc_ecc_set_rng(&cliKey, &rng), 0);
- #endif
- ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
- &outSz, NULL), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out, &outSz,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out, &outSz,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out, &outSz,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
- &outSz, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, NULL,
- NULL), BAD_FUNC_ARG);
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey.dp = cliKey.dp;
- ExpectIntEQ(wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey), 0);
- #endif
- ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, &plainSz,
- NULL), 0);
- ExpectIntEQ(wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain, &plainSz,
- NULL), BAD_FUNC_ARG);
- #ifdef WOLFSSL_ECIES_OLD
- /* NULL parameter allowed in new implementations - public key comes from
- * the message. */
- ExpectIntEQ(wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain, &plainSz,
- NULL), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain, &plainSz,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL, &plainSz,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, NULL, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(XMEMCMP(msg, plain, msgSz), 0);
- wc_ecc_free(&tmpKey);
- wc_ecc_free(&srvKey);
- wc_ecc_free(&cliKey);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_encryptDecrypt */
- /*
- * Testing wc_ecc_del_point() and wc_ecc_new_point()
- */
- static int test_wc_ecc_del_point(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC)
- ecc_point* pt = NULL;
- ExpectNotNull(pt = wc_ecc_new_point());
- wc_ecc_del_point(pt);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_del_point */
- /*
- * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
- * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
- * and wc_ecc_cmp_point()
- */
- static int test_wc_ecc_pointFns(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A)
- ecc_key key;
- WC_RNG rng;
- int ret;
- ecc_point* point = NULL;
- ecc_point* cpypt = NULL;
- int idx = 0;
- int keySz = KEY32;
- byte der[DER_SZ(KEY32)];
- word32 derlenChk = 0;
- word32 derSz = DER_SZ(KEY32);
- /* Init stack variables. */
- XMEMSET(der, 0, derSz);
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ret = wc_ecc_make_key(&rng, keySz, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectNotNull(point = wc_ecc_new_point());
- ExpectNotNull(cpypt = wc_ecc_new_point());
- /* Export */
- ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, NULL,
- &derlenChk), LENGTH_ONLY_E);
- /* Check length value. */
- ExpectIntEQ(derSz, derlenChk);
- ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
- &derSz), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der,
- NULL), ECC_BAD_ARG_E);
- /* Import */
- ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, point), 0);
- ExpectIntEQ(wc_ecc_cmp_point(&key.pubkey, point), 0);
- /* Test bad args. */
- ExpectIntEQ( wc_ecc_import_point_der(NULL, derSz, idx, point),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, NULL), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_import_point_der(der, derSz, -1, point), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_import_point_der(der, derSz + 1, idx, point),
- ECC_BAD_ARG_E);
- /* Copy */
- ExpectIntEQ(wc_ecc_copy_point(point, cpypt), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_copy_point(NULL, cpypt), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_copy_point(point, NULL), ECC_BAD_ARG_E);
- /* Compare point */
- ExpectIntEQ(wc_ecc_cmp_point(point, cpypt), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_cmp_point(NULL, cpypt), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_cmp_point(point, NULL), BAD_FUNC_ARG);
- /* At infinity if return == 1, otherwise return == 0. */
- ExpectIntEQ(wc_ecc_point_is_at_infinity(point), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_point_is_at_infinity(NULL), BAD_FUNC_ARG);
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
- #ifdef USE_ECC_B_PARAM
- /* On curve if ret == 0 */
- ExpectIntEQ(wc_ecc_point_is_on_curve(point, idx), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_point_is_on_curve(NULL, idx), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000), ECC_BAD_ARG_E);
- #endif /* USE_ECC_B_PARAM */
- #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
- /* Free */
- wc_ecc_del_point(point);
- wc_ecc_del_point(cpypt);
- wc_ecc_free(&key);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_pointFns */
- /*
- * Testing wc_ecc_shared_secret_ssh()
- */
- static int test_wc_ecc_shared_secret_ssh(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
- !defined(WOLFSSL_CRYPTOCELL)
- ecc_key key;
- ecc_key key2;
- WC_RNG rng;
- int ret;
- int keySz = KEY32;
- int key2Sz = KEY24;
- byte secret[KEY32];
- word32 secretLen = keySz;
- /* Init stack variables. */
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&key2, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(secret, 0, secretLen);
- /* Make keys */
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, keySz, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- ExpectIntEQ(wc_ecc_init(&key2), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, key2Sz, &key2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0);
- #endif
- ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
- &secretLen), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret,
- &secretLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL),
- BAD_FUNC_ARG);
- key.type = ECC_PUBLICKEY;
- ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret,
- &secretLen), ECC_BAD_ARG_E);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- wc_ecc_free(&key2);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_shared_secret_ssh */
- /*
- * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
- */
- static int test_wc_ecc_verify_hash_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
- && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC)
- ecc_key key;
- WC_RNG rng;
- int ret;
- mp_int r;
- mp_int s;
- mp_int z;
- unsigned char hash[] = "Everyone gets Friday off.EccSig";
- unsigned char iHash[] = "Everyone gets Friday off.......";
- unsigned char shortHash[] = TEST_STRING;
- word32 hashlen = sizeof(hash);
- word32 iHashLen = sizeof(iHash);
- word32 shortHashLen = sizeof(shortHash);
- int keySz = KEY32;
- int verify_ok = 0;
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(&r, 0, sizeof(mp_int));
- XMEMSET(&s, 0, sizeof(mp_int));
- XMEMSET(&z, 0, sizeof(mp_int));
- /* Initialize r, s and z. */
- ExpectIntEQ(mp_init_multi(&r, &s, &z, NULL, NULL, NULL), MP_OKAY);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, keySz, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s), 0);
- /* verify_ok should be 1. */
- ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key),
- 0);
- ExpectIntEQ(verify_ok, 1);
- /* verify_ok should be 0 */
- ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen, &verify_ok,
- &key), 0);
- ExpectIntEQ(verify_ok, 0);
- /* verify_ok should be 0. */
- ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
- &verify_ok, &key), 0);
- ExpectIntEQ(verify_ok, 0);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL),
- ECC_BAD_ARG_E);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen,
- &verify_ok, &key), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
- &verify_ok, &key), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &s, shortHash, shortHashLen,
- &verify_ok, &key), MP_ZERO_E);
- ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &z, shortHash, shortHashLen,
- &verify_ok, &key), MP_ZERO_E);
- ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &z, shortHash, shortHashLen,
- &verify_ok, &key), MP_ZERO_E);
- ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
- &key), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, NULL,
- &key), ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
- &verify_ok, NULL), ECC_BAD_ARG_E);
- wc_ecc_free(&key);
- mp_free(&r);
- mp_free(&s);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_verify_hash_ex */
- /*
- * Testing wc_ecc_mulmod()
- */
- static int test_wc_ecc_mulmod(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
- !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
- defined(WOLFSSL_VALIDATE_ECC_IMPORT))
- ecc_key key1;
- ecc_key key2;
- ecc_key key3;
- WC_RNG rng;
- int ret;
- XMEMSET(&key1, 0, sizeof(ecc_key));
- XMEMSET(&key2, 0, sizeof(ecc_key));
- XMEMSET(&key3, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ecc_init(&key1), 0);
- ExpectIntEQ(wc_ecc_init(&key2), 0);
- ExpectIntEQ(wc_ecc_init(&key3), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, KEY32, &key1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key1.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- ExpectIntEQ(wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy,
- key1.dp->Af, ECC_SECP256R1), 0);
- ExpectIntEQ(wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
- key1.dp->prime, ECC_SECP256R1), 0);
- ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey,
- &key3.pubkey, wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3),
- 1), 0);
- /* Test bad args. */
- ExpectIntEQ(ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey,
- wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), NULL, &key3.pubkey,
- wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, NULL,
- wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1),
- ECC_BAD_ARG_E);
- ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey,
- &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, 1), ECC_BAD_ARG_E);
- wc_ecc_free(&key1);
- wc_ecc_free(&key2);
- wc_ecc_free(&key3);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
- return EXPECT_RESULT();
- } /* END test_wc_ecc_mulmod */
- /*
- * Testing wc_ecc_is_valid_idx()
- */
- static int test_wc_ecc_is_valid_idx(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
- ecc_key key;
- WC_RNG rng;
- int ret;
- int iVal = -2;
- int iVal2 = 3000;
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, 32, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_ecc_is_valid_idx(key.idx), 1);
- /* Test bad args. */
- ExpectIntEQ(wc_ecc_is_valid_idx(iVal), 0);
- ExpectIntEQ(wc_ecc_is_valid_idx(iVal2), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_is_valid_idx */
- /*
- * Testing wc_ecc_get_curve_id_from_oid()
- */
- static int test_wc_ecc_get_curve_id_from_oid(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
- !defined(HAVE_FIPS)
- const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07};
- word32 len = sizeof(oid);
- /* Bad Cases */
- ExpectIntEQ(wc_ecc_get_curve_id_from_oid(NULL, len), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, 0), ECC_CURVE_INVALID);
- /* Good Case */
- ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, len), ECC_SECP256R1);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_get_curve_id_from_oid */
- /*
- * Testing wc_ecc_sig_size_calc()
- */
- static int test_wc_ecc_sig_size_calc(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
- ecc_key key;
- WC_RNG rng;
- int sz = 0;
- int ret;
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ret = wc_ecc_make_key(&rng, 16, &key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- sz = key.dp->size;
- ExpectIntGT(wc_ecc_sig_size_calc(sz), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ecc_free(&key);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_ecc_sig_size_calc */
- /*
- * Testing wc_ecc_sm2_make_key()
- */
- static int test_wc_ecc_sm2_make_key(void)
- {
- int res = TEST_SKIPPED;
- #if defined(HAVE_ECC) && defined(WOLFSSL_SM2)
- EXPECT_DECLS;
- WC_RNG rng[1];
- ecc_key key[1];
- XMEMSET(rng, 0, sizeof(*rng));
- XMEMSET(key, 0, sizeof(*key));
- ExpectIntEQ(wc_InitRng(rng), 0);
- ExpectIntEQ(wc_ecc_init(key), 0);
- /* Test invalid parameters. */
- ExpectIntEQ(wc_ecc_sm2_make_key(NULL, NULL, WC_ECC_FLAG_NONE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_make_key(rng, NULL, WC_ECC_FLAG_NONE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_make_key(NULL, key, WC_ECC_FLAG_NONE),
- BAD_FUNC_ARG);
- /* Test valid parameters. */
- ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
- ExpectIntEQ(key->dp->id, ECC_SM2P256V1);
- wc_ecc_free(key);
- wc_FreeRng(rng);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- /*
- * Testing wc_ecc_sm2_shared_secret()
- */
- static int test_wc_ecc_sm2_shared_secret(void)
- {
- int res = TEST_SKIPPED;
- #if defined(HAVE_ECC) && defined(WOLFSSL_SM2)
- EXPECT_DECLS;
- WC_RNG rng[1];
- ecc_key keyA[1];
- ecc_key keyB[1];
- byte outA[32];
- byte outB[32];
- word32 outALen = 32;
- word32 outBLen = 32;
- XMEMSET(rng, 0, sizeof(*rng));
- XMEMSET(keyA, 0, sizeof(*keyA));
- XMEMSET(keyB, 0, sizeof(*keyB));
- ExpectIntEQ(wc_InitRng(rng), 0);
- ExpectIntEQ(wc_ecc_init(keyA), 0);
- ExpectIntEQ(wc_ecc_init(keyB), 0);
- ExpectIntEQ(wc_ecc_sm2_make_key(rng, keyA, WC_ECC_FLAG_NONE), 0);
- ExpectIntEQ(wc_ecc_sm2_make_key(rng, keyB, WC_ECC_FLAG_NONE), 0);
- #ifdef ECC_TIMING_RESISTANT
- ExpectIntEQ(wc_ecc_set_rng(keyA, rng), 0);
- ExpectIntEQ(wc_ecc_set_rng(keyB, rng), 0);
- #endif
- /* Test invalid parameters. */
- ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, outA, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, &outALen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, outA, &outALen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, outA, &outALen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, NULL, &outALen),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, NULL), BAD_FUNC_ARG);
- /* Test valid parameters. */
- ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, &outALen), 0);
- ExpectIntLE(outALen, 32);
- ExpectIntEQ(wc_ecc_sm2_shared_secret(keyB, keyA, outB, &outBLen), 0);
- ExpectIntLE(outBLen, 32);
- ExpectIntEQ(outALen, outBLen);
- ExpectBufEQ(outA, outB, outALen);
- wc_ecc_free(keyB);
- wc_ecc_free(keyA);
- wc_FreeRng(rng);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- /*
- * Testing wc_ecc_sm2_create_digest()
- */
- static int test_wc_ecc_sm2_create_digest(void)
- {
- int res = TEST_SKIPPED;
- #if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && !defined(NO_HASH_WRAPPER) && \
- (defined(WOLFSSL_SM3) || !defined(NO_SHA256))
- EXPECT_DECLS;
- ecc_key key[1];
- enum wc_HashType hashType;
- unsigned char pub[] = {
- 0x04,
- 0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
- 0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
- 0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
- 0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
- 0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
- 0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
- 0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
- 0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
- };
- unsigned char id[] = {
- 0x01, 0x02, 0x03,
- };
- unsigned char msg[] = {
- 0x01, 0x02, 0x03,
- };
- unsigned char hash[32];
- #ifdef WOLFSSL_SM3
- unsigned char expHash[32] = {
- 0xc1, 0xdd, 0x92, 0xc5, 0x60, 0xd3, 0x94, 0x28,
- 0xeb, 0x0f, 0x57, 0x79, 0x3f, 0xc9, 0x96, 0xc5,
- 0xfa, 0xf5, 0x90, 0xb2, 0x64, 0x2f, 0xaf, 0x9c,
- 0xc8, 0x57, 0x21, 0x6a, 0x52, 0x7e, 0xf1, 0x95
- };
- #else
- unsigned char expHash[32] = {
- 0xea, 0x41, 0x55, 0x21, 0x61, 0x00, 0x5c, 0x9a,
- 0x57, 0x35, 0x6b, 0x49, 0xca, 0x8f, 0x65, 0xc2,
- 0x0e, 0x29, 0x0c, 0xa0, 0x1d, 0xa7, 0xc4, 0xed,
- 0xdd, 0x51, 0x12, 0xf6, 0xe7, 0x55, 0xc5, 0xf4
- };
- #endif
- #ifdef WOLFSSL_SM3
- hashType = WC_HASH_TYPE_SM3;
- #else
- hashType = WC_HASH_TYPE_SHA256;
- #endif
- XMEMSET(key, 0, sizeof(*key));
- ExpectIntEQ(wc_ecc_init(key), 0);
- /* Test with no curve set. */
- ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
- hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
- /* Test invalid parameters. */
- ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
- hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
- hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
- hashType, NULL, sizeof(hash), NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
- hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg),
- hashType, NULL, sizeof(hash), key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg),
- hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg),
- hashType, hash, sizeof(hash), key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
- hashType, NULL, sizeof(hash), key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
- hashType, hash, sizeof(hash), NULL), BAD_FUNC_ARG);
- /* Bad hash type. */
- ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
- -1, hash, 0, key), BAD_FUNC_ARG);
- /* Bad hash size. */
- ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
- hashType, hash, 0, key), BUFFER_E);
- /* Test valid parameters. */
- ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg),
- hashType, hash, sizeof(hash), key), 0);
- ExpectBufEQ(hash, expHash, sizeof(expHash));
- wc_ecc_free(key);
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- /*
- * Testing wc_ecc_sm2_verify_hash_ex()
- */
- static int test_wc_ecc_sm2_verify_hash_ex(void)
- {
- int res = TEST_SKIPPED;
- #if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_VERIFY) && \
- defined(WOLFSSL_PUBLIC_MP)
- EXPECT_DECLS;
- ecc_key key[1];
- mp_int r[1];
- mp_int s[1];
- int verified;
- unsigned char pub[] = {
- 0x04,
- 0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
- 0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
- 0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
- 0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
- 0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
- 0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
- 0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
- 0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
- };
- unsigned char hash[] = {
- 0x3B, 0xFA, 0x5F, 0xFB, 0xC4, 0x27, 0x8C, 0x9D,
- 0x02, 0x3A, 0x19, 0xCB, 0x1E, 0xAA, 0xD2, 0xF1,
- 0x50, 0x69, 0x5B, 0x20
- };
- unsigned char rData[] = {
- 0xD2, 0xFC, 0xA3, 0x88, 0xE3, 0xDF, 0xA3, 0x00,
- 0x73, 0x9B, 0x3C, 0x2A, 0x0D, 0xAD, 0x44, 0xA2,
- 0xFC, 0x62, 0xD5, 0x6B, 0x84, 0x54, 0xD8, 0x40,
- 0x22, 0x62, 0x3D, 0x5C, 0xA6, 0x61, 0x9B, 0xE7,
- };
- unsigned char sData[] = {
- 0x1D,
- 0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
- 0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
- 0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
- 0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDC
- };
- unsigned char rBadData[] = {
- 0xD2, 0xFC, 0xA3, 0x88, 0xE3, 0xDF, 0xA3, 0x00,
- 0x73, 0x9B, 0x3C, 0x2A, 0x0D, 0xAD, 0x44, 0xA2,
- 0xFC, 0x62, 0xD5, 0x6B, 0x84, 0x54, 0xD8, 0x40,
- 0x22, 0x62, 0x3D, 0x5C, 0xA6, 0x61, 0x9B, 0xE8,
- };
- XMEMSET(key, 0, sizeof(*key));
- XMEMSET(r, 0, sizeof(*r));
- XMEMSET(s, 0, sizeof(*s));
- ExpectIntEQ(mp_init(r), 0);
- ExpectIntEQ(mp_init(s), 0);
- ExpectIntEQ(mp_read_unsigned_bin(r, rData, sizeof(rData)), 0);
- ExpectIntEQ(mp_read_unsigned_bin(s, sData, sizeof(sData)), 0);
- ExpectIntEQ(wc_ecc_init(key), 0);
- /* Test with no curve set. */
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
- /* Test invalid parameters. */
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
- NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, NULL, sizeof(hash),
- NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, NULL, sizeof(hash),
- NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, hash, sizeof(hash),
- NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
- &verified, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash),
- NULL, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, hash, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, hash, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, NULL, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
- NULL, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
- &verified, NULL), BAD_FUNC_ARG);
- /* Make key not on the SM2 curve. */
- ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
- /* Test valid parameters. */
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
- &verified, key), 0);
- ExpectIntEQ(verified, 1);
- ExpectIntEQ(mp_read_unsigned_bin(r, rBadData, sizeof(rBadData)), 0);
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash),
- &verified, key), 0);
- ExpectIntEQ(verified, 0);
- mp_free(s);
- mp_free(r);
- wc_ecc_free(key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- /*
- * Testing wc_ecc_sm2_verify_hash()
- */
- static int test_wc_ecc_sm2_verify_hash(void)
- {
- int res = TEST_SKIPPED;
- #if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_VERIFY)
- EXPECT_DECLS;
- ecc_key key[1];
- int verified;
- unsigned char pub[] = {
- 0x04,
- 0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33,
- 0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F,
- 0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B,
- 0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F,
- 0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C,
- 0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA,
- 0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3,
- 0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33
- };
- unsigned char hash[] = {
- 0x3B, 0xFA, 0x5F, 0xFB, 0xC4, 0x27, 0x8C, 0x9D,
- 0x02, 0x3A, 0x19, 0xCB, 0x1E, 0xAA, 0xD2, 0xF1,
- 0x50, 0x69, 0x5B, 0x20
- };
- unsigned char sig[] = {
- 0x30, 0x45, 0x02, 0x21, 0x00, 0xD2, 0xFC, 0xA3,
- 0x88, 0xE3, 0xDF, 0xA3, 0x00, 0x73, 0x9B, 0x3C,
- 0x2A, 0x0D, 0xAD, 0x44, 0xA2, 0xFC, 0x62, 0xD5,
- 0x6B, 0x84, 0x54, 0xD8, 0x40, 0x22, 0x62, 0x3D,
- 0x5C, 0xA6, 0x61, 0x9B, 0xE7, 0x02, 0x20, 0x1D,
- 0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
- 0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
- 0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
- 0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDC
- };
- unsigned char sigBad[] = {
- 0x30, 0x45, 0x02, 0x21, 0x00, 0xD2, 0xFC, 0xA3,
- 0x88, 0xE3, 0xDF, 0xA3, 0x00, 0x73, 0x9B, 0x3C,
- 0x2A, 0x0D, 0xAD, 0x44, 0xA2, 0xFC, 0x62, 0xD5,
- 0x6B, 0x84, 0x54, 0xD8, 0x40, 0x22, 0x62, 0x3D,
- 0x5C, 0xA6, 0x61, 0x9B, 0xE7, 0x02, 0x20, 0x1D,
- 0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97,
- 0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B,
- 0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A,
- 0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDD
- };
- XMEMSET(key, 0, sizeof(*key));
- ExpectIntEQ(wc_ecc_init(key), 0);
- /* Test with no curve set. */
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0);
- /* Test invalid parameters. */
- ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
- NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
- NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
- NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
- &verified, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash),
- NULL, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
- NULL, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
- &verified, NULL), BAD_FUNC_ARG);
- /* Make key not on the SM2 curve. */
- ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
- &verified, key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
- /* Test valid parameters. */
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash),
- &verified, key), 0);
- ExpectIntEQ(verified, 1);
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sigBad, sizeof(sigBad), hash,
- sizeof(hash), &verified, key), 0);
- ExpectIntEQ(verified, 0);
- wc_ecc_free(key);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- /*
- * Testing wc_ecc_sm2_verify_hash_ex()
- */
- static int test_wc_ecc_sm2_sign_hash_ex(void)
- {
- int res = TEST_SKIPPED;
- #if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_SIGN) && \
- defined(WOLFSSL_PUBLIC_MP)
- EXPECT_DECLS;
- WC_RNG rng[1];
- ecc_key key[1];
- mp_int r[1];
- mp_int s[1];
- unsigned char hash[32];
- #ifdef HAVE_ECC_VERIFY
- int verified;
- #endif
- XMEMSET(rng, 0, sizeof(*rng));
- XMEMSET(key, 0, sizeof(*key));
- XMEMSET(r, 0, sizeof(*r));
- XMEMSET(s, 0, sizeof(*s));
- ExpectIntEQ(wc_InitRng(rng), 0);
- ExpectIntEQ(mp_init(r), 0);
- ExpectIntEQ(mp_init(s), 0);
- ExpectIntEQ(wc_RNG_GenerateBlock(rng, hash, sizeof(hash)), 0);
- ExpectIntEQ(wc_ecc_init(key), 0);
- /* Test with no curve set. */
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
- /* Test invalid parameters. */
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, NULL, NULL,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, NULL, NULL,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, key, NULL,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, r,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL,
- s), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, key, r, s),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, key, r, s),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, NULL, r, s),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, NULL, s),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, NULL),
- BAD_FUNC_ARG);
- /* Make key not on the SM2 curve. */
- ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
- #ifdef WOLFSSL_SP_MATH_ALL
- {
- mp_int smallR[1];
- sp_init_size(smallR, 1);
- /* Force failure in _ecc_sm2_calc_r_s by r being too small. */
- ExpectIntLT(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key,
- smallR, s), 0);
- }
- #endif
- /* Test valid parameters. */
- ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s),
- 0);
- #ifdef HAVE_ECC_VERIFY
- ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), &verified,
- key), 0);
- ExpectIntEQ(verified, 1);
- #endif
- mp_free(s);
- mp_free(r);
- wc_ecc_free(key);
- wc_FreeRng(rng);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- /*
- * Testing wc_ecc_sm2_verify_hash()
- */
- static int test_wc_ecc_sm2_sign_hash(void)
- {
- int res = TEST_SKIPPED;
- #if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_SIGN)
- EXPECT_DECLS;
- WC_RNG rng[1];
- ecc_key key[1];
- unsigned char hash[32];
- unsigned char sig[72];
- word32 sigSz = sizeof(sig);
- #ifdef HAVE_ECC_VERIFY
- int verified;
- #endif
- XMEMSET(rng, 0, sizeof(*rng));
- XMEMSET(key, 0, sizeof(*key));
- ExpectIntEQ(wc_InitRng(rng), 0);
- ExpectIntEQ(wc_RNG_GenerateBlock(rng, hash, sizeof(hash)), 0);
- ExpectIntEQ(wc_ecc_init(key), 0);
- /* Test with no curve set. */
- ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0);
- /* Test invalid parameters. */
- ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, NULL, NULL,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, NULL, NULL,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, &sigSz, NULL,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, rng,
- NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL,
- key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, &sigSz, rng,
- key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, &sigSz, rng,
- key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, NULL, rng,
- key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, NULL,
- key), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng,
- NULL), BAD_FUNC_ARG);
- /* Make key not on the SM2 curve. */
- ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0);
- ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0);
- /* Test valid parameters. */
- ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key),
- 0);
- #ifdef HAVE_ECC_VERIFY
- ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sigSz, hash, sizeof(hash),
- &verified, key), 0);
- ExpectIntEQ(verified, 1);
- #endif
- wc_ecc_free(key);
- wc_FreeRng(rng);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- /*
- * Testing ToTraditional
- */
- static int test_ToTraditional(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL)) && !defined(NO_FILESYSTEM)
- XFILE f = XBADFILE;
- byte input[TWOK_BUF];
- word32 sz = 0;
- ExpectTrue((f = XFOPEN("./certs/server-keyPkcs8.der", "rb")) != XBADFILE);
- ExpectTrue((sz = (word32)XFREAD(input, 1, sizeof(input), f)) > 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- /* Good case */
- ExpectIntGT(ToTraditional(input, sz), 0);
- /* Bad cases */
- ExpectIntEQ(ToTraditional(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(ToTraditional(NULL, sz), BAD_FUNC_ARG);
- #ifdef WOLFSSL_ASN_TEMPLATE
- ExpectIntEQ(ToTraditional(input, 0), BUFFER_E);
- #else
- ExpectIntEQ(ToTraditional(input, 0), ASN_PARSE_E);
- #endif
- #endif
- return EXPECT_RESULT();
- } /* End test_ToTraditional*/
- /*
- * Testing wc_EccPrivateKeyToDer
- */
- static int test_wc_EccPrivateKeyToDer(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- byte output[ONEK_BUF];
- ecc_key eccKey;
- WC_RNG rng;
- word32 inLen;
- word32 outLen = 0;
- int ret;
- XMEMSET(&eccKey, 0, sizeof(ecc_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ecc_init(&eccKey), 0);
- ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- inLen = (word32)sizeof(output);
- /* Bad Cases */
- ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), LENGTH_ONLY_E);
- ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), BAD_FUNC_ARG);
- /* Good Case */
- ExpectIntGT(outLen = wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0);
- wc_ecc_free(&eccKey);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ALL_CURVES)
- {
- /* test importing private only into a PKEY struct */
- EC_KEY* ec = NULL;
- EVP_PKEY* pkey = NULL;
- const unsigned char* der;
- der = output;
- ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &der, outLen));
- der = output;
- ExpectNotNull(ec = d2i_ECPrivateKey(NULL, &der, outLen));
- ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ec), SSL_SUCCESS);
- if (EXPECT_FAIL()) {
- EC_KEY_free(ec);
- }
- EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */
- }
- #endif
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_EccPrivateKeyToDer*/
- /*
- * Testing wc_DhPublicKeyDecode
- */
- static int test_wc_DhPublicKeyDecode(void)
- {
- EXPECT_DECLS;
- #ifndef NO_DH
- #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
- DhKey key;
- word32 inOutIdx;
- XMEMSET(&key, 0, sizeof(DhKey));
- ExpectIntEQ(wc_InitDhKey(&key), 0);
- ExpectIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
- BAD_FUNC_ARG);
- inOutIdx = 0;
- ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
- BAD_FUNC_ARG);
- inOutIdx = 0;
- ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
- BAD_FUNC_ARG);
- inOutIdx = 0;
- ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
- sizeof_dh_pub_key_der_2048), 0);
- ExpectIntNE(key.p.used, 0);
- ExpectIntNE(key.g.used, 0);
- ExpectIntEQ(key.q.used, 0);
- ExpectIntNE(key.pub.used, 0);
- ExpectIntEQ(key.priv.used, 0);
- DoExpectIntEQ(wc_FreeDhKey(&key), 0);
- #endif
- #endif /* !NO_DH */
- return EXPECT_RESULT();
- }
- /*
- * Testing wc_Ed25519KeyToDer
- */
- static int test_wc_Ed25519KeyToDer(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
- byte output[ONEK_BUF];
- ed25519_key ed25519Key;
- WC_RNG rng;
- word32 inLen;
- XMEMSET(&ed25519Key, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0);
- inLen = (word32)sizeof(output);
- /* Bad Cases */
- ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BAD_FUNC_ARG);
- /* Good Cases */
- /* length only */
- ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen), 0);
- ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, output, inLen), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&ed25519Key);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_Ed25519KeyToDer*/
- /*
- * Testing wc_Ed25519PrivateKeyToDer
- */
- static int test_wc_Ed25519PrivateKeyToDer(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
- byte output[ONEK_BUF];
- ed25519_key ed25519PrivKey;
- WC_RNG rng;
- word32 inLen;
- XMEMSET(&ed25519PrivKey, 0, sizeof(ed25519_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed25519_init(&ed25519PrivKey), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey),
- 0);
- inLen = (word32)sizeof(output);
- /* Bad Cases */
- ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0),
- BAD_FUNC_ARG);
- /* Good Cases */
- /* length only */
- ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen), 0);
- ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed25519_free(&ed25519PrivKey);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_Ed25519PrivateKeyToDer*/
- /*
- * Testing wc_Ed448KeyToDer
- */
- static int test_wc_Ed448KeyToDer(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
- byte output[ONEK_BUF];
- ed448_key ed448Key;
- WC_RNG rng;
- word32 inLen;
- XMEMSET(&ed448Key, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&ed448Key), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0);
- inLen = (word32)sizeof(output);
- /* Bad Cases */
- ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BAD_FUNC_ARG);
- /* Good Cases */
- /* length only */
- ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, inLen), 0);
- ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, output, inLen), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&ed448Key);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_Ed448KeyToDer*/
- /*
- * Testing wc_Ed448PrivateKeyToDer
- */
- static int test_wc_Ed448PrivateKeyToDer(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
- (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
- byte output[ONEK_BUF];
- ed448_key ed448PrivKey;
- WC_RNG rng;
- word32 inLen;
- XMEMSET(&ed448PrivKey, 0, sizeof(ed448_key));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_ed448_init(&ed448PrivKey), 0);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey),
- 0);
- inLen = (word32)sizeof(output);
- /* Bad Cases */
- ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0),
- BAD_FUNC_ARG);
- /* Good cases */
- /* length only */
- ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen), 0);
- ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen), 0);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- wc_ed448_free(&ed448PrivKey);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_Ed448PrivateKeyToDer*/
- /*
- * Testing wc_SetSubjectBuffer
- */
- static int test_wc_SetSubjectBuffer(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- Cert cert;
- XFILE file = XBADFILE;
- byte* der = NULL;
- word32 derSz;
- derSz = FOURK_BUF;
- ExpectNotNull(der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectTrue((file = XFOPEN("./certs/ca-cert.der", "rb")) != XBADFILE);
- ExpectTrue((derSz = (word32)XFREAD(der, 1, FOURK_BUF, file)) > 0);
- if (file != XBADFILE)
- XFCLOSE(file);
- ExpectIntEQ(wc_InitCert(&cert), 0);
- ExpectIntEQ(wc_SetSubjectBuffer(&cert, der, derSz), 0);
- ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, derSz), BAD_FUNC_ARG);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_SetSubjectBuffer*/
- /*
- * Testing wc_SetSubjectKeyIdFromPublicKey_ex
- */
- static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WC_RNG rng;
- Cert cert;
- #if !defined(NO_RSA) && defined(HAVE_RSA)
- RsaKey rsaKey;
- int bits = 2048;
- #endif
- #if defined(HAVE_ECC)
- ecc_key eccKey;
- int ret;
- #endif
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- ed25519_key ed25519Key;
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- ed448_key ed448Key;
- #endif
- #ifndef HAVE_FIPS
- ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0);
- #else
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #endif
- ExpectIntEQ(wc_InitCert(&cert), 0);
- #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
- /* RSA */
- XMEMSET(&rsaKey, 0, sizeof(RsaKey));
- ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0);
- ExpectIntEQ(MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng), 0);
- ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey),
- 0);
- DoExpectIntEQ(wc_FreeRsaKey(&rsaKey), 0);
- #endif
- #if defined(HAVE_ECC)
- /* ECC */
- XMEMSET(&eccKey, 0, sizeof(ecc_key));
- ExpectIntEQ(wc_ecc_init(&eccKey), 0);
- ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey),
- 0);
- DoExpectIntEQ(wc_ecc_free(&eccKey), 0);
- #endif
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- /* ED25519 */
- XMEMSET(&ed25519Key, 0, sizeof(ed25519_key));
- ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0);
- ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
- &ed25519Key), 0);
- wc_ed25519_free(&ed25519Key);
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- /* ED448 */
- XMEMSET(&ed448Key, 0, sizeof(ed448_key));
- ExpectIntEQ(wc_ed448_init(&ed448Key), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0);
- ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
- &ed448Key), 0);
- wc_ed448_free(&ed448Key);
- #endif
- wc_FreeRng(&rng);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif /* WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
- return EXPECT_RESULT();
- } /* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/
- /*
- * Testing wc_SetAuthKeyIdFromPublicKey_ex
- */
- static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WC_RNG rng;
- Cert cert;
- #if !defined(NO_RSA) && defined(HAVE_RSA)
- RsaKey rsaKey;
- int bits = 2048;
- #endif
- #if defined(HAVE_ECC)
- ecc_key eccKey;
- int ret;
- #endif
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- ed25519_key ed25519Key;
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- ed448_key ed448Key;
- #endif
- #ifndef HAVE_FIPS
- ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0);
- #else
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #endif
- ExpectIntEQ(wc_InitCert(&cert), 0);
- #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
- /* RSA */
- XMEMSET(&rsaKey, 0, sizeof(RsaKey));
- ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0);
- ExpectIntEQ(MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng), 0);
- ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey), 0);
- DoExpectIntEQ(wc_FreeRsaKey(&rsaKey), 0);
- #endif
- #if defined(HAVE_ECC)
- /* ECC */
- XMEMSET(&eccKey, 0, sizeof(ecc_key));
- ExpectIntEQ(wc_ecc_init(&eccKey), 0);
- ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey), 0);
- DoExpectIntEQ(wc_ecc_free(&eccKey), 0);
- #endif
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
- /* ED25519 */
- XMEMSET(&ed25519Key, 0, sizeof(ed25519_key));
- ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0);
- ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0);
- ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
- &ed25519Key), 0);
- wc_ed25519_free(&ed25519Key);
- #endif
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
- /* ED448 */
- XMEMSET(&ed448Key, 0, sizeof(ed448_key));
- ExpectIntEQ(wc_ed448_init(&ed448Key), 0);
- ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0);
- ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, &ed448Key),
- 0);
- wc_ed448_free(&ed448Key);
- #endif
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif /* defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/
- return EXPECT_RESULT();
- } /* End test_wc_SetAuthKeyIdFromPublicKey_ex*/
- /*
- * Testing wc_PKCS7_New()
- */
- static int test_wc_PKCS7_New(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- } /* END test-wc_PKCS7_New */
- /*
- * Testing wc_PKCS7_Init()
- */
- static int test_wc_PKCS7_Init(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7 = NULL;
- void* heap = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
- /* Pass in bad args. */
- ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), BAD_FUNC_ARG);
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- } /* END test-wc_PKCS7_Init */
- /*
- * Testing wc_PKCS7_InitWithCert()
- */
- static int test_wc_PKCS7_InitWithCert(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7 = NULL;
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- unsigned char cert[sizeof(client_cert_der_2048)];
- int certSz = (int)sizeof(cert);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048));
- #elif defined(USE_CERT_BUFFERS_1024)
- unsigned char cert[sizeof(client_cert_der_1024)];
- int certSz = (int)sizeof(cert);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
- #else
- unsigned char cert[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz;
- ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
- fp), 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof(cliecc_cert_der_256)];
- int certSz = (int)sizeof(cert);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256));
- #else
- unsigned char cert[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz;
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256),
- fp), 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- #else
- #error PKCS7 requires ECC or RSA
- #endif
- #ifdef HAVE_ECC
- {
- /* bad test case from ZD 11011, malformed cert gives bad ECC key */
- static unsigned char certWithInvalidEccKey[] = {
- 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
- 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
- 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
- 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
- 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
- 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
- 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
- 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
- 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
- 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
- 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
- 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
- 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
- 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
- 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
- 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
- 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
- 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
- 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
- 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
- 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
- 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
- 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
- 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
- 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
- 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
- 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
- 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
- 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
- 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
- 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
- 0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
- 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
- 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
- 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
- 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
- 0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
- 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
- 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
- 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
- 0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
- 0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
- 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
- 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
- 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
- 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
- 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
- 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
- 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
- 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
- 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
- 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
- 0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
- 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
- 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
- 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
- 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
- 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
- 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
- 0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
- 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
- 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
- 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
- 0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
- 0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
- 0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
- 0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
- 0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
- 0x08, 0xA8, 0xB4
- };
- #endif
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- /* If initialization is not successful, it's free'd in init func. */
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz),
- 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- /* Valid initialization usage. */
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* Pass in bad args. No need free for null checks, free at end.*/
- ExpectIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
- BAD_FUNC_ARG);
- #ifdef HAVE_ECC
- ExpectIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
- sizeof(certWithInvalidEccKey)), 0);
- }
- #endif
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_InitWithCert */
- /*
- * Testing wc_PKCS7_EncodeData()
- */
- static int test_wc_PKCS7_EncodeData(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7 = NULL;
- byte output[FOURK_BUF];
- byte data[] = "My encoded DER cert.";
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- unsigned char cert[sizeof(client_cert_der_2048)];
- unsigned char key[sizeof(client_key_der_2048)];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- #elif defined(USE_CERT_BUFFERS_1024)
- unsigned char cert[sizeof(sizeof_client_cert_der_1024)];
- unsigned char key[sizeof_client_key_der_1024];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz;
- int keySz;
- ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
- 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof(cliecc_cert_der_256)];
- unsigned char key[sizeof(ecc_clikey_der_256)];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz, keySz;
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
- 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- #endif
- XMEMSET(output, 0, sizeof(output));
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- }
- ExpectIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
- /* Test bad args. */
- ExpectIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_EncodeData */
- #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
- !defined(NO_RSA) && !defined(NO_SHA256)
- /* RSA sign raw digest callback */
- static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
- byte* out, word32 outSz, byte* privateKey,
- word32 privateKeySz, int devid, int hashOID)
- {
- /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
- byte digInfoEncoding[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20
- };
- int ret;
- byte digestInfo[ONEK_BUF];
- byte sig[FOURK_BUF];
- word32 digestInfoSz = 0;
- word32 idx = 0;
- RsaKey rsa;
- /* SHA-256 required only for this example callback due to above
- * digInfoEncoding[] */
- if (pkcs7 == NULL || digest == NULL || out == NULL ||
- (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
- (hashOID != SHA256h)) {
- return -1;
- }
- /* build DigestInfo */
- XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
- digestInfoSz += sizeof(digInfoEncoding);
- XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
- digestInfoSz += digestSz;
- /* set up RSA key */
- ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
- if (ret != 0) {
- return ret;
- }
- ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
- /* sign DigestInfo */
- if (ret == 0) {
- ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
- &rsa, pkcs7->rng);
- if (ret > 0) {
- if (ret > (int)outSz) {
- /* output buffer too small */
- ret = -1;
- }
- else {
- /* success, ret holds sig size */
- XMEMCPY(out, sig, ret);
- }
- }
- }
- wc_FreeRsaKey(&rsa);
- return ret;
- }
- #endif
- #if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
- typedef struct encodeSignedDataStream {
- byte out[FOURK_BUF*3];
- int idx;
- word32 outIdx;
- } encodeSignedDataStream;
- /* content is 8k of partially created bundle */
- static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx)
- {
- int ret = 0;
- encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
- if (strm->outIdx < pkcs7->contentSz) {
- ret = (pkcs7->contentSz > strm->outIdx + FOURK_BUF)?
- FOURK_BUF : pkcs7->contentSz - strm->outIdx;
- *content = strm->out + strm->outIdx;
- strm->outIdx += ret;
- }
- (void)pkcs7;
- return ret;
- }
- static int StreamOutputCB(PKCS7* pkcs7, const byte* output, word32 outputSz,
- void* ctx)
- {
- encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
- XMEMCPY(strm->out + strm->idx, output, outputSz);
- strm->idx += outputSz;
- (void)pkcs7;
- return 0;
- }
- #endif
- /*
- * Testing wc_PKCS7_EncodeSignedData()
- */
- static int test_wc_PKCS7_EncodeSignedData(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7 = NULL;
- WC_RNG rng;
- byte output[FOURK_BUF];
- byte badOut[1];
- word32 outputSz = (word32)sizeof(output);
- word32 badOutSz = 0;
- byte data[] = "Test data to encode.";
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- byte key[sizeof(client_key_der_2048)];
- byte cert[sizeof(client_cert_der_2048)];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- #elif defined(USE_CERT_BUFFERS_1024)
- byte key[sizeof_client_key_der_1024];
- byte cert[sizeof(sizeof_client_cert_der_1024)];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz;
- int keySz;
- ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
- 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof(cliecc_cert_der_256)];
- unsigned char key[sizeof(ecc_clikey_der_256)];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, certSz);
- XMEMCPY(key, ecc_clikey_der_256, keySz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz;
- int keySz;
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(keySz = (int)XFREAD(key, 1, ONEK_BUF, fp), 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- #endif
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(output, 0, outputSz);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- #ifdef NO_SHA
- pkcs7->hashOID = SHA256h;
- #else
- pkcs7->hashOID = SHAh;
- #endif
- pkcs7->rng = &rng;
- }
- ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- #ifdef ASN_BER_TO_DER
- wc_PKCS7_Free(pkcs7);
- /* reinitialize and test setting stream mode */
- {
- int signedSz;
- encodeSignedDataStream strm;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- #ifdef NO_SHA
- pkcs7->hashOID = SHA256h;
- #else
- pkcs7->hashOID = SHAh;
- #endif
- pkcs7->rng = &rng;
- }
- ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
- ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
- ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1);
- ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output,
- outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* use exact signed buffer size since BER encoded */
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, signedSz), 0);
- wc_PKCS7_Free(pkcs7);
- /* now try with using callbacks for IO */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->contentSz = FOURK_BUF*2;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- #ifdef NO_SHA
- pkcs7->hashOID = SHA256h;
- #else
- pkcs7->hashOID = SHAh;
- #endif
- pkcs7->rng = &rng;
- }
- XMEMSET(&strm, 0, sizeof(strm));
- ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
- StreamOutputCB, (void*)&strm), 0);
- ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* use exact signed buffer size since BER encoded */
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out, signedSz), 0);
- }
- #endif
- #ifndef NO_PKCS7_STREAM
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- {
- word32 z;
- int ret;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming mode */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- }
- #endif /* !NO_PKCS7_STREAM */
- /* Pass in bad args. */
- ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
- badOutSz), BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->hashOID = 0; /* bad hashOID */
- }
- ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz),
- BAD_FUNC_ARG);
- #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
- !defined(NO_RSA) && !defined(NO_SHA256)
- /* test RSA sign raw digest callback, if using RSA and compiled in.
- * Example callback assumes SHA-256, so only run test if compiled in. */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- }
- ExpectIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
- ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
- #endif
- wc_PKCS7_Free(pkcs7);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_EncodeSignedData */
- /*
- * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
- */
- static int test_wc_PKCS7_EncodeSignedData_ex(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7)
- int i;
- PKCS7* pkcs7 = NULL;
- WC_RNG rng;
- byte outputHead[FOURK_BUF/2];
- byte outputFoot[FOURK_BUF/2];
- word32 outputHeadSz = (word32)sizeof(outputHead);
- word32 outputFootSz = (word32)sizeof(outputFoot);
- byte data[FOURK_BUF];
- wc_HashAlg hash;
- #ifdef NO_SHA
- enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
- #else
- enum wc_HashType hashType = WC_HASH_TYPE_SHA;
- #endif
- byte hashBuf[WC_MAX_DIGEST_SIZE];
- word32 hashSz = wc_HashGetDigestSize(hashType);
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- byte key[sizeof(client_key_der_2048)];
- byte cert[sizeof(client_cert_der_2048)];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- #elif defined(USE_CERT_BUFFERS_1024)
- byte key[sizeof_client_key_der_1024];
- byte cert[sizeof(sizeof_client_cert_der_1024)];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz;
- int keySz;
- ExpectTure((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
- 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof(cliecc_cert_der_256)];
- unsigned char key[sizeof(ecc_clikey_der_256)];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz;
- int keySz;
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
- 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- #endif
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- /* initialize large data with sequence */
- for (i=0; i<(int)sizeof(data); i++)
- data[i] = i & 0xff;
- XMEMSET(outputHead, 0, outputHeadSz);
- XMEMSET(outputFoot, 0, outputFootSz);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = NULL; /* not used for ex */
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- #ifdef NO_SHA
- pkcs7->hashOID = SHA256h;
- #else
- pkcs7->hashOID = SHAh;
- #endif
- pkcs7->rng = &rng;
- }
- /* calculate hash for content */
- XMEMSET(&hash, 0, sizeof(wc_HashAlg));
- ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
- ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
- ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
- DoExpectIntEQ(wc_HashFree(&hash, hashType), 0);
- /* Perform PKCS7 sign using hash directly */
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
- ExpectIntGT(outputHeadSz, 0);
- ExpectIntGT(outputFootSz, 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* required parameter even on verify when using _ex, if using outputHead
- * and outputFoot */
- if (pkcs7 != NULL) {
- pkcs7->contentSz = (word32)sizeof(data);
- }
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- /* assembly complete PKCS7 sign and use normal verify */
- {
- byte* output = NULL;
- word32 outputSz = 0;
- #ifndef NO_PKCS7_STREAM
- word32 z;
- int ret;
- #endif /* !NO_PKCS7_STREAM */
- ExpectNotNull(output = (byte*)XMALLOC(
- outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (output != NULL) {
- XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
- outputSz += outputHeadSz;
- XMEMCPY(&output[outputSz], data, sizeof(data));
- outputSz += sizeof(data);
- XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
- outputSz += outputFootSz;
- }
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- #ifndef NO_PKCS7_STREAM
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming mode */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- #endif /* !NO_PKCS7_STREAM */
- XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- /* Pass in bad args. */
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
- &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
- &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
- &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
- &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->hashOID = 0; /* bad hashOID */
- }
- ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
- outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
- outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
- #ifndef NO_PKCS7_STREAM
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
- outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
- #else
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
- outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
- #endif
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
- outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
- #ifndef NO_PKCS7_STREAM
- /* can pass in 0 buffer length with streaming API */
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
- #else
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
- #ifndef NO_PKCS7_STREAM
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
- #else
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- outputHead, outputHeadSz, outputFoot, 0), BUFFER_E);
- #endif
- wc_PKCS7_Free(pkcs7);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_EncodeSignedData_ex */
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
- /**
- * Loads certs/keys from files or buffers into the argument buffers,
- * helper function called by CreatePKCS7SignedData().
- *
- * Returns 0 on success, negative on error.
- */
- static int LoadPKCS7SignedDataCerts(
- int useIntermediateCertChain, int pkAlgoType,
- byte* intCARoot, word32* intCARootSz,
- byte* intCA1, word32* intCA1Sz,
- byte* intCA2, word32* intCA2Sz,
- byte* cert, word32* certSz,
- byte* key, word32* keySz)
- {
- EXPECT_DECLS;
- int ret = 0;
- XFILE fp = XBADFILE;
- #ifndef NO_RSA
- const char* intCARootRSA = "./certs/ca-cert.der";
- const char* intCA1RSA = "./certs/intermediate/ca-int-cert.der";
- const char* intCA2RSA = "./certs/intermediate/ca-int2-cert.der";
- const char* intServCertRSA = "./certs/intermediate/server-int-cert.der";
- const char* intServKeyRSA = "./certs/server-key.der";
- #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)
- const char* cli1024Cert = "./certs/1024/client-cert.der";
- const char* cli1024Key = "./certs/1024/client-key.der";
- #endif
- #endif
- #ifdef HAVE_ECC
- const char* intCARootECC = "./certs/ca-ecc-cert.der";
- const char* intCA1ECC = "./certs/intermediate/ca-int-ecc-cert.der";
- const char* intCA2ECC = "./certs/intermediate/ca-int2-ecc-cert.der";
- const char* intServCertECC = "./certs/intermediate/server-int-ecc-cert.der";
- const char* intServKeyECC = "./certs/ecc-key.der";
- #ifndef USE_CERT_BUFFERS_256
- const char* cliEccCert = "./certs/client-ecc-cert.der";
- const char* cliEccKey = "./certs/client-ecc-key.der";
- #endif
- #endif
- if (cert == NULL || certSz == NULL || key == NULL || keySz == NULL ||
- ((useIntermediateCertChain == 1) &&
- (intCARoot == NULL || intCARootSz == NULL || intCA1 == NULL ||
- intCA1Sz == NULL || intCA2 == NULL || intCA2Sz == NULL))) {
- return BAD_FUNC_ARG;
- }
- /* Read/load certs and keys to use for signing based on PK type and chain */
- switch (pkAlgoType) {
- #ifndef NO_RSA
- case RSA_TYPE:
- if (useIntermediateCertChain == 1) {
- ExpectTrue((fp = XFOPEN(intCARootRSA, "rb")) != XBADFILE);
- *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*intCARootSz, 0);
- ExpectTrue((fp = XFOPEN(intCA1RSA, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*intCA1Sz, 0);
- ExpectTrue((fp = XFOPEN(intCA2RSA, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*intCA2Sz, 0);
- ExpectTrue((fp = XFOPEN(intServCertRSA, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*certSz, 0);
- ExpectTrue((fp = XFOPEN(intServKeyRSA, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *keySz = (word32)XFREAD(key, 1, *keySz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*keySz, 0);
- }
- else {
- #if defined(USE_CERT_BUFFERS_2048)
- *keySz = sizeof_client_key_der_2048;
- *certSz = sizeof_client_cert_der_2048;
- XMEMCPY(key, client_key_der_2048, *keySz);
- XMEMCPY(cert, client_cert_der_2048, *certSz);
- #elif defined(USE_CERT_BUFFERS_1024)
- *keySz = sizeof_client_key_der_1024;
- *certSz = sizeof_client_cert_der_1024;
- XMEMCPY(key, client_key_der_1024, *keySz);
- XMEMCPY(cert, client_cert_der_1024, *certSz);
- #else
- ExpectTrue((fp = XFOPEN(cli1024Key, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *keySz = (word32)XFREAD(key, 1, *keySz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*keySz, 0);
- ExpectTrue((fp = XFOPEN(cli1024Cert, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*certSz, 0);
- #endif /* USE_CERT_BUFFERS_2048 */
- }
- break;
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- case ECC_TYPE:
- if (useIntermediateCertChain == 1) {
- ExpectTrue((fp = XFOPEN(intCARootECC, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz,
- fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*intCARootSz, 0);
- ExpectTrue((fp = XFOPEN(intCA1ECC, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*intCA1Sz, 0);
- ExpectTrue((fp = XFOPEN(intCA2ECC, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*intCA2Sz, 0);
- ExpectTrue((fp = XFOPEN(intServCertECC, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*certSz, 0);
- ExpectTrue((fp = XFOPEN(intServKeyECC, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *keySz = (word32)XFREAD(key, 1, *keySz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*keySz, 0);
- }
- else {
- #if defined(USE_CERT_BUFFERS_256)
- *keySz = sizeof_ecc_clikey_der_256;
- *certSz = sizeof_cliecc_cert_der_256;
- XMEMCPY(key, ecc_clikey_der_256, *keySz);
- XMEMCPY(cert, cliecc_cert_der_256, *certSz);
- #else
- ExpectTrue((fp = XFOPEN(cliEccKey, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *keySz = (word32)XFREAD(key, 1, *keySz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*keySz, 0);
- ExpectTrue((fp = XFOPEN(cliEccCert, "rb")) != XBADFILE);
- if (fp != XBADFILE) {
- *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntGT(*certSz, 0);
- #endif /* USE_CERT_BUFFERS_256 */
- }
- break;
- #endif /* HAVE_ECC */
- default:
- WOLFSSL_MSG("Unsupported SignedData PK type");
- ret = BAD_FUNC_ARG;
- break;
- }
- if (EXPECT_FAIL() && (ret == 0)) {
- ret = BAD_FUNC_ARG;
- }
- return ret;
- }
- /**
- * Creates a PKCS7/CMS SignedData bundle to use for testing.
- *
- * output output buffer to place SignedData
- * outputSz size of output buffer
- * data data buffer to be signed
- * dataSz size of data buffer
- * withAttribs [1/0] include attributes in SignedData message
- * detachedSig [1/0] create detached signature, no content
- * useIntCertChain [1/0] use certificate chain and include intermediate and
- * root CAs in bundle
- * pkAlgoType RSA_TYPE or ECC_TYPE, choose what key/cert type to use
- *
- * Return size of bundle created on success, negative on error */
- static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
- byte* data, word32 dataSz,
- int withAttribs, int detachedSig,
- int useIntermediateCertChain,
- int pkAlgoType)
- {
- EXPECT_DECLS;
- int ret = 0;
- WC_RNG rng;
- PKCS7* pkcs7 = NULL;
- static byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static byte messageType[] = { 0x13, 2, '1', '9' };
- PKCS7Attrib attribs[] =
- {
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) }
- };
- byte intCARoot[TWOK_BUF];
- byte intCA1[TWOK_BUF];
- byte intCA2[TWOK_BUF];
- byte cert[TWOK_BUF];
- byte key[TWOK_BUF];
- word32 intCARootSz = sizeof(intCARoot);
- word32 intCA1Sz = sizeof(intCA1);
- word32 intCA2Sz = sizeof(intCA2);
- word32 certSz = sizeof(cert);
- word32 keySz = sizeof(key);
- XMEMSET(intCARoot, 0, intCARootSz);
- XMEMSET(intCA1, 0, intCA1Sz);
- XMEMSET(intCA2, 0, intCA2Sz);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- ret = LoadPKCS7SignedDataCerts(useIntermediateCertChain, pkAlgoType,
- intCARoot, &intCARootSz, intCA1, &intCA1Sz, intCA2, &intCA2Sz,
- cert, &certSz, key, &keySz);
- ExpectIntEQ(ret, 0);
- XMEMSET(output, 0, outputSz);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (useIntermediateCertChain == 1) {
- /* Add intermediate and root CA certs into SignedData Certs SET */
- ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA2, intCA2Sz), 0);
- ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA1, intCA1Sz), 0);
- ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCARoot, intCARootSz), 0);
- }
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = dataSz;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- if (pkAlgoType == RSA_TYPE) {
- pkcs7->encryptOID = RSAk;
- }
- else {
- pkcs7->encryptOID = ECDSAk;
- }
- #ifdef NO_SHA
- pkcs7->hashOID = SHA256h;
- #else
- pkcs7->hashOID = SHAh;
- #endif
- pkcs7->rng = &rng;
- if (withAttribs) {
- /* include a signed attribute */
- pkcs7->signedAttribs = attribs;
- pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
- }
- }
- if (detachedSig) {
- ExpectIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
- }
- outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz);
- ExpectIntGT(outputSz, 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (detachedSig && (pkcs7 != NULL)) {
- pkcs7->content = data;
- pkcs7->contentSz = dataSz;
- }
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- wc_FreeRng(&rng);
- if (EXPECT_FAIL()) {
- outputSz = 0;
- }
- return outputSz;
- }
- #endif
- /*
- * Testing wc_PKCS_VerifySignedData()
- */
- static int test_wc_PKCS7_VerifySignedData_RSA(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- PKCS7* pkcs7 = NULL;
- byte output[6000]; /* Large size needed for bundles with int CA certs */
- word32 outputSz = sizeof(output);
- byte data[] = "Test data to encode.";
- byte badOut[1];
- word32 badOutSz = 0;
- byte badContent[] = "This is different content than was signed";
- wc_HashAlg hash;
- #ifdef NO_SHA
- enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
- #else
- enum wc_HashType hashType = WC_HASH_TYPE_SHA;
- #endif
- byte hashBuf[WC_MAX_DIGEST_SIZE];
- word32 hashSz = wc_HashGetDigestSize(hashType);
- #ifndef NO_RSA
- PKCS7DecodedAttrib* decodedAttrib = NULL;
- /* contentType OID (1.2.840.113549.1.9.3) */
- static const byte contentTypeOid[] =
- { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01, 0x09, 0x03 };
- /* PKCS#7 DATA content type (contentType defaults to DATA) */
- static const byte dataType[] =
- { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 };
- /* messageDigest OID (1.2.840.113549.1.9.4) */
- static const byte messageDigestOid[] =
- { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04 };
- #ifndef NO_ASN_TIME
- /* signingTime OID () */
- static const byte signingTimeOid[] =
- { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05};
- #endif
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- int dateLength = 0;
- byte dateFormat;
- const byte* datePart = NULL;
- struct tm timearg;
- time_t now;
- struct tm* nowTm = NULL;
- #ifdef NEED_TMP_TIME
- struct tm tmpTimeStorage;
- struct tm* tmpTime = &tmpTimeStorage;
- #endif
- #endif /* !NO_ASN && !NO_ASN_TIME */
- #ifndef NO_PKCS7_STREAM
- word32 z;
- int ret;
- #endif /* !NO_PKCS7_STREAM */
- XMEMSET(&hash, 0, sizeof(wc_HashAlg));
- /* Success test with RSA certs/key */
- ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
- (word32)sizeof(data), 0, 0, 0, RSA_TYPE)), 0);
- /* calculate hash for content, used later */
- ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
- ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
- ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
- DoExpectIntEQ(wc_HashFree(&hash, hashType), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- #ifndef NO_PKCS7_STREAM
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- #endif /* !NO_PKCS7_STREAM */
- /* Check that decoded signed attributes are correct */
- /* messageDigest should be first */
- if (pkcs7 != NULL) {
- decodedAttrib = pkcs7->decodedAttrib;
- }
- ExpectNotNull(decodedAttrib);
- ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(messageDigestOid));
- ExpectIntEQ(XMEMCMP(decodedAttrib->oid, messageDigestOid,
- decodedAttrib->oidSz), 0);
- /* + 2 for OCTET STRING and length bytes */
- ExpectIntEQ(decodedAttrib->valueSz, hashSz + 2);
- ExpectNotNull(decodedAttrib->value);
- ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, hashBuf, hashSz), 0);
- #ifndef NO_ASN_TIME
- /* signingTime should be second */
- if (decodedAttrib != NULL) {
- decodedAttrib = decodedAttrib->next;
- }
- ExpectNotNull(decodedAttrib);
- ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(signingTimeOid));
- ExpectIntEQ(XMEMCMP(decodedAttrib->oid, signingTimeOid,
- decodedAttrib->oidSz), 0);
- ExpectIntGT(decodedAttrib->valueSz, 0);
- ExpectNotNull(decodedAttrib->value);
- #endif
- /* Verify signingTime if ASN and time are available */
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- ExpectIntEQ(wc_GetDateInfo(decodedAttrib->value, decodedAttrib->valueSz,
- &datePart, &dateFormat, &dateLength), 0);
- ExpectNotNull(datePart);
- ExpectIntGT(dateLength, 0);
- XMEMSET(&timearg, 0, sizeof(timearg));
- ExpectIntEQ(wc_GetDateAsCalendarTime(datePart, dateLength, dateFormat,
- &timearg), 0);
- /* Get current time and compare year/month/day against attribute value */
- ExpectIntEQ(wc_GetTime(&now, sizeof(now)), 0);
- nowTm = (struct tm*)XGMTIME((time_t*)&now, tmpTime);
- ExpectNotNull(nowTm);
- ExpectIntEQ(timearg.tm_year, nowTm->tm_year);
- ExpectIntEQ(timearg.tm_mon, nowTm->tm_mon);
- ExpectIntEQ(timearg.tm_mday, nowTm->tm_mday);
- #endif /* !NO_ASN && !NO_ASN_TIME */
- /* contentType should be third */
- if (decodedAttrib != NULL) {
- decodedAttrib = decodedAttrib->next;
- }
- ExpectNotNull(decodedAttrib);
- ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(contentTypeOid));
- ExpectIntEQ(XMEMCMP(decodedAttrib->oid, contentTypeOid,
- decodedAttrib->oidSz), 0);
- ExpectIntEQ(decodedAttrib->valueSz, (int)sizeof(dataType) + 2);
- ExpectNotNull(decodedAttrib->value);
- ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, dataType, sizeof(dataType)),
- 0);
- #endif /* !NO_RSA */
- /* Test bad args. */
- ExpectIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz),
- BAD_FUNC_ARG);
- #ifndef NO_PKCS7_STREAM
- /* can pass in 0 buffer length with streaming API */
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
- badOutSz), WC_PKCS7_WANT_READ_E);
- #else
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
- badOutSz), BAD_FUNC_ARG);
- #endif
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_RSA
- /* Try RSA certs/key/sig first */
- outputSz = sizeof(output);
- XMEMSET(output, 0, outputSz);
- ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
- (word32)sizeof(data),
- 1, 1, 0, RSA_TYPE)), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = badContent;
- pkcs7->contentSz = sizeof(badContent);
- }
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
- SIG_VERIFY_E);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_PKCS7_STREAM
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = badContent;
- pkcs7->contentSz = sizeof(badContent);
- }
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret == WC_PKCS7_WANT_READ_E){
- continue;
- }
- else if (ret < 0) {
- break;
- }
- }
- ExpectIntEQ(ret, SIG_VERIFY_E);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif /* !NO_PKCS7_STREAM */
- /* Test success case with detached signature and valid content */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = sizeof(data);
- }
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_PKCS7_STREAM
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = sizeof(data);
- }
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif /* !NO_PKCS7_STREAM */
- /* verify using pre-computed content digest only (no content) */
- {
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- output, outputSz, NULL, 0), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- #endif /* !NO_RSA */
- /* Test verify on signedData containing intermediate/root CA certs */
- #ifndef NO_RSA
- outputSz = sizeof(output);
- XMEMSET(output, 0, outputSz);
- ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
- (word32)sizeof(data),
- 0, 0, 1, RSA_TYPE)), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_PKCS7_STREAM
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif /* !NO_PKCS7_STREAM */
- #endif /* !NO_RSA */
- #if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM) && \
- !defined(NO_FILESYSTEM)
- {
- XFILE signedBundle = XBADFILE;
- int signedBundleSz = 0;
- int chunkSz = 1;
- int i, rc = 0;
- byte* buf = NULL;
- ExpectTrue((signedBundle = XFOPEN("./certs/test-stream-sign.p7b",
- "rb")) != XBADFILE);
- ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_END) == 0);
- ExpectIntGT(signedBundleSz = (int)XFTELL(signedBundle), 0);
- ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_SET) == 0);
- ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT,
- DYNAMIC_TYPE_FILE));
- if (buf != NULL) {
- ExpectIntEQ(XFREAD(buf, 1, signedBundleSz, signedBundle),
- signedBundleSz);
- }
- if (signedBundle != XBADFILE) {
- XFCLOSE(signedBundle);
- signedBundle = XBADFILE;
- }
- if (buf != NULL) {
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- for (i = 0; i < signedBundleSz;) {
- int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
- chunkSz;
- rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, sz);
- if (rc < 0 ) {
- if (rc == WC_PKCS7_WANT_READ_E) {
- i += sz;
- continue;
- }
- break;
- }
- else {
- break;
- }
- }
- ExpectIntEQ(rc, PKCS7_SIGNEEDS_CHECK);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- /* now try with malformed bundle */
- if (buf != NULL) {
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- buf[signedBundleSz - 2] = buf[signedBundleSz - 2] + 1;
- for (i = 0; i < signedBundleSz;) {
- int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
- chunkSz;
- rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, sz);
- if (rc < 0 ) {
- if (rc == WC_PKCS7_WANT_READ_E) {
- i += sz;
- continue;
- }
- break;
- }
- else {
- break;
- }
- }
- ExpectIntEQ(rc, ASN_PARSE_E);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- if (buf != NULL)
- XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
- }
- #endif /* BER and stream */
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_VerifySignedData()_RSA */
- /*
- * Testing wc_PKCS_VerifySignedData()
- */
- static int test_wc_PKCS7_VerifySignedData_ECC(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
- PKCS7* pkcs7 = NULL;
- byte output[6000]; /* Large size needed for bundles with int CA certs */
- word32 outputSz = sizeof(output);
- byte data[] = "Test data to encode.";
- byte badContent[] = "This is different content than was signed";
- wc_HashAlg hash;
- #ifndef NO_PKCS7_STREAM
- word32 z;
- int ret;
- #endif /* !NO_PKCS7_STREAM */
- #ifdef NO_SHA
- enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
- #else
- enum wc_HashType hashType = WC_HASH_TYPE_SHA;
- #endif
- byte hashBuf[WC_MAX_DIGEST_SIZE];
- word32 hashSz = wc_HashGetDigestSize(hashType);
- XMEMSET(&hash, 0, sizeof(wc_HashAlg));
- /* Success test with ECC certs/key */
- outputSz = sizeof(output);
- XMEMSET(output, 0, outputSz);
- ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
- (word32)sizeof(data), 0, 0, 0, ECC_TYPE)), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_PKCS7_STREAM
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif /* !NO_PKCS7_STREAM */
- /* Invalid content should error, use detached signature so we can
- * easily change content */
- outputSz = sizeof(output);
- XMEMSET(output, 0, outputSz);
- ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
- (word32)sizeof(data), 1, 1, 0, ECC_TYPE)), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = badContent;
- pkcs7->contentSz = sizeof(badContent);
- }
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
- SIG_VERIFY_E);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_PKCS7_STREAM
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = badContent;
- pkcs7->contentSz = sizeof(badContent);
- }
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret == WC_PKCS7_WANT_READ_E){
- continue;
- }
- else if (ret < 0) {
- break;
- }
- }
- ExpectIntEQ(ret, SIG_VERIFY_E);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif /* !NO_PKCS7_STREAM */
- /* Test success case with detached signature and valid content */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = sizeof(data);
- }
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_PKCS7_STREAM
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = data;
- pkcs7->contentSz = sizeof(data);
- }
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif /* !NO_PKCS7_STREAM */
- /* verify using pre-computed content digest only (no content) */
- {
- /* calculate hash for content */
- ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
- ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
- ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
- ExpectIntEQ(wc_HashFree(&hash, hashType), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
- output, outputSz, NULL, 0), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- /* Test verify on signedData containing intermediate/root CA certs */
- outputSz = sizeof(output);
- XMEMSET(output, 0, outputSz);
- ExpectIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
- (word32)sizeof(data), 0, 0, 1, ECC_TYPE)), 0);
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_PKCS7_STREAM
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outputSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectIntNE(pkcs7->contentSz, 0);
- ExpectNotNull(pkcs7->contentDynamic);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif /* !NO_PKCS7_STREAM */
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_VerifySignedData_ECC() */
- #if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
- !defined(NO_AES_256)
- static const byte defKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static byte aesHandle[32]; /* simulated hardware key handle */
- /* return 0 on success */
- static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
- byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
- byte* in, int inSz, byte* out, void* usrCtx)
- {
- int ret;
- Aes aes;
- if (usrCtx == NULL) {
- /* no simulated handle passed in */
- return -1;
- }
- switch (encryptOID) {
- case AES256CBCb:
- if (ivSz != AES_BLOCK_SIZE)
- return BAD_FUNC_ARG;
- break;
- default:
- WOLFSSL_MSG("Unsupported content cipher type for test");
- return ALGO_ID_E;
- };
- /* simulate using handle to get key */
- ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
- if (ret == 0) {
- ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
- if (ret == 0)
- ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
- wc_AesFree(&aes);
- }
- (void)aad;
- (void)aadSz;
- (void)authTag;
- (void)authTagSz;
- (void)pkcs7;
- return ret;
- }
- /* returns key size on success */
- static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
- word32 keyIdSz, byte* orginKey, word32 orginKeySz,
- byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
- {
- int ret = -1;
- (void)cekSz;
- (void)cek;
- (void)outSz;
- (void)keyIdSz;
- (void)direction;
- (void)orginKey; /* used with KAKRI */
- (void)orginKeySz;
- if (out == NULL)
- return BAD_FUNC_ARG;
- if (keyId[0] != 0x00) {
- return -1;
- }
- if (type != (int)PKCS7_KEKRI) {
- return -1;
- }
- switch (keyWrapAlgo) {
- case AES256_WRAP:
- /* simulate setting a handle for later decryption but use key
- * as handle in the test case here */
- ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
- aesHandle, sizeof(aesHandle), NULL);
- if (ret < 0)
- return ret;
- ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
- if (ret < 0)
- return ret;
- /* return key size on success */
- return sizeof(defKey);
- default:
- WOLFSSL_MSG("Unsupported key wrap algorithm in example");
- return BAD_KEYWRAP_ALG_E;
- };
- }
- #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
- /*
- * Testing wc_PKCS7_EncodeEnvelopedData()
- */
- static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7)
- PKCS7* pkcs7 = NULL;
- #ifdef ASN_BER_TO_DER
- int encodedSz = 0;
- #endif
- #ifdef ECC_TIMING_RESISTANT
- WC_RNG rng;
- #endif
- word32 tempWrd32 = 0;
- byte* tmpBytePtr = NULL;
- const char input[] = "Test data to encode.";
- int i;
- int testSz = 0;
- #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
- !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz;
- word32 rsaPrivKeySz;
- #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
- !defined(USE_CERT_BUFFERS_2048) )
- static const char* rsaClientCert = "./certs/client-cert.der";
- static const char* rsaClientKey = "./certs/client-key.der";
- rsaCertSz = (word32)sizeof(rsaClientCert);
- rsaPrivKeySz = (word32)sizeof(rsaClientKey);
- #endif
- #endif
- #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
- !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz;
- word32 eccPrivKeySz;
- #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
- static const char* eccClientCert = "./certs/client-ecc-cert.der";
- static const char* eccClientKey = "./certs/ecc-client-key.der";
- #endif
- #endif
- /* Generic buffer size. */
- byte output[ONEK_BUF];
- byte decoded[sizeof(input)/sizeof(char)];
- int decodedSz = 0;
- #ifndef NO_FILESYSTEM
- XFILE certFile = XBADFILE;
- XFILE keyFile = XBADFILE;
- #endif
- #ifdef ECC_TIMING_RESISTANT
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- #endif
- #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
- !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
- /* RSA certs and keys. */
- #if defined(USE_CERT_BUFFERS_1024)
- rsaCertSz = (word32)sizeof_client_cert_der_1024;
- /* Allocate buffer space. */
- ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- /* Init buffer. */
- if (rsaCert != NULL) {
- XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
- }
- rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
- ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (rsaPrivKey != NULL) {
- XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- rsaCertSz = (word32)sizeof_client_cert_der_2048;
- /* Allocate buffer */
- ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- /* Init buffer. */
- if (rsaCert != NULL) {
- XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
- }
- rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
- ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (rsaPrivKey != NULL) {
- XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
- }
- #else
- /* File system. */
- ExpectTrue((certFile = XFOPEN(rsaClientCert, "rb")) != XBADFILE);
- rsaCertSz = (word32)FOURK_BUF;
- ExpectNotNull(rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectTrue((rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz,
- certFile)) > 0);
- if (certFile != XBADFILE)
- XFCLOSE(certFile);
- ExpectTrue((keyFile = XFOPEN(rsaClientKey, "rb")) != XBADFILE);
- ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- rsaPrivKeySz = (word32)FOURK_BUF;
- ExpectTrue((rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz,
- keyFile)) > 0);
- if (keyFile != XBADFILE)
- XFCLOSE(keyFile);
- #endif /* USE_CERT_BUFFERS */
- #endif /* NO_RSA */
- /* ECC */
- #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
- !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
- #ifdef USE_CERT_BUFFERS_256
- ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- /* Init buffer. */
- eccCertSz = (word32)sizeof_cliecc_cert_der_256;
- if (eccCert != NULL) {
- XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
- }
- ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
- if (eccPrivKey != NULL) {
- XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
- }
- #else /* File system. */
- ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE);
- eccCertSz = (word32)FOURK_BUF;
- ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz,
- certFile)) > 0);
- if (certFile != XBADFILE) {
- XFCLOSE(certFile);
- }
- ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE);
- eccPrivKeySz = (word32)FOURK_BUF;
- ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz,
- keyFile)) > 0);
- if (keyFile != XBADFILE) {
- XFCLOSE(keyFile);
- }
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* END HAVE_ECC */
- #ifndef NO_FILESYSTEM
- /* Silence. */
- (void)keyFile;
- (void)certFile;
- #endif
- {
- const pkcs7EnvelopedVector testVectors[] = {
- /* DATA is a global variable defined in the makefile. */
- #if !defined(NO_RSA)
- #ifndef NO_DES3
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
- rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifndef NO_AES_128
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
- 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
- #endif
- #ifndef NO_AES_192
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
- 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
- #endif
- #ifndef NO_AES_256
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
- 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
- #endif
- #endif /* NO_AES && HAVE_AES_CBC */
- #endif /* NO_RSA */
- #if defined(HAVE_ECC)
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && !defined(NO_AES_128)
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
- AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme,
- eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
- #endif
- #if !defined(NO_SHA256) && !defined(NO_AES_256)
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
- AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme,
- eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
- #endif
- #if defined(WOLFSSL_SHA512) && !defined(NO_AES_256)
- {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
- AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme,
- eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
- #endif
- #endif /* NO_AES && HAVE_AES_CBC*/
- #endif /* END HAVE_ECC */
- }; /* END pkcs7EnvelopedVector */
- #ifdef ECC_TIMING_RESISTANT
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #endif
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
- testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
- for (i = 0; i < testSz; i++) {
- #ifdef ASN_BER_TO_DER
- encodeSignedDataStream strm;
- /* test setting stream mode, the first one using IO callbacks */
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
- (word32)(testVectors + i)->certSz), 0);
- if (pkcs7 != NULL) {
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- if (i != 0)
- pkcs7->content = (byte*)(testVectors + i)->content;
- pkcs7->contentSz = (testVectors + i)->contentSz;
- pkcs7->contentOID = (testVectors + i)->contentOID;
- pkcs7->encryptOID = (testVectors + i)->encryptOID;
- pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID;
- pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID;
- pkcs7->privateKey = (testVectors + i)->privateKey;
- pkcs7->privateKeySz = (testVectors + i)->privateKeySz;
- }
- if (i == 0) {
- XMEMSET(&strm, 0, sizeof(strm));
- ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
- StreamOutputCB, (void*)&strm), 0);
- encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);
- }
- else {
- ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
- encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output));
- }
- switch ((testVectors + i)->encryptOID) {
- #ifndef NO_DES3
- case DES3b:
- case DESb:
- ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
- break;
- #endif
- #ifdef HAVE_AESCCM
- #ifdef WOLFSSL_AES_128
- case AES128CCMb:
- ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
- break;
- #endif
- #ifdef WOLFSSL_AES_192
- case AES192CCMb:
- ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
- break;
- #endif
- #ifdef WOLFSSL_AES_256
- case AES256CCMb:
- ExpectIntEQ(encodedSz, BAD_FUNC_ARG);
- break;
- #endif
- #endif
- default:
- ExpectIntGE(encodedSz, 0);
- }
- if (encodedSz > 0) {
- if (i == 0) {
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7,
- strm.out, (word32)encodedSz, decoded,
- (word32)sizeof(decoded));
- }
- else {
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)encodedSz, decoded, (word32)sizeof(decoded));
- }
- ExpectIntGE(decodedSz, 0);
- /* Verify the size of each buffer. */
- ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
- }
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- #endif
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
- (word32)(testVectors + i)->certSz), 0);
- if (pkcs7 != NULL) {
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- pkcs7->content = (byte*)(testVectors + i)->content;
- pkcs7->contentSz = (testVectors + i)->contentSz;
- pkcs7->contentOID = (testVectors + i)->contentOID;
- pkcs7->encryptOID = (testVectors + i)->encryptOID;
- pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID;
- pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID;
- pkcs7->privateKey = (testVectors + i)->privateKey;
- pkcs7->privateKeySz = (testVectors + i)->privateKeySz;
- }
- #ifdef ASN_BER_TO_DER
- /* test without setting stream mode */
- ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
- #endif
- ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output)), 0);
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded));
- ExpectIntGE(decodedSz, 0);
- /* Verify the size of each buffer. */
- ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
- /* Don't free the last time through the loop. */
- if (i < testSz - 1) {
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- }
- } /* END test loop. */
- }
- /* Test bad args. */
- ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
- (word32)sizeof(output)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
- (word32)sizeof(output)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
- /* Decode. */
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
- (word32)sizeof(decoded)), BAD_FUNC_ARG);
- /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
- #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
- /* only a failure for KARI test cases */
- if (pkcs7 != NULL) {
- tempWrd32 = pkcs7->singleCertSz;
- pkcs7->singleCertSz = 0;
- }
- #if defined(WOLFSSL_ASN_TEMPLATE)
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
- BUFFER_E);
- #else
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
- ASN_PARSE_E);
- #endif
- if (pkcs7 != NULL) {
- pkcs7->singleCertSz = tempWrd32;
- tmpBytePtr = pkcs7->singleCert;
- pkcs7->singleCert = NULL;
- }
- #ifndef NO_RSA
- #if defined(NO_PKCS7_STREAM)
- /* when none streaming mode is used and PKCS7 is in bad state buffer error
- * is returned from kari parse which gets set to bad func arg */
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
- BAD_FUNC_ARG);
- #else
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
- ASN_PARSE_E);
- #endif
- #endif /* !NO_RSA */
- if (pkcs7 != NULL) {
- pkcs7->singleCert = tmpBytePtr;
- }
- #endif
- if (pkcs7 != NULL) {
- tempWrd32 = pkcs7->privateKeySz;
- pkcs7->privateKeySz = 0;
- }
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
- BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->privateKeySz = tempWrd32;
- tmpBytePtr = pkcs7->privateKey;
- pkcs7->privateKey = NULL;
- }
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
- BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->privateKey = tmpBytePtr;
- }
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
- /* test of decrypt callback with KEKRI enveloped data */
- {
- int envelopedSz = 0;
- const byte keyId[] = { 0x00 };
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- if (pkcs7 != NULL) {
- pkcs7->content = (byte*)input;
- pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char));
- pkcs7->contentOID = DATA;
- pkcs7->encryptOID = AES256CBCb;
- }
- ExpectIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
- (byte*)defKey, sizeof(defKey), (byte*)keyId,
- sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
- ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
- ExpectIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
- (word32)sizeof(output))), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- /* decode envelopedData */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
- ExpectIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
- ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
- envelopedSz, decoded, sizeof(decoded))), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- #endif /* !NO_AES && !NO_AES_256 */
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* HAVE_ECC */
- #ifdef ECC_TIMING_RESISTANT
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \
- !defined(NO_RSA) && !defined(NO_SHA)
- {
- byte out[7];
- byte *cms = NULL;
- word32 cmsSz;
- XFILE cmsFile = XBADFILE;
- XMEMSET(out, 0, sizeof(out));
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectTrue((cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb"))
- != XBADFILE);
- cmsSz = (word32)FOURK_BUF;
- ExpectNotNull(cms = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile)) > 0);
- if (cmsFile != XBADFILE)
- XFCLOSE(cmsFile);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
- sizeof_client_cert_der_2048), 0);
- if (pkcs7 != NULL) {
- pkcs7->privateKey = (byte*)client_key_der_2048;
- pkcs7->privateKeySz = sizeof_client_key_der_2048;
- }
- ExpectIntLT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
- 2), 0);
- ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
- sizeof(out)), 0);
- XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ExpectIntEQ(XMEMCMP(out, "test", 4), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- #endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
- #endif /* HAVE_PKCS7 */
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */
- /*
- * Testing wc_PKCS7_EncodeEncryptedData()
- */
- static int test_wc_PKCS7_EncodeEncryptedData(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
- PKCS7* pkcs7 = NULL;
- byte* tmpBytePtr = NULL;
- byte encrypted[TWOK_BUF];
- byte decoded[TWOK_BUF];
- word32 tmpWrd32 = 0;
- int tmpInt = 0;
- int decodedSz = 0;
- int encryptedSz = 0;
- int testSz = 0;
- int i = 0;
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_DES3
- byte desKey[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- byte des3Key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifndef NO_AES_128
- byte aes128Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifndef NO_AES_192
- byte aes192Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifndef NO_AES_256
- byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- const pkcs7EncryptedVector testVectors[] =
- {
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
- {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
- #endif /* !NO_DES3 */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifndef NO_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
- sizeof(aes128Key)},
- #endif
- #ifndef NO_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
- sizeof(aes192Key)},
- #endif
- #ifndef NO_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key)},
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- };
- testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
- for (i = 0; i < testSz; i++) {
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->encryptionKey = testVectors[i].encryptionKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
- pkcs7->heap = HEAP_HINT;
- }
- /* encode encryptedData */
- ExpectIntGT(encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), 0);
- /* Decode encryptedData */
- ExpectIntGT(decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted,
- encryptedSz, decoded, sizeof(decoded)), 0);
- ExpectIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
- /* Keep values for last itr. */
- if (i < testSz - 1) {
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- }
- if (pkcs7 == NULL || testSz == 0) {
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
- }
- ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
- sizeof(encrypted)),BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
- sizeof(encrypted)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- 0), BAD_FUNC_ARG);
- /* Testing the struct. */
- if (pkcs7 != NULL) {
- tmpBytePtr = pkcs7->content;
- pkcs7->content = NULL;
- }
- ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->content = tmpBytePtr;
- tmpWrd32 = pkcs7->contentSz;
- pkcs7->contentSz = 0;
- }
- ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->contentSz = tmpWrd32;
- tmpInt = pkcs7->encryptOID;
- pkcs7->encryptOID = 0;
- }
- ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->encryptOID = tmpInt;
- tmpBytePtr = pkcs7->encryptionKey;
- pkcs7->encryptionKey = NULL;
- }
- ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->encryptionKey = tmpBytePtr;
- tmpWrd32 = pkcs7->encryptionKeySz;
- pkcs7->encryptionKeySz = 0;
- }
- ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- sizeof(encrypted)), BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->encryptionKeySz = tmpWrd32;
- }
- ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- NULL, sizeof(decoded)), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, 0), BAD_FUNC_ARG);
- /* Test struct fields */
- if (pkcs7 != NULL) {
- tmpBytePtr = pkcs7->encryptionKey;
- pkcs7->encryptionKey = NULL;
- }
- ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- if (pkcs7 != NULL) {
- pkcs7->encryptionKey = tmpBytePtr;
- pkcs7->encryptionKeySz = 0;
- }
- ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, sizeof(decoded)), BAD_FUNC_ARG);
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_EncodeEncryptedData() */
- /*
- * Testing wc_PKCS7_Degenerate()
- */
- static int test_wc_PKCS7_Degenerate(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
- PKCS7* pkcs7 = NULL;
- char fName[] = "./certs/test-degenerate.p7b";
- XFILE f = XBADFILE;
- byte der[4096];
- word32 derSz = 0;
- #ifndef NO_PKCS7_STREAM
- word32 z;
- int ret;
- #endif /* !NO_PKCS7_STREAM */
- ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
- ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- /* test degenerate success */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- #ifndef NO_RSA
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
- #ifndef NO_PKCS7_STREAM
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < derSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- #endif /* !NO_PKCS7_STREAM */
- #else
- ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
- #endif /* NO_RSA */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- /* test with turning off degenerate cases */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
- PKCS7_NO_SIGNER_E);
- #ifndef NO_PKCS7_STREAM
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
- /* test for streaming */
- ret = -1;
- for (z = 0; z < derSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
- if (ret == WC_PKCS7_WANT_READ_E){
- continue;
- }
- else
- break;
- }
- ExpectIntEQ(ret, PKCS7_NO_SIGNER_E);
- #endif /* !NO_PKCS7_STREAM */
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_Degenerate() */
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
- defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA)
- static byte berContent[] = {
- 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
- 0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
- 0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
- 0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
- 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
- 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
- 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
- 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
- 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
- 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
- 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
- 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
- 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
- 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
- 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
- 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
- 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
- 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
- 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
- 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
- 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
- 0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
- 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
- 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
- 0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
- 0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
- 0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
- 0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
- 0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
- 0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
- 0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
- 0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
- 0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
- 0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
- 0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
- 0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
- 0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
- 0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
- 0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
- 0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
- 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
- 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
- 0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
- 0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
- 0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
- 0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
- 0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
- 0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
- 0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
- 0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
- 0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
- 0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
- 0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
- 0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
- 0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
- 0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
- 0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
- 0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
- 0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
- 0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
- 0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
- 0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
- 0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
- 0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
- 0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
- 0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
- 0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
- 0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
- 0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
- 0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
- 0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
- 0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
- 0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
- 0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
- 0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
- 0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
- 0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
- 0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
- 0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
- 0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
- 0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
- 0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
- 0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
- 0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
- 0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
- 0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
- 0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
- 0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
- 0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
- 0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
- 0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
- 0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
- 0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
- 0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
- 0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
- 0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
- 0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
- 0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
- 0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
- 0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
- 0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
- 0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
- 0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
- 0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
- 0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
- 0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
- 0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
- 0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
- 0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
- 0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
- 0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
- 0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
- 0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
- 0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
- 0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
- 0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
- 0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
- 0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
- 0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
- 0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
- 0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
- 0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
- 0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
- 0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
- 0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
- 0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
- 0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
- 0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
- 0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
- 0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
- 0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
- 0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
- 0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
- 0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
- 0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
- 0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
- 0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
- 0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
- 0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
- 0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
- 0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
- 0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
- 0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
- 0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
- 0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
- 0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
- 0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
- 0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
- 0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
- 0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
- 0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
- 0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
- 0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
- 0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
- 0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
- 0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
- 0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
- 0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
- 0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
- 0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
- 0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
- 0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
- 0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
- 0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
- 0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
- 0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
- 0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
- 0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
- 0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
- 0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
- 0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
- 0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
- 0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
- 0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
- 0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
- 0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
- 0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
- 0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
- 0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
- 0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
- 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00
- };
- #endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER &&
- * !NO_DES3 && !NO_SHA
- */
- /*
- * Testing wc_PKCS7_BER()
- */
- static int test_wc_PKCS7_BER(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
- !defined(NO_SHA) && defined(ASN_BER_TO_DER)
- PKCS7* pkcs7 = NULL;
- char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
- XFILE f = XBADFILE;
- byte der[4096];
- #ifndef NO_DES3
- byte decoded[2048];
- #endif
- word32 derSz = 0;
- #ifndef NO_PKCS7_STREAM
- word32 z;
- int ret;
- #endif /* !NO_PKCS7_STREAM */
- ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
- ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- #ifndef NO_RSA
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
- #ifndef NO_PKCS7_STREAM
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < derSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- #endif /* !NO_PKCS7_STREAM */
- #else
- ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
- #endif
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_DES3
- /* decode BER content */
- ExpectTrue((f = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE);
- ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- #ifndef NO_RSA
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
- #else
- ExpectIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
- #endif
- ExpectTrue((f = XFOPEN("./certs/1024/client-key.der", "rb")) != XBADFILE);
- ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- if (pkcs7 != NULL) {
- pkcs7->privateKey = der;
- pkcs7->privateKeySz = derSz;
- }
- #ifndef NO_RSA
- #ifdef WOLFSSL_SP_MATH
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
- sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
- #else
- ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
- sizeof(berContent), decoded, sizeof(decoded)), 0);
- #endif
- #else
- ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
- sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
- #endif
- wc_PKCS7_Free(pkcs7);
- #endif /* !NO_DES3 */
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_PKCS7_BER() */
- static int test_wc_PKCS7_signed_enveloped(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
- !defined(NO_FILESYSTEM)
- XFILE f = XBADFILE;
- PKCS7* pkcs7 = NULL;
- #ifdef HAVE_AES_CBC
- PKCS7* inner = NULL;
- #endif
- WC_RNG rng;
- unsigned char key[FOURK_BUF/2];
- unsigned char cert[FOURK_BUF/2];
- unsigned char env[FOURK_BUF];
- int envSz = FOURK_BUF;
- int keySz = 0;
- int certSz = 0;
- unsigned char sig[FOURK_BUF * 2];
- int sigSz = FOURK_BUF * 2;
- #ifdef HAVE_AES_CBC
- unsigned char decoded[FOURK_BUF];
- int decodedSz = FOURK_BUF;
- #endif
- #ifndef NO_PKCS7_STREAM
- int z;
- int ret;
- #endif /* !NO_PKCS7_STREAM */
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- /* load cert */
- ExpectTrue((f = XFOPEN(cliCertDerFile, "rb")) != XBADFILE);
- ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- /* load key */
- ExpectTrue((f = XFOPEN(cliKeyFile, "rb")) != XBADFILE);
- ExpectIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectIntGT(keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL), 0);
- /* sign cert for envelope */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = cert;
- pkcs7->contentSz = certSz;
- pkcs7->contentOID = DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- }
- ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #ifdef HAVE_AES_CBC
- /* create envelope */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = sig;
- pkcs7->contentSz = sigSz;
- pkcs7->contentOID = DATA;
- pkcs7->encryptOID = AES256CBCb;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- }
- ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
- ExpectIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif
- /* create bad signed enveloped data */
- sigSz = FOURK_BUF * 2;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- if (pkcs7 != NULL) {
- pkcs7->content = env;
- pkcs7->contentSz = envSz;
- pkcs7->contentOID = DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- }
- /* Set no certs in bundle for this test. */
- if (pkcs7 != NULL) {
- ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0);
- ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1);
- }
- ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- /* check verify fails */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
- PKCS7_SIGNEEDS_CHECK);
- /* try verifying the signature manually */
- {
- RsaKey rKey;
- word32 idx = 0;
- byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
- WC_MAX_DIGEST_SIZE];
- int digestSz = 0;
- ExpectIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
- ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
- ExpectIntGT(digestSz = wc_RsaSSL_Verify(pkcs7->signature,
- pkcs7->signatureSz, digest, sizeof(digest), &rKey), 0);
- ExpectIntEQ(digestSz, pkcs7->pkcs7DigestSz);
- ExpectIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
- ExpectIntEQ(wc_FreeRsaKey(&rKey), 0);
- /* verify was success */
- }
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- /* initializing the PKCS7 struct with the signing certificate should pass */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
- #ifndef NO_PKCS7_STREAM
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < sigSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- #endif /* !NO_PKCS7_STREAM */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- /* create valid degenerate bundle */
- sigSz = FOURK_BUF * 2;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- if (pkcs7 != NULL) {
- pkcs7->content = env;
- pkcs7->contentSz = envSz;
- pkcs7->contentOID = DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- }
- ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
- ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- wc_FreeRng(&rng);
- /* check verify */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
- ExpectNotNull(pkcs7->content);
- #ifndef NO_PKCS7_STREAM
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- /* create valid degenerate bundle */
- sigSz = FOURK_BUF * 2;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- if (pkcs7 != NULL) {
- pkcs7->content = env;
- pkcs7->contentSz = envSz;
- pkcs7->contentOID = DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = keySz;
- pkcs7->encryptOID = RSAk;
- pkcs7->hashOID = SHA256h;
- pkcs7->rng = &rng;
- }
- ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
- ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- wc_FreeRng(&rng);
- /* check verify */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < sigSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- #endif /* !NO_PKCS7_STREAM */
- #ifdef HAVE_AES_CBC
- /* check decode */
- ExpectNotNull(inner = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
- if (inner != NULL) {
- inner->privateKey = key;
- inner->privateKeySz = keySz;
- }
- ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
- pkcs7->contentSz, decoded, decodedSz)), 0);
- wc_PKCS7_Free(inner);
- inner = NULL;
- #endif
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifdef HAVE_AES_CBC
- /* check cert set */
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
- ExpectNotNull(pkcs7->singleCert);
- ExpectIntNE(pkcs7->singleCertSz, 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #ifndef NO_PKCS7_STREAM
- ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < decodedSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectNotNull(pkcs7->singleCert);
- ExpectIntNE(pkcs7->singleCertSz, 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- #endif /* !NO_PKCS7_STREAM */
- #endif
- #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
- return EXPECT_RESULT();
- }
- static int test_wc_PKCS7_NoDefaultSignedAttribs(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
- && !defined(NO_AES)
- PKCS7* pkcs7 = NULL;
- void* heap = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
- ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_PKCS7_SetOriEncryptCtx(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
- && !defined(NO_AES)
- PKCS7* pkcs7 = NULL;
- void* heap = NULL;
- WOLFSSL_CTX* ctx = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
- ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_PKCS7_SetOriDecryptCtx(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
- && !defined(NO_AES)
- PKCS7* pkcs7 = NULL;
- void* heap = NULL;
- WOLFSSL_CTX* ctx = NULL;
- ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
- ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);
- ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_PKCS7_DecodeCompressedData(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
- && !defined(NO_AES) && defined(HAVE_LIBZ)
- PKCS7* pkcs7 = NULL;
- void* heap = NULL;
- byte out[4096];
- byte* decompressed = NULL;
- int outSz;
- int decompressedSz;
- const char* cert = "./certs/client-cert.pem";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- ExpectIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
- ExpectNotNull((decompressed = (byte*)XMALLOC(cert_sz, heap,
- DYNAMIC_TYPE_TMP_BUFFER)));
- decompressedSz = (int)cert_sz;
- ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
- if (pkcs7 != NULL) {
- pkcs7->content = (byte*)cert_buf;
- pkcs7->contentSz = (word32)cert_sz;
- pkcs7->contentOID = DATA;
- }
- ExpectIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
- sizeof(out))), 0);
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- /* compressed key should be smaller than when started */
- ExpectIntLT(outSz, cert_sz);
- /* test decompression */
- ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
- ExpectIntEQ(pkcs7->contentOID, 0);
- /* fail case with out buffer too small */
- ExpectIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
- decompressed, outSz), 0);
- /* success case */
- ExpectIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
- decompressed, decompressedSz), cert_sz);
- ExpectIntEQ(pkcs7->contentOID, DATA);
- ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
- XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
- decompressed = NULL;
- /* test decompression function with different 'max' inputs */
- outSz = sizeof(out);
- ExpectIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
- 0);
- ExpectIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
- out, outSz, 0, heap), 0);
- ExpectNull(decompressed);
- ExpectIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
- out, outSz, 0, heap), 0);
- ExpectNotNull(decompressed);
- ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
- XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
- decompressed = NULL;
- ExpectIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
- out, outSz, 0, heap), 0);
- ExpectNotNull(decompressed);
- ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
- XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (cert_buf != NULL)
- free(cert_buf);
- wc_PKCS7_Free(pkcs7);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_i2d_PKCS12(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
- && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
- && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA)
- WC_PKCS12* pkcs12 = NULL;
- unsigned char der[FOURK_BUF * 2];
- unsigned char* pt;
- int derSz = 0;
- unsigned char out[FOURK_BUF * 2];
- int outSz = FOURK_BUF * 2;
- const char p12_f[] = "./certs/test-servercert.p12";
- XFILE f = XBADFILE;
- ExpectTrue((f = XFOPEN(p12_f, "rb")) != XBADFILE);
- ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNotNull(pkcs12 = wc_PKCS12_new());
- ExpectIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0);
- ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
- ExpectIntEQ(outSz, derSz);
- outSz = derSz - 1;
- pt = out;
- ExpectIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);
- outSz = derSz;
- ExpectIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
- ExpectIntEQ((pt == out), 0);
- pt = NULL;
- ExpectIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
- XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
- wc_PKCS12_free(pkcs12);
- pkcs12 = NULL;
- /* Run the same test but use wc_d2i_PKCS12_fp. */
- ExpectNotNull(pkcs12 = wc_PKCS12_new());
- ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
- ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
- ExpectIntEQ(outSz, derSz);
- wc_PKCS12_free(pkcs12);
- pkcs12 = NULL;
- /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */
- ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
- ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
- ExpectIntEQ(outSz, derSz);
- wc_PKCS12_free(pkcs12);
- pkcs12 = NULL;
- #endif
- return EXPECT_RESULT();
- }
- /* Testing wc_SignatureGetSize() for signature type ECC */
- static int test_wc_SignatureGetSize_ecc(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_SIG_WRAPPER) && defined(HAVE_ECC) && !defined(NO_ECC256)
- enum wc_SignatureType sig_type;
- word32 key_len;
- ecc_key ecc;
- const char* qx =
- "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
- const char* qy =
- "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
- const char* d =
- "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
- XMEMSET(&ecc, 0, sizeof(ecc_key));
- ExpectIntEQ(wc_ecc_init(&ecc), 0);
- ExpectIntEQ(wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"), 0);
- /* Input for signature type ECC */
- sig_type = WC_SIGNATURE_TYPE_ECC;
- key_len = sizeof(ecc_key);
- ExpectIntGT(wc_SignatureGetSize(sig_type, &ecc, key_len), 0);
- /* Test bad args */
- /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
- sig_type = (enum wc_SignatureType) 100;
- /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
- ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
- sig_type = WC_SIGNATURE_TYPE_ECC;
- ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0);
- key_len = (word32)0;
- ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_ecc_free(&ecc), 0);
- #endif /* !NO_SIG_WRAPPER && HAVE_ECC && !NO_ECC256 */
- return EXPECT_RESULT();
- } /* END test_wc_SignatureGetSize_ecc() */
- /* Testing wc_SignatureGetSize() for signature type rsa */
- static int test_wc_SignatureGetSize_rsa(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_SIG_WRAPPER) && !defined(NO_RSA)
- enum wc_SignatureType sig_type;
- word32 key_len;
- word32 idx = 0;
- RsaKey rsa_key;
- byte* tmp = NULL;
- size_t bytes;
- XMEMSET(&rsa_key, 0, sizeof(RsaKey));
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_key_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- ExpectNotNull(tmp = (byte*)XMALLOC(bytes, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (tmp != NULL) {
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif !defined(NO_FILESYSTEM)
- XFILE file = XBADFILE;
- ExpectTrue((file = XFOPEN(clientKey, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file), 0);
- if (file != XBADFILE)
- XFCLOSE(file);
- }
- #else
- ExpectFail();
- #endif
- }
- ExpectIntEQ(wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, testDevId), 0);
- ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes), 0);
- /* Input for signature type RSA */
- sig_type = WC_SIGNATURE_TYPE_RSA;
- key_len = sizeof(RsaKey);
- ExpectIntGT(wc_SignatureGetSize(sig_type, &rsa_key, key_len), 0);
- /* Test bad args */
- /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
- sig_type = (enum wc_SignatureType)100;
- /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
- ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
- sig_type = WC_SIGNATURE_TYPE_RSA;
- ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), BAD_FUNC_ARG);
- key_len = (word32)0;
- ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRsaKey(&rsa_key), 0);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* !NO_SIG_WRAPPER && !NO_RSA */
- return EXPECT_RESULT();
- } /* END test_wc_SignatureGetSize_rsa(void) */
- /*----------------------------------------------------------------------------*
- | hash.h Tests
- *----------------------------------------------------------------------------*/
- static int test_wc_HashInit(void)
- {
- EXPECT_DECLS;
- int i; /* 0 indicates tests passed, 1 indicates failure */
- wc_HashAlg hash;
- /* enum for holding supported algorithms, #ifndef's restrict if disabled */
- enum wc_HashType enumArray[] = {
- #ifndef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifndef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- };
- /* dynamically finds the length */
- int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
- /* For loop to test various arguments... */
- for (i = 0; i < enumlen; i++) {
- /* check for bad args */
- ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
- wc_HashFree(&hash, enumArray[i]);
- /* check for null ptr */
- ExpectIntEQ(wc_HashInit(NULL, enumArray[i]), BAD_FUNC_ARG);
- } /* end of for loop */
- return EXPECT_RESULT();
- } /* end of test_wc_HashInit */
- /*
- * Unit test function for wc_HashSetFlags()
- */
- static int test_wc_HashSetFlags(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_HASH_FLAGS
- wc_HashAlg hash;
- word32 flags = 0;
- int i, j;
- int notSupportedLen;
- /* enum for holding supported algorithms, #ifndef's restrict if disabled */
- enum wc_HashType enumArray[] = {
- #ifndef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifndef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- #ifdef WOLFSSL_SHA3
- WC_HASH_TYPE_SHA3_224,
- #endif
- };
- enum wc_HashType notSupported[] = {
- WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2,
- WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_BLAKE2S,
- WC_HASH_TYPE_NONE,
- };
- /* dynamically finds the length */
- int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
- /* For loop to test various arguments... */
- for (i = 0; i < enumlen; i++) {
- ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
- ExpectIntEQ(wc_HashSetFlags(&hash, enumArray[i], flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
- ExpectIntEQ(wc_HashSetFlags(NULL, enumArray[i], flags), BAD_FUNC_ARG);
- wc_HashFree(&hash, enumArray[i]);
- }
- /* For loop to test not supported cases */
- notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
- for (j = 0; j < notSupportedLen; j++) {
- ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HashSetFlags(&hash, notSupported[j], flags),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), BAD_FUNC_ARG);
- }
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_HashSetFlags */
- /*
- * Unit test function for wc_HashGetFlags()
- */
- static int test_wc_HashGetFlags(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_HASH_FLAGS
- wc_HashAlg hash;
- word32 flags = 0;
- int i, j;
- /* enum for holding supported algorithms, #ifndef's restrict if disabled */
- enum wc_HashType enumArray[] = {
- #ifndef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifndef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- #ifdef WOLFSSL_SHA3
- WC_HASH_TYPE_SHA3_224,
- #endif
- };
- enum wc_HashType notSupported[] = {
- WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2,
- WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_BLAKE2S,
- WC_HASH_TYPE_NONE,
- };
- int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
- int notSupportedLen;
- /* For loop to test various arguments... */
- for (i = 0; i < enumlen; i++) {
- ExpectIntEQ(wc_HashInit(&hash, enumArray[i]), 0);
- ExpectIntEQ(wc_HashGetFlags(&hash, enumArray[i], &flags), 0);
- ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0);
- ExpectIntEQ(wc_HashGetFlags(NULL, enumArray[i], &flags), BAD_FUNC_ARG);
- wc_HashFree(&hash, enumArray[i]);
- }
- /* For loop to test not supported cases */
- notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
- for (j = 0; j < notSupportedLen; j++) {
- ExpectIntEQ(wc_HashInit(&hash, notSupported[j]), BAD_FUNC_ARG);
- ExpectIntEQ(wc_HashGetFlags(&hash, notSupported[j], &flags),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_HashFree(&hash, notSupported[j]), BAD_FUNC_ARG);
- }
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_HashGetFlags */
- /*----------------------------------------------------------------------------*
- | Compatibility Tests
- *----------------------------------------------------------------------------*/
- /*----------------------------------------------------------------------------*
- | ASN.1 Tests
- *----------------------------------------------------------------------------*/
- static int test_wolfSSL_ASN1_BIT_STRING(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && defined(OPENSSL_ALL)
- ASN1_BIT_STRING* str = NULL;
- ExpectNotNull(str = ASN1_BIT_STRING_new());
- /* Empty data testing. */
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 1), 0);
- ASN1_BIT_STRING_free(str);
- str = NULL;
- ExpectNotNull(str = ASN1_BIT_STRING_new());
- /* Invalid parameter testing. */
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(NULL, 42, 1), 0);
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, -1, 1), 0);
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 2), 0);
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, -1), 0);
- /* No bit string - bit is always 0. */
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, 42), 0);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, -1), 0);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 0), 0);
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0);
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 91, 0), 1);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 91), 0);
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 89, 0), 1);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 89), 0);
- ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1);
- ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0);
- ASN1_BIT_STRING_free(str);
- ASN1_BIT_STRING_free(NULL);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_INTEGER(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_INTEGER* a = NULL;
- ASN1_INTEGER* dup = NULL;
- const unsigned char invalidLenDer[] = {
- 0x02, 0x20, 0x00
- };
- const unsigned char longDer[] = {
- 0x02, 0x20,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
- };
- const unsigned char* p;
- /* Invalid parameter testing. */
- ASN1_INTEGER_free(NULL);
- ExpectNull(wolfSSL_ASN1_INTEGER_dup(NULL));
- ExpectNotNull(a = ASN1_INTEGER_new());
- ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a));
- ASN1_INTEGER_free(dup);
- dup = NULL;
- ASN1_INTEGER_free(a);
- a = NULL;
- p = longDer;
- ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer)));
- p = longDer;
- ExpectNotNull(a = d2i_ASN1_INTEGER(NULL, &p, sizeof(longDer)));
- ExpectPtrNE(p, longDer);
- ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a));
- ASN1_INTEGER_free(dup);
- ASN1_INTEGER_free(a);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_INTEGER_cmp(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_INTEGER* a = NULL;
- ASN1_INTEGER* b = NULL;
- ExpectNotNull(a = ASN1_INTEGER_new());
- ExpectNotNull(b = ASN1_INTEGER_new());
- ExpectIntEQ(ASN1_INTEGER_set(a, 1), 1);
- ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1);
- /* Invalid parameter testing. */
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, NULL), -1);
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, NULL), -1);
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, b), -1);
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
- ExpectIntEQ(ASN1_INTEGER_set(b, -1), 1);
- ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
- ExpectIntEQ(ASN1_INTEGER_set(a, -2), 1);
- ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
- ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1);
- ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
- ExpectIntEQ(ASN1_INTEGER_set(a, 0x01), 1);
- ExpectIntEQ(ASN1_INTEGER_set(b, 0x1000), 1);
- ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
- ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(b, a), 0);
- ASN1_INTEGER_free(b);
- ASN1_INTEGER_free(a);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_INTEGER_BN(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_INTEGER* ai = NULL;
- ASN1_INTEGER* ai2 = NULL;
- BIGNUM* bn = NULL;
- BIGNUM* bn2 = NULL;
- ExpectNotNull(ai = ASN1_INTEGER_new());
- ExpectNotNull(bn2 = BN_new());
- /* Invalid parameter testing. */
- ExpectNull(bn = ASN1_INTEGER_to_BN(NULL, NULL));
- ExpectNull(ai2 = BN_to_ASN1_INTEGER(NULL, NULL));
- /* at the moment hard setting since no set function */
- if (ai != NULL) {
- ai->data[0] = 0xff; /* No DER encoding. */
- ai->length = 1;
- }
- #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
- ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
- BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(ASN1_INTEGER_to_BN(ai, NULL));
- #endif
- if (ai != NULL) {
- ai->data[0] = 0x02; /* tag for ASN_INTEGER */
- ai->data[1] = 0x04; /* bad length of integer */
- ai->data[2] = 0x03;
- ai->length = 3;
- }
- #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
- /* Interpreted as a number 0x020403. */
- ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
- BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(ASN1_INTEGER_to_BN(ai, NULL));
- #endif
- if (ai != NULL) {
- ai->data[0] = 0x02; /* tag for ASN_INTEGER */
- ai->data[1] = 0x01; /* length of integer */
- ai->data[2] = 0x03;
- ai->length = 3;
- }
- ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
- ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, NULL));
- ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
- ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
- ExpectIntEQ(BN_cmp(bn, bn2), 0);
- if (ai != NULL) {
- ai->data[0] = 0x02; /* tag for ASN_INTEGER */
- ai->data[1] = 0x02; /* length of integer */
- ai->data[2] = 0x00; /* padding byte to ensure positive */
- ai->data[3] = 0xff;
- ai->length = 4;
- }
- ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
- ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
- ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
- ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
- ExpectIntEQ(BN_cmp(bn, bn2), 0);
- if (ai != NULL) {
- ai->data[0] = 0x02; /* tag for ASN_INTEGER */
- ai->data[1] = 0x01; /* length of integer */
- ai->data[2] = 0x00;
- ai->length = 3;
- }
- ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
- ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
- ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
- ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
- ExpectIntEQ(BN_cmp(bn, bn2), 0);
- if (ai != NULL) {
- ai->data[0] = 0x02; /* tag for ASN_INTEGER */
- ai->data[1] = 0x01; /* length of integer */
- ai->data[2] = 0x01;
- ai->length = 3;
- ai->negative = 1;
- }
- ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
- ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
- ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
- ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
- ExpectIntEQ(BN_cmp(bn, bn2), 0);
- BN_free(bn2);
- BN_free(bn);
- ASN1_INTEGER_free(ai2);
- ASN1_INTEGER_free(ai);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_INTEGER_get_set(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_INTEGER *a = NULL;
- long val;
- ExpectNotNull(a = ASN1_INTEGER_new());
- /* Invalid parameter testing. */
- ExpectIntEQ(ASN1_INTEGER_get(NULL), 0);
- #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
- ExpectIntEQ(ASN1_INTEGER_get(a), 0);
- #else
- ExpectIntEQ(ASN1_INTEGER_get(a), -1);
- #endif
- ASN1_INTEGER_free(a);
- a = NULL;
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = 0;
- ExpectIntEQ(ASN1_INTEGER_set(NULL, val), 0);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* 0 */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = 0;
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* 40 */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = 40;
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* -40 */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = -40;
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* 128 */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = 128;
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* -128 */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = -128;
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* 200 */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = 200;
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* int max (2147483647) */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = 2147483647;
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* int min (-2147483648) */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = -2147483647 - 1;
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* long max positive */
- ExpectNotNull(a = ASN1_INTEGER_new());
- val = (long)(((unsigned long)-1) >> 1);
- ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
- ExpectTrue(ASN1_INTEGER_get(a) == val);
- ASN1_INTEGER_free(a);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA)
- typedef struct ASN1IntTestVector {
- const byte* der;
- const size_t derSz;
- const long value;
- } ASN1IntTestVector;
- #endif
- static int test_wolfSSL_d2i_ASN1_INTEGER(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- size_t i;
- WOLFSSL_ASN1_INTEGER* a = NULL;
- WOLFSSL_ASN1_INTEGER* b = NULL;
- WOLFSSL_ASN1_INTEGER* c = NULL;
- const byte* p = NULL;
- byte* p2 = NULL;
- byte* reEncoded = NULL;
- int reEncodedSz = 0;
- static const byte zeroDer[] = {
- 0x02, 0x01, 0x00
- };
- static const byte oneDer[] = {
- 0x02, 0x01, 0x01
- };
- static const byte negativeDer[] = {
- 0x02, 0x03, 0xC1, 0x16, 0x0D
- };
- static const byte positiveDer[] = {
- 0x02, 0x03, 0x01, 0x00, 0x01
- };
- static const byte primeDer[] = {
- 0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95, 0x08, 0xe1, 0x57, 0x41,
- 0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xc6,
- 0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce, 0x2f, 0x4e,
- 0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67, 0x7f,
- 0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35,
- 0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8,
- 0x17, 0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e,
- 0x6f, 0x2e, 0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9,
- 0x5f, 0x3f, 0xd7, 0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51,
- 0x8b, 0x0b, 0x64, 0x3f, 0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34,
- 0xb3, 0xae, 0x00, 0xa0, 0x63, 0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68,
- 0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9, 0x02, 0x6d, 0xaf, 0xc3, 0x19,
- 0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc, 0x40, 0xb4, 0x69, 0xa3,
- 0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17, 0xa6, 0xf3, 0xe8,
- 0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd, 0x66, 0x51,
- 0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23, 0x73,
- 0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a,
- 0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0,
- 0xc0, 0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80,
- 0x32, 0x23, 0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2,
- 0x5d, 0x25, 0xc9, 0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0,
- 0x69, 0x42, 0x42, 0x09, 0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3,
- 0x58, 0x22, 0xa7, 0xaa, 0xeb, 0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5,
- 0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f, 0xad, 0xd7
- };
- static const byte garbageDer[] = {0xDE, 0xAD, 0xBE, 0xEF};
- static const ASN1IntTestVector testVectors[] = {
- {zeroDer, sizeof(zeroDer), 0},
- {oneDer, sizeof(oneDer), 1},
- {negativeDer, sizeof(negativeDer), -4123123},
- {positiveDer, sizeof(positiveDer), 65537},
- {primeDer, sizeof(primeDer), 0}
- };
- static const size_t NUM_TEST_VECTORS =
- sizeof(testVectors)/sizeof(testVectors[0]);
- /* Check d2i error conditions */
- /* NULL pointer to input. */
- ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1)));
- ExpectNull(b);
- /* NULL input. */
- ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1)));
- ExpectNull(b);
- /* 0 length. */
- p = testVectors[0].der;
- ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0)));
- ExpectNull(b);
- /* Negative length. */
- p = testVectors[0].der;
- ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1)));
- ExpectNull(b);
- /* Garbage DER input. */
- p = garbageDer;
- ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer))));
- ExpectNull(b);
- /* Check i2d error conditions */
- /* NULL input. */
- ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0);
- /* 0 length input data buffer (a->length == 0). */
- ExpectNotNull((a = wolfSSL_ASN1_INTEGER_new()));
- ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
- if (a != NULL)
- a->data = NULL;
- /* NULL input data buffer. */
- ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
- if (a != NULL) {
- /* Reset a->data. */
- a->data = a->intData;
- }
- /* Set a to valid value. */
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS);
- /* NULL output buffer. */
- ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0);
- wolfSSL_ASN1_INTEGER_free(a);
- a = NULL;
- for (i = 0; i < NUM_TEST_VECTORS; ++i) {
- p = testVectors[i].der;
- ExpectNotNull(a = wolfSSL_d2i_ASN1_INTEGER(&b, &p,
- testVectors[i].derSz));
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
- if (testVectors[i].derSz <= sizeof(long)) {
- ExpectNotNull(c = wolfSSL_ASN1_INTEGER_new());
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value), 1);
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0);
- wolfSSL_ASN1_INTEGER_free(c);
- c = NULL;
- }
- /* Convert to DER without a pre-allocated output buffer. */
- ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0);
- ExpectIntEQ(reEncodedSz, testVectors[i].derSz);
- ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0);
- /* Convert to DER with a pre-allocated output buffer. In this case, the
- * output buffer pointer should be incremented just past the end of the
- * encoded data. */
- p2 = reEncoded;
- ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &p2)), 0);
- ExpectIntEQ(reEncodedSz, testVectors[i].derSz);
- ExpectPtrEq(reEncoded, p2 - reEncodedSz);
- ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0);
- XFREE(reEncoded, NULL, DYNAMIC_TYPE_ASN1);
- reEncoded = NULL;
- wolfSSL_ASN1_INTEGER_free(a);
- a = NULL;
- }
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_a2i_ASN1_INTEGER(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- BIO* bio = NULL;
- BIO* out = NULL;
- BIO* fixed = NULL;
- ASN1_INTEGER* ai = NULL;
- char buf[] = "123456\n12345\n1123456789123456\\\n78901234567890 \r\n\n";
- char tmp[1024];
- int tmpSz;
- const char expected1[] = "123456";
- const char expected2[] = "112345678912345678901234567890";
- char longStr[] = "123456781234567812345678123456781234567812345678\n"
- "123456781234567812345678123456781234567812345678\\\n12345678\n";
- ExpectNotNull(out = BIO_new(BIO_s_mem()));
- ExpectNotNull(ai = ASN1_INTEGER_new());
- ExpectNotNull(bio = BIO_new_mem_buf(buf, -1));
- /* Invalid parameter testing. */
- ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, -1), 0);
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0);
- ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0);
- ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0);
- ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, 1024), 0);
- ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, 1024), 0);
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, 1024), 0);
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, 1024), 0);
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0);
- ExpectIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0);
- ExpectIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0);
- ExpectIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0);
- /* No data to read from BIO. */
- ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, 1024), 0);
- /* read first line */
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
- ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
- XMEMSET(tmp, 0, 1024);
- tmpSz = BIO_read(out, tmp, 1024);
- ExpectIntEQ(tmpSz, 6);
- ExpectIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
- /* fail on second line (not % 2) */
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0);
- /* read 3rd long line */
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
- ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
- XMEMSET(tmp, 0, 1024);
- tmpSz = BIO_read(out, tmp, 1024);
- ExpectIntEQ(tmpSz, 30);
- ExpectIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
- /* fail on empty line */
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0);
- BIO_free(bio);
- bio = NULL;
- /* Make long integer, requiring dynamic memory, even longer. */
- ExpectNotNull(bio = BIO_new_mem_buf(longStr, -1));
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
- ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 48);
- XMEMSET(tmp, 0, 1024);
- tmpSz = BIO_read(out, tmp, 1024);
- ExpectIntEQ(tmpSz, 48);
- ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1);
- ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 56);
- XMEMSET(tmp, 0, 1024);
- tmpSz = BIO_read(out, tmp, 1024);
- ExpectIntEQ(tmpSz, 56);
- ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1);
- BIO_free(bio);
- BIO_free(out);
- ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(fixed, tmp, 1), 1);
- ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0);
- BIO_free(fixed);
- ASN1_INTEGER_free(ai);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_i2c_ASN1_INTEGER(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- ASN1_INTEGER *a = NULL;
- unsigned char *pp = NULL,*tpp = NULL;
- int ret = 0;
- ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new());
- /* Invalid parameter testing. */
- /* Set pp to an invalid value. */
- pp = NULL;
- ExpectIntEQ(i2c_ASN1_INTEGER(NULL, &pp), 0);
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &pp), 0);
- ExpectIntEQ(i2c_ASN1_INTEGER(NULL, NULL), 0);
- /* 40 */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 40;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
- tpp--;
- ExpectIntEQ(*tpp, 40);
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* 128 */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 128;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- if (tpp != NULL) {
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
- tpp--;
- ExpectIntEQ(*(tpp--), 128);
- ExpectIntEQ(*tpp, 0);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* -40 */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 40;
- a->negative = 1;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- if (tpp != NULL) {
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
- tpp--;
- ExpectIntEQ(*tpp, 216);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* -128 */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 128;
- a->negative = 1;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- if (tpp != NULL) {
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
- tpp--;
- ExpectIntEQ(*tpp, 128);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* -200 */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 200;
- a->negative = 1;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- if (tpp != NULL) {
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
- tpp--;
- ExpectIntEQ(*(tpp--), 56);
- ExpectIntEQ(*tpp, 255);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* Empty */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 0;
- a->negative = 0;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- if (tpp != NULL) {
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
- tpp--;
- ExpectIntEQ(*tpp, 0);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* 0 */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 1;
- a->intData[2] = 0;
- a->negative = 1;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (tpp != NULL) {
- tpp = pp;
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
- tpp--;
- ExpectIntEQ(*tpp, 0);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* 0x100 */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 2;
- a->intData[2] = 0x01;
- a->intData[3] = 0x00;
- a->negative = 0;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (tpp != NULL) {
- tpp = pp;
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
- tpp -= 2;
- ExpectIntEQ(tpp[0], 0x01);
- ExpectIntEQ(tpp[1], 0x00);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* -0x8000 => 0x8000 */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 2;
- a->intData[2] = 0x80;
- a->intData[3] = 0x00;
- a->negative = 1;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- if (tpp != NULL) {
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
- tpp -= 2;
- ExpectIntEQ(tpp[0], 0x80);
- ExpectIntEQ(tpp[1], 0x00);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- pp = NULL;
- /* -0x8001 => 0xFF7FFF */
- if (a != NULL) {
- a->intData[0] = ASN_INTEGER;
- a->intData[1] = 2;
- a->intData[2] = 0x80;
- a->intData[3] = 0x01;
- a->negative = 1;
- }
- ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 3);
- ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- tpp = pp;
- if (tpp != NULL) {
- ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
- ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 3);
- tpp -= 3;
- ExpectIntEQ(tpp[0], 0xFF);
- ExpectIntEQ(tpp[1], 0x7F);
- ExpectIntEQ(tpp[2], 0xFF);
- }
- XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_ASN1_INTEGER_free(a);
- #endif /* OPENSSL_EXTRA && !NO_ASN */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_OBJECT(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- ASN1_OBJECT* a = NULL;
- ASN1_OBJECT s;
- const unsigned char der[] = { 0x06, 0x01, 0x00 };
- /* Invalid parameter testing. */
- ASN1_OBJECT_free(NULL);
- ExpectNull(wolfSSL_ASN1_OBJECT_dup(NULL));
- /* Test that a static ASN1_OBJECT can be freed. */
- XMEMSET(&s, 0, sizeof(ASN1_OBJECT));
- ASN1_OBJECT_free(&s);
- ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
- ASN1_OBJECT_free(a);
- a = NULL;
- s.obj = der;
- s.objSz = sizeof(der);
- ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
- ASN1_OBJECT_free(a);
- ASN1_OBJECT_free(&s);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_get_object(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- const unsigned char* derBuf = cliecc_cert_der_256;
- const unsigned char* nullPtr = NULL;
- const unsigned char objDerInvalidLen[] = { 0x30, 0x81 };
- const unsigned char objDerBadLen[] = { 0x30, 0x04 };
- const unsigned char objDerNotObj[] = { 0x02, 0x01, 0x00 };
- const unsigned char objDerNoData[] = { 0x06, 0x00 };
- const unsigned char* p;
- unsigned char objDer[8];
- unsigned char* der;
- unsigned char* derPtr;
- int len = sizeof_cliecc_cert_der_256;
- long asnLen = 0;
- int tag = 0;
- int cls = 0;
- ASN1_OBJECT* a = NULL;
- ASN1_OBJECT s;
- XMEMSET(&s, 0, sizeof(ASN1_OBJECT));
- /* Invalid encoding at length. */
- p = objDerInvalidLen;
- ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)),
- 0x80);
- p = objDerBadLen;
- /* Error = 0x80, Constructed = 0x20 */
- ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)),
- 0x80 | 0x20);
- /* Read a couple TLV triplets and make sure they match the expected values
- */
- /* SEQUENCE */
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
- ExpectIntEQ(asnLen, 861);
- ExpectIntEQ(tag, 0x10);
- ExpectIntEQ(cls, 0);
- /* SEQUENCE */
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
- len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
- ExpectIntEQ(asnLen, 772);
- ExpectIntEQ(tag, 0x10);
- ExpectIntEQ(cls, 0);
- /* [0] */
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
- len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
- ExpectIntEQ(asnLen, 3);
- ExpectIntEQ(tag, 0);
- ExpectIntEQ(cls, 0x80);
- /* INTEGER */
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
- len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
- ExpectIntEQ(asnLen, 1);
- ExpectIntEQ(tag, 0x2);
- ExpectIntEQ(cls, 0);
- derBuf += asnLen;
- /* INTEGER */
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
- len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
- ExpectIntEQ(asnLen, 20);
- ExpectIntEQ(tag, 0x2);
- ExpectIntEQ(cls, 0);
- derBuf += asnLen;
- /* SEQUENCE */
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
- len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
- ExpectIntEQ(asnLen, 10);
- ExpectIntEQ(tag, 0x10);
- ExpectIntEQ(cls, 0);
- /* Found OBJECT_ID. */
- /* Invalid parameter testing. */
- ExpectIntEQ(ASN1_get_object(NULL, NULL, NULL, NULL, 0), 0x80);
- ExpectIntEQ(ASN1_get_object(&nullPtr, NULL, NULL, NULL, 0), 0x80);
- ExpectIntEQ(ASN1_get_object(NULL, &asnLen, &tag, &cls, len), 0x80);
- ExpectIntEQ(ASN1_get_object(&nullPtr, &asnLen, &tag, &cls, len), 0x80);
- ExpectIntEQ(ASN1_get_object(&derBuf, NULL, &tag, &cls, len), 0x80);
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, NULL, &cls, len), 0x80);
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, NULL, len), 0x80);
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, 0), 0x80);
- ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, -1), 0x80);
- ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, -1));
- ExpectNull(d2i_ASN1_OBJECT(NULL, &nullPtr, -1));
- ExpectNull(d2i_ASN1_OBJECT(NULL, &derBuf, -1));
- ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, 0));
- ExpectNull(d2i_ASN1_OBJECT(&a, NULL, len));
- ExpectNull(d2i_ASN1_OBJECT(&a, &nullPtr, len));
- ExpectNull(d2i_ASN1_OBJECT(&a, &derBuf, -1));
- ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, -1));
- ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, -1));
- ExpectNull(c2i_ASN1_OBJECT(NULL, &derBuf, -1));
- ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, 1));
- ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, 1));
- /* Invalid encoding at length. */
- p = objDerInvalidLen;
- ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerInvalidLen)));
- p = objDerBadLen;
- ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerBadLen)));
- p = objDerNotObj;
- ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNotObj)));
- p = objDerNoData;
- ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNoData)));
- /* Create an ASN OBJECT from content */
- p = derBuf + 2;
- ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 8));
- ASN1_OBJECT_free(a);
- a = NULL;
- /* Create an ASN OBJECT from DER */
- ExpectNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
- /* Invalid parameter testing. */
- ExpectIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0);
- ExpectIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0);
- ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 8);
- der = NULL;
- ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 8);
- derPtr = objDer;
- ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 8);
- ExpectPtrNE(derPtr, objDer);
- ExpectIntEQ(XMEMCMP(der, objDer, 8), 0);
- XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
- ASN1_OBJECT_free(a);
- #endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_i2a_ASN1_OBJECT(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
- ASN1_OBJECT* obj = NULL;
- ASN1_OBJECT* a = NULL;
- BIO *bio = NULL;
- const unsigned char notObjDer[] = { 0x04, 0x01, 0xff };
- const unsigned char badLenDer[] = { 0x06, 0x04, 0x01 };
- const unsigned char goodDer[] = { 0x06, 0x01, 0x01 };
- const unsigned char* p;
- ExpectNotNull(obj = OBJ_nid2obj(NID_sha256));
- ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL);
- ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
- ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
- ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
- /* No DER encoding in ASN1_OBJECT. */
- ExpectNotNull(a = wolfSSL_ASN1_OBJECT_new());
- ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
- ASN1_OBJECT_free(a);
- a = NULL;
- /* DER encoding - not OBJECT_ID */
- p = notObjDer;
- ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
- ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
- ASN1_OBJECT_free(a);
- a = NULL;
- /* Bad length encoding. */
- p = badLenDer;
- ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
- ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
- ASN1_OBJECT_free(a);
- a = NULL;
- /* Good encoding - but unknown. */
- p = goodDer;
- ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
- ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
- ASN1_OBJECT_free(a);
- BIO_free(bio);
- ASN1_OBJECT_free(obj);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_i2t_ASN1_OBJECT(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- char buf[50] = {0};
- ASN1_OBJECT* obj;
- const char* oid = "2.5.29.19";
- const char* ln = "X509v3 Basic Constraints";
- obj = NULL;
- ExpectIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), 0);
- ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), 0);
- ExpectIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), 0);
- ExpectNotNull(obj = OBJ_txt2obj(oid, 0));
- XMEMSET(buf, 0, sizeof(buf));
- ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln));
- ExpectIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0);
- ASN1_OBJECT_free(obj);
- #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_sk_ASN1_OBJECT(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
- WOLFSSL_STACK* sk = NULL;
- WOLFSSL_ASN1_OBJECT* obj;
- ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
- ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
- wolfSSL_sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
- ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0);
- ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), 0);
- ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
- wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
- sk = NULL;
- /* obj freed in pop_free call. */
- ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
- ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
- ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
- ExpectPtrEq(obj, wolfSSL_sk_ASN1_OBJECT_pop(sk));
- wolfSSL_sk_ASN1_OBJECT_free(sk);
- wolfSSL_ASN1_OBJECT_free(obj);
- #endif /* !NO_ASN && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_STRING(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- ASN1_STRING* str = NULL;
- ASN1_STRING* c = NULL;
- const char data[] = "hello wolfSSL";
- const char data2[] = "Same len data";
- const char longData[] =
- "This string must be longer than CTC_NAME_SIZE that is defined as 64.";
- ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
- ASN1_STRING_free(str);
- str = NULL;
- ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
- ExpectIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
- ExpectIntEQ(ASN1_STRING_type(NULL), 0);
- /* Check setting to NULL works. */
- ExpectIntEQ(ASN1_STRING_set(str, NULL, 0), 1);
- ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
- ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
- ExpectIntEQ(ASN1_STRING_set(str, NULL, -1), 0);
- ExpectIntEQ(ASN1_STRING_set(NULL, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_ASN1_STRING_copy(str, NULL), 0);
- ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, str), 0);
- ExpectNull(wolfSSL_ASN1_STRING_dup(NULL));
- ExpectNotNull(c = wolfSSL_ASN1_STRING_dup(str));
- ExpectIntEQ(ASN1_STRING_cmp(NULL, NULL), -1);
- ExpectIntEQ(ASN1_STRING_cmp(str, NULL), -1);
- ExpectIntEQ(ASN1_STRING_cmp(NULL, c), -1);
- ExpectIntEQ(ASN1_STRING_cmp(str, c), 0);
- ExpectIntEQ(ASN1_STRING_set(c, (const void*)data2, -1), 1);
- ExpectIntGT(ASN1_STRING_cmp(str, c), 0);
- ExpectIntEQ(ASN1_STRING_set(str, (const void*)longData, -1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_copy(c, str), 1);
- ExpectIntEQ(ASN1_STRING_cmp(str, c), 0);
- /* Check setting back to smaller size frees dynamic data. */
- ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
- ExpectIntLT(ASN1_STRING_cmp(str, c), 0);
- ExpectIntGT(ASN1_STRING_cmp(c, str), 0);
- ExpectNull(ASN1_STRING_get0_data(NULL));
- ExpectNotNull(ASN1_STRING_get0_data(str));
- ExpectNull(ASN1_STRING_data(NULL));
- ExpectNotNull(ASN1_STRING_data(str));
- ExpectIntEQ(ASN1_STRING_length(NULL), 0);
- ExpectIntGT(ASN1_STRING_length(str), 0);
- ASN1_STRING_free(c);
- ASN1_STRING_free(str);
- ASN1_STRING_free(NULL);
- #ifndef NO_WOLFSSL_STUB
- ExpectNull(d2i_DISPLAYTEXT(NULL, NULL, 0));
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_STRING_to_UTF8(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_RSA) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509_NAME* subject = NULL;
- WOLFSSL_X509_NAME_ENTRY* e = NULL;
- WOLFSSL_ASN1_STRING* a = NULL;
- FILE* file = XBADFILE;
- int idx = 0;
- char targetOutput[16] = "www.wolfssl.com";
- unsigned char* actual_output = NULL;
- int len = 0;
- ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb"));
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
- if (file != NULL)
- fclose(file);
- /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */
- ExpectNotNull(subject = wolfSSL_X509_get_subject_name(x509));
- ExpectIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
- NID_commonName, -1)), 5);
- ExpectNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
- ExpectNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
- ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
- ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, len), 0);
- a = NULL;
- /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */
- ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), -1);
- /* wolfSSL_ASN1_STRING_to_UTF8(valid, NULL) */
- ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), -1);
- /* wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL) */
- ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), -1);
- wolfSSL_X509_free(x509);
- XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ExpectNotNull(a = ASN1_STRING_new());
- ExpectIntEQ(wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a), -1);
- ASN1_STRING_free(a);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_i2s_ASN1_STRING(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
- WOLFSSL_ASN1_STRING* str = NULL;
- const char* data = "test_wolfSSL_i2s_ASN1_STRING";
- char* ret = NULL;
- ExpectNotNull(str = ASN1_STRING_new());
- ExpectNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, NULL));
- XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ret = NULL;
- /* No data. */
- ExpectNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
- XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ret = NULL;
- ExpectIntEQ(ASN1_STRING_set(str, data, 0), 1);
- ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
- XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ret = NULL;
- ExpectIntEQ(ASN1_STRING_set(str, data, -1), 1);
- /* No type. */
- ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
- XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- ASN1_STRING_free(str);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_STRING_canon(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_TEST_STATIC_BUILD)
- #if !defined(NO_CERTS) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- WOLFSSL_ASN1_STRING* orig = NULL;
- WOLFSSL_ASN1_STRING* canon = NULL;
- const char* data = "test_wolfSSL_ASN1_STRING_canon";
- const char* whitespaceOnly = "\t\r\n";
- const char* modData = " \x01\f\t\x02\r\n\v\xff\nTt \n";
- const char* canonData = "\x01 \x02 \xff tt";
- const char longData[] =
- "This string must be longer than CTC_NAME_SIZE that is defined as 64.";
- ExpectNotNull(orig = ASN1_STRING_new());
- ExpectNotNull(canon = ASN1_STRING_new());
- /* Invalid parameter testing. */
- ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
- ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
- ExpectIntEQ(ASN1_STRING_set(orig, longData, (int)XSTRLEN(data)), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
- ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
- ExpectIntEQ(ASN1_STRING_set(orig, data, (int)XSTRLEN(data)), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
- ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
- ASN1_STRING_free(orig);
- orig = NULL;
- ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8));
- ExpectIntEQ(ASN1_STRING_set(orig, modData, 15), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
- ExpectIntEQ(ASN1_STRING_set(orig, canonData, 8), 1);
- ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
- ASN1_STRING_free(orig);
- orig = NULL;
- ExpectNotNull(orig = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
- ExpectIntEQ(ASN1_STRING_set(orig, whitespaceOnly, 3), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
- ASN1_STRING_free(orig);
- orig = NULL;
- ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8));
- ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
- ASN1_STRING_free(orig);
- ASN1_STRING_free(canon);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_STRING_print(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS) && \
- !defined(NO_BIO)
- ASN1_STRING* asnStr = NULL;
- const char HELLO_DATA[]= \
- {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
- #define MAX_UNPRINTABLE_CHAR 32
- #define MAX_BUF 255
- unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
- unsigned char expected[sizeof(unprintableData)+1];
- unsigned char rbuf[MAX_BUF];
- BIO *bio = NULL;
- int p_len;
- int i;
- /* setup */
- for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
- unprintableData[i] = HELLO_DATA[i];
- expected[i] = HELLO_DATA[i];
- }
- for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
- unprintableData[sizeof(HELLO_DATA)+i] = i;
- if (i == (int)'\n' || i == (int)'\r')
- expected[sizeof(HELLO_DATA)+i] = i;
- else
- expected[sizeof(HELLO_DATA)+i] = '.';
- }
- unprintableData[sizeof(unprintableData)-1] = '\0';
- expected[sizeof(expected)-1] = '\0';
- XMEMSET(rbuf, 0, MAX_BUF);
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_set_write_buf_size(bio, MAX_BUF), 0);
- ExpectNotNull(asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
- ExpectIntEQ(ASN1_STRING_set(asnStr,(const void*)unprintableData,
- (int)sizeof(unprintableData)), 1);
- /* test */
- ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, NULL), 0);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, asnStr), 0);
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print(bio, asnStr), 46);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 46), 46);
- ExpectStrEQ((char*)rbuf, (const char*)expected);
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem()));
- ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(bio, rbuf, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
- ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
- ExpectIntEQ(BIO_set_write_buf_size(bio, 45), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
- BIO_free(bio);
- ASN1_STRING_free(asnStr);
- #endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS && !NO_BIO */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_STRING_print_ex(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
- ASN1_STRING* asn_str = NULL;
- const char data[] = "Hello wolfSSL!";
- ASN1_STRING* esc_str = NULL;
- const char esc_data[] = "a+;<>";
- ASN1_STRING* neg_int = NULL;
- const char neg_int_data[] = "\xff";
- ASN1_STRING* neg_enum = NULL;
- const char neg_enum_data[] = "\xff";
- BIO *bio = NULL;
- BIO *fixed = NULL;
- unsigned long flags;
- int p_len;
- unsigned char rbuf[255];
- /* setup */
- XMEMSET(rbuf, 0, 255);
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_set_write_buf_size(bio, 255), 0);
- ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
- ExpectNotNull(asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
- ExpectIntEQ(ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)), 1);
- ExpectNotNull(esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
- ExpectIntEQ(ASN1_STRING_set(esc_str, (const void*)esc_data,
- sizeof(esc_data)), 1);
- ExpectNotNull(neg_int = ASN1_STRING_type_new(V_ASN1_NEG_INTEGER));
- ExpectIntEQ(ASN1_STRING_set(neg_int, (const void*)neg_int_data,
- sizeof(neg_int_data) - 1), 1);
- ExpectNotNull(neg_enum = ASN1_STRING_type_new(V_ASN1_NEG_ENUMERATED));
- ExpectIntEQ(ASN1_STRING_set(neg_enum, (const void*)neg_enum_data,
- sizeof(neg_enum_data) - 1), 1);
- /* Invalid parameter testing. */
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(bio, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, asn_str, 0), 0);
- /* no flags */
- XMEMSET(rbuf, 0, 255);
- flags = 0;
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 15);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 15), 15);
- ExpectStrEQ((char*)rbuf, "Hello wolfSSL!");
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 14), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- /* RFC2253 Escape */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_ESC_2253;
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags), 9);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 9), 9);
- ExpectStrEQ((char*)rbuf, "a\\+\\;\\<\\>");
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 8), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
- /* Show type */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_SHOW_TYPE;
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 28);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 28), 28);
- ExpectStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 12), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 27), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- /* Dump All */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_DUMP_ALL;
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 31);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 31), 31);
- ExpectStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- /* Dump Der */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 35);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 35), 35);
- ExpectStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 2), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1);
- ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
- /* Dump All + Show type */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 44);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 44), 44);
- ExpectStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");
- /* Dump All + Show type - Negative Integer. */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_int, flags), 11);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 11), 11);
- ExpectStrEQ((char*)rbuf, "INTEGER:#FF");
- /* Dump All + Show type - Negative Enumerated. */
- XMEMSET(rbuf, 0, 255);
- flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
- ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_enum, flags), 14);
- ExpectIntEQ(BIO_read(bio, (void*)rbuf, 14), 14);
- ExpectStrEQ((char*)rbuf, "ENUMERATED:#FF");
- BIO_free(fixed);
- BIO_free(bio);
- ASN1_STRING_free(asn_str);
- ASN1_STRING_free(esc_str);
- ASN1_STRING_free(neg_int);
- ASN1_STRING_free(neg_enum);
- ExpectStrEQ(wolfSSL_ASN1_tag2str(-1), "(unknown)");
- ExpectStrEQ(wolfSSL_ASN1_tag2str(31), "(unknown)");
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_ASN)
- ASN1_STRING* asn1str_test = NULL;
- ASN1_STRING* asn1str_answer = NULL;
- /* Each character is encoded using 4 bytes */
- char input[] = {
- 0, 0, 0, 'T',
- 0, 0, 0, 'e',
- 0, 0, 0, 's',
- 0, 0, 0, 't',
- };
- char output[] = "Test";
- char badInput[] = {
- 1, 0, 0, 'T',
- 0, 1, 0, 'e',
- 0, 0, 1, 's',
- };
- ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(NULL), 0);
- /* Test wrong type. */
- ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
- ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
- ASN1_STRING_free(asn1str_test);
- asn1str_test = NULL;
- ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
- /* Test bad length. */
- ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input) - 1), 1);
- ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
- /* Test bad input. */
- ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 0, 4), 1);
- ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
- ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 4, 4), 1);
- ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
- ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 8, 4), 1);
- ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
- ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
- ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
- ExpectNotNull(
- asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
- ExpectIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
- ExpectIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
- ASN1_STRING_free(asn1str_test);
- ASN1_STRING_free(asn1str_answer);
- #endif /* OPENSSL_ALL && !NO_ASN */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime = NULL;
- unsigned char nullstr[32];
- XMEMSET(nullstr, 0, 32);
- ExpectNotNull(asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
- sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, DYNAMIC_TYPE_TMP_BUFFER));
- if (asn1_gtime != NULL) {
- XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
- wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
- ExpectIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32));
- XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- wolfSSL_ASN1_GENERALIZEDTIME_free(NULL);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- WOLFSSL_ASN1_GENERALIZEDTIME gtime;
- BIO* bio = NULL;
- unsigned char buf[24];
- int i;
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- BIO_set_write_buf_size(bio, 24);
- XMEMSET(>ime, 0, sizeof(WOLFSSL_ASN1_GENERALIZEDTIME));
- XMEMCPY(gtime.data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE);
- gtime.length = ASN_GENERALIZED_TIME_SIZE;
- /* Type not set. */
- ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0);
- gtime.type = V_ASN1_GENERALIZEDTIME;
- /* Invalid parameters testing. */
- ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, >ime), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 1);
- ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20);
- ExpectIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0);
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem()));
- ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(bio, buf, 1), 1);
- ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0);
- for (i = 1; i < 20; i++) {
- ExpectIntEQ(BIO_set_write_buf_size(bio, i), 1);
- ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0);
- }
- BIO_free(bio);
- wolfSSL_ASN1_GENERALIZEDTIME_free(>ime);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_TIME(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
- WOLFSSL_ASN1_TIME* asn_time = NULL;
- unsigned char *data;
- ExpectNotNull(asn_time = ASN1_TIME_new());
- #ifndef NO_WOLFSSL_STUB
- ExpectNotNull(ASN1_TIME_set(asn_time, 1));
- #endif
- ExpectIntEQ(ASN1_TIME_set_string(NULL, NULL), 0);
- ExpectIntEQ(ASN1_TIME_set_string(asn_time, NULL), 0);
- ExpectIntEQ(ASN1_TIME_set_string(NULL,
- "String longer than CTC_DATA_SIZE that is 32 bytes"), 0);
- ExpectIntEQ(ASN1_TIME_set_string(NULL, "101219181011Z"), 1);
- ExpectIntEQ(ASN1_TIME_set_string(asn_time, "101219181011Z"), 1);
- ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(NULL), 0);
- ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(asn_time), ASN_UTC_TIME_SIZE - 1);
- ExpectNull(wolfSSL_ASN1_TIME_get_data(NULL));
- ExpectNotNull(data = wolfSSL_ASN1_TIME_get_data(asn_time));
- ExpectIntEQ(XMEMCMP(data, "101219181011Z", 14), 0);
- ExpectIntEQ(ASN1_TIME_check(NULL), 0);
- ExpectIntEQ(ASN1_TIME_check(asn_time), 1);
- ASN1_TIME_free(asn_time);
- ASN1_TIME_free(NULL);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_TIME_to_string(void)
- {
- EXPECT_DECLS;
- #ifndef NO_ASN_TIME
- #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
- WOLFSSL_ASN1_TIME* t = NULL;
- char buf[ASN_GENERALIZED_TIME_SIZE];
- ExpectNotNull((t = ASN1_TIME_new()));
- ExpectIntEQ(ASN1_TIME_set_string(t, "030222211515Z"), 1);
- /* Invalid parameter testing. */
- ExpectNull(ASN1_TIME_to_string(NULL, NULL, 4));
- ExpectNull(ASN1_TIME_to_string(t, NULL, 4));
- ExpectNull(ASN1_TIME_to_string(NULL, buf, 4));
- ExpectNull(ASN1_TIME_to_string(NULL, NULL, 5));
- ExpectNull(ASN1_TIME_to_string(NULL, buf, 5));
- ExpectNull(ASN1_TIME_to_string(t, NULL, 5));
- ExpectNull(ASN1_TIME_to_string(t, buf, 4));
- /* Buffer needs to be longer than minimum of 5 characters. */
- ExpectNull(ASN1_TIME_to_string(t, buf, 5));
- ASN1_TIME_free(t);
- #endif
- #endif /* NO_ASN_TIME */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_TIME_diff_compare(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
- ASN1_TIME* fromTime = NULL;
- ASN1_TIME* closeToTime = NULL;
- ASN1_TIME* toTime = NULL;
- ASN1_TIME* invalidTime = NULL;
- int daysDiff = 0;
- int secsDiff = 0;
- ExpectNotNull((fromTime = ASN1_TIME_new()));
- /* Feb 22, 2003, 21:15:15 */
- ExpectIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1);
- ExpectNotNull((closeToTime = ASN1_TIME_new()));
- /* Feb 22, 2003, 21:16:15 */
- ExpectIntEQ(ASN1_TIME_set_string(closeToTime, "030222211615Z"), 1);
- ExpectNotNull((toTime = ASN1_TIME_new()));
- /* Dec 19, 2010, 18:10:11 */
- ExpectIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1);
- ExpectNotNull((invalidTime = ASN1_TIME_new()));
- /* Dec 19, 2010, 18:10:11 but 'U' instead of 'Z' which is invalid. */
- ExpectIntEQ(ASN1_TIME_set_string(invalidTime, "102519181011U"), 1);
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, invalidTime), 0);
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, invalidTime, toTime), 0);
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
- /* Error conditions. */
- ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 0);
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 0);
- /* If both times are NULL, difference is 0. */
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1);
- ExpectIntEQ(daysDiff, 0);
- ExpectIntEQ(secsDiff, 0);
- /* If one time is NULL, it defaults to the current time. */
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime), 1);
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL), 1);
- /* Normal operation. Both times non-NULL. */
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
- ExpectIntEQ(daysDiff, 2856);
- ExpectIntEQ(secsDiff, 75296);
- /* Swapping the times should return negative values. */
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime), 1);
- ExpectIntEQ(daysDiff, -2856);
- ExpectIntEQ(secsDiff, -75296);
- /* Compare with invalid time string. */
- ExpectIntEQ(ASN1_TIME_compare(fromTime, invalidTime), -2);
- ExpectIntEQ(ASN1_TIME_compare(invalidTime, toTime), -2);
- /* Compare with days difference of 0. */
- ExpectIntEQ(ASN1_TIME_compare(fromTime, closeToTime), -1);
- ExpectIntEQ(ASN1_TIME_compare(closeToTime, fromTime), 1);
- /* Days and seconds differences not 0. */
- ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
- ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
- /* Same time. */
- ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
- /* Compare regression test: No seconds difference, just difference in days.
- */
- ASN1_TIME_set_string(fromTime, "19700101000000Z");
- ASN1_TIME_set_string(toTime, "19800101000000Z");
- ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
- ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
- ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
- /* Edge case with Unix epoch. */
- ExpectNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z"));
- ExpectNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z"));
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
- ExpectIntEQ(daysDiff, 3652);
- ExpectIntEQ(secsDiff, 0);
- /* Edge case with year > 2038 (year 2038 problem). */
- ExpectNotNull(ASN1_TIME_set_string(toTime, "99991231235959Z"));
- ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
- ExpectIntEQ(daysDiff, 2932896);
- ExpectIntEQ(secsDiff, 86399);
- ASN1_TIME_free(fromTime);
- ASN1_TIME_free(closeToTime);
- ASN1_TIME_free(toTime);
- ASN1_TIME_free(invalidTime);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_TIME_adj(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
- !defined(USER_TIME) && !defined(TIME_OVERRIDES)
- const int year = 365*24*60*60;
- const int day = 24*60*60;
- const int hour = 60*60;
- const int mini = 60;
- const byte asn_utc_time = ASN_UTC_TIME;
- #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
- const byte asn_gen_time = ASN_GENERALIZED_TIME;
- #endif
- WOLFSSL_ASN1_TIME* asn_time = NULL;
- WOLFSSL_ASN1_TIME* s = NULL;
- int offset_day;
- long offset_sec;
- char date_str[CTC_DATE_SIZE + 1];
- time_t t;
- ExpectNotNull(s = wolfSSL_ASN1_TIME_new());
- /* UTC notation test */
- /* 2000/2/15 20:30:00 */
- t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
- offset_day = 7;
- offset_sec = 45 * mini;
- /* offset_sec = -45 * min;*/
- ExpectNotNull(asn_time =
- wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
- ExpectTrue(asn_time->type == asn_utc_time);
- ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
- CTC_DATE_SIZE));
- date_str[CTC_DATE_SIZE] = '\0';
- ExpectIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
- /* negative offset */
- offset_sec = -45 * mini;
- asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
- ExpectNotNull(asn_time);
- ExpectTrue(asn_time->type == asn_utc_time);
- ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
- CTC_DATE_SIZE));
- date_str[CTC_DATE_SIZE] = '\0';
- ExpectIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
- XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
- s = NULL;
- XMEMSET(date_str, 0, sizeof(date_str));
- /* Generalized time will overflow time_t if not long */
- #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
- s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
- DYNAMIC_TYPE_OPENSSL);
- /* GeneralizedTime notation test */
- /* 2055/03/01 09:00:00 */
- t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
- offset_day = 12;
- offset_sec = 10 * mini;
- ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day,
- offset_sec));
- ExpectTrue(asn_time->type == asn_gen_time);
- ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
- CTC_DATE_SIZE));
- date_str[CTC_DATE_SIZE] = '\0';
- ExpectIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
- XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
- s = NULL;
- XMEMSET(date_str, 0, sizeof(date_str));
- #endif /* !TIME_T_NOT_64BIT && !NO_64BIT */
- /* if WOLFSSL_ASN1_TIME struct is not allocated */
- s = NULL;
- t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
- offset_day = 7;
- offset_sec = 45 * mini;
- ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day,
- offset_sec));
- ExpectTrue(asn_time->type == asn_utc_time);
- ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
- CTC_DATE_SIZE));
- date_str[CTC_DATE_SIZE] = '\0';
- ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
- XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
- asn_time = NULL;
- ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day,
- offset_sec));
- ExpectTrue(asn_time->type == asn_utc_time);
- ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
- CTC_DATE_SIZE));
- date_str[CTC_DATE_SIZE] = '\0';
- ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
- XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_TIME_to_tm(void)
- {
- EXPECT_DECLS;
- #if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_ALL)) && !defined(NO_ASN_TIME)
- ASN1_TIME asnTime;
- struct tm tm;
- time_t testTime = 1683926567; /* Fri May 12 09:22:47 PM UTC 2023 */
- XMEMSET(&tm, 0, sizeof(struct tm));
- XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
- ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1);
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
- ExpectIntEQ(tm.tm_sec, 15);
- ExpectIntEQ(tm.tm_min, 15);
- ExpectIntEQ(tm.tm_hour, 21);
- ExpectIntEQ(tm.tm_mday, 22);
- ExpectIntEQ(tm.tm_mon, 1);
- ExpectIntEQ(tm.tm_year, 100);
- ExpectIntEQ(tm.tm_isdst, 0);
- #ifdef XMKTIME
- ExpectIntEQ(tm.tm_wday, 2);
- ExpectIntEQ(tm.tm_yday, 52);
- #endif
- ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "500222211515Z"), 1);
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
- ExpectIntEQ(tm.tm_year, 50);
- /* Get current time. */
- ExpectIntEQ(ASN1_TIME_to_tm(NULL, NULL), 0);
- ExpectIntEQ(ASN1_TIME_to_tm(NULL, &tm), 1);
- XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
- /* 0 length. */
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
- /* No type. */
- asnTime.length = 1;
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
- /* Not UTCTIME length. */
- asnTime.type = V_ASN1_UTCTIME;
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
- /* Not GENERALIZEDTIME length. */
- asnTime.type = V_ASN1_GENERALIZEDTIME;
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
- /* Not Zulu timezone. */
- ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515U"), 1);
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
- ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "20000222211515U"), 1);
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
- #ifdef XMKTIME
- ExpectNotNull(ASN1_TIME_adj(&asnTime, testTime, 0, 0));
- ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
- ExpectIntEQ(tm.tm_sec, 47);
- ExpectIntEQ(tm.tm_min, 22);
- ExpectIntEQ(tm.tm_hour, 21);
- ExpectIntEQ(tm.tm_mday, 12);
- ExpectIntEQ(tm.tm_mon, 4);
- ExpectIntEQ(tm.tm_year, 123);
- ExpectIntEQ(tm.tm_wday, 5);
- ExpectIntEQ(tm.tm_yday, 131);
- /* Confirm that when used with a tm struct from ASN1_TIME_adj, all other
- fields are zeroed out as expected. */
- ExpectIntEQ(tm.tm_isdst, 0);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_TIME_to_generalizedtime(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
- WOLFSSL_ASN1_TIME *t = NULL;
- WOLFSSL_ASN1_TIME *out = NULL;
- WOLFSSL_ASN1_TIME *gtime = NULL;
- int tlen = 0;
- unsigned char *data = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TIME_new());
- ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(NULL, &out));
- /* type not set. */
- ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
- XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- t = NULL;
- /* UTC Time test */
- ExpectNotNull(t = wolfSSL_ASN1_TIME_new());
- if (t != NULL) {
- XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
- t->type = ASN_UTC_TIME;
- t->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
- }
- ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t), ASN_UTC_TIME_SIZE);
- ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)), "050727123456Z");
- out = NULL;
- ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
- wolfSSL_ASN1_TIME_free(gtime);
- gtime = NULL;
- ExpectNotNull(out = wolfSSL_ASN1_TIME_new());
- ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
- ExpectPtrEq(gtime, out);
- ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
- ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
- ExpectStrEQ((char*)gtime->data, "20050727123456Z");
- /* Generalized Time test */
- ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
- ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE));
- ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE));
- if (t != NULL) {
- t->type = ASN_GENERALIZED_TIME;
- t->length = ASN_GENERALIZED_TIME_SIZE;
- XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
- }
- ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t),
- ASN_GENERALIZED_TIME_SIZE);
- ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)),
- "20050727123456Z");
- ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
- ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
- ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
- ExpectStrEQ((char*)gtime->data, "20050727123456Z");
- /* UTC Time to Generalized Time 1900's test */
- ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
- ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE));
- ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE));
- if (t != NULL) {
- t->type = ASN_UTC_TIME;
- t->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(t->data, "500727123456Z", ASN_UTC_TIME_SIZE);
- }
- ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
- ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
- ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
- ExpectStrEQ((char*)gtime->data, "19500727123456Z");
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- /* Null parameter test */
- ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
- gtime = NULL;
- out = NULL;
- if (t != NULL) {
- t->type = ASN_UTC_TIME;
- t->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
- }
- ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
- ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
- ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
- ExpectStrEQ((char*)gtime->data, "20050727123456Z");
- XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_TIME_print(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_BIO) && \
- (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
- defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_ALL)) && defined(USE_CERT_BUFFERS_2048) && \
- !defined(NO_ASN_TIME)
- BIO* bio = NULL;
- BIO* fixed = NULL;
- X509* x509 = NULL;
- const unsigned char* der = client_cert_der_2048;
- ASN1_TIME* notAfter = NULL;
- ASN1_TIME* notBefore = NULL;
- unsigned char buf[25];
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
- sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull(notBefore = X509_get_notBefore(x509));
- ExpectIntEQ(ASN1_TIME_print(NULL, NULL), 0);
- ExpectIntEQ(ASN1_TIME_print(bio, NULL), 0);
- ExpectIntEQ(ASN1_TIME_print(NULL, notBefore), 0);
- ExpectIntEQ(ASN1_TIME_print(bio, notBefore), 1);
- ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
- ExpectIntEQ(XMEMCMP(buf, "Dec 13 22:19:28 2023 GMT", sizeof(buf) - 1), 0);
- /* Test BIO_write fails. */
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- /* Ensure there is 0 bytes available to write into. */
- ExpectIntEQ(BIO_write(fixed, buf, 1), 1);
- ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
- ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
- ExpectIntEQ(BIO_set_write_buf_size(fixed, 23), 1);
- ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
- /* create a bad time and test results */
- ExpectNotNull(notAfter = X509_get_notAfter(x509));
- ExpectIntEQ(ASN1_TIME_check(notAfter), 1);
- if (EXPECT_SUCCESS()) {
- notAfter->data[8] = 0;
- notAfter->data[3] = 0;
- }
- ExpectIntNE(ASN1_TIME_print(bio, notAfter), 1);
- ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
- ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
- ExpectIntEQ(ASN1_TIME_check(notAfter), 0);
- BIO_free(bio);
- BIO_free(fixed);
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_UTCTIME_print(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
- BIO* bio = NULL;
- ASN1_UTCTIME* utc = NULL;
- unsigned char buf[25];
- const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */
- const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */
- const char* genDate = "20190424111501Z"; /* GEN = YYYYMMDDHHMMSSZ */
- /* Valid date */
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
- DYNAMIC_TYPE_ASN1));
- if (utc != NULL) {
- utc->type = ASN_UTC_TIME;
- utc->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
- }
- ExpectIntEQ(ASN1_UTCTIME_print(NULL, NULL), 0);
- ExpectIntEQ(ASN1_UTCTIME_print(bio, NULL), 0);
- ExpectIntEQ(ASN1_UTCTIME_print(NULL, utc), 0);
- ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
- ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
- ExpectIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);
- XMEMSET(buf, 0, sizeof(buf));
- BIO_free(bio);
- bio = NULL;
- /* Invalid format */
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- if (utc != NULL) {
- utc->type = ASN_UTC_TIME;
- utc->length = ASN_UTC_TIME_SIZE;
- XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
- }
- ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
- ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
- ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
- /* Invalid type */
- if (utc != NULL) {
- utc->type = ASN_GENERALIZED_TIME;
- utc->length = ASN_GENERALIZED_TIME_SIZE;
- XMEMCPY(utc->data, (byte*)genDate, ASN_GENERALIZED_TIME_SIZE);
- }
- ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
- XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
- BIO_free(bio);
- #endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ASN1_TYPE(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) || \
- defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
- WOLFSSL_ASN1_TYPE* t = NULL;
- WOLFSSL_ASN1_OBJECT* obj = NULL;
- #ifndef NO_ASN_TIME
- WOLFSSL_ASN1_TIME* time = NULL;
- #endif
- WOLFSSL_ASN1_STRING* str = NULL;
- unsigned char data[] = { 0x00 };
- ASN1_TYPE_set(NULL, V_ASN1_NULL, NULL);
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ASN1_TYPE_set(t, V_ASN1_EOC, NULL);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ASN1_TYPE_set(t, V_ASN1_NULL, NULL);
- ASN1_TYPE_set(t, V_ASN1_NULL, data);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
- ASN1_TYPE_set(t, V_ASN1_OBJECT, obj);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- #ifndef NO_ASN_TIME
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(time = wolfSSL_ASN1_TIME_new());
- ASN1_TYPE_set(t, V_ASN1_UTCTIME, time);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(time = wolfSSL_ASN1_TIME_new());
- ASN1_TYPE_set(t, V_ASN1_GENERALIZEDTIME, time);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- #endif
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
- ASN1_TYPE_set(t, V_ASN1_UTF8STRING, str);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
- ASN1_TYPE_set(t, V_ASN1_PRINTABLESTRING, str);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
- ASN1_TYPE_set(t, V_ASN1_T61STRING, str);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
- ASN1_TYPE_set(t, V_ASN1_IA5STRING, str);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
- ASN1_TYPE_set(t, V_ASN1_UNIVERSALSTRING, str);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
- ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
- ASN1_TYPE_set(t, V_ASN1_SEQUENCE, str);
- wolfSSL_ASN1_TYPE_free(t);
- t = NULL;
- #endif
- return EXPECT_RESULT();
- }
- /* Testing code used in dpp.c in hostap */
- #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- typedef struct {
- /* AlgorithmIdentifier ecPublicKey with optional parameters present
- * as an OID identifying the curve */
- X509_ALGOR *alg;
- /* Compressed format public key per ANSI X9.63 */
- ASN1_BIT_STRING *pub_key;
- } DPP_BOOTSTRAPPING_KEY;
- ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
- ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
- ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
- } ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY)
- IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
- typedef struct {
- ASN1_INTEGER *integer;
- } TEST_ASN1;
- ASN1_SEQUENCE(TEST_ASN1) = {
- ASN1_SIMPLE(TEST_ASN1, integer, ASN1_INTEGER),
- } ASN1_SEQUENCE_END(TEST_ASN1)
- IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1)
- typedef struct {
- ASN1_OCTET_STRING *octet_string;
- } TEST_FAIL_ASN1;
- #define WOLFSSL_ASN1_OCTET_STRING_ASN1 4
- ASN1_SEQUENCE(TEST_FAIL_ASN1) = {
- ASN1_SIMPLE(TEST_FAIL_ASN1, octet_string, ASN1_OCTET_STRING),
- } ASN1_SEQUENCE_END(TEST_FAIL_ASN1)
- IMPLEMENT_ASN1_FUNCTIONS(TEST_FAIL_ASN1)
- #endif
- static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
- {
- EXPECT_DECLS;
- /* Testing code used in dpp.c in hostap */
- #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- EC_KEY *eckey = NULL;
- EVP_PKEY *key = NULL;
- size_t len = 0;
- unsigned char *der = NULL;
- DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
- const unsigned char *in = ecc_clikey_der_256;
- WOLFSSL_ASN1_OBJECT* ec_obj = NULL;
- WOLFSSL_ASN1_OBJECT* group_obj = NULL;
- const EC_GROUP *group = NULL;
- const EC_POINT *point = NULL;
- int nid;
- TEST_ASN1 *test_asn1 = NULL;
- TEST_FAIL_ASN1 test_fail_asn1;
- const unsigned char badObjDer[] = { 0x06, 0x00 };
- const unsigned char goodObjDer[] = {
- 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01
- };
- WOLFSSL_ASN1_ITEM emptyTemplate;
- XMEMSET(&emptyTemplate, 0, sizeof(WOLFSSL_ASN1_ITEM));
- ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
- der = NULL;
- ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), 0);
- ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), 0);
- ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
- ExpectNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
- (long)sizeof_ecc_clikey_der_256));
- ExpectNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
- ExpectNotNull(group = EC_KEY_get0_group(eckey));
- ExpectNotNull(point = EC_KEY_get0_public_key(eckey));
- nid = EC_GROUP_get_curve_name(group);
- ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
- group_obj = OBJ_nid2obj(nid);
- if ((ec_obj != NULL) && (group_obj != NULL)) {
- ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, ec_obj, V_ASN1_OBJECT,
- group_obj), 1);
- if (EXPECT_SUCCESS()) {
- ec_obj = NULL;
- group_obj = NULL;
- }
- }
- wolfSSL_ASN1_OBJECT_free(group_obj);
- wolfSSL_ASN1_OBJECT_free(ec_obj);
- ExpectIntEQ(EC_POINT_point2oct(group, point, 0, NULL, 0, NULL), 0);
- #ifdef HAVE_COMP_KEY
- ExpectIntGT((len = EC_POINT_point2oct(
- group, point, POINT_CONVERSION_COMPRESSED,
- NULL, 0, NULL)), 0);
- #else
- ExpectIntGT((len = EC_POINT_point2oct(
- group, point, POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, NULL)), 0);
- #endif
- ExpectNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
- #ifdef HAVE_COMP_KEY
- ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
- der, len-1, NULL), 0);
- ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
- der, len, NULL), len);
- #else
- ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
- der, len-1, NULL), 0);
- ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
- der, len, NULL), len);
- #endif
- if (EXPECT_SUCCESS()) {
- bootstrap->pub_key->data = der;
- bootstrap->pub_key->length = (int)len;
- /* Not actually used */
- bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
- bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- }
- ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 0);
- der = NULL;
- ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
- ExpectIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
- XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
- EVP_PKEY_free(key);
- EC_KEY_free(eckey);
- DPP_BOOTSTRAPPING_KEY_free(bootstrap);
- bootstrap = NULL;
- DPP_BOOTSTRAPPING_KEY_free(NULL);
- /* Create bootstrap key with bad OBJECT_ID DER data, parameter that is
- * a NULL and an empty BIT_STRING. */
- ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
- ExpectNotNull(bootstrap->alg->algorithm = wolfSSL_ASN1_OBJECT_new());
- if (EXPECT_SUCCESS()) {
- bootstrap->alg->algorithm->obj = badObjDer;
- bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(badObjDer);
- }
- ExpectNotNull(bootstrap->alg->parameter = wolfSSL_ASN1_TYPE_new());
- if (EXPECT_SUCCESS()) {
- bootstrap->alg->parameter->type = V_ASN1_NULL;
- bootstrap->alg->parameter->value.ptr = NULL;
- bootstrap->pub_key->data = NULL;
- bootstrap->pub_key->length = 0;
- /* Not actually used */
- bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
- bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- }
- /* Encode with bad OBJECT_ID. */
- der = NULL;
- ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
- /* Fix OBJECT_ID and encode with empty BIT_STRING. */
- if (EXPECT_SUCCESS()) {
- bootstrap->alg->algorithm->obj = goodObjDer;
- bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(goodObjDer);
- bootstrap->alg->algorithm->grp = 2;
- }
- der = NULL;
- ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16);
- ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), 0);
- XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
- DPP_BOOTSTRAPPING_KEY_free(bootstrap);
- /* Test integer */
- ExpectNotNull(test_asn1 = TEST_ASN1_new());
- der = NULL;
- ExpectIntEQ(ASN1_INTEGER_set(test_asn1->integer, 100), 1);
- ExpectIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5);
- XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
- TEST_ASN1_free(test_asn1);
- /* Test integer cases. */
- ExpectNull(wolfSSL_ASN1_item_new(NULL));
- TEST_ASN1_free(NULL);
- /* Test error cases. */
- ExpectNull(TEST_FAIL_ASN1_new());
- ExpectNull(wolfSSL_ASN1_item_new(NULL));
- TEST_FAIL_ASN1_free(NULL);
- XMEMSET(&test_fail_asn1, 0, sizeof(TEST_FAIL_ASN1));
- ExpectIntEQ(i2d_TEST_FAIL_ASN1(&test_fail_asn1, &der), 0);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_lhash(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_ALL
- const char testStr[] = "Like a true nature's child\n"
- "We were born\n"
- "Born to be wild";
- #ifdef NO_SHA
- ExpectIntEQ(lh_strhash(testStr), 0xf9dc8a43);
- #else
- ExpectIntEQ(lh_strhash(testStr), 0x5b7541dc);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_NAME(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \
- (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
- defined(OPENSSL_EXTRA))
- X509* x509 = NULL;
- const unsigned char* c = NULL;
- unsigned char buf[4096];
- int bytes = 0;
- XFILE f = XBADFILE;
- const X509_NAME* a = NULL;
- const X509_NAME* b = NULL;
- X509_NAME* d2i_name = NULL;
- int sz = 0;
- unsigned char* tmp = NULL;
- char file[] = "./certs/ca-cert.der";
- #ifndef OPENSSL_EXTRA_X509_SMALL
- byte empty[] = { /* CN=empty emailAddress= */
- 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03,
- 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70,
- 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
- 0x01, 0x16, 0x00
- };
- #endif
- #ifndef OPENSSL_EXTRA_X509_SMALL
- /* test compile of deprecated function, returns 0 */
- ExpectIntEQ(CRYPTO_thread_id(), 0);
- #endif
- ExpectNotNull(a = X509_NAME_new());
- X509_NAME_free((X509_NAME*)a);
- a = NULL;
- ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- c = buf;
- ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT));
- /* test cmp function */
- ExpectNotNull(a = X509_get_issuer_name(x509));
- ExpectNotNull(b = X509_get_subject_name(x509));
- #ifndef OPENSSL_EXTRA_X509_SMALL
- ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
- #endif
- tmp = buf;
- ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
- if (sz > 0 && tmp == buf) {
- fprintf(stderr, "\nERROR - %s line %d failed with:", __FILE__,
- __LINE__);
- fprintf(stderr, " Expected pointer to be incremented\n");
- abort();
- }
- #ifndef OPENSSL_EXTRA_X509_SMALL
- tmp = buf;
- ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
- #endif
- /* if output parameter is NULL, should still return required size. */
- ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, NULL)), 0);
- /* retry but with the function creating a buffer */
- tmp = NULL;
- ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
- XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
- tmp = NULL;
- #ifdef WOLFSSL_CERT_NAME_ALL
- /* test for givenName and name */
- {
- WOLFSSL_X509_NAME_ENTRY* entry = NULL;
- const byte gName[] = "test-given-name";
- const byte name[] = "test-name";
- ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
- NID_givenName, ASN_UTF8STRING, gName, sizeof(gName)));
- ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0),
- 1);
- wolfSSL_X509_NAME_ENTRY_free(entry);
- entry = NULL;
- ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
- NID_name, ASN_UTF8STRING, name, sizeof(name)));
- ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0),
- 1);
- wolfSSL_X509_NAME_ENTRY_free(entry);
- tmp = NULL;
- ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
- XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- #endif
- b = NULL;
- ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a));
- #ifndef OPENSSL_EXTRA_X509_SMALL
- ExpectIntEQ(X509_NAME_cmp(a, b), 0);
- #endif
- X509_NAME_free((X509_NAME*)b);
- X509_NAME_free(d2i_name);
- d2i_name = NULL;
- X509_free(x509);
- #ifndef OPENSSL_EXTRA_X509_SMALL
- /* test with an empty domain component */
- tmp = empty;
- sz = sizeof(empty);
- ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
- ExpectIntEQ(X509_NAME_entry_count(d2i_name), 2);
- /* size of empty emailAddress will be 0 */
- tmp = buf;
- ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress,
- (char*)tmp, sizeof(buf)), 0);
- /* should contain no organization name */
- tmp = buf;
- ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName,
- (char*)tmp, sizeof(buf)), -1);
- X509_NAME_free(d2i_name);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_NAME_hash(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO)
- BIO* bio = NULL;
- X509* x509 = NULL;
- ExpectNotNull(bio = BIO_new(BIO_s_file()));
- ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
- ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL));
- ExpectIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F);
- ExpectIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4);
- X509_free(x509);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_NAME_print_ex(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
- (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
- defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
- defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \
- !defined(NO_BIO) && !defined(NO_RSA)
- int memSz = 0;
- byte* mem = NULL;
- BIO* bio = NULL;
- BIO* membio = NULL;
- X509* x509 = NULL;
- X509_NAME* name = NULL;
- const char* expNormal = "C=US, CN=wolfssl.com";
- const char* expReverse = "CN=wolfssl.com, C=US";
- const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;";
- const char* expNotEscapedRev = "CN=#wolfssl.com<>;, C= US,+\"\\ ";
- const char* expRFC5523 =
- "CN=\\#wolfssl.com\\<\\>\\;, C=\\ US\\,\\+\\\"\\\\\\ ";
- /* Test with real cert (svrCertFile) first */
- ExpectNotNull(bio = BIO_new(BIO_s_file()));
- ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
- ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL));
- ExpectNotNull(name = X509_get_subject_name(x509));
- /* Test without flags */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
- BIO_free(membio);
- membio = NULL;
- /* Test flag: XN_FLAG_RFC2253 */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0,
- XN_FLAG_RFC2253), WOLFSSL_SUCCESS);
- BIO_free(membio);
- membio = NULL;
- /* Test flag: XN_FLAG_RFC2253 | XN_FLAG_DN_REV */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0,
- XN_FLAG_RFC2253 | XN_FLAG_DN_REV), WOLFSSL_SUCCESS);
- BIO_free(membio);
- membio = NULL;
- X509_free(x509);
- BIO_free(bio);
- name = NULL;
- /* Test normal case without escaped characters */
- {
- /* Create name: "/C=US/CN=wolfssl.com" */
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName",
- MBSTRING_UTF8, (byte*)"US", 2, -1, 0),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName",
- MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0),
- WOLFSSL_SUCCESS);
- /* Test without flags */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
- ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
- ExpectIntEQ(memSz, XSTRLEN(expNormal));
- ExpectIntEQ(XSTRNCMP((char*)mem, expNormal, XSTRLEN(expNormal)), 0);
- BIO_free(membio);
- membio = NULL;
- /* Test flags: XN_FLAG_RFC2253 - should be reversed */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0,
- XN_FLAG_RFC2253), WOLFSSL_SUCCESS);
- ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
- ExpectIntEQ(memSz, XSTRLEN(expReverse));
- BIO_free(membio);
- membio = NULL;
- /* Test flags: XN_FLAG_DN_REV - reversed */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0,
- XN_FLAG_DN_REV), WOLFSSL_SUCCESS);
- ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
- ExpectIntEQ(memSz, XSTRLEN(expReverse));
- ExpectIntEQ(XSTRNCMP((char*)mem, expReverse, XSTRLEN(expReverse)), 0);
- BIO_free(membio);
- membio = NULL;
- X509_NAME_free(name);
- name = NULL;
- }
- /* Test RFC2253 characters are escaped with backslashes */
- {
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName",
- /* space at beginning and end, and: ,+"\ */
- MBSTRING_UTF8, (byte*)" US,+\"\\ ", 8, -1, 0),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName",
- /* # at beginning, and: <>;*/
- MBSTRING_UTF8, (byte*)"#wolfssl.com<>;", 15, -1, 0),
- WOLFSSL_SUCCESS);
- /* Test without flags */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS);
- ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
- ExpectIntEQ(memSz, XSTRLEN(expNotEscaped));
- ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscaped,
- XSTRLEN(expNotEscaped)), 0);
- BIO_free(membio);
- membio = NULL;
- /* Test flags: XN_FLAG_RFC5523 - should be reversed and escaped */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0,
- XN_FLAG_RFC2253), WOLFSSL_SUCCESS);
- ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
- ExpectIntEQ(memSz, XSTRLEN(expRFC5523));
- ExpectIntEQ(XSTRNCMP((char*)mem, expRFC5523, XSTRLEN(expRFC5523)), 0);
- BIO_free(membio);
- membio = NULL;
- /* Test flags: XN_FLAG_DN_REV - reversed but not escaped */
- ExpectNotNull(membio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_NAME_print_ex(membio, name, 0,
- XN_FLAG_DN_REV), WOLFSSL_SUCCESS);
- ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0);
- ExpectIntEQ(memSz, XSTRLEN(expNotEscapedRev));
- ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscapedRev,
- XSTRLEN(expNotEscapedRev)), 0);
- BIO_free(membio);
- X509_NAME_free(name);
- }
- #endif
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_X509_INFO_multiple_info(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_RSA)
- STACK_OF(X509_INFO) *info_stack = NULL;
- X509_INFO *info = NULL;
- int len;
- int i;
- const char* files[] = {
- cliCertFile,
- cliKeyFile,
- /* This needs to be the order as svrCertFile contains the
- * intermediate cert as well. */
- svrKeyFile,
- svrCertFile,
- NULL,
- };
- const char** curFile;
- BIO *fileBIO = NULL;
- BIO *concatBIO = NULL;
- byte tmp[FOURK_BUF];
- /* concatenate the cert and the key file to force PEM_X509_INFO_read_bio
- * to group objects together. */
- ExpectNotNull(concatBIO = BIO_new(BIO_s_mem()));
- for (curFile = files; EXPECT_SUCCESS() && *curFile != NULL; curFile++) {
- int fileLen = 0;
- ExpectNotNull(fileBIO = BIO_new_file(*curFile, "rb"));
- ExpectIntGT(fileLen = wolfSSL_BIO_get_len(fileBIO), 0);
- if (EXPECT_SUCCESS()) {
- while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) {
- ExpectIntEQ(BIO_write(concatBIO, tmp, len), len);
- fileLen -= len;
- if (EXPECT_FAIL())
- break;
- }
- /* Make sure we read the entire file */
- ExpectIntEQ(fileLen, 0);
- }
- BIO_free(fileBIO);
- fileBIO = NULL;
- }
- ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL,
- NULL));
- ExpectIntEQ(sk_X509_INFO_num(info_stack), 3);
- for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
- ExpectNotNull(info = sk_X509_INFO_value(info_stack, i));
- ExpectNotNull(info->x509);
- ExpectNull(info->crl);
- if (i != 0) {
- ExpectNotNull(info->x_pkey);
- ExpectIntEQ(X509_check_private_key(info->x509,
- info->x_pkey->dec_pkey), 1);
- }
- else {
- ExpectNull(info->x_pkey);
- }
- }
- sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
- BIO_free(concatBIO);
- #endif
- return EXPECT_RESULT();
- }
- #endif
- #ifndef NO_BIO
- static int test_wolfSSL_X509_INFO(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_RSA)
- STACK_OF(X509_INFO) *info_stack = NULL;
- X509_INFO *info = NULL;
- BIO *cert = NULL;
- int i;
- /* PEM in hex format to avoid null terminator */
- byte data[] = {
- 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47,
- 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d,
- 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d,
- 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d,
- 0x2d, 0x2d, 0x2d
- };
- /* PEM in hex format to avoid null terminator */
- byte data2[] = {
- 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72,
- 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d,
- 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50,
- 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d,
- 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71,
- 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d,
- 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
- };
- ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
- ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
- for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
- ExpectNotNull(info = sk_X509_INFO_value(info_stack, i));
- ExpectNotNull(info->x509);
- ExpectNull(info->crl);
- ExpectNull(info->x_pkey);
- }
- sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
- info_stack = NULL;
- BIO_free(cert);
- cert = NULL;
- ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
- ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
- sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
- info_stack = NULL;
- BIO_free(cert);
- cert = NULL;
- /* This case should fail due to invalid input. */
- ExpectNotNull(cert = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data));
- ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
- sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
- info_stack = NULL;
- BIO_free(cert);
- cert = NULL;
- ExpectNotNull(cert = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2));
- ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
- sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
- BIO_free(cert);
- #endif
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_X509_subject_name_hash(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
- X509* x509 = NULL;
- X509_NAME* subjectName = NULL;
- unsigned long ret1 = 0;
- unsigned long ret2 = 0;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
- /* These two
- * - X509_subject_name_hash(x509)
- * - X509_NAME_hash(X509_get_subject_name(x509))
- * should give the same hash, if !defined(NO_SHA) is true. */
- ret1 = X509_subject_name_hash(x509);
- ExpectIntNE(ret1, 0);
- #if !defined(NO_SHA)
- ret2 = X509_NAME_hash(X509_get_subject_name(x509));
- ExpectIntNE(ret2, 0);
- ExpectIntEQ(ret1, ret2);
- #else
- (void) ret2;
- #endif
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_issuer_name_hash(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
- && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
- X509* x509 = NULL;
- X509_NAME* issuertName = NULL;
- unsigned long ret1 = 0;
- unsigned long ret2 = 0;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
- /* These two
- * - X509_issuer_name_hash(x509)
- * - X509_NAME_hash(X509_get_issuer_name(x509))
- * should give the same hash, if !defined(NO_SHA) is true. */
- ret1 = X509_issuer_name_hash(x509);
- ExpectIntNE(ret1, 0);
- #if !defined(NO_SHA)
- ret2 = X509_NAME_hash(X509_get_issuer_name(x509));
- ExpectIntNE(ret2, 0);
- ExpectIntEQ(ret1, ret2);
- #else
- (void) ret2;
- #endif
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_check_host(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
- && !defined(NO_SHA) && !defined(NO_RSA)
- X509* x509 = NULL;
- const char altName[] = "example.com";
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
- WOLFSSL_FAILURE);
- X509_free(x509);
- ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
- WOLFSSL_FAILURE);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_check_email(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
- X509* x509 = NULL;
- const char goodEmail[] = "info@wolfssl.com";
- const char badEmail[] = "disinfo@wolfssl.com";
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- /* Should fail on non-matching email address */
- ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
- WOLFSSL_FAILURE);
- /* Should succeed on matching email address */
- ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
- WOLFSSL_SUCCESS);
- /* Should compute length internally when not provided */
- ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0),
- WOLFSSL_SUCCESS);
- /* Should fail when email address is NULL */
- ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
- WOLFSSL_FAILURE);
- X509_free(x509);
- /* Should fail when x509 is NULL */
- ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
- WOLFSSL_FAILURE);
- #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
- return EXPECT_RESULT();
- }
- static int test_wc_PemToDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM)
- int ret;
- DerBuffer* pDer = NULL;
- const char* ca_cert = "./certs/server-cert.pem";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- int eccKey = 0;
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(info));
- ExpectIntEQ(ret = load_file(ca_cert, &cert_buf, &cert_sz), 0);
- ExpectIntEQ(ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE, &pDer, NULL,
- &info, &eccKey), 0);
- wc_FreeDer(&pDer);
- pDer = NULL;
- if (cert_buf != NULL) {
- free(cert_buf);
- cert_buf = NULL;
- }
- #ifdef HAVE_ECC
- {
- const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
- byte key_buf[256] = {0};
- /* Test fail of loading a key with cert type */
- ExpectIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
- key_buf[0] = '\n';
- ExpectNotNull(XMEMCPY(key_buf + 1, cert_buf, cert_sz));
- ExpectIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
- &pDer, NULL, &info, &eccKey)), 0);
- #ifdef OPENSSL_EXTRA
- ExpectIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE,
- &pDer, NULL, &info, &eccKey)), 0);
- #endif
- wc_FreeDer(&pDer);
- if (cert_buf != NULL)
- free(cert_buf);
- }
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_AllocDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS)
- DerBuffer* pDer = NULL;
- word32 testSize = 1024;
- ExpectIntEQ(wc_AllocDer(NULL, testSize, CERT_TYPE, HEAP_HINT),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT), 0);
- ExpectNotNull(pDer);
- wc_FreeDer(&pDer);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_CertPemToDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM)
- const char* ca_cert = "./certs/ca-cert.pem";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- size_t cert_dersz = 0;
- byte* cert_der = NULL;
- ExpectIntEQ(load_file(ca_cert, &cert_buf, &cert_sz), 0);
- cert_dersz = cert_sz; /* DER will be smaller than PEM */
- ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
- ExpectIntGE(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der,
- (int)cert_dersz, CERT_TYPE), 0);
- ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, -1, CERT_TYPE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL, -1, CERT_TYPE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der, -1, CERT_TYPE),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, (int)cert_dersz,
- CERT_TYPE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der,
- (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL,
- (int)cert_dersz, CERT_TYPE), BAD_FUNC_ARG);
- ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1,
- CERT_TYPE), BAD_FUNC_ARG);
- if (cert_der != NULL)
- free(cert_der);
- if (cert_buf != NULL)
- free(cert_buf);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_KeyPemToDer(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- int ret = 0;
- const byte cert_buf[] = \
- "-----BEGIN PRIVATE KEY-----\n"
- "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMG5KgWxP002pA\n"
- "QJIdA4H5N0oM1Wf0LrHcos5RYUlrHDkC2b5p2BUpVRPmgDAFD2+8leim98x0BvcB\n"
- "k48TNzrVynuwyVEY664+iQyzEBO5v27HPRydOddprbLCvRO036XINGIjauy1jHFi\n"
- "HaDVx3bexSwgp9aefUGAszFXi4q1J4GacV7Cr2b/wBqUHqWv4ZXPu6R9/UYngTkD\n"
- "UDJL5gLlLfcLzNyyodKPHPCIAKdWn6mSVdcHk8XVpK4y9lgz4E7YDWA6ohKZgWgG\n"
- "2RDha8CMilFMDgYa0G0SiS9g3PQx0qh3AMXJJsKSVhScFCZufAE0kV6KvjP7jAqP\n"
- "XBiSkRGPAgMBAAECggEAW7hmRyY2jRX2UMJThrM9VIs6fRLnYI0dQ0tsEJj536ay\n"
- "nevQjArc05KWW0Yujg+WRDZPcry3RUqd9Djlmhp/F3Si6dpF1b+PMS3wJYVrf9Sd\n"
- "SO5W7faArU4vnyBNe0HnY1Ta5xSVI65lg1RSIs88RTZwsooJwXYDGf0shq0/21CE\n"
- "V8HOb27DDYNcEnm35lzaONjFnMqQQT2Vs9anRrPiSEXNleEvTgLVXZtGTyCGTz6v\n"
- "x86Y8eSWL9YNHvPE1I+mDPuocfSR7eRNgRu7SK3mn94W5mqd7Ns072YKX/2XN1mO\n"
- "66+ZFHO6v4dK1u7cSjuwrU1EhLHpUsgDz6Bna5InyQKBgQDv5l8RPy8UneKSADaf\n"
- "M5L/5675I/5t4nqVjvbnQje00YveLTAEjlJBNR93Biln3sYgnvNamYDCxyEuUZ/I\n"
- "S/vmBL9PoxfGZow4FcsIBOEbIn3E0SYJgCBNWthquUvGpKsYDnThJuhO+1cVmxAJ\n"
- "BUOjLFnJYHM0a+Vmk9GexT2OBwKBgQDZzkUBOK7Im3eiYytFocUJyhqMH30d49X9\n"
- "ujC7kGw4UWAqVe7YCSvlBa8nzWpRWK2kRpu3M0272RU0V4geyWqT+nr/SvRRPtNP\n"
- "F5dY8l3yR7hjtSejqqjOfBcZT6ETJxI4tiG0+Nl5BlfM5M+0nxnkWpRcHuOR3j79\n"
- "YUFERyN+OQKBgQCjlOKeUAc6d65W/+4/AFvsQ378Q57qLtSHxsR1TKHPmlNVXFqx\n"
- "wJo1/JNIBduWCEHxXHF0BdfW+RGXE/FwEt/hKLuLAhrkHmjelX2sKieU6R/5ZOQa\n"
- "9lMQbDHGFDOncAF6leD85hriQGBRSzrT69MDIOrYdfwYcroqCAGX0cb3YQKBgQC8\n"
- "iIFQylj5SyHmjcMSNjKSA8CxFDzAV8yPIdE3Oo+CvGXqn5HsrRuy1hXE9VmXapR8\n"
- "A6ackSszdHiXY0FvrNe1mfdH7wDHJwPQjdIzazCJHS3uGQxj7sDKY7226ie6pXJv\n"
- "ZrCMr2/IBAaSVGm6ppHKCeIsT4ybYm7R85KEYLPHeQKBgBeJOMBinXQfWN/1jT9b\n"
- "6Ywrutvp2zP8hVxQGSZJ0WG4iewZyFLsPUlbWRXOSYNPElHmdD0ZomdLVm+lSpAA\n"
- "XSH5FJ/IFCwqq7Eft6Gf8NFRV+NjPMUny+PnjHe4oFP8YK/Ek22K3ttNG8Hw69Aw\n"
- "AQue5o6oVfhgLiJzMdo/77gw\n"
- "-----END PRIVATE KEY-----\n";
- const int cert_sz = sizeof(cert_buf);
- const char cert_pw[] = "password";
- int cert_dersz = 0;
- byte* cert_der = NULL;
- /* Bad arg: Cert buffer is NULL */
- ExpectIntEQ(wc_KeyPemToDer(NULL, cert_sz, cert_der, cert_dersz, ""),
- BAD_FUNC_ARG);
- /* Bad arg: Cert DER buffer non-NULL but size zero (or less) */
- ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""),
- BAD_FUNC_ARG);
- /* Test normal operation */
- cert_dersz = cert_sz; /* DER will be smaller than PEM */
- ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
- ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz,
- cert_pw), 0);
- ExpectIntLE(ret, cert_sz);
- if (cert_der != NULL) {
- free(cert_der);
- cert_der = NULL;
- }
- /* Test NULL for DER buffer to return needed DER buffer size */
- ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0);
- ExpectIntLE(ret, cert_sz);
- if (EXPECT_SUCCESS())
- cert_dersz = ret;
- ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
- ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz,
- cert_pw), 0);
- ExpectIntLE(ret, cert_sz);
- if (cert_der != NULL)
- free(cert_der);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_PubKeyPemToDer(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && \
- (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER))
- int ret = 0;
- const char* key = "./certs/ecc-client-keyPub.pem";
- byte* cert_buf = NULL;
- size_t cert_sz = 0, cert_dersz = 0;
- byte* cert_der = NULL;
- ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
- cert_der, (int)cert_dersz), BAD_FUNC_ARG);
- ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0);
- cert_dersz = cert_sz; /* DER will be smaller than PEM */
- ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
- ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der,
- (int)cert_dersz), 0);
- if (cert_der != NULL) {
- free(cert_der);
- cert_der = NULL;
- }
- /* Test NULL for DER buffer to return needed DER buffer size */
- ExpectIntGT(ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, NULL, 0), 0);
- ExpectIntLE(ret, cert_sz);
- cert_dersz = ret;
- ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
- ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der,
- (int)cert_dersz), 0);
- if (cert_der != NULL) {
- free(cert_der);
- }
- if (cert_buf != NULL) {
- free(cert_buf);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_PemPubKeyToDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && \
- (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER))
- const char* key = "./certs/ecc-client-keyPub.pem";
- size_t cert_dersz = 1024;
- byte* cert_der = NULL;
- ExpectIntGE(wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz),
- BAD_FUNC_ARG);
- ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
- ExpectIntGE(wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz), 0);
- if (cert_der != NULL) {
- free(cert_der);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_GetPubKeyDerFromCert(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) || defined(HAVE_ECC)
- int ret;
- word32 idx = 0;
- byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */
- word32 keyDerSz = (word32)sizeof(keyDer);
- DecodedCert decoded;
- #if !defined(NO_RSA) && defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM)
- byte certBuf[6000]; /* for PEM and CSR, client-cert.pem is 5-6kB */
- word32 certBufSz = sizeof(certBuf);
- #endif
- #if ((!defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)) || \
- defined(WOLFSSL_CERT_REQ)) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- XFILE fp = XBADFILE;
- #endif
- #ifndef NO_RSA
- RsaKey rsaKey;
- #if defined(USE_CERT_BUFFERS_2048)
- byte* rsaCertDer = (byte*)client_cert_der_2048;
- word32 rsaCertDerSz = sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_1024)
- byte* rsaCertDer = (byte*)client_cert_der_1024;
- word32 rsaCertDerSz = sizeof_client_cert_der_1024;
- #else
- unsigned char rsaCertDer[TWOK_BUF];
- word32 rsaCertDerSz;
- #endif
- #endif
- #ifdef HAVE_ECC
- ecc_key eccKey;
- #if defined(USE_CERT_BUFFERS_256)
- byte* eccCert = (byte*)cliecc_cert_der_256;
- word32 eccCertSz = sizeof_cliecc_cert_der_256;
- #else
- unsigned char eccCert[ONEK_BUF];
- word32 eccCertSz;
- XFILE fp2 = XBADFILE;
- #endif
- #endif
- #ifndef NO_RSA
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE);
- ExpectIntGT(rsaCertDerSz = (word32)XFREAD(rsaCertDer, 1, sizeof(rsaCertDer),
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- #endif
- /* good test case - RSA DER cert */
- wc_InitDecodedCert(&decoded, rsaCertDer, rsaCertDerSz, NULL);
- ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0);
- ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0);
- ExpectIntGT(keyDerSz, 0);
- /* sanity check, verify we can import DER public key */
- ret = wc_InitRsaKey(&rsaKey, HEAP_HINT);
- ExpectIntEQ(ret, 0);
- ExpectIntEQ(wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz), 0);
- if (ret == 0) {
- wc_FreeRsaKey(&rsaKey);
- }
- /* test LENGTH_ONLY_E case */
- keyDerSz = 0;
- ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz),
- LENGTH_ONLY_E);
- ExpectIntGT(keyDerSz, 0);
- /* bad args: DecodedCert NULL */
- ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), BAD_FUNC_ARG);
- /* bad args: output key buff size */
- ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), BAD_FUNC_ARG);
- /* bad args: zero size output key buffer */
- keyDerSz = 0;
- ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz),
- BAD_FUNC_ARG);
- wc_FreeDecodedCert(&decoded);
- /* Certificate Request Tests */
- #if defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM)
- {
- XMEMSET(certBuf, 0, sizeof(certBuf));
- ExpectTrue((fp = XFOPEN("./certs/csr.signed.der", "rb")) != XBADFILE);
- ExpectIntGT(certBufSz = (word32)XFREAD(certBuf, 1, certBufSz, fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- }
- wc_InitDecodedCert(&decoded, certBuf, certBufSz, NULL);
- ExpectIntEQ(wc_ParseCert(&decoded, CERTREQ_TYPE, VERIFY, NULL), 0);
- /* good test case - RSA DER certificate request */
- keyDerSz = sizeof(keyDer);
- ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz),
- 0);
- ExpectIntGT(keyDerSz, 0);
- /* sanity check, verify we can import DER public key */
- ret = wc_InitRsaKey(&rsaKey, HEAP_HINT);
- ExpectIntEQ(ret, 0);
- idx = 0;
- ExpectIntEQ(wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz), 0);
- if (ret == 0) {
- wc_FreeRsaKey(&rsaKey);
- }
- wc_FreeDecodedCert(&decoded);
- }
- #endif /* WOLFSSL_CERT_REQ */
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef USE_CERT_BUFFERS_256
- ExpectTrue((fp2 = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(eccCertSz = (word32)XFREAD(eccCert, 1, ONEK_BUF, fp2), 0);
- if (fp2 != XBADFILE) {
- XFCLOSE(fp2);
- }
- #endif
- wc_InitDecodedCert(&decoded, eccCert, eccCertSz, NULL);
- ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0);
- /* good test case - ECC */
- XMEMSET(keyDer, 0, sizeof(keyDer));
- keyDerSz = sizeof(keyDer);
- ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0);
- ExpectIntGT(keyDerSz, 0);
- /* sanity check, verify we can import DER public key */
- ret = wc_ecc_init(&eccKey);
- ExpectIntEQ(ret, 0);
- idx = 0; /* reset idx to 0, used above in RSA case */
- ExpectIntEQ(wc_EccPublicKeyDecode(keyDer, &idx, &eccKey, keyDerSz), 0);
- if (ret == 0) {
- wc_ecc_free(&eccKey);
- }
- /* test LENGTH_ONLY_E case */
- keyDerSz = 0;
- ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz),
- LENGTH_ONLY_E);
- ExpectIntGT(keyDerSz, 0);
- wc_FreeDecodedCert(&decoded);
- #endif
- #endif /* !NO_RSA || HAVE_ECC */
- return EXPECT_RESULT();
- }
- static int test_wc_CheckCertSigPubKey(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_ECC)
- int ret = 0;
- const char* ca_cert = "./certs/ca-cert.pem";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- byte* cert_der = NULL;
- word32 cert_dersz = 0;
- byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */
- word32 keyDerSz = (word32)sizeof(keyDer);
- DecodedCert decoded;
- ExpectIntEQ(load_file(ca_cert, &cert_buf, &cert_sz), 0);
- cert_dersz = (word32)cert_sz; /* DER will be smaller than PEM */
- ExpectNotNull(cert_der = (byte*)malloc(cert_dersz));
- ExpectIntGE(ret = wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der,
- (int)cert_dersz, CERT_TYPE), 0);
- wc_InitDecodedCert(&decoded, cert_der, cert_dersz, NULL);
- ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0);
- ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0);
- ExpectIntGT(keyDerSz, 0);
- /* Good test case. */
- ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer,
- keyDerSz, RSAk), 0);
- /* No certificate. */
- ExpectIntEQ(wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz,
- ECDSAk), BAD_FUNC_ARG);
- /* Bad cert size. */
- ExpectIntNE(ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz,
- RSAk), 0);
- ExpectTrue(ret == ASN_PARSE_E || ret == BUFFER_E);
- /* No public key. */
- ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL,
- keyDerSz, RSAk), ASN_NO_SIGNER_E);
- /* Bad public key size. */
- ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0,
- RSAk), BAD_FUNC_ARG);
- /* Wrong aglo. */
- ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer,
- keyDerSz, ECDSAk), ASN_PARSE_E);
- wc_FreeDecodedCert(&decoded);
- if (cert_der != NULL)
- free(cert_der);
- if (cert_buf != NULL)
- free(cert_buf);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_certs(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA)
- X509* x509ext = NULL;
- #ifdef OPENSSL_ALL
- X509* x509 = NULL;
- WOLFSSL_X509_EXTENSION* ext = NULL;
- ASN1_OBJECT* obj = NULL;
- #endif
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- STACK_OF(ASN1_OBJECT)* sk = NULL;
- ASN1_STRING* asn1_str = NULL;
- AUTHORITY_KEYID* akey = NULL;
- BASIC_CONSTRAINTS* bc = NULL;
- int crit = 0;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
- #endif
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
- #endif
- ExpectNotNull(ssl = SSL_new(ctx));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- #ifdef HAVE_PK_CALLBACKS
- ExpectIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
- #endif /* HAVE_PK_CALLBACKS */
- /* create and use x509 */
- #ifdef OPENSSL_ALL
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- WOLFSSL_FILETYPE_PEM));
- #endif
- ExpectNotNull(x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
- #if !defined(NO_CHECK_PRIVATE_KEY)
- /* with loading in a new cert the check on private key should now fail */
- ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- #if defined(USE_CERT_BUFFERS_2048)
- ExpectIntEQ(SSL_use_certificate_ASN1(ssl,
- (unsigned char*)server_cert_der_2048,
- sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
- #endif
- #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
- /************* Get Digest of Certificate ******************/
- {
- byte digest[64]; /* max digest size */
- word32 digestSz;
- XMEMSET(digest, 0, sizeof(digest));
- ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
- WOLFSSL_FAILURE);
- }
- #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
- /* test and checkout X509 extensions */
- ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext,
- NID_basic_constraints, &crit, NULL));
- ExpectIntEQ(crit, 0);
- #ifdef OPENSSL_ALL
- ExpectNotNull(ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc));
- X509_EXTENSION_free(ext);
- ext = NULL;
- ExpectNotNull(ext = X509_EXTENSION_new());
- X509_EXTENSION_set_critical(ext, 1);
- ExpectNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
- ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
- ASN1_OBJECT_free(obj);
- obj = NULL;
- X509_EXTENSION_free(ext);
- ext = NULL;
- ExpectNotNull(ext = X509_EXTENSION_new());
- X509_EXTENSION_set_critical(ext, 0);
- ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
- asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
- NULL);
- ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
- ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
- * and X509_get_ext_d2i has created new */
- asn1_str = NULL;
- X509_EXTENSION_free(ext);
- ext = NULL;
- #endif
- BASIC_CONSTRAINTS_free(bc);
- bc = NULL;
- ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext,
- NID_key_usage, &crit, NULL));
- ExpectIntEQ(crit, 1);
- ExpectIntEQ(asn1_str->type, NID_key_usage);
- #ifdef OPENSSL_ALL
- ExpectNotNull(ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str));
- X509_EXTENSION_free(ext);
- ext = NULL;
- #endif
- ASN1_STRING_free(asn1_str);
- asn1_str = NULL;
- #ifdef OPENSSL_ALL
- ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
- NID_ext_key_usage, &crit, NULL));
- ExpectNotNull(ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk));
- X509_EXTENSION_free(ext);
- ext = NULL;
- EXTENDED_KEY_USAGE_free(sk);
- sk = NULL;
- #else
- sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage,
- &crit, NULL);
- ExpectNull(sk);
- #endif
- ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
- NID_authority_key_identifier, &crit, NULL));
- #ifdef OPENSSL_ALL
- ExpectNotNull(ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit,
- akey));
- X509_EXTENSION_free(ext);
- ext = NULL;
- #endif
- wolfSSL_AUTHORITY_KEYID_free(akey);
- akey = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_private_key_usage_period, &crit, NULL));
- ExpectIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext,
- NID_subject_alt_name, &crit, NULL));
- {
- int i;
- for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
- GENERAL_NAME* gen = sk_GENERAL_NAME_value(sk, i);
- ExpectIntEQ(gen->type, GEN_DNS);
- ExpectIntEQ(gen->d.dNSName->type, V_ASN1_IA5STRING);
- }
- }
- sk_GENERAL_NAME_free(sk);
- sk = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_issuer_alt_name, &crit, NULL));
- ExpectIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_info_access, &crit, NULL));
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_sinfo_access, &crit, NULL));
- ExpectIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_name_constraints, &crit, NULL));
- ExpectIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* no cert policy set */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_certificate_policies, &crit, NULL));
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_policy_mappings, &crit, NULL));
- ExpectIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_policy_constraints, &crit, NULL));
- ExpectIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_inhibit_any_policy, &crit, NULL));
- ExpectIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* NID not yet supported */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
- NID_tlsfeature, &crit, NULL));
- ExpectIntEQ(crit, -1);
- sk_ASN1_OBJECT_free(sk);
- sk = NULL;
- /* test invalid cases */
- crit = 0;
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit,
- NULL));
- ExpectIntEQ(crit, -1);
- /* NULL passed for criticality. */
- ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL,
- NID_tlsfeature, NULL, NULL));
- ExpectIntEQ(SSL_get_hit(ssl), 0);
- #ifdef OPENSSL_ALL
- X509_free(x509);
- #endif
- X509_free(x509ext);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && !NO_CERTS */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_check_private_key(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
- defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY)
- X509* x509 = NULL;
- EVP_PKEY* pkey = NULL;
- const byte* key;
- /* Check with correct key */
- ExpectNotNull((x509 = X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM)));
- key = client_key_der_2048;
- ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key,
- (long)sizeof_client_key_der_2048));
- ExpectIntEQ(X509_check_private_key(x509, pkey), 1);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- /* Check with wrong key */
- key = server_key_der_2048;
- ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key,
- (long)sizeof_server_key_der_2048));
- ExpectIntEQ(X509_check_private_key(x509, pkey), 0);
- /* test for incorrect parameter */
- ExpectIntEQ(X509_check_private_key(NULL, pkey), 0);
- ExpectIntEQ(X509_check_private_key(x509, NULL), 0);
- ExpectIntEQ(X509_check_private_key(NULL, NULL), 0);
- EVP_PKEY_free(pkey);
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_private_keys(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- EVP_PKEY* pkey = NULL;
- OpenSSL_add_all_digests();
- OpenSSL_add_all_algorithms();
- #ifndef NO_RSA
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
- /* Have to load a cert before you can check the private key against that
- * certificates public key! */
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
- #endif
- ExpectNotNull(ssl = SSL_new(ctx));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- #ifdef USE_CERT_BUFFERS_2048
- {
- const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
- unsigned char buf[FOURK_BUF];
- word32 bufSz;
- ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
- (unsigned char*)client_key_der_2048,
- sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
- #if !defined(NO_CHECK_PRIVATE_KEY)
- /* Should mismatch now that a different private key loaded */
- ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
- (unsigned char*)server_key,
- sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
- #if !defined(NO_CHECK_PRIVATE_KEY)
- /* After loading back in DER format of original key, should match */
- ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- /* test loading private key to the WOLFSSL_CTX */
- ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
- (unsigned char*)client_key_der_2048,
- sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
- #if !defined(NO_CHECK_PRIVATE_KEY)
- /* Should mismatch now that a different private key loaded */
- ExpectIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
- #endif
- ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
- (unsigned char*)server_key,
- sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
- #if !defined(NO_CHECK_PRIVATE_KEY)
- /* After loading back in DER format of original key, should match */
- ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
- #endif
- /* pkey not set yet, expecting to fail */
- ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
- /* set PKEY and test again */
- ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
- &server_key, (long)sizeof_server_key_der_2048));
- ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
- /* reuse PKEY structure and test
- * this should be checked with a memory management sanity checker */
- ExpectFalse(server_key == (const unsigned char*)server_key_der_2048);
- server_key = (const unsigned char*)server_key_der_2048;
- ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
- &server_key, (long)sizeof_server_key_der_2048));
- ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
- /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
- bufSz = FOURK_BUF;
- ExpectIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
- (byte*)server_key_der_2048, sizeof_server_key_der_2048,
- RSAk, NULL, 0)), 0);
- server_key = (const unsigned char*)buf;
- ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
- (long)bufSz));
- }
- #endif
- EVP_PKEY_free(pkey);
- pkey = NULL;
- SSL_free(ssl); /* frees x509 also since loaded into ssl */
- ssl = NULL;
- SSL_CTX_free(ctx);
- ctx = NULL;
- #endif /* end of RSA private key match tests */
- #ifdef HAVE_ECC
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- SSL_free(ssl);
- ssl = NULL;
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
- ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- SSL_free(ssl);
- ssl = NULL;
- SSL_CTX_free(ctx);
- ctx = NULL;
- #endif /* end of ECC private key match tests */
- #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, edCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- SSL_free(ssl);
- ssl = NULL;
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- SSL_free(ssl);
- ssl = NULL;
- SSL_CTX_free(ctx);
- ctx = NULL;
- #endif /* end of Ed25519 private key match tests */
- #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- SSL_free(ssl);
- ssl = NULL;
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- #if !defined(NO_CHECK_PRIVATE_KEY)
- ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
- #endif
- SSL_free(ssl);
- ssl = NULL;
- SSL_CTX_free(ctx);
- ctx = NULL;
- #endif /* end of Ed448 private key match tests */
- EVP_cleanup();
- /* test existence of no-op macros in wolfssl/openssl/ssl.h */
- CONF_modules_free();
- ENGINE_cleanup();
- CONF_modules_unload();
- (void)ssl;
- (void)ctx;
- (void)pkey;
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_read_PrivateKey(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \
- && !defined(NO_FILESYSTEM)
- XFILE file = XBADFILE;
- const char* fname = "./certs/server-key.pem";
- EVP_PKEY* pkey = NULL;
- RSA* rsa = NULL;
- WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
- unsigned char* sig = NULL;
- size_t sigLen = 0;
- const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7};
- size_t tbsLen = sizeof(tbs);
- /* Check error case. */
- ExpectNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL));
- /* Read in an RSA key. */
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
- if (file != XBADFILE)
- XFCLOSE(file);
- /* Make sure the key is usable by signing some data with it. */
- ExpectNotNull(rsa = EVP_PKEY_get0_RSA(pkey));
- ExpectIntGT((sigLen = RSA_size(rsa)), 0);
- ExpectNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen),
- WOLFSSL_SUCCESS);
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_read_PUBKEY(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \
- && !defined(NO_FILESYSTEM)
- XFILE file = XBADFILE;
- const char* fname = "./certs/client-keyPub.pem";
- EVP_PKEY* pkey = NULL;
- /* Check error case. */
- ExpectNull(pkey = PEM_read_PUBKEY(NULL, NULL, NULL, NULL));
- /* Read in an RSA key. */
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL));
- EVP_PKEY_free(pkey);
- if (file != XBADFILE)
- XFCLOSE(file);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_PrivateKey(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)
- #ifndef NO_BIO
- BIO* bio = NULL;
- #endif
- EVP_PKEY* pkey = NULL;
- const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
- #ifndef NO_BIO
- /* test creating new EVP_PKEY with bad arg */
- ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));
- /* test loading RSA key using BIO */
- #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- {
- XFILE file = XBADFILE;
- const char* fname = "./certs/server-key.pem";
- const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem";
- size_t sz = 0;
- byte* buf = NULL;
- EVP_PKEY* pkey2 = NULL;
- EVP_PKEY* pkey3 = NULL;
- RSA* rsa_key = NULL;
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- ExpectIntGT(sz = XFTELL(file), 0);
- ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
- ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- if (buf != NULL) {
- ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
- }
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- /* Test using BIO new mem and loading PEM private key */
- ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- buf = NULL;
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(pkey2 = EVP_PKEY_new());
- if (pkey2 != NULL) {
- pkey2->type = EVP_PKEY_RSA;
- }
- /* Test parameter copy */
- ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
- EVP_PKEY_free(pkey2);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- /* Qt unit test case : rsa pkcs8 key */
- ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE);
- ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- ExpectIntGT(sz = XFTELL(file), 0);
- ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
- ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- if (buf) {
- ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
- }
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- buf = NULL;
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(pkey3 = EVP_PKEY_new());
- ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey));
- ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
- #else
- ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
- #endif
- RSA_free(rsa_key);
- EVP_PKEY_free(pkey3);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- /* test loading ECC key using BIO */
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
- {
- XFILE file = XBADFILE;
- const char* fname = "./certs/ecc-key.pem";
- const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem";
- size_t sz = 0;
- byte* buf = NULL;
- EVP_PKEY* pkey2 = NULL;
- EVP_PKEY* pkey3 = NULL;
- EC_KEY* ec_key = NULL;
- int nid = 0;
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- ExpectIntGT(sz = XFTELL(file), 0);
- ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
- ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- if (buf) {
- ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
- }
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- /* Test using BIO new mem and loading PEM private key */
- ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- buf = NULL;
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(pkey2 = EVP_PKEY_new());
- ExpectNotNull(pkey3 = EVP_PKEY_new());
- if (pkey2 != NULL) {
- pkey2->type = EVP_PKEY_EC;
- }
- /* Test parameter copy */
- ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
- /* Qt unit test case 1*/
- ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
- ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
- #else
- ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
- #endif
- /* Test default digest */
- ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
- ExpectIntEQ(nid, NID_sha256);
- EC_KEY_free(ec_key);
- ec_key = NULL;
- EVP_PKEY_free(pkey3);
- pkey3 = NULL;
- EVP_PKEY_free(pkey2);
- pkey2 = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- /* Qt unit test case ec pkcs8 key */
- ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE);
- ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- ExpectIntGT(sz = XFTELL(file), 0);
- ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
- ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- if (buf) {
- ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
- }
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- buf = NULL;
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(pkey3 = EVP_PKEY_new());
- /* Qt unit test case */
- ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
- ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
- #else
- ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
- #endif
- EC_KEY_free(ec_key);
- EVP_PKEY_free(pkey3);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- #if !defined(NO_BIO) && !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || \
- defined(WOLFSSL_CERT_GEN))
- {
- #define BIO_PEM_TEST_CHAR 'a'
- EVP_PKEY* pkey2 = NULL;
- unsigned char extra[10];
- int i;
- BIO* pub_bio = NULL;
- XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
- ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);
- ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
- &server_key, (long)sizeof_server_key_der_2048));
- ExpectNull(pkey);
- ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
- &server_key, (long)sizeof_server_key_der_2048));
- ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_SUCCESS);
- ExpectIntGT(BIO_pending(bio), 0);
- ExpectIntEQ(BIO_pending(bio), 1679);
- /* Check if the pubkey API writes only the public key */
- #ifdef WOLFSSL_KEY_GEN
- ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
- ExpectIntGT(BIO_pending(pub_bio), 0);
- /* Previously both the private key and the pubkey calls would write
- * out the private key and the PEM header was the only difference.
- * The public PEM should be significantly shorter than the
- * private key versison. */
- ExpectIntEQ(BIO_pending(pub_bio), 451);
- #endif
- /* test creating new EVP_PKEY with good args */
- ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
- if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
- ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
- /* test of reuse of EVP_PKEY */
- ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
- ExpectIntEQ(BIO_pending(bio), 0);
- ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
- SSL_SUCCESS);
- ExpectIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
- ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
- ExpectNotNull(pkey);
- if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
- ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
- }
- ExpectIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
- ExpectIntEQ(BIO_read(bio, extra, 10), 10);
- for (i = 0; i < 10; i++) {
- ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR);
- }
- BIO_free(pub_bio);
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- EVP_PKEY_free(pkey2);
- }
- #endif
- /* key is DES encrypted */
- #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
- !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \
- !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
- {
- XFILE f = XBADFILE;
- wc_pem_password_cb* passwd_cb = NULL;
- void* passwd_cb_userdata;
- SSL_CTX* ctx = NULL;
- char passwd[] = "bad password";
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
- #endif
- #else
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
- #endif
- #endif
- ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
- SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- ExpectNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx));
- ExpectNull(passwd_cb_userdata =
- SSL_CTX_get_default_passwd_cb_userdata(ctx));
- /* fail case with password call back */
- ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
- (void*)passwd));
- BIO_free(bio);
- ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
- ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
- (void*)passwd));
- BIO_free(bio);
- ExpectTrue((f = XFOPEN("./certs/server-keyEnc.pem", "rb")) != XBADFILE);
- ExpectNotNull(bio = BIO_new_fp(f, BIO_CLOSE));
- if ((bio == NULL) && (f != XBADFILE)) {
- XFCLOSE(f);
- }
- /* use callback that works */
- ExpectNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
- (void*)"yassl123"));
- ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BIO_free(bio);
- bio = NULL;
- SSL_CTX_free(ctx);
- }
- #endif /* !defined(NO_DES3) */
- #endif /* !NO_BIO */
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
- {
- unsigned char buf[2048];
- size_t bytes = 0;
- XFILE f = XBADFILE;
- SSL_CTX* ctx = NULL;
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
- #endif
- #else
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
- #endif
- #endif
- ExpectTrue((f = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE);
- ExpectIntGT(bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- server_key = buf;
- pkey = NULL;
- ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes));
- ExpectNull(pkey);
- ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes));
- ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- SSL_CTX_free(ctx);
- server_key = NULL;
- }
- #endif
- #ifndef NO_BIO
- (void)bio;
- #endif
- (void)pkey;
- (void)server_key;
- #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_file_RSAKey(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
- defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
- !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
- RSA* rsa = NULL;
- XFILE fp = XBADFILE;
- ExpectTrue((fp = XFOPEN("./certs/rsa-pub-2048.pem", "rb")) != XBADFILE);
- ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL)));
- if (fp != XBADFILE)
- XFCLOSE(fp);
- ExpectIntEQ(RSA_size(rsa), 256);
- ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS);
- ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS);
- RSA_free(rsa);
- #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
- (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_file_RSAPrivateKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(NO_FILESYSTEM) && \
- (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
- RSA* rsa = NULL;
- XFILE f = NULL;
- ExpectTrue((f = XFOPEN(svrKeyFile, "r")) != XBADFILE);
- ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
- ExpectIntEQ(RSA_size(rsa), 256);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL),
- WOLFSSL_SUCCESS);
- RSA_free(rsa);
- #ifdef HAVE_ECC
- ExpectTrue((f = XFOPEN(eccKeyFile, "r")) != XBADFILE);
- ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL)));
- if (f != XBADFILE)
- XFCLOSE(f);
- #endif /* HAVE_ECC */
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_read_RSA_PUBKEY(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- XFILE file = XBADFILE;
- const char* fname = "./certs/client-keyPub.pem";
- RSA *rsa = NULL;
- ExpectNull(wolfSSL_PEM_read_RSA_PUBKEY(XBADFILE, NULL, NULL, NULL));
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL)));
- ExpectIntEQ(RSA_size(rsa), 256);
- RSA_free(rsa);
- if (file != XBADFILE)
- XFCLOSE(file);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_PEM_bio_RSAKey(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
- defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
- !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
- RSA* rsa = NULL;
- BIO* bio = NULL;
- /* PrivateKey */
- ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
- ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL)));
- ExpectNotNull(PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL));
- ExpectNotNull(rsa);
- ExpectIntEQ(RSA_size(rsa), 256);
- ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
- NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \
- NULL), WOLFSSL_SUCCESS);
- BIO_free(bio);
- bio = NULL;
- RSA_free(rsa);
- rsa = NULL;
- /* PUBKEY */
- ExpectNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb"));
- ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
- ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
- ExpectIntEQ(RSA_size(rsa), 256);
- ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS);
- BIO_free(bio);
- bio = NULL;
- RSA_free(rsa);
- rsa = NULL;
- /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */
- ExpectNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb"));
- ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- bio = NULL;
- RSA_free(rsa);
- rsa = NULL;
- #ifdef HAVE_ECC
- /* ensure that non-rsa keys do not work */
- ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
- ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
- ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- bio = NULL;
- RSA_free(rsa);
- rsa = NULL;
- #endif /* HAVE_ECC */
- #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
- (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_bio_RSAPrivateKey(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- RSA* rsa = NULL;
- RSA* rsa_dup = NULL;
- BIO* bio = NULL;
- ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
- ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
- ExpectIntEQ(RSA_size(rsa), 256);
- #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
- ExpectNull(rsa_dup = RSAPublicKey_dup(NULL));
- /* Test duplicating empty key. */
- ExpectNotNull(rsa_dup = RSA_new());
- ExpectNull(RSAPublicKey_dup(rsa_dup));
- RSA_free(rsa_dup);
- rsa_dup = NULL;
- ExpectNotNull(rsa_dup = RSAPublicKey_dup(rsa));
- ExpectPtrNE(rsa_dup, rsa);
- #endif
- /* test if valgrind complains about unreleased memory */
- RSA_up_ref(rsa);
- RSA_free(rsa);
- BIO_free(bio);
- bio = NULL;
- RSA_free(rsa);
- rsa = NULL;
- RSA_free(rsa_dup);
- rsa_dup = NULL;
- #ifdef HAVE_ECC
- ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb"));
- ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- #endif /* HAVE_ECC */
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_bio_DSAKey(void)
- {
- EXPECT_DECLS;
- #ifndef HAVE_SELFTEST
- #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \
- defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA)
- DSA* dsa = NULL;
- BIO* bio = NULL;
- /* PrivateKey */
- ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb"));
- ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL)));
- ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
- ExpectIntEQ(BN_num_bytes(dsa->g), 128);
- ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_SUCCESS);
- BIO_free(bio);
- bio = NULL;
- DSA_free(dsa);
- dsa = NULL;
- /* PUBKEY */
- ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb"));
- ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
- ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
- ExpectIntEQ(BN_num_bytes(dsa->g), 128);
- ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS);
- BIO_free(bio);
- bio = NULL;
- DSA_free(dsa);
- dsa = NULL;
- #ifdef HAVE_ECC
- /* ensure that non-dsa keys do not work */
- ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
- ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
- ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- bio = NULL;
- DSA_free(dsa);
- dsa = NULL;
- #endif /* HAVE_ECC */
- #endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \
- !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \
- !defined(NO_FILESYSTEM) && !defined(NO_DSA) */
- #endif /* HAVE_SELFTEST */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_bio_ECKey(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
- defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
- EC_KEY* ec = NULL;
- EC_KEY* ec2;
- BIO* bio = NULL;
- #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
- unsigned char* pem = NULL;
- int pLen;
- #endif
- static char ec_key_bad_1[] = "-----BEGIN PUBLIC KEY-----\n"
- "MAA=\n"
- "-----END PUBLIC KEY-----";
- static char ec_priv_key_bad_1[] = "-----BEGIN EC PRIVATE KEY-----\n"
- "MAA=\n"
- "-----END EC PRIVATE KEY-----";
- /* PrivateKey */
- ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb"));
- ExpectNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL)));
- ec2 = NULL;
- ExpectNotNull((ec = PEM_read_bio_ECPrivateKey(bio, &ec2, NULL, NULL)));
- ExpectIntEQ(ec == ec2, 1);
- ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
- ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL,
- NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL),
- WOLFSSL_FAILURE);
- BIO_free(bio);
- bio = NULL;
- /* Public key data - fail. */
- ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb"));
- ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \
- NULL), WOLFSSL_SUCCESS);
- BIO_free(bio);
- bio = NULL;
- ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL,
- NULL),WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL,
- NULL), 0);
- #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
- ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL,
- NULL), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem,
- NULL), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL,
- &pLen), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem,
- &pLen), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL,
- &pLen), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem,
- NULL), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem,
- &pLen), 1);
- ExpectIntGT(pLen, 0);
- XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- EC_KEY_free(ec);
- ec = NULL;
- /* PUBKEY */
- ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb"));
- ExpectNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL)));
- ec2 = NULL;
- ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL)));
- ExpectIntEQ(ec == ec2, 1);
- ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
- ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
- BIO_free(bio);
- bio = NULL;
- /* Test 0x30, 0x00 fails. */
- ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_key_bad_1,
- sizeof(ec_key_bad_1)));
- ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- /* Private key data - fail. */
- ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb"));
- ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS);
- BIO_free(bio);
- bio = NULL;
- /* Same test as above, but with a file pointer rather than a BIO. */
- ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS);
- EC_KEY_free(ec);
- ec = NULL;
- #ifndef NO_RSA
- /* ensure that non-ec keys do not work */
- ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */
- ExpectNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
- ExpectNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
- BIO_free(bio);
- bio = NULL;
- EC_KEY_free(ec);
- ec = NULL;
- #endif /* !NO_RSA */
- /* Test 0x30, 0x00 fails. */
- ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_priv_key_bad_1,
- sizeof(ec_priv_key_bad_1)));
- ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_PUBKEY(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- BIO* bio = NULL;
- EVP_PKEY* pkey = NULL;
- /* test creating new EVP_PKEY with bad arg */
- ExpectNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL)));
- /* test loading ECC key using BIO */
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
- {
- XFILE file = XBADFILE;
- const char* fname = "./certs/ecc-client-keyPub.pem";
- size_t sz;
- byte* buf = NULL;
- EVP_PKEY* pkey2 = NULL;
- EC_KEY* ec_key = NULL;
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectIntEQ(XFSEEK(file, 0, XSEEK_END), 0);
- ExpectIntGT(sz = XFTELL(file), 0);
- ExpectIntEQ(XFSEEK(file, 0, XSEEK_SET), 0);
- ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- if (buf != NULL) {
- ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
- }
- if (file != XBADFILE) {
- XFCLOSE(file);
- }
- /* Test using BIO new mem and loading PEM private key */
- ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- ExpectNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)));
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- BIO_free(bio);
- bio = NULL;
- /* Qt unit test case*/
- ExpectNotNull(pkey2 = EVP_PKEY_new());
- ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
- ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */);
- #else
- ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0);
- #endif
- EC_KEY_free(ec_key);
- EVP_PKEY_free(pkey2);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- (void)bio;
- (void)pkey;
- #endif
- return EXPECT_RESULT();
- }
- #endif /* !NO_BIO */
- static int test_DSA_do_sign_verify(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_DSA)
- unsigned char digest[WC_SHA_DIGEST_SIZE];
- DSA_SIG* sig = NULL;
- DSA* dsa = NULL;
- word32 bytes;
- byte sigBin[DSA_SIG_SIZE];
- int dsacheck;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- byte tmp[TWOK_BUF];
- XFILE fp = XBADFILE;
- XMEMSET(tmp, 0, sizeof(tmp));
- ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb") != XBADFILE);
- ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- XMEMSET(digest, 202, sizeof(digest));
- ExpectNotNull(dsa = DSA_new());
- ExpectIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);
- ExpectIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
- ExpectIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
- ExpectNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
- ExpectIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
- DSA_SIG_free(sig);
- DSA_free(dsa);
- #endif
- #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_tmp_dh(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- byte buff[6000];
- char file[] = "./certs/dsaparams.pem";
- XFILE f = XBADFILE;
- int bytes = 0;
- DSA* dsa = NULL;
- DH* dh = NULL;
- #if defined(WOLFSSL_DH_EXTRA) && \
- (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
- DH* dh2 = NULL;
- #endif
- BIO* bio = NULL;
- SSL* ssl = NULL;
- SSL_CTX* ctx = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
- dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
- ExpectNotNull(dsa);
- dh = wolfSSL_DSA_dup_DH(dsa);
- ExpectNotNull(dh);
- #if defined(WOLFSSL_DH_EXTRA) && \
- (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
- ExpectNotNull(dh2 = wolfSSL_DH_dup(dh));
- #endif
- ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
- #endif
- BIO_free(bio);
- DSA_free(dsa);
- DH_free(dh);
- dh = NULL;
- #if defined(WOLFSSL_DH_EXTRA) && \
- (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
- DH_free(dh2);
- dh2 = NULL;
- #endif
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ctrl(void)
- {
- EXPECT_DECLS;
- #if defined (OPENSSL_EXTRA) && !defined(NO_BIO)
- byte buff[6000];
- BIO* bio = NULL;
- int bytes;
- BUF_MEM* ptr = NULL;
- XMEMSET(buff, 0, sizeof(buff));
- bytes = sizeof(buff);
- ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
- ExpectNotNull(BIO_s_socket());
- ExpectIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS);
- /* needs tested after stubs filled out @TODO
- SSL_ctrl
- SSL_CTX_ctrl
- */
- BIO_free(bio);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_new_mac_key(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- static const unsigned char pw[] = "password";
- static const int pwSz = sizeof(pw) - 1;
- size_t checkPwSz = 0;
- const unsigned char* checkPw = NULL;
- WOLFSSL_EVP_PKEY* key = NULL;
- ExpectNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz));
- ExpectNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz));
- ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw,
- pwSz));
- if (key != NULL) {
- ExpectIntEQ(key->type, EVP_PKEY_HMAC);
- ExpectIntEQ(key->save_type, EVP_PKEY_HMAC);
- ExpectIntEQ(key->pkey_sz, pwSz);
- ExpectIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0);
- }
- ExpectNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz));
- ExpectIntEQ((int)checkPwSz, pwSz);
- ExpectIntEQ(XMEMCMP(checkPw, pw, pwSz), 0);
- wolfSSL_EVP_PKEY_free(key);
- key = NULL;
- ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw,
- 0));
- ExpectIntEQ(key->pkey_sz, 0);
- if (EXPECT_SUCCESS()) {
- /* Allocation for key->pkey.ptr may fail - OK key len is 0 */
- checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
- }
- ExpectTrue((checkPwSz == 0) || (checkPw != NULL));
- ExpectIntEQ((int)checkPwSz, 0);
- wolfSSL_EVP_PKEY_free(key);
- key = NULL;
- ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL,
- 0));
- ExpectIntEQ(key->pkey_sz, 0);
- if (EXPECT_SUCCESS()) {
- /* Allocation for key->pkey.ptr may fail - OK key len is 0 */
- checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
- }
- ExpectTrue((checkPwSz == 0) || (checkPw != NULL));
- ExpectIntEQ((int)checkPwSz, 0);
- wolfSSL_EVP_PKEY_free(key);
- key = NULL;
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_new_CMAC_key(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
- const char *priv = "ABCDEFGHIJKLMNOP";
- const WOLFSSL_EVP_CIPHER* cipher = EVP_aes_128_cbc();
- WOLFSSL_EVP_PKEY* key = NULL;
- ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key(
- NULL, NULL, AES_128_KEY_SIZE, cipher));
- ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key(
- NULL, (const unsigned char *)priv, 0, cipher));
- ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key(
- NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, NULL));
- ExpectNotNull(key = wolfSSL_EVP_PKEY_new_CMAC_key(
- NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, cipher));
- wolfSSL_EVP_PKEY_free(key);
- #endif /* WOLFSSL_CMAC && !NO_AES && WOLFSSL_AES_DIRECT */
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_Digest(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
- const char* in = "abc";
- int inLen = (int)XSTRLEN(in);
- byte out[WC_SHA256_DIGEST_SIZE];
- unsigned int outLen;
- const char* expOut =
- "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- ExpectIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen,
- "SHA256", NULL), 1);
- ExpectIntEQ(outLen, WC_SHA256_DIGEST_SIZE);
- ExpectIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0);
- #endif /* OPEN_EXTRA && ! NO_SHA256 */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_Digest_all(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- const char* digests[] = {
- #ifndef NO_MD5
- "MD5",
- #endif
- #ifndef NO_SHA
- "SHA",
- #endif
- #ifdef WOLFSSL_SHA224
- "SHA224",
- #endif
- #ifndef NO_SHA256
- "SHA256",
- #endif
- #ifdef WOLFSSL_SHA384
- "SHA384",
- #endif
- #ifdef WOLFSSL_SHA512
- "SHA512",
- #endif
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
- "SHA512_224",
- #endif
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
- "SHA512_256",
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- "SHA3_224",
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- "SHA3_256",
- #endif
- "SHA3_384",
- #ifndef WOLFSSL_NOSHA3_512
- "SHA3_512",
- #endif
- #endif /* WOLFSSL_SHA3 */
- NULL
- };
- const char** d;
- const unsigned char in[] = "abc";
- int inLen = XSTR_SIZEOF(in);
- byte out[WC_MAX_DIGEST_SIZE];
- unsigned int outLen;
- for (d = digests; *d != NULL; d++) {
- ExpectIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1);
- ExpectIntGT(outLen, 0);
- ExpectIntEQ(EVP_MD_size(*d), outLen);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_MD_size(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- WOLFSSL_EVP_MD_CTX mdCtx;
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #ifndef WOLFSSL_NOSHA3_512
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #endif /* WOLFSSL_SHA3 */
- #ifndef NO_SHA256
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA256_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA256_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifndef NO_MD5
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_MD5_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_MD5_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifdef WOLFSSL_SHA224
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA224_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA224_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifdef WOLFSSL_SHA384
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA384_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA384_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifdef WOLFSSL_SHA512
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA512_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA512_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- #ifndef NO_SHA
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- WC_SHA_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif
- /* error case */
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
- /* Cleanup is valid on uninit'ed struct */
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_MD_pkey_type(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- const WOLFSSL_EVP_MD* md;
- #ifndef NO_MD5
- ExpectNotNull(md = EVP_md5());
- ExpectIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption);
- #endif
- #ifndef NO_SHA
- ExpectNotNull(md = EVP_sha1());
- ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption);
- #endif
- #ifdef WOLFSSL_SHA224
- ExpectNotNull(md = EVP_sha224());
- ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption);
- #endif
- ExpectNotNull(md = EVP_sha256());
- ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption);
- #ifdef WOLFSSL_SHA384
- ExpectNotNull(md = EVP_sha384());
- ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption);
- #endif
- #ifdef WOLFSSL_SHA512
- ExpectNotNull(md = EVP_sha512());
- ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- #ifdef OPENSSL_EXTRA
- static int test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey,
- size_t testKeySz, const char* testData, size_t testDataSz,
- const byte* testResult, size_t testResultSz)
- {
- EXPECT_DECLS;
- unsigned char check[WC_MAX_DIGEST_SIZE];
- size_t checkSz = -1;
- WOLFSSL_EVP_PKEY* key = NULL;
- WOLFSSL_EVP_MD_CTX mdCtx;
- ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
- testKey, (int)testKeySz));
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)testDataSz), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- ExpectIntEQ((int)checkSz, (int)testResultSz);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ExpectIntEQ((int)checkSz,(int)testResultSz);
- ExpectIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)testDataSz), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- ExpectIntEQ((int)checkSz, (int)testResultSz);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ExpectIntEQ((int)checkSz,(int)testResultSz);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
- (unsigned int)testDataSz - 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ExpectIntEQ((int)checkSz,(int)testResultSz);
- ExpectIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
- (unsigned int)testDataSz - 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- wolfSSL_EVP_PKEY_free(key);
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_EVP_MD_hmac_signing(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- static const unsigned char testKey[] =
- {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b
- };
- static const char testData[] = "Hi There";
- #ifdef WOLFSSL_SHA224
- static const unsigned char testResultSha224[] =
- {
- 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19,
- 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f,
- 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f,
- 0x53, 0x68, 0x4b, 0x22
- };
- #endif
- #ifndef NO_SHA256
- static const unsigned char testResultSha256[] =
- {
- 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
- 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
- 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
- 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
- };
- #endif
- #ifdef WOLFSSL_SHA384
- static const unsigned char testResultSha384[] =
- {
- 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
- 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
- 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
- 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
- 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
- 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
- };
- #endif
- #ifdef WOLFSSL_SHA512
- static const unsigned char testResultSha512[] =
- {
- 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
- 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
- 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
- 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
- 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
- 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
- 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
- 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54
- };
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static const unsigned char testResultSha3_224[] =
- {
- 0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70,
- 0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d,
- 0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a,
- 0xf3, 0xc8, 0x60, 0xf7
- };
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- static const unsigned char testResultSha3_256[] =
- {
- 0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96,
- 0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51,
- 0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd,
- 0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb
- };
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- static const unsigned char testResultSha3_384[] =
- {
- 0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a,
- 0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61,
- 0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e,
- 0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a,
- 0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e,
- 0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd
- };
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- static const unsigned char testResultSha3_512[] =
- {
- 0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5,
- 0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac,
- 0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53,
- 0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba,
- 0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f,
- 0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2,
- 0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05,
- 0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e
- };
- #endif
- #endif
- #ifndef NO_SHA256
- ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha256(), testKey,
- sizeof(testKey), testData, XSTRLEN(testData), testResultSha256,
- sizeof(testResultSha256)), TEST_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA224
- ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha224(), testKey,
- sizeof(testKey), testData, XSTRLEN(testData), testResultSha224,
- sizeof(testResultSha224)), TEST_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA384
- ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha384(), testKey,
- sizeof(testKey), testData, XSTRLEN(testData), testResultSha384,
- sizeof(testResultSha384)), TEST_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA512
- ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha512(), testKey,
- sizeof(testKey), testData, XSTRLEN(testData), testResultSha512,
- sizeof(testResultSha512)), TEST_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey,
- sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_224,
- sizeof(testResultSha3_224)), TEST_SUCCESS);
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey,
- sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_256,
- sizeof(testResultSha3_256)), TEST_SUCCESS);
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey,
- sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_384,
- sizeof(testResultSha3_384)), TEST_SUCCESS);
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey,
- sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_512,
- sizeof(testResultSha3_512)), TEST_SUCCESS);
- #endif
- #endif
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_MD_rsa_signing(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
- WOLFSSL_EVP_PKEY* privKey = NULL;
- WOLFSSL_EVP_PKEY* pubKey = NULL;
- WOLFSSL_EVP_PKEY_CTX* keyCtx = NULL;
- const char testData[] = "Hi There";
- WOLFSSL_EVP_MD_CTX mdCtx;
- WOLFSSL_EVP_MD_CTX mdCtxCopy;
- int ret;
- size_t checkSz = -1;
- int sz = 2048 / 8;
- const unsigned char* cp;
- const unsigned char* p;
- unsigned char check[2048/8];
- size_t i;
- int paddings[] = {
- RSA_PKCS1_PADDING,
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
- RSA_PKCS1_PSS_PADDING,
- #endif
- };
- cp = client_key_der_2048;
- ExpectNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp,
- sizeof_client_key_der_2048)));
- p = client_keypub_der_2048;
- ExpectNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
- sizeof_client_keypub_der_2048)));
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- wolfSSL_EVP_MD_CTX_init(&mdCtxCopy);
- ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, privKey), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- ExpectIntEQ((int)checkSz, sz);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ExpectIntEQ((int)checkSz,sz);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtxCopy);
- ExpectIntEQ(ret, 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, pubKey), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)),
- 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, privKey), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- ExpectIntEQ((int)checkSz, sz);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ExpectIntEQ((int)checkSz, sz);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ExpectIntEQ((int)checkSz, sz);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, pubKey), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4),
- 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- /* Check all signing padding types */
- for (i = 0; i < sizeof(paddings)/sizeof(int); i++) {
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx,
- wolfSSL_EVP_sha256(), NULL, privKey), 1);
- ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
- paddings[i]), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- ExpectIntEQ((int)checkSz, sz);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ExpectIntEQ((int)checkSz,sz);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx,
- wolfSSL_EVP_sha256(), NULL, pubKey), 1);
- ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
- paddings[i]), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- }
- wolfSSL_EVP_PKEY_free(pubKey);
- wolfSSL_EVP_PKEY_free(privKey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_MD_ecc_signing(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- WOLFSSL_EVP_PKEY* privKey = NULL;
- WOLFSSL_EVP_PKEY* pubKey = NULL;
- const char testData[] = "Hi There";
- WOLFSSL_EVP_MD_CTX mdCtx;
- int ret;
- size_t checkSz = -1;
- const unsigned char* cp;
- const unsigned char* p;
- unsigned char check[2048/8];
- cp = ecc_clikey_der_256;
- ExpectNotNull(privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
- sizeof_ecc_clikey_der_256));
- p = ecc_clikeypub_der_256;
- ExpectNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
- sizeof_ecc_clikeypub_der_256)));
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, privKey), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, pubKey), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData)),
- 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, privKey), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
- NULL, pubKey), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
- (unsigned int)XSTRLEN(testData) - 4),
- 1);
- ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
- ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
- ExpectIntEQ(ret, 1);
- wolfSSL_EVP_PKEY_free(pubKey);
- wolfSSL_EVP_PKEY_free(privKey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_add_extra_chain_cert(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- char caFile[] = "./certs/client-ca.pem";
- char clientFile[] = "./certs/client-cert.pem";
- SSL_CTX* ctx = NULL;
- X509* x509 = NULL;
- BIO *bio = NULL;
- X509 *cert = NULL;
- X509 *ca = NULL;
- STACK_OF(X509) *chain = NULL;
- STACK_OF(X509) *chain2 = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile,
- WOLFSSL_FILETYPE_PEM));
- /* additional test of getting EVP_PKEY key size from X509
- * Do not run with user RSA because wolfSSL_RSA_size is not currently
- * allowed with user RSA */
- {
- EVP_PKEY* pkey = NULL;
- #if defined(HAVE_ECC)
- X509* ecX509 = NULL;
- #endif /* HAVE_ECC */
- ExpectNotNull(pkey = X509_get_pubkey(x509));
- /* current RSA key is 2048 bit (256 bytes) */
- ExpectIntEQ(EVP_PKEY_size(pkey), 256);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #if defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- ExpectNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
- cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
- SSL_FILETYPE_ASN1));
- #else
- ExpectNotNull(ecX509 = wolfSSL_X509_load_certificate_file(
- cliEccCertFile, SSL_FILETYPE_PEM));
- #endif
- pkey = X509_get_pubkey(ecX509);
- ExpectNotNull(pkey);
- /* current ECC key is 256 bit (32 bytes) */
- ExpectIntEQ(EVP_PKEY_size(pkey), 32);
- X509_free(ecX509);
- ecX509 = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif /* HAVE_ECC */
- }
- ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
- if (EXPECT_SUCCESS()) {
- x509 = NULL;
- }
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- ExpectNull(SSL_CTX_get_default_passwd_cb(ctx));
- ExpectNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
- #endif
- SSL_CTX_free(ctx);
- ctx = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- /* Test haproxy use case */
- ExpectNotNull(bio = BIO_new_file(svrCertFile, "r"));
- /* Read Certificate */
- ExpectNotNull(cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
- ExpectNotNull(ca = PEM_read_bio_X509(bio, NULL, NULL, NULL));
- ExpectNotNull(chain = sk_X509_new_null());
- ExpectIntEQ(sk_X509_push(chain, ca), 1);
- if (EXPECT_SUCCESS()) {
- ca = NULL;
- }
- ExpectNotNull(chain2 = X509_chain_up_ref(chain));
- ExpectNotNull(ca = sk_X509_shift(chain2));
- ExpectIntEQ(SSL_CTX_use_certificate(ctx, cert), 1);
- ExpectIntEQ(SSL_CTX_add_extra_chain_cert(ctx, ca), 1);
- if (EXPECT_SUCCESS()) {
- ca = NULL;
- }
- BIO_free(bio);
- X509_free(cert);
- X509_free(ca);
- X509_free(x509);
- sk_X509_pop_free(chain, X509_free);
- sk_X509_pop_free(chain2, X509_free);
- SSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */
- return EXPECT_RESULT();
- }
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- static int test_wolfSSL_ERR_peek_last_error_line(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
- !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE)
- callback_functions client_cb;
- callback_functions server_cb;
- int line = 0;
- int flag = ERR_TXT_STRING;
- const char* file = NULL;
- const char* data = NULL;
- /* create a failed connection and inspect the error */
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- client_cb.method = wolfTLSv1_1_client_method;
- server_cb.method = wolfTLSv1_2_server_method;
- test_wolfSSL_client_server_nofail(&client_cb, &server_cb);
- ExpectIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0);
- ExpectNotNull(data);
- /* check clearing error state */
- ERR_remove_state(0);
- ExpectIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0);
- ERR_peek_last_error_line(NULL, &line);
- ExpectIntEQ(line, 0);
- ERR_peek_last_error_line(&file, NULL);
- ExpectNull(file);
- /* retry connection to fill error queue */
- XMEMSET(&client_cb, 0, sizeof(callback_functions));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- client_cb.method = wolfTLSv1_1_client_method;
- server_cb.method = wolfTLSv1_2_server_method;
- test_wolfSSL_client_server_nofail(&client_cb, &server_cb);
- /* check that error code was stored */
- ExpectIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0);
- ERR_peek_last_error_line(NULL, &line);
- ExpectIntNE(line, 0);
- ERR_peek_last_error_line(&file, NULL);
- ExpectNotNull(file);
- fprintf(stderr, "\nTesting error print out\n");
- ERR_print_errors_fp(stderr);
- fprintf(stderr, "Done testing print out\n\n");
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) &&
- * !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */
- return EXPECT_RESULT();
- }
- #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- static int verify_cb(int ok, X509_STORE_CTX *ctx)
- {
- (void) ok;
- (void) ctx;
- fprintf(stderr, "ENTER verify_cb\n");
- return SSL_SUCCESS;
- }
- #endif
- static int test_wolfSSL_X509_Name_canon(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
- defined(WOLFSSL_CERT_GEN) && \
- (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA)
- const long ex_hash1 = 0x0fdb2da4;
- const long ex_hash2 = 0x9f3e8c9e;
- X509_NAME *name = NULL;
- X509 *x509 = NULL;
- XFILE file = XBADFILE;
- unsigned long hash = 0;
- byte digest[WC_MAX_DIGEST_SIZE] = {0};
- byte *pbuf = NULL;
- word32 len = 0;
- (void) ex_hash2;
- ExpectTrue((file = XFOPEN(caCertFile, "rb")) != XBADFILE);
- ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
- ExpectNotNull(name = X509_get_issuer_name(x509));
- /* When output buffer is NULL, should return necessary output buffer
- * length.*/
- ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0);
- ExpectIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
- ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
- hash = (((unsigned long)digest[3] << 24) |
- ((unsigned long)digest[2] << 16) |
- ((unsigned long)digest[1] << 8) |
- ((unsigned long)digest[0]));
- ExpectIntEQ(hash, ex_hash1);
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- X509_free(x509);
- x509 = NULL;
- XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
- pbuf = NULL;
- ExpectTrue((file = XFOPEN(cliCertFile, "rb")) != XBADFILE);
- ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
- ExpectNotNull(name = X509_get_issuer_name(x509));
- ExpectIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
- ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
- hash = (((unsigned long)digest[3] << 24) |
- ((unsigned long)digest[2] << 16) |
- ((unsigned long)digest[1] << 8) |
- ((unsigned long)digest[0]));
- ExpectIntEQ(hash, ex_hash2);
- if (file != XBADFILE)
- XFCLOSE(file);
- X509_free(x509);
- XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
- const int MAX_DIR = 4;
- const char paths[][32] = {
- "./certs/ed25519",
- "./certs/ecc",
- "./certs/crl",
- "./certs/",
- };
- char CertCrl_path[MAX_FILENAME_SZ];
- char *p;
- X509_STORE* str = NULL;
- X509_LOOKUP* lookup = NULL;
- WOLFSSL_STACK* sk = NULL;
- int len, total_len, i;
- (void)sk;
- XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ);
- /* illegal string */
- ExpectNotNull((str = wolfSSL_X509_STORE_new()));
- ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
- SSL_FILETYPE_PEM,NULL), 0);
- /* free store */
- X509_STORE_free(str);
- str = NULL;
- /* short folder string */
- ExpectNotNull((str = wolfSSL_X509_STORE_new()));
- ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./",
- SSL_FILETYPE_PEM,NULL), 1);
- #if defined(WOLFSSL_INT_H)
- /* only available when including internal.h */
- ExpectNotNull(sk = lookup->dirs->dir_entry);
- #endif
- /* free store */
- X509_STORE_free(str);
- str = NULL;
- /* typical function check */
- p = &CertCrl_path[0];
- total_len = 0;
- for (i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) {
- len = (int)XSTRLEN((const char*)&paths[i]);
- total_len += len;
- XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len);
- p += len;
- if (i != 0) *(p++) = SEPARATOR_CHAR;
- }
- ExpectNotNull((str = wolfSSL_X509_STORE_new()));
- ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path,
- SSL_FILETYPE_PEM,NULL), 1);
- #if defined(WOLFSSL_INT_H)
- /* only available when including internal.h */
- ExpectNotNull(sk = lookup->dirs->dir_entry);
- #endif
- X509_STORE_free(str);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_LOOKUP_ctrl_file(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
- defined(WOLFSSL_SIGNER_DER_CERT)
- X509_STORE_CTX* ctx = NULL;
- X509_STORE* str = NULL;
- X509_LOOKUP* lookup = NULL;
- X509* cert1 = NULL;
- X509* x509Ca = NULL;
- X509* x509Svr = NULL;
- X509* issuer = NULL;
- WOLFSSL_STACK* sk = NULL;
- X509_NAME* caName = NULL;
- X509_NAME* issuerName = NULL;
- XFILE file1 = XBADFILE;
- int i;
- int cert_count = 0;
- int cmp;
- char der[] = "certs/ca-cert.der";
- #ifdef HAVE_CRL
- char pem[][100] = {
- "./certs/crl/crl.pem",
- "./certs/crl/crl2.pem",
- "./certs/crl/caEccCrl.pem",
- "./certs/crl/eccCliCRL.pem",
- "./certs/crl/eccSrvCRL.pem",
- ""
- };
- #endif
- ExpectTrue((file1 = XFOPEN("./certs/ca-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
- if (file1 != XBADFILE)
- XFCLOSE(file1);
- ExpectNotNull(ctx = X509_STORE_CTX_new());
- ExpectNotNull((str = wolfSSL_X509_STORE_new()));
- ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
- SSL_FILETYPE_PEM,NULL), 1);
- ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
- ExpectIntEQ((cert_count = sk_X509_num(sk)), 1);
- /* check if CA cert is loaded into the store */
- for (i = 0; i < cert_count; i++) {
- x509Ca = sk_X509_value(sk, i);
- ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
- }
- ExpectNotNull((x509Svr =
- wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
- ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
- issuer = X509_STORE_CTX_get0_current_issuer(ctx);
- ExpectNotNull(issuer);
- caName = X509_get_subject_name(x509Ca);
- ExpectNotNull(caName);
- issuerName = X509_get_subject_name(issuer);
- ExpectNotNull(issuerName);
- cmp = X509_NAME_cmp(caName, issuerName);
- ExpectIntEQ(cmp, 0);
- /* load der format */
- X509_free(issuer);
- issuer = NULL;
- X509_STORE_CTX_free(ctx);
- ctx = NULL;
- X509_STORE_free(str);
- str = NULL;
- sk_X509_pop_free(sk, NULL);
- sk = NULL;
- X509_free(x509Svr);
- x509Svr = NULL;
- ExpectNotNull((str = wolfSSL_X509_STORE_new()));
- ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der,
- SSL_FILETYPE_ASN1,NULL), 1);
- ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
- ExpectIntEQ((cert_count = sk_X509_num(sk)), 1);
- /* check if CA cert is loaded into the store */
- for (i = 0; i < cert_count; i++) {
- x509Ca = sk_X509_value(sk, i);
- ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
- }
- X509_STORE_free(str);
- str = NULL;
- sk_X509_pop_free(sk, NULL);
- sk = NULL;
- X509_free(cert1);
- cert1 = NULL;
- #ifdef HAVE_CRL
- ExpectNotNull(str = wolfSSL_X509_STORE_new());
- ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
- SSL_FILETYPE_PEM,NULL), 1);
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD,
- "certs/server-revoked-cert.pem",
- SSL_FILETYPE_PEM,NULL), 1);
- if (str) {
- ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile,
- WOLFSSL_FILETYPE_PEM), 1);
- /* since store hasn't yet known the revoked cert*/
- ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm,
- "certs/server-revoked-cert.pem",
- WOLFSSL_FILETYPE_PEM), 1);
- }
- for (i = 0; pem[i][0] != '\0'; i++)
- {
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i],
- SSL_FILETYPE_PEM, NULL), 1);
- }
- if (str) {
- /* since store knows crl list */
- ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm,
- "certs/server-revoked-cert.pem",
- WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
- }
- ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0);
- X509_STORE_free(str);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA)
- X509_STORE_CTX_cleanup(NULL);
- X509_STORE_CTX_trusted_stack(NULL, NULL);
- res = TEST_SUCCESS;
- #endif
- return res;
- }
- static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- X509_STORE_CTX* ctx = NULL;
- X509_STORE* str = NULL;
- X509* x509Ca = NULL;
- X509* x509Svr = NULL;
- X509* issuer = NULL;
- X509_NAME* caName = NULL;
- X509_NAME* issuerName = NULL;
- ExpectNotNull(ctx = X509_STORE_CTX_new());
- ExpectNotNull((str = wolfSSL_X509_STORE_new()));
- ExpectNotNull((x509Ca =
- wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS);
- ExpectNotNull((x509Svr =
- wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
- ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
- ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
- ExpectNotNull(caName = X509_get_subject_name(x509Ca));
- ExpectNotNull(issuerName = X509_get_subject_name(issuer));
- #ifdef WOLFSSL_SIGNER_DER_CERT
- ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0);
- #endif
- X509_free(issuer);
- X509_STORE_CTX_free(ctx);
- X509_free(x509Svr);
- X509_STORE_free(str);
- X509_free(x509Ca);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PKCS7_certs(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_BIO) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
- STACK_OF(X509)* sk = NULL;
- STACK_OF(X509_INFO)* info_sk = NULL;
- PKCS7 *p7 = NULL;
- BIO* bio = NULL;
- const byte* p = NULL;
- int buflen = 0;
- int i;
- /* Test twice. Once with d2i and once without to test
- * that everything is free'd correctly. */
- for (i = 0; i < 2; i++) {
- ExpectNotNull(p7 = PKCS7_new());
- if (p7 != NULL) {
- p7->version = 1;
- #ifdef NO_SHA
- p7->hashOID = SHA256h;
- #else
- p7->hashOID = SHAh;
- #endif
- }
- ExpectNotNull(bio = BIO_new(BIO_s_file()));
- ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
- ExpectNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
- ExpectIntEQ(sk_X509_INFO_num(info_sk), 2);
- ExpectNotNull(sk = sk_X509_new_null());
- while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
- X509_INFO* info = NULL;
- ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
- ExpectIntEQ(sk_X509_push(sk, info->x509), 1);
- if (EXPECT_SUCCESS() && (info != NULL)) {
- info->x509 = NULL;
- }
- X509_INFO_free(info);
- }
- sk_X509_INFO_pop_free(info_sk, X509_INFO_free);
- info_sk = NULL;
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
- if ((sk != NULL) && ((p7 == NULL) || (bio == NULL))) {
- sk_X509_pop_free(sk, X509_free);
- }
- sk = NULL;
- ExpectIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);
- if (i == 0) {
- PKCS7_free(p7);
- p7 = NULL;
- ExpectNotNull(d2i_PKCS7(&p7, &p, buflen));
- if (p7 != NULL) {
- /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate
- * them */
- ((WOLFSSL_PKCS7*)p7)->certs = NULL;
- }
- /* PKCS7_free free's the certs */
- ExpectNotNull(wolfSSL_PKCS7_to_stack(p7));
- }
- BIO_free(bio);
- bio = NULL;
- PKCS7_free(p7);
- p7 = NULL;
- }
- #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_STORE_CTX(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509_STORE_CTX* ctx = NULL;
- X509_STORE* str = NULL;
- X509* x509 = NULL;
- #ifdef OPENSSL_ALL
- X509* x5092 = NULL;
- STACK_OF(X509) *sk = NULL;
- STACK_OF(X509) *sk2 = NULL;
- STACK_OF(X509) *sk3 = NULL;
- #endif
- ExpectNotNull(ctx = X509_STORE_CTX_new());
- ExpectNotNull((str = wolfSSL_X509_STORE_new()));
- ExpectNotNull((x509 =
- wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
- #ifdef OPENSSL_ALL
- /* sk_X509_new only in OPENSSL_ALL */
- sk = sk_X509_new_null();
- ExpectNotNull(sk);
- ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
- #else
- ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
- #endif
- ExpectIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0);
- X509_STORE_CTX_set_error(ctx, -5);
- X509_STORE_CTX_set_error(NULL, -5);
- X509_STORE_CTX_free(ctx);
- ctx = NULL;
- #ifdef OPENSSL_ALL
- sk_X509_pop_free(sk, NULL);
- sk = NULL;
- #endif
- X509_STORE_free(str);
- str = NULL;
- X509_free(x509);
- x509 = NULL;
- ExpectNotNull(ctx = X509_STORE_CTX_new());
- X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
- X509_STORE_CTX_free(ctx);
- ctx = NULL;
- #ifdef OPENSSL_ALL
- /* test X509_STORE_CTX_get(1)_chain */
- ExpectNotNull((x509 = X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM)));
- ExpectNotNull((x5092 = X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM)));
- ExpectNotNull((sk = sk_X509_new_null()));
- ExpectIntEQ(sk_X509_push(sk, x509), 1);
- if (EXPECT_FAIL()) {
- X509_free(x509);
- x509 = NULL;
- }
- ExpectNotNull((str = X509_STORE_new()));
- ExpectNotNull((ctx = X509_STORE_CTX_new()));
- ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
- ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
- ExpectNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
- ExpectIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
- ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
- ExpectNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
- ExpectIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
- X509_STORE_CTX_free(ctx);
- ctx = NULL;
- X509_STORE_free(str);
- str = NULL;
- /* CTX certs not freed yet */
- X509_free(x5092);
- x5092 = NULL;
- sk_X509_pop_free(sk, NULL);
- sk = NULL;
- /* sk3 is dup so free here */
- sk_X509_pop_free(sk3, NULL);
- sk3 = NULL;
- #endif
- /* test X509_STORE_CTX_get/set_ex_data */
- {
- int i = 0, tmpData = 5;
- void* tmpDataRet;
- ExpectNotNull(ctx = X509_STORE_CTX_new());
- #ifdef HAVE_EX_DATA
- for (i = 0; i < MAX_EX_DATA; i++) {
- ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
- WOLFSSL_SUCCESS);
- tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
- ExpectNotNull(tmpDataRet);
- ExpectIntEQ(tmpData, *(int*)tmpDataRet);
- }
- #else
- ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
- WOLFSSL_FAILURE);
- tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
- ExpectNull(tmpDataRet);
- #endif
- X509_STORE_CTX_free(ctx);
- ctx = NULL;
- }
- /* test X509_STORE_get/set_ex_data */
- {
- int i = 0, tmpData = 99;
- void* tmpDataRet;
- ExpectNotNull(str = X509_STORE_new());
- #ifdef HAVE_EX_DATA
- for (i = 0; i < MAX_EX_DATA; i++) {
- ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
- WOLFSSL_SUCCESS);
- tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
- ExpectNotNull(tmpDataRet);
- ExpectIntEQ(tmpData, *(int*)tmpDataRet);
- }
- #else
- ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
- WOLFSSL_FAILURE);
- tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
- ExpectNull(tmpDataRet);
- #endif
- X509_STORE_free(str);
- str = NULL;
- }
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
- STACK_OF(X509)* chain)
- {
- EXPECT_DECLS;
- XFILE fp = XBADFILE;
- X509* cert = NULL;
- ExpectTrue((fp = XFOPEN(filename, "rb"))
- != XBADFILE);
- ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntEQ(sk_X509_push(chain, cert), 1);
- if (EXPECT_FAIL())
- X509_free(cert);
- return EXPECT_RESULT();
- }
- static int test_X509_STORE_untrusted_certs(const char** filenames, int ret,
- int err, int loadCA)
- {
- EXPECT_DECLS;
- X509_STORE_CTX* ctx = NULL;
- X509_STORE* str = NULL;
- XFILE fp = XBADFILE;
- X509* cert = NULL;
- STACK_OF(X509)* untrusted = NULL;
- ExpectTrue((fp = XFOPEN("./certs/intermediate/server-int-cert.pem", "rb"))
- != XBADFILE);
- ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectNotNull(str = X509_STORE_new());
- ExpectNotNull(ctx = X509_STORE_CTX_new());
- ExpectNotNull(untrusted = sk_X509_new_null());
- ExpectIntEQ(X509_STORE_set_flags(str, 0), 1);
- if (loadCA) {
- ExpectIntEQ(X509_STORE_load_locations(str, "./certs/ca-cert.pem", NULL),
- 1);
- }
- for (; *filenames; filenames++) {
- ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(*filenames,
- untrusted), TEST_SUCCESS);
- }
- ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1);
- ExpectIntEQ(X509_verify_cert(ctx), ret);
- ExpectIntEQ(X509_STORE_CTX_get_error(ctx), err);
- X509_free(cert);
- X509_STORE_free(str);
- X509_STORE_CTX_free(ctx);
- sk_X509_pop_free(untrusted, NULL);
- return EXPECT_RESULT();
- }
- #endif
- static int test_X509_STORE_untrusted(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- const char* untrusted1[] = {
- "./certs/intermediate/ca-int2-cert.pem",
- NULL
- };
- const char* untrusted2[] = {
- "./certs/intermediate/ca-int-cert.pem",
- "./certs/intermediate/ca-int2-cert.pem",
- NULL
- };
- const char* untrusted3[] = {
- "./certs/intermediate/ca-int-cert.pem",
- "./certs/intermediate/ca-int2-cert.pem",
- "./certs/ca-cert.pem",
- NULL
- };
- /* Adding unrelated certs that should be ignored */
- const char* untrusted4[] = {
- "./certs/client-ca.pem",
- "./certs/intermediate/ca-int-cert.pem",
- "./certs/server-cert.pem",
- "./certs/intermediate/ca-int2-cert.pem",
- NULL
- };
- /* Only immediate issuer in untrusted chain. Fails since can't build chain
- * to loaded CA. */
- ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted1, 0,
- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 1), TEST_SUCCESS);
- /* Succeeds because path to loaded CA is available. */
- ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1),
- TEST_SUCCESS);
- /* Fails because root CA is in the untrusted stack */
- ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0,
- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), TEST_SUCCESS);
- /* Succeeds because path to loaded CA is available. */
- ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1),
- TEST_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_STORE_set_flags(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509_STORE* store = NULL;
- X509* x509 = NULL;
- ExpectNotNull((store = wolfSSL_X509_STORE_new()));
- ExpectNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- WOLFSSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS);
- #ifdef HAVE_CRL
- ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
- WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
- NOT_COMPILED_IN);
- #endif
- wolfSSL_X509_free(x509);
- wolfSSL_X509_STORE_free(store);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) &&
- * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_LOOKUP_load_file(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
- WOLFSSL_X509_STORE* store = NULL;
- WOLFSSL_X509_LOOKUP* lookup = NULL;
- ExpectNotNull(store = wolfSSL_X509_STORE_new());
- ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
- ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem",
- X509_FILETYPE_PEM), 1);
- ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
- X509_FILETYPE_PEM), 1);
- if (store != NULL) {
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
- WOLFSSL_FILETYPE_PEM), 1);
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
- WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
- }
- ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
- X509_FILETYPE_PEM), 1);
- if (store != NULL) {
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
- WOLFSSL_FILETYPE_PEM), 1);
- }
- wolfSSL_X509_STORE_free(store);
- #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) &&
- * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_STORE_CTX_set_time(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- WOLFSSL_X509_STORE_CTX* ctx = NULL;
- time_t c_time;
- ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
- c_time = 365*24*60*60;
- wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time);
- ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) ==
- WOLFSSL_USE_CHECK_TIME);
- ExpectTrue(ctx->param->check_time == c_time);
- wolfSSL_X509_STORE_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_get0_set1_param(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- SSL_CTX* ctx = NULL;
- WOLFSSL_X509_VERIFY_PARAM* pParam = NULL;
- WOLFSSL_X509_VERIFY_PARAM* pvpm = NULL;
- char testIPv4[] = "127.0.0.1";
- char testhostName[] = "foo.hoge.com";
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectNull(SSL_CTX_get0_param(NULL));
- ExpectNotNull(pParam = SSL_CTX_get0_param(ctx));
- ExpectNotNull(pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC(
- sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL));
- ExpectNotNull(XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)));
- ExpectIntEQ(wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName,
- (int)XSTRLEN(testhostName)), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4),
- WOLFSSL_SUCCESS);
- wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01);
- ExpectIntEQ(SSL_CTX_set1_param(ctx, pvpm), 1);
- ExpectIntEQ(0, XSTRNCMP(pParam->hostName, testhostName,
- (int)XSTRLEN(testhostName)));
- ExpectIntEQ(0x01, pParam->hostFlags);
- ExpectIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
- /* test for incorrect parameter */
- ExpectIntEQ(1,SSL_CTX_set1_param(ctx, NULL));
- ExpectIntEQ(1,SSL_CTX_set1_param(NULL, pvpm));
- ExpectIntEQ(1,SSL_CTX_set1_param(NULL, NULL));
- SSL_CTX_free(ctx);
- XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_get0_param(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- SSL_CTX* ctx = NULL;
- SSL* ssl = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectNotNull(SSL_get0_param(ssl));
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- const char host[] = "www.example.com";
- WOLFSSL_X509_VERIFY_PARAM* pParam = NULL;
- ExpectNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
- sizeof(WOLFSSL_X509_VERIFY_PARAM), HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
- if (pParam != NULL) {
- XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
- X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
- ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
- XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
- ExpectIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
- XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- }
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_set1_host(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- const char host[] = "www.test_wolfSSL_set1_host.com";
- const char emptyStr[] = "";
- SSL_CTX* ctx = NULL;
- SSL* ssl = NULL;
- WOLFSSL_X509_VERIFY_PARAM* pParam = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- pParam = SSL_get0_param(ssl);
- /* we should get back host string */
- ExpectIntEQ(SSL_set1_host(ssl, host), WOLFSSL_SUCCESS);
- ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
- /* we should get back empty string */
- ExpectIntEQ(SSL_set1_host(ssl, emptyStr), WOLFSSL_SUCCESS);
- ExpectIntEQ(XMEMCMP(pParam->hostName, emptyStr, sizeof(emptyStr)), 0);
- /* we should get back host string */
- ExpectIntEQ(SSL_set1_host(ssl, host), WOLFSSL_SUCCESS);
- ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
- /* we should get back empty string */
- ExpectIntEQ(SSL_set1_host(ssl, NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(XMEMCMP(pParam->hostName, emptyStr, sizeof(emptyStr)), 0);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- unsigned char buf[16] = {0};
- WOLFSSL_X509_VERIFY_PARAM* param = NULL;
- ExpectNotNull(param = X509_VERIFY_PARAM_new());
- /* test 127.0.0.1 */
- buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1;
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS);
- ExpectIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0);
- /* test 2001:db8:3333:4444:5555:6666:7777:8888 */
- buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
- buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68;
- buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102;
- buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136;
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
- ExpectIntEQ(XSTRNCMP(param->ipasc,
- "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0);
- /* test 2001:db8:: */
- buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
- buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
- buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
- buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0;
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
- ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0);
- /* test ::1234:5678 */
- buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0;
- buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
- buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
- buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
- ExpectIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0);
- /* test 2001:db8::1234:5678 */
- buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
- buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
- buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
- buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
- ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678",
- sizeof(param->ipasc)), 0);
- /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/
- /* 2001:db8:1::ab9:c0a8:102 */
- buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
- buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0;
- buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185;
- buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2;
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
- ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102",
- sizeof(param->ipasc)), 0);
- XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_STORE_CTX_get0_store(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- X509_STORE* store = NULL;
- X509_STORE_CTX* ctx = NULL;
- X509_STORE_CTX* ctx_no_init = NULL;
- ExpectNotNull((store = X509_STORE_new()));
- ExpectNotNull(ctx = X509_STORE_CTX_new());
- ExpectNotNull(ctx_no_init = X509_STORE_CTX_new());
- ExpectIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS);
- ExpectNull(X509_STORE_CTX_get0_store(NULL));
- /* should return NULL if ctx has not bee initialized */
- ExpectNull(X509_STORE_CTX_get0_store(ctx_no_init));
- ExpectNotNull(X509_STORE_CTX_get0_store(ctx));
- wolfSSL_X509_STORE_CTX_free(ctx);
- wolfSSL_X509_STORE_CTX_free(ctx_no_init);
- X509_STORE_free(store);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_set_client_CA_list(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- X509_NAME* name = NULL;
- STACK_OF(X509_NAME)* names = NULL;
- STACK_OF(X509_NAME)* ca_list = NULL;
- int names_len = 0;
- int i;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- /* Send two X501 names in cert request */
- names = SSL_load_client_CA_file(cliCertFile);
- ExpectNotNull(names);
- ca_list = SSL_load_client_CA_file(caCertFile);
- ExpectNotNull(ca_list);
- ExpectNotNull(name = sk_X509_NAME_value(ca_list, 0));
- ExpectIntEQ(sk_X509_NAME_push(names, name), 1);
- if (EXPECT_FAIL()) {
- wolfSSL_X509_NAME_free(name);
- name = NULL;
- }
- SSL_CTX_set_client_CA_list(ctx, names);
- /* This should only free the stack structure */
- sk_X509_NAME_free(ca_list);
- ca_list = NULL;
- ExpectNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
- ExpectIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
- ExpectIntGT((names_len = sk_X509_NAME_num(names)), 0);
- for (i = 0; i < names_len; i++) {
- ExpectNotNull(name = sk_X509_NAME_value(names, i));
- ExpectIntEQ(sk_X509_NAME_find(names, name), i);
- }
- /* Needed to be able to create ssl object */
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* load again as old names are responsibility of ctx to free*/
- names = SSL_load_client_CA_file(cliCertFile);
- ExpectNotNull(names);
- SSL_set_client_CA_list(ssl, names);
- ExpectNotNull(ca_list = SSL_get_client_CA_list(ssl));
- ExpectIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
- ExpectIntGT((names_len = sk_X509_NAME_num(names)), 0);
- for (i = 0; i < names_len; i++) {
- ExpectNotNull(name = sk_X509_NAME_value(names, i));
- ExpectIntEQ(sk_X509_NAME_find(names, name), i);
- }
- #if !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
- {
- tcp_ready ready;
- func_args server_args;
- callback_functions server_cb;
- THREAD_TYPE serverThread;
- WOLFSSL* ssl_client = NULL;
- WOLFSSL_CTX* ctx_client = NULL;
- SOCKET_T sockfd = 0;
- /* wolfSSL_get_client_CA_list() with handshake */
- StartTCP();
- InitTcpReady(&ready);
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&server_cb, 0, sizeof(callback_functions));
- server_args.signal = &ready;
- server_args.callbacks = &server_cb;
- /* we are responsible for free'ing WOLFSSL_CTX */
- server_cb.ctx = ctx;
- server_cb.isSharedCtx = 1;
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx,
- cliCertFile, 0));
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
- ExpectNotNull(ctx_client =
- wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(
- ctx_client, caCertFile, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(
- ctx_client, cliCertFile, SSL_FILETYPE_PEM));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(
- ctx_client, cliKeyFile, SSL_FILETYPE_PEM));
- ExpectNotNull(ssl_client = wolfSSL_new(ctx_client));
- ExpectIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS);
- ExpectNotNull(ca_list = SSL_get_client_CA_list(ssl_client));
- /* We are expecting two cert names to be sent */
- ExpectIntEQ(sk_X509_NAME_num(ca_list), 2);
- ExpectNotNull(names = SSL_CTX_get_client_CA_list(ctx));
- for (i=0; i<sk_X509_NAME_num(ca_list); i++) {
- ExpectNotNull(name = sk_X509_NAME_value(ca_list, i));
- ExpectIntGE(sk_X509_NAME_find(names, name), 0);
- }
- wolfSSL_shutdown(ssl_client);
- wolfSSL_free(ssl_client);
- wolfSSL_CTX_free(ctx_client);
- CloseSocket(sockfd);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- }
- #endif
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT &&
- * !NO_BIO */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_add_client_CA(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
- !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509* x509_a = NULL;
- STACK_OF(X509_NAME)* ca_list = NULL;
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- /* Add client cert */
- ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- ExpectIntEQ(SSL_CTX_add_client_CA(ctx, x509), SSL_SUCCESS);
- ExpectNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
- /* Add another client cert */
- ExpectNotNull(x509_a = X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- ExpectIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);
- /* test for incorrect parameter */
- ExpectIntEQ(SSL_CTX_add_client_CA(NULL, x509), 0);
- ExpectIntEQ(SSL_CTX_add_client_CA(ctx, NULL), 0);
- ExpectIntEQ(SSL_CTX_add_client_CA(NULL, NULL), 0);
- X509_free(x509);
- X509_free(x509_a);
- SSL_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args)
- {
- callback_functions* callbacks = ((func_args*)args)->callbacks;
- WOLFSSL_CTX* ctx = callbacks->ctx;
- WOLFSSL* ssl = NULL;
- SOCKET_T sfd = 0;
- SOCKET_T cfd = 0;
- word16 port;
- char input[1024];
- int idx;
- int ret, err = 0;
- const char* privateName = "ech-private-name.com";
- int privateNameLen = (int)XSTRLEN(privateName);
- ((func_args*)args)->return_code = TEST_FAIL;
- port = ((func_args*)args)->signal->port;
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- if (callbacks->ctx_ready)
- callbacks->ctx_ready(ctx);
- ssl = wolfSSL_new(ctx);
- /* set the sni for the server */
- wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, privateName, privateNameLen);
- tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL);
- CloseSocket(sfd);
- AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
- if (callbacks->ssl_ready)
- callbacks->ssl_ready(ssl);
- do {
- err = 0; /* Reset error */
- ret = wolfSSL_accept(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- if (ret != WOLFSSL_SUCCESS) {
- char buff[WOLFSSL_MAX_ERROR_SZ];
- fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
- }
- else {
- if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
- input[idx] = 0;
- fprintf(stderr, "Client message: %s\n", input);
- }
- AssertIntEQ(privateNameLen, wolfSSL_write(ssl, privateName,
- privateNameLen));
- ((func_args*)args)->return_code = TEST_SUCCESS;
- }
- if (callbacks->on_result)
- callbacks->on_result(ssl);
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(cfd);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- #endif /* HAVE_ECH && WOLFSSL_TLS13 */
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
- static void keyLog_callback(const WOLFSSL* ssl, const char* line )
- {
- AssertNotNull(ssl);
- AssertNotNull(line);
- XFILE fp;
- const byte lf = '\n';
- fp = XFOPEN("./MyKeyLog.txt", "a");
- XFWRITE( line, 1, strlen(line),fp);
- XFWRITE( (void*)&lf,1,1,fp);
- XFFLUSH(fp);
- XFCLOSE(fp);
- }
- #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
- static int test_wolfSSL_CTX_set_keylog_callback(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \
- !defined(NO_WOLFSSL_CLIENT)
- SSL_CTX* ctx = NULL;
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
- SSL_CTX_free(ctx);
- SSL_CTX_set_keylog_callback(NULL, NULL);
- #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_get_keylog_callback(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \
- !defined(NO_WOLFSSL_CLIENT)
- SSL_CTX* ctx = NULL;
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- ExpectPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
- SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
- ExpectPtrEq(SSL_CTX_get_keylog_callback(ctx),keyLog_callback);
- SSL_CTX_set_keylog_callback(ctx, NULL );
- ExpectPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
- SSL_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
- static int test_wolfSSL_Tls12_Key_Logging_client_ctx_ready(WOLFSSL_CTX* ctx)
- {
- /* set keylog callback */
- wolfSSL_CTX_set_keylog_callback(ctx, keyLog_callback);
- return TEST_SUCCESS;
- }
- #endif
- static int test_wolfSSL_Tls12_Key_Logging_test(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
- /* This test is intended for checking whether keylog callback is called
- * in client during TLS handshake between the client and a server.
- */
- test_ssl_cbf server_cbf;
- test_ssl_cbf client_cbf;
- XFILE fp = XBADFILE;
- XMEMSET(&server_cbf, 0, sizeof(test_ssl_cbf));
- XMEMSET(&client_cbf, 0, sizeof(test_ssl_cbf));
- server_cbf.method = wolfTLSv1_2_server_method;
- client_cbf.ctx_ready = &test_wolfSSL_Tls12_Key_Logging_client_ctx_ready;
- /* clean up keylog file */
- ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "w")) != XBADFILE);
- if (fp != XBADFILE) {
- XFFLUSH(fp);
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- XSLEEP_MS(100);
- /* check if the keylog file exists */
- char buff[300] = {0};
- int found = 0;
- ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
- XFFLUSH(fp); /* Just to make sure any buffers get flushed */
- while (EXPECT_SUCCESS() && XFGETS(buff, (int)sizeof(buff), fp) != NULL) {
- if (0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) {
- found = 1;
- break;
- }
- }
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- }
- /* a log starting with "CLIENT_RANDOM " should exit in the file */
- ExpectIntEQ(found, 1);
- /* clean up */
- ExpectIntEQ(rem_file("./MyKeyLog.txt"), 0);
- #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \
- defined(HAVE_SECRET_CALLBACK)
- static int test_wolfSSL_Tls13_Key_Logging_client_ctx_ready(WOLFSSL_CTX* ctx)
- {
- /* set keylog callback */
- wolfSSL_CTX_set_keylog_callback(ctx, keyLog_callback);
- return TEST_SUCCESS;
- }
- #endif
- static int test_wolfSSL_Tls13_Key_Logging_test(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \
- defined(HAVE_SECRET_CALLBACK)
- /* This test is intended for checking whether keylog callback is called
- * in client during TLS handshake between the client and a server.
- */
- test_ssl_cbf server_cbf;
- test_ssl_cbf client_cbf;
- XFILE fp = XBADFILE;
- XMEMSET(&server_cbf, 0, sizeof(test_ssl_cbf));
- XMEMSET(&client_cbf, 0, sizeof(test_ssl_cbf));
- server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */
- client_cbf.ctx_ready = &test_wolfSSL_Tls13_Key_Logging_client_ctx_ready;
- /* clean up keylog file */
- ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "w")) != XBADFILE);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- /* check if the keylog file exists */
- {
- char buff[300] = {0};
- int found[4] = {0};
- int numfnd = 0;
- int i;
- ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE);
- while (EXPECT_SUCCESS() &&
- XFGETS(buff, (int)sizeof(buff), fp) != NULL) {
- if (0 == strncmp(buff, "CLIENT_HANDSHAKE_TRAFFIC_SECRET ",
- sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
- found[0] = 1;
- continue;
- }
- else if (0 == strncmp(buff, "SERVER_HANDSHAKE_TRAFFIC_SECRET ",
- sizeof("SERVER_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
- found[1] = 1;
- continue;
- }
- else if (0 == strncmp(buff, "CLIENT_TRAFFIC_SECRET_0 ",
- sizeof("CLIENT_TRAFFIC_SECRET_0 ")-1)) {
- found[2] = 1;
- continue;
- }
- else if (0 == strncmp(buff, "SERVER_TRAFFIC_SECRET_0 ",
- sizeof("SERVER_TRAFFIC_SECRET_0 ")-1)) {
- found[3] = 1;
- continue;
- }
- }
- if (fp != XBADFILE)
- XFCLOSE(fp);
- for (i = 0; i < 4; i++) {
- if (found[i] != 0)
- numfnd++;
- }
- ExpectIntEQ(numfnd, 4);
- }
- #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- static int test_wolfSSL_Tls13_ECH_params(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_WOLFSSL_CLIENT)
- word32 outputLen = 0;
- byte testBuf[72];
- WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
- WOLFSSL *ssl = wolfSSL_new(ctx);
- ExpectNotNull(ctx);
- ExpectNotNull(ssl);
- /* invalid ctx */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(NULL,
- "ech-public-name.com", 0, 0, 0));
- /* invalid public name */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, NULL, 0,
- 0, 0));
- /* invalid algorithms */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx,
- "ech-public-name.com", 1000, 1000, 1000));
- /* invalid ctx */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, NULL,
- &outputLen));
- /* invalid output len */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, NULL, NULL));
- /* invalid ssl */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(NULL,
- (char*)testBuf, sizeof(testBuf)));
- /* invalid configs64 */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, NULL,
- sizeof(testBuf)));
- /* invalid size */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl,
- (char*)testBuf, 0));
- /* invalid ssl */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(NULL, testBuf,
- sizeof(testBuf)));
- /* invalid configs */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, NULL,
- sizeof(testBuf)));
- /* invalid size */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, 0));
- /* invalid ssl */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(NULL, NULL, &outputLen));
- /* invalid size */
- ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, NULL, NULL));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_Tls13_ECH(void)
- {
- EXPECT_DECLS;
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- callback_functions server_cbf;
- callback_functions client_cbf;
- SOCKET_T sockfd = 0;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- const char* publicName = "ech-public-name.com";
- const char* privateName = "ech-private-name.com";
- int privateNameLen = 20;
- char reply[1024];
- int replyLen = 0;
- byte rawEchConfig[128];
- word32 rawEchConfigLen = sizeof(rawEchConfig);
- InitTcpReady(&ready);
- ready.port = 22222;
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- XMEMSET(&client_cbf, 0, sizeof(callback_functions));
- server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */
- /* create the server context here so we can get the ech config */
- ExpectNotNull(server_cbf.ctx =
- wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- /* generate ech config */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(server_cbf.ctx,
- publicName, 0, 0, 0));
- /* get the config for the client to use */
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_GetEchConfigs(server_cbf.ctx, rawEchConfig,
- &rawEchConfigLen));
- server_args.callbacks = &server_cbf;
- server_args.signal = &ready;
- /* start server task */
- start_thread(server_task_ech, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- /* run as a TLS1.3 client */
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
- /* get connected the server task */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- /* set the ech configs for the client */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, rawEchConfig,
- rawEchConfigLen));
- /* set the sni for the client */
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME,
- privateName, privateNameLen));
- ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_write(ssl, privateName, privateNameLen),
- privateNameLen);
- ExpectIntGT((replyLen = wolfSSL_read(ssl, reply, sizeof(reply))), 0);
- /* add th null terminator for string compare */
- reply[replyLen] = 0;
- /* check that the server replied with the private name */
- ExpectStrEQ(privateName, reply);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(sockfd);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- return EXPECT_RESULT();
- }
- #endif /* HAVE_ECH && WOLFSSL_TLS13 */
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
- static int post_auth_version_cb(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- /* do handshake and then test version error */
- ExpectIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
- ExpectStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
- return EXPECT_RESULT();
- }
- static int post_auth_version_client_cb(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- /* do handshake and then test version error */
- ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
- ExpectStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
- ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE);
- #if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE)
- /* check was added to error queue */
- ExpectIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION);
- /* check the string matches expected string */
- ExpectStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL),
- "WRONG_SSL_VERSION");
- #endif
- return EXPECT_RESULT();
- }
- static int post_auth_cb(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- WOLFSSL_X509* x509 = NULL;
- /* do handshake and then test version error */
- ExpectIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
- ExpectStrEQ("TLSv1.3", wolfSSL_get_version(ssl));
- ExpectNull(x509 = wolfSSL_get_peer_certificate(ssl));
- wolfSSL_X509_free(x509);
- ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int set_post_auth_cb(WOLFSSL* ssl)
- {
- if (!wolfSSL_is_server(ssl)) {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_allow_post_handshake_auth(ssl), 0);
- return EXPECT_RESULT();
- }
- wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_POST_HANDSHAKE, NULL);
- return TEST_SUCCESS;
- }
- #endif
- static int test_wolfSSL_Tls13_postauth(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
- test_ssl_cbf server_cbf;
- test_ssl_cbf client_cbf;
- /* test version failure doing post auth with TLS 1.2 connection */
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- server_cbf.method = wolfTLSv1_2_server_method;
- server_cbf.ssl_ready = set_post_auth_cb;
- server_cbf.on_result = post_auth_version_cb;
- client_cbf.ssl_ready = set_post_auth_cb;
- client_cbf.on_result = post_auth_version_client_cb;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- /* tests on post auth with TLS 1.3 */
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- server_cbf.method = wolfTLSv1_3_server_method;
- server_cbf.ssl_ready = set_post_auth_cb;
- client_cbf.ssl_ready = set_post_auth_cb;
- server_cbf.on_result = post_auth_cb;
- client_cbf.on_result = NULL;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_NID(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
- !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
- int sigType;
- int nameSz;
- X509* cert = NULL;
- EVP_PKEY* pubKeyTmp = NULL;
- X509_NAME* name = NULL;
- char commonName[80];
- char countryName[80];
- char localityName[80];
- char stateName[80];
- char orgName[80];
- char orgUnit[80];
- /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
- /* convert cert from DER to internal WOLFSSL_X509 struct */
- ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048,
- sizeof_client_cert_der_2048, HEAP_HINT));
- /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
- /* extract PUBLIC KEY from cert */
- ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert));
- /* extract signatureType */
- ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
- /* extract subjectName info */
- ExpectNotNull(name = X509_get_subject_name(cert));
- ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
- ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
- NULL, 0)), 0);
- ExpectIntEQ(nameSz, 15);
- ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
- commonName, sizeof(commonName))), 0);
- ExpectIntEQ(nameSz, 15);
- ExpectIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
- ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
- commonName, 9)), 0);
- ExpectIntEQ(nameSz, 8);
- ExpectIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
- ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
- countryName, sizeof(countryName))), 0);
- ExpectIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
- ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
- localityName, sizeof(localityName))), 0);
- ExpectIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
- ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name,
- NID_stateOrProvinceName, stateName, sizeof(stateName))), 0);
- ExpectIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
- ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
- orgName, sizeof(orgName))), 0);
- ExpectIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
- ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name,
- NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0);
- ExpectIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
- EVP_PKEY_free(pubKeyTmp);
- X509_free(cert);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_set_srp_username(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
- && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- const char *username = "TESTUSER";
- const char *password = "TESTPASSWORD";
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectIntEQ(wolfSSL_CTX_set_srp_username(ctx, (char *)username),
- SSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectIntEQ(wolfSSL_CTX_set_srp_password(ctx, (char *)password),
- SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_srp_username(ctx, (char *)username),
- SSL_SUCCESS);
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectNotNull(SSL_get_srp_username(ssl));
- ExpectStrEQ(SSL_get_srp_username(ssl), username);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
- /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_set_srp_password(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \
- !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX* ctx = NULL;
- const char *username = "TESTUSER";
- const char *password = "TESTPASSWORD";
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectIntEQ(wolfSSL_CTX_set_srp_password(ctx, (char *)password),
- SSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectIntEQ(wolfSSL_CTX_set_srp_username(ctx, (char *)username),
- SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_srp_password(ctx, (char *)password),
- SSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
- /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_STORE(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- X509_STORE *store = NULL;
- #ifdef HAVE_CRL
- X509_STORE_CTX *storeCtx = NULL;
- X509_CRL *crl = NULL;
- X509 *ca = NULL;
- X509 *cert = NULL;
- const char crlPem[] = "./certs/crl/crl.revoked";
- const char srvCert[] = "./certs/server-revoked-cert.pem";
- const char caCert[] = "./certs/ca-cert.pem";
- XFILE fp = XBADFILE;
- ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
- ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
- ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
- SSL_FILETYPE_PEM)));
- ExpectNotNull((storeCtx = X509_STORE_CTX_new()));
- ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
- ExpectIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
- X509_STORE_free(store);
- store = NULL;
- X509_STORE_CTX_free(storeCtx);
- storeCtx = NULL;
- X509_free(cert);
- cert = NULL;
- X509_free(ca);
- ca = NULL;
- /* should fail to verify now after adding in CRL */
- ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
- ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
- ExpectTrue((fp = XFOPEN(crlPem, "rb")) != XBADFILE);
- ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
- NULL, NULL));
- if (fp != XBADFILE)
- XFCLOSE(fp);
- ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
- ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
- ExpectNotNull((storeCtx = X509_STORE_CTX_new()));
- ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
- ExpectIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
- ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx),
- WOLFSSL_X509_V_ERR_CERT_REVOKED);
- X509_CRL_free(crl);
- crl = NULL;
- X509_STORE_free(store);
- store = NULL;
- X509_STORE_CTX_free(storeCtx);
- storeCtx = NULL;
- X509_free(cert);
- cert = NULL;
- X509_free(ca);
- ca = NULL;
- #endif /* HAVE_CRL */
- #ifndef WOLFCRYPT_ONLY
- {
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- SSL_CTX* ctx = NULL;
- SSL* ssl = NULL;
- int i;
- for (i = 0; i < 2; i++) {
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
- SSL_CTX_set_cert_store(ctx, store);
- ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
- SSL_CTX_set_cert_store(ctx, store);
- ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
- ExpectIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile,
- SSL_FILETYPE_PEM), SSL_SUCCESS);
- ExpectIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- SSL_FILETYPE_PEM), SSL_SUCCESS);
- ExpectNotNull(ssl = SSL_new(ctx));
- if (i == 0) {
- ExpectIntEQ(SSL_set0_verify_cert_store(ssl, store),
- SSL_SUCCESS);
- }
- else {
- ExpectIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS);
- #ifdef OPENSSL_ALL
- ExpectIntEQ(SSL_CTX_set1_verify_cert_store(ctx, store), SSL_SUCCESS);
- #endif
- }
- if (EXPECT_FAIL() || (i == 1)) {
- X509_STORE_free(store);
- store = NULL;
- }
- SSL_free(ssl);
- ssl = NULL;
- SSL_CTX_free(ctx);
- ctx = NULL;
- }
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- }
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_STORE_load_locations(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
- !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
- SSL_CTX *ctx = NULL;
- X509_STORE *store = NULL;
- const char ca_file[] = "./certs/ca-cert.pem";
- const char client_pem_file[] = "./certs/client-cert.pem";
- const char client_der_file[] = "./certs/client-cert.der";
- const char ecc_file[] = "./certs/ecc-key.pem";
- const char certs_path[] = "./certs/";
- const char bad_path[] = "./bad-path/";
- #ifdef HAVE_CRL
- const char crl_path[] = "./certs/crl/";
- const char crl_file[] = "./certs/crl/crl.pem";
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
- #endif
- ExpectNotNull(store = SSL_CTX_get_cert_store(ctx));
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL),
- WOLFSSL_SUCCESS);
- /* Test bad arguments */
- ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path),
- WOLFSSL_FAILURE);
- #ifdef HAVE_CRL
- /* Test with CRL */
- ExpectIntEQ(X509_STORE_load_locations(store, crl_file, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_STORE_load_locations(store, NULL, crl_path),
- WOLFSSL_SUCCESS);
- #endif
- /* Test with CA */
- ExpectIntEQ(X509_STORE_load_locations(store, ca_file, NULL),
- WOLFSSL_SUCCESS);
- /* Test with client_cert and certs path */
- ExpectIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path),
- WOLFSSL_SUCCESS);
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- /* Clear nodes */
- ERR_clear_error();
- #endif
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_X509_STORE_get0_objects(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \
- !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
- X509_STORE *store = NULL;
- X509_STORE *store_cpy = NULL;
- SSL_CTX *ctx = NULL;
- X509_OBJECT *obj = NULL;
- STACK_OF(X509_OBJECT) *objs = NULL;
- int i;
- /* Setup store */
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
- #endif
- ExpectNotNull(store_cpy = X509_STORE_new());
- ExpectNotNull(store = SSL_CTX_get_cert_store(ctx));
- ExpectIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_STORE_load_locations(store, caCertFile, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL),
- WOLFSSL_SUCCESS);
- #ifdef HAVE_CRL
- ExpectIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir),
- WOLFSSL_SUCCESS);
- #endif
- /* Store ready */
- /* Similar to HaProxy ssl_set_cert_crl_file use case */
- ExpectNotNull(objs = X509_STORE_get0_objects(store));
- #ifdef HAVE_CRL
- #ifdef WOLFSSL_SIGNER_DER_CERT
- ExpectIntEQ(sk_X509_OBJECT_num(objs), 4);
- #else
- ExpectIntEQ(sk_X509_OBJECT_num(objs), 1);
- #endif
- #else
- #ifdef WOLFSSL_SIGNER_DER_CERT
- ExpectIntEQ(sk_X509_OBJECT_num(objs), 3);
- #else
- ExpectIntEQ(sk_X509_OBJECT_num(objs), 0);
- #endif
- #endif
- for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
- obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
- switch (X509_OBJECT_get_type(obj)) {
- case X509_LU_X509:
- {
- WOLFSSL_X509* x509;
- ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj));
- ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS);
- break;
- }
- case X509_LU_CRL:
- #ifdef HAVE_CRL
- {
- WOLFSSL_CRL* crl = NULL;
- ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj));
- ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS);
- break;
- }
- #endif
- case X509_LU_NONE:
- default:
- Fail(("X509_OBJECT_get_type should return x509 or crl "
- "(when built with crl support)"),
- ("Unrecognized X509_OBJECT type or none"));
- }
- }
- X509_STORE_free(store_cpy);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_CTX(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- WOLFSSL_BN_CTX* bn_ctx = NULL;
- WOLFSSL_BIGNUM* t = NULL;
- ExpectNotNull(bn_ctx = wolfSSL_BN_CTX_new());
- /* No implementation. */
- BN_CTX_init(NULL);
- ExpectNotNull(t = BN_CTX_get(NULL));
- BN_free(t);
- ExpectNotNull(t = BN_CTX_get(bn_ctx));
- BN_free(t);
- #ifndef NO_WOLFSSL_STUB
- /* No implementation. */
- BN_CTX_start(NULL);
- BN_CTX_start(bn_ctx);
- #endif
- BN_CTX_free(NULL);
- BN_CTX_free(bn_ctx);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- BIGNUM* a = NULL;
- BIGNUM* b = NULL;
- BIGNUM* c = NULL;
- BIGNUM* d = NULL;
- BIGNUM emptyBN;
- /* Setup */
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- /* internal not set emptyBN. */
- ExpectNotNull(a = BN_new());
- ExpectNotNull(b = BN_new());
- ExpectNotNull(c = BN_dup(b));
- ExpectNotNull(d = BN_new());
- /* Invalid parameter testing. */
- BN_free(NULL);
- ExpectNull(BN_dup(NULL));
- ExpectNull(BN_dup(&emptyBN));
- ExpectNull(BN_copy(NULL, NULL));
- ExpectNull(BN_copy(b, NULL));
- ExpectNull(BN_copy(NULL, c));
- ExpectNull(BN_copy(b, &emptyBN));
- ExpectNull(BN_copy(&emptyBN, c));
- BN_clear(NULL);
- BN_clear(&emptyBN);
- ExpectIntEQ(BN_num_bytes(NULL), 0);
- ExpectIntEQ(BN_num_bytes(&emptyBN), 0);
- ExpectIntEQ(BN_num_bits(NULL), 0);
- ExpectIntEQ(BN_num_bits(&emptyBN), 0);
- ExpectIntEQ(BN_is_negative(NULL), 0);
- ExpectIntEQ(BN_is_negative(&emptyBN), 0);
- /* END Invalid Parameters */
- ExpectIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
- ExpectIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
- ExpectIntEQ(BN_set_word(c, 5), SSL_SUCCESS);
- ExpectIntEQ(BN_num_bits(a), 2);
- ExpectIntEQ(BN_num_bytes(a), 1);
- #if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
- defined(WOLFSSL_SP_INT_NEGATIVE))
- ExpectIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
- ExpectIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
- ExpectIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
- ExpectIntEQ(BN_is_word(a, 3), SSL_FAILURE);
- ExpectIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
- #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- {
- /* Do additional tests on negative BN conversions. */
- char* ret = NULL;
- ASN1_INTEGER* asn1 = NULL;
- BIGNUM* tmp = NULL;
- /* Sanity check we have a negative BN. */
- ExpectIntEQ(BN_is_negative(c), 1);
- ExpectNotNull(ret = BN_bn2dec(c));
- ExpectIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
- XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
- ret = NULL;
- /* Convert to ASN1_INTEGER and back to BN. */
- ExpectNotNull(asn1 = BN_to_ASN1_INTEGER(c, NULL));
- ExpectNotNull(tmp = ASN1_INTEGER_to_BN(asn1, NULL));
- /* After converting back BN should be negative and correct. */
- ExpectIntEQ(BN_is_negative(tmp), 1);
- ExpectNotNull(ret = BN_bn2dec(tmp));
- ExpectIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
- XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
- ASN1_INTEGER_free(asn1);
- BN_free(tmp);
- }
- #endif
- ExpectIntEQ(BN_get_word(c), 4);
- #endif
- ExpectIntEQ(BN_set_word(a, 3), 1);
- ExpectIntEQ(BN_set_word(b, 3), 1);
- ExpectIntEQ(BN_set_word(c, 4), 1);
- /* NULL == NULL, NULL < num, num > NULL */
- ExpectIntEQ(BN_cmp(NULL, NULL), 0);
- ExpectIntEQ(BN_cmp(&emptyBN, &emptyBN), 0);
- ExpectIntLT(BN_cmp(NULL, b), 0);
- ExpectIntLT(BN_cmp(&emptyBN, b), 0);
- ExpectIntGT(BN_cmp(a, NULL), 0);
- ExpectIntGT(BN_cmp(a, &emptyBN), 0);
- ExpectIntEQ(BN_cmp(a, b), 0);
- ExpectIntLT(BN_cmp(a, c), 0);
- ExpectIntGT(BN_cmp(c, b), 0);
- #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
- ExpectIntEQ(BN_print_fp(XBADFILE, NULL), 0);
- ExpectIntEQ(BN_print_fp(XBADFILE, &emptyBN), 0);
- ExpectIntEQ(BN_print_fp(stderr, NULL), 0);
- ExpectIntEQ(BN_print_fp(stderr, &emptyBN), 0);
- ExpectIntEQ(BN_print_fp(XBADFILE, a), 0);
- ExpectIntEQ(BN_print_fp(stderr, a), 1);
- #endif
- BN_clear(a);
- BN_free(a);
- BN_free(b);
- BN_free(c);
- BN_clear_free(d);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_init(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- #if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT)
- BIGNUM* ap = NULL;
- BIGNUM bv;
- BIGNUM cv;
- BIGNUM dv;
- ExpectNotNull(ap = BN_new());
- BN_init(NULL);
- XMEMSET(&bv, 0, sizeof(bv));
- ExpectNull(BN_dup(&bv));
- BN_init(&bv);
- BN_init(&cv);
- BN_init(&dv);
- ExpectIntEQ(BN_set_word(ap, 3), SSL_SUCCESS);
- ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
- ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
- /* a^b mod c = */
- ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
- /* check result 3^2 mod 5 */
- ExpectIntEQ(BN_get_word(&dv), 4);
- /* a*b mod c = */
- ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
- ExpectIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
- /* check result 3*2 mod 5 */
- ExpectIntEQ(BN_get_word(&dv), 1);
- BN_free(ap);
- #endif
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_enc_dec(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH)
- BIGNUM* a = NULL;
- BIGNUM* b = NULL;
- BIGNUM* c = NULL;
- BIGNUM emptyBN;
- char* str = NULL;
- const char* emptyStr = "";
- const char* numberStr = "12345";
- const char* badStr = "g12345";
- #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- const char* twoStr = "2";
- #endif
- unsigned char binNum[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
- unsigned char outNum[5];
- /* Setup */
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- ExpectNotNull(a = BN_new());
- ExpectNotNull(b = BN_new());
- ExpectIntEQ(BN_set_word(a, 2), 1);
- /* Invalid parameters */
- ExpectIntEQ(BN_bn2bin(NULL, NULL), -1);
- ExpectIntEQ(BN_bn2bin(&emptyBN, NULL), -1);
- ExpectIntEQ(BN_bn2bin(NULL, outNum), -1);
- ExpectIntEQ(BN_bn2bin(&emptyBN, outNum), -1);
- ExpectNull(BN_bn2hex(NULL));
- ExpectNull(BN_bn2hex(&emptyBN));
- ExpectNull(BN_bn2dec(NULL));
- ExpectNull(BN_bn2dec(&emptyBN));
- ExpectNull(BN_bin2bn(NULL, sizeof(binNum), NULL));
- ExpectNull(BN_bin2bn(NULL, sizeof(binNum), a));
- ExpectNull(BN_bin2bn(binNum, -1, a));
- ExpectNull(BN_bin2bn(binNum, -1, NULL));
- ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN));
- ExpectIntEQ(BN_hex2bn(NULL, NULL), 0);
- ExpectIntEQ(BN_hex2bn(NULL, numberStr), 0);
- ExpectIntEQ(BN_hex2bn(&a, NULL), 0);
- ExpectIntEQ(BN_hex2bn(&a, emptyStr), 0);
- ExpectIntEQ(BN_hex2bn(&a, badStr), 0);
- ExpectIntEQ(BN_hex2bn(&c, badStr), 0);
- ExpectIntEQ(BN_dec2bn(NULL, NULL), 0);
- ExpectIntEQ(BN_dec2bn(NULL, numberStr), 0);
- ExpectIntEQ(BN_dec2bn(&a, NULL), 0);
- ExpectIntEQ(BN_dec2bn(&a, emptyStr), 0);
- ExpectIntEQ(BN_dec2bn(&a, badStr), 0);
- ExpectIntEQ(BN_dec2bn(&c, badStr), 0);
- ExpectIntEQ(BN_set_word(a, 2), 1);
- ExpectIntEQ(BN_bn2bin(a, NULL), 1);
- ExpectIntEQ(BN_bn2bin(a, outNum), 1);
- ExpectNotNull(BN_bin2bn(outNum, 1, b));
- ExpectIntEQ(BN_cmp(a, b), 0);
- ExpectNotNull(BN_bin2bn(binNum, sizeof(binNum), b));
- ExpectIntEQ(BN_cmp(a, b), -1);
- ExpectNotNull(str = BN_bn2hex(a));
- ExpectNotNull(BN_hex2bn(&b, str));
- ExpectIntEQ(BN_cmp(a, b), 0);
- ExpectNotNull(BN_hex2bn(&b, numberStr));
- ExpectIntEQ(BN_cmp(a, b), -1);
- XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
- str = NULL;
- #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- ExpectNotNull(str = BN_bn2dec(a));
- ExpectStrEQ(str, twoStr);
- XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
- str = NULL;
- #ifndef NO_RSA
- ExpectNotNull(str = BN_bn2dec(a));
- ExpectNotNull(BN_dec2bn(&b, str));
- ExpectIntEQ(BN_cmp(a, b), 0);
- ExpectNotNull(BN_dec2bn(&b, numberStr));
- ExpectIntEQ(BN_cmp(a, b), -1);
- XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
- str = NULL;
- #else
- /* No implementation - fail with good parameters. */
- ExpectIntEQ(BN_dec2bn(&a, numberStr), 0);
- #endif
- #endif
- BN_free(b);
- BN_free(a);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_word(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH)
- BIGNUM* a = NULL;
- BIGNUM* b = NULL;
- BIGNUM* c = NULL;
- BIGNUM av;
- ExpectNotNull(a = BN_new());
- ExpectNotNull(b = BN_new());
- ExpectNotNull(c = BN_new());
- XMEMSET(&av, 0, sizeof(av));
- /* Invalid parameter. */
- ExpectIntEQ(BN_add_word(NULL, 3), 0);
- ExpectIntEQ(BN_add_word(&av, 3), 0);
- ExpectIntEQ(BN_sub_word(NULL, 3), 0);
- ExpectIntEQ(BN_sub_word(&av, 3), 0);
- ExpectIntEQ(BN_set_word(NULL, 3), 0);
- ExpectIntEQ(BN_set_word(&av, 3), 0);
- ExpectIntEQ(BN_get_word(NULL), 0);
- ExpectIntEQ(BN_get_word(&av), 0);
- ExpectIntEQ(BN_is_word(NULL, 3), 0);
- ExpectIntEQ(BN_is_word(&av, 3), 0);
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
- !defined(NO_DSA))
- ExpectIntEQ(BN_mod_word(NULL, 3), -1);
- ExpectIntEQ(BN_mod_word(&av, 3), -1);
- #endif
- ExpectIntEQ(BN_one(NULL), 0);
- ExpectIntEQ(BN_one(&av), 0);
- BN_zero(NULL);
- BN_zero(&av);
- ExpectIntEQ(BN_is_one(NULL), 0);
- ExpectIntEQ(BN_is_one(&av), 0);
- ExpectIntEQ(BN_is_zero(NULL), 0);
- ExpectIntEQ(BN_is_zero(&av), 0);
- ExpectIntEQ(BN_set_word(a, 3), 1);
- ExpectIntEQ(BN_set_word(b, 2), 1);
- ExpectIntEQ(BN_set_word(c, 5), 1);
- /* a + 3 = */
- ExpectIntEQ(BN_add_word(a, 3), 1);
- /* check result 3 + 3*/
- ExpectIntEQ(BN_get_word(a), 6);
- ExpectIntEQ(BN_is_word(a, 6), 1);
- ExpectIntEQ(BN_is_word(a, 5), 0);
- /* set a back to 3 */
- ExpectIntEQ(BN_set_word(a, 3), 1);
- /* a - 3 = */
- ExpectIntEQ(BN_sub_word(a, 3), 1);
- /* check result 3 - 3*/
- ExpectIntEQ(BN_get_word(a), 0);
- ExpectIntEQ(BN_one(a), 1);
- ExpectIntEQ(BN_is_word(a, 1), 1);
- ExpectIntEQ(BN_is_word(a, 0), 0);
- ExpectIntEQ(BN_is_one(a), 1);
- ExpectIntEQ(BN_is_zero(a), 0);
- BN_zero(a);
- ExpectIntEQ(BN_is_word(a, 0), 1);
- ExpectIntEQ(BN_is_word(a, 1), 0);
- ExpectIntEQ(BN_is_zero(a), 1);
- ExpectIntEQ(BN_is_one(a), 0);
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
- !defined(NO_DSA))
- ExpectIntEQ(BN_set_word(a, 5), 1);
- ExpectIntEQ(BN_mod_word(a, 3), 2);
- ExpectIntEQ(BN_mod_word(a, 0), -1);
- #endif
- BN_free(c);
- BN_free(b);
- BN_free(a);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_bits(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- BIGNUM* a = NULL;
- BIGNUM emptyBN;
- /* Setup */
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- ExpectNotNull(a = BN_new());
- /* Invalid parameters. */
- ExpectIntEQ(BN_set_bit(NULL, 1), 0);
- ExpectIntEQ(BN_set_bit(&emptyBN, 1), 0);
- ExpectIntEQ(BN_set_bit(a, -1), 0);
- ExpectIntEQ(BN_clear_bit(NULL, 1), 0);
- ExpectIntEQ(BN_clear_bit(&emptyBN, 1), 0);
- ExpectIntEQ(BN_clear_bit(a, -1), 0);
- ExpectIntEQ(BN_is_bit_set(NULL, 1), 0);
- ExpectIntEQ(BN_is_bit_set(&emptyBN, 1), 0);
- ExpectIntEQ(BN_is_bit_set(a, -1), 0);
- ExpectIntEQ(BN_is_odd(NULL), 0);
- ExpectIntEQ(BN_is_odd(&emptyBN), 0);
- ExpectIntEQ(BN_set_word(a, 0), 1);
- ExpectIntEQ(BN_is_zero(a), 1);
- ExpectIntEQ(BN_set_bit(a, 0x45), 1);
- ExpectIntEQ(BN_is_zero(a), 0);
- ExpectIntEQ(BN_is_bit_set(a, 0x45), 1);
- ExpectIntEQ(BN_clear_bit(a, 0x45), 1);
- ExpectIntEQ(BN_is_bit_set(a, 0x45), 0);
- ExpectIntEQ(BN_is_zero(a), 1);
- ExpectIntEQ(BN_set_bit(a, 0), 1);
- ExpectIntEQ(BN_is_odd(a), 1);
- ExpectIntEQ(BN_clear_bit(a, 0), 1);
- ExpectIntEQ(BN_is_odd(a), 0);
- ExpectIntEQ(BN_set_bit(a, 1), 1);
- ExpectIntEQ(BN_is_odd(a), 0);
- ExpectIntEQ(BN_set_bit(a, 129), 1);
- ExpectIntEQ(BN_get_word(a), WOLFSSL_BN_MAX_VAL);
- #ifndef NO_WOLFSSL_STUB
- ExpectIntEQ(BN_mask_bits(a, 1), 0);
- #endif
- BN_free(a);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_shift(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- BIGNUM* a = NULL;
- BIGNUM* b = NULL;
- BIGNUM emptyBN;
- /* Setup */
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- ExpectNotNull(a = BN_new());
- ExpectNotNull(b = BN_new());
- /* Invalid parameters. */
- ExpectIntEQ(BN_lshift(NULL, NULL, 1), 0);
- ExpectIntEQ(BN_lshift(&emptyBN, NULL, 1), 0);
- ExpectIntEQ(BN_lshift(NULL, &emptyBN, 1), 0);
- ExpectIntEQ(BN_lshift(b, NULL, 1), 0);
- ExpectIntEQ(BN_lshift(b, &emptyBN, 1), 0);
- ExpectIntEQ(BN_lshift(NULL, a, 1), 0);
- ExpectIntEQ(BN_lshift(&emptyBN, a, 1), 0);
- ExpectIntEQ(BN_lshift(b, a, -1), 0);
- ExpectIntEQ(BN_rshift(NULL, NULL, 1), 0);
- ExpectIntEQ(BN_rshift(&emptyBN, NULL, 1), 0);
- ExpectIntEQ(BN_rshift(NULL, &emptyBN, 1), 0);
- ExpectIntEQ(BN_rshift(b, NULL, 1), 0);
- ExpectIntEQ(BN_rshift(b, &emptyBN, 1), 0);
- ExpectIntEQ(BN_rshift(NULL, a, 1), 0);
- ExpectIntEQ(BN_rshift(&emptyBN, a, 1), 0);
- ExpectIntEQ(BN_rshift(b, a, -1), 0);
- ExpectIntEQ(BN_set_word(a, 1), 1);
- ExpectIntEQ(BN_lshift(b, a, 1), 1);
- ExpectIntEQ(BN_is_word(b, 2), 1);
- ExpectIntEQ(BN_lshift(a, a, 1), 1);
- ExpectIntEQ(BN_is_word(a, 2), 1);
- ExpectIntEQ(BN_rshift(b, a, 1), 1);
- ExpectIntEQ(BN_is_word(b, 1), 1);
- ExpectIntEQ(BN_rshift(a, a, 1), 1);
- ExpectIntEQ(BN_is_word(a, 1), 1);
- BN_free(b);
- BN_free(a);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_math(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- BIGNUM* a = NULL;
- BIGNUM* b = NULL;
- BIGNUM* r = NULL;
- BIGNUM* rem = NULL;
- BIGNUM emptyBN;
- BN_ULONG val1;
- BN_ULONG val2;
- /* Setup */
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- ExpectNotNull(a = BN_new());
- ExpectNotNull(b = BN_new());
- ExpectNotNull(r = BN_new());
- ExpectNotNull(rem = BN_new());
- /* Invalid parameters. */
- ExpectIntEQ(BN_add(NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_add(r, NULL, NULL), 0);
- ExpectIntEQ(BN_add(NULL, a, NULL), 0);
- ExpectIntEQ(BN_add(NULL, NULL, b), 0);
- ExpectIntEQ(BN_add(r, a, NULL), 0);
- ExpectIntEQ(BN_add(r, NULL, b), 0);
- ExpectIntEQ(BN_add(NULL, a, b), 0);
- ExpectIntEQ(BN_add(&emptyBN, &emptyBN, &emptyBN), 0);
- ExpectIntEQ(BN_add(r, &emptyBN, &emptyBN), 0);
- ExpectIntEQ(BN_add(&emptyBN, a, &emptyBN), 0);
- ExpectIntEQ(BN_add(&emptyBN, &emptyBN, b), 0);
- ExpectIntEQ(BN_add(r, a, &emptyBN), 0);
- ExpectIntEQ(BN_add(r, &emptyBN, b), 0);
- ExpectIntEQ(BN_add(&emptyBN, a, b), 0);
- ExpectIntEQ(BN_sub(NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_sub(r, NULL, NULL), 0);
- ExpectIntEQ(BN_sub(NULL, a, NULL), 0);
- ExpectIntEQ(BN_sub(NULL, NULL, b), 0);
- ExpectIntEQ(BN_sub(r, a, NULL), 0);
- ExpectIntEQ(BN_sub(r, NULL, b), 0);
- ExpectIntEQ(BN_sub(NULL, a, b), 0);
- ExpectIntEQ(BN_sub(&emptyBN, &emptyBN, &emptyBN), 0);
- ExpectIntEQ(BN_sub(r, &emptyBN, &emptyBN), 0);
- ExpectIntEQ(BN_sub(&emptyBN, a, &emptyBN), 0);
- ExpectIntEQ(BN_sub(&emptyBN, &emptyBN, b), 0);
- ExpectIntEQ(BN_sub(r, a, &emptyBN), 0);
- ExpectIntEQ(BN_sub(r, &emptyBN, b), 0);
- ExpectIntEQ(BN_sub(&emptyBN, a, b), 0);
- ExpectIntEQ(BN_mul(NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mul(r, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mul(NULL, a, NULL, NULL), 0);
- ExpectIntEQ(BN_mul(NULL, NULL, b, NULL), 0);
- ExpectIntEQ(BN_mul(r, a, NULL, NULL), 0);
- ExpectIntEQ(BN_mul(r, NULL, b, NULL), 0);
- ExpectIntEQ(BN_mul(NULL, a, b, NULL), 0);
- ExpectIntEQ(BN_mul(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mul(r, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mul(&emptyBN, a, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mul(&emptyBN, &emptyBN, b, NULL), 0);
- ExpectIntEQ(BN_mul(r, a, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mul(r, &emptyBN, b, NULL), 0);
- ExpectIntEQ(BN_mul(&emptyBN, a, b, NULL), 0);
- ExpectIntEQ(BN_div(NULL, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_div(r, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_div(NULL, rem, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_div(NULL, NULL, a, NULL, NULL), 0);
- ExpectIntEQ(BN_div(NULL, NULL, NULL, b, NULL), 0);
- ExpectIntEQ(BN_div(NULL, rem, a, b, NULL), 0);
- ExpectIntEQ(BN_div(r, NULL, a, b, NULL), 0);
- ExpectIntEQ(BN_div(r, rem, NULL, b, NULL), 0);
- ExpectIntEQ(BN_div(r, rem, a, NULL, NULL), 0);
- ExpectIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_div(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_div(&emptyBN, rem, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_div(&emptyBN, &emptyBN, a, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, b, NULL), 0);
- ExpectIntEQ(BN_div(&emptyBN, rem, a, b, NULL), 0);
- ExpectIntEQ(BN_div(r, &emptyBN, a, b, NULL), 0);
- ExpectIntEQ(BN_div(r, rem, &emptyBN, b, NULL), 0);
- ExpectIntEQ(BN_div(r, rem, a, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod(NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod(r, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod(NULL, a, NULL, NULL), 0);
- ExpectIntEQ(BN_mod(NULL, NULL, b, NULL), 0);
- ExpectIntEQ(BN_mod(r, a, NULL, NULL), 0);
- ExpectIntEQ(BN_mod(r, NULL, b, NULL), 0);
- ExpectIntEQ(BN_mod(NULL, a, b, NULL), 0);
- ExpectIntEQ(BN_mod(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod(r, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod(&emptyBN, a, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod(&emptyBN, &emptyBN, b, NULL), 0);
- ExpectIntEQ(BN_mod(r, a, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod(r, &emptyBN, b, NULL), 0);
- ExpectIntEQ(BN_mod(&emptyBN, a, b, NULL), 0);
- /* END Invalid parameters. */
- val1 = 8;
- val2 = 3;
- ExpectIntEQ(BN_set_word(a, val1), 1);
- ExpectIntEQ(BN_set_word(b, val2), 1);
- ExpectIntEQ(BN_add(r, a, b), 1);
- ExpectIntEQ(BN_is_word(r, val1 + val2), 1);
- ExpectIntEQ(BN_sub(r, a, b), 1);
- ExpectIntEQ(BN_is_word(r, val1 - val2), 1);
- ExpectIntEQ(BN_mul(r, a, b, NULL), 1);
- ExpectIntEQ(BN_is_word(r, val1 * val2), 1);
- ExpectIntEQ(BN_div(r, rem, a, b, NULL), 1);
- ExpectIntEQ(BN_is_word(r, val1 / val2), 1);
- ExpectIntEQ(BN_is_word(rem, val1 % val2), 1);
- ExpectIntEQ(BN_mod(r, a, b, NULL), 1);
- ExpectIntEQ(BN_is_word(r, val1 % val2), 1);
- BN_free(rem);
- BN_free(r);
- BN_free(b);
- BN_free(a);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_math_mod(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- BIGNUM* a = NULL;
- BIGNUM* b = NULL;
- BIGNUM* m = NULL;
- BIGNUM* r = NULL;
- BIGNUM* t = NULL;
- BIGNUM emptyBN;
- BN_ULONG val1;
- BN_ULONG val2;
- BN_ULONG val3;
- /* Setup */
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- ExpectNotNull(a = BN_new());
- ExpectNotNull(b = BN_new());
- ExpectNotNull(m = BN_new());
- ExpectNotNull(r = BN_new());
- /* Invalid parameters. */
- ExpectIntEQ(BN_mod_add(NULL, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_add(r, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_add(NULL, a, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_add(NULL, NULL, b, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_add(NULL, NULL, NULL, m, NULL), 0);
- ExpectIntEQ(BN_mod_add(NULL, a, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_add(r, NULL, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_add(r, a, NULL, m, NULL), 0);
- ExpectIntEQ(BN_mod_add(r, a, m, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_add(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_add(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
- ExpectIntEQ(BN_mod_add(&emptyBN, a, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_add(r, &emptyBN, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_add(r, a, &emptyBN, m, NULL), 0);
- ExpectIntEQ(BN_mod_add(r, a, m, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_mul(NULL, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_mul(r, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_mul(NULL, a, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_mul(NULL, NULL, b, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_mul(NULL, NULL, NULL, m, NULL), 0);
- ExpectIntEQ(BN_mod_mul(NULL, a, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_mul(r, NULL, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_mul(r, a, NULL, m, NULL), 0);
- ExpectIntEQ(BN_mod_mul(r, a, m, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_mul(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_mul(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
- ExpectIntEQ(BN_mod_mul(&emptyBN, a, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_mul(r, &emptyBN, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_mul(r, a, &emptyBN, m, NULL), 0);
- ExpectIntEQ(BN_mod_mul(r, a, m, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_exp(NULL, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_exp(r, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_exp(NULL, a, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_exp(NULL, NULL, b, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_exp(NULL, NULL, NULL, m, NULL), 0);
- ExpectIntEQ(BN_mod_exp(NULL, a, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_exp(r, NULL, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_exp(r, a, NULL, m, NULL), 0);
- ExpectIntEQ(BN_mod_exp(r, a, m, NULL, NULL), 0);
- ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_exp(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_exp(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
- ExpectIntEQ(BN_mod_exp(&emptyBN, a, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_exp(r, &emptyBN, b, m, NULL), 0);
- ExpectIntEQ(BN_mod_exp(r, a, &emptyBN, m, NULL), 0);
- ExpectIntEQ(BN_mod_exp(r, a, m, &emptyBN, NULL), 0);
- ExpectNull(BN_mod_inverse(r, NULL, NULL, NULL));
- ExpectNull(BN_mod_inverse(r, a, NULL, NULL));
- ExpectNull(BN_mod_inverse(r, NULL, m, NULL));
- ExpectNull(BN_mod_inverse(r, NULL, m, NULL));
- ExpectNull(BN_mod_inverse(r, a, NULL, NULL));
- ExpectNull(BN_mod_inverse(&emptyBN, &emptyBN, &emptyBN, NULL));
- ExpectNull(BN_mod_inverse(r, &emptyBN, &emptyBN, NULL));
- ExpectNull(BN_mod_inverse(&emptyBN, a, &emptyBN, NULL));
- ExpectNull(BN_mod_inverse(&emptyBN, &emptyBN, m, NULL));
- ExpectNull(BN_mod_inverse(&emptyBN, a, m, NULL));
- ExpectNull(BN_mod_inverse(r, &emptyBN, m, NULL));
- ExpectNull(BN_mod_inverse(r, a, &emptyBN, NULL));
- /* END Invalid parameters. */
- val1 = 9;
- val2 = 13;
- val3 = 5;
- ExpectIntEQ(BN_set_word(a, val1), 1);
- ExpectIntEQ(BN_set_word(b, val2), 1);
- ExpectIntEQ(BN_set_word(m, val3), 1);
- ExpectIntEQ(BN_mod_add(r, a, b, m, NULL), 1);
- ExpectIntEQ(BN_is_word(r, (val1 + val2) % val3), 1);
- ExpectIntEQ(BN_mod_mul(r, a, b, m, NULL), 1);
- ExpectIntEQ(BN_is_word(r, (val1 * val2) % val3), 1);
- ExpectIntEQ(BN_set_word(a, 2), 1);
- ExpectIntEQ(BN_set_word(b, 3), 1);
- ExpectIntEQ(BN_set_word(m, 5), 1);
- /* (2 ^ 3) % 5 = 8 % 5 = 3 */
- ExpectIntEQ(BN_mod_exp(r, a, b, m, NULL), 1);
- ExpectIntEQ(BN_is_word(r, 3), 1);
- /* (2 * 3) % 5 = 6 % 5 = 1 => inv = 3 */
- ExpectNotNull(BN_mod_inverse(r, a, m, NULL));
- ExpectIntEQ(BN_is_word(r, 3), 1);
- ExpectNotNull(t = BN_mod_inverse(NULL, a, m, NULL));
- ExpectIntEQ(BN_is_word(t, 3), 1);
- BN_free(t);
- /* No inverse case. No inverse when a divides b. */
- ExpectIntEQ(BN_set_word(a, 3), 1);
- ExpectIntEQ(BN_set_word(m, 9), 1);
- ExpectNull(BN_mod_inverse(r, a, m, NULL));
- BN_free(r);
- BN_free(m);
- BN_free(b);
- BN_free(a);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_math_other(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- BIGNUM* a = NULL;
- BIGNUM* b = NULL;
- BIGNUM* r = NULL;
- BIGNUM emptyBN;
- /* Setup */
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- ExpectNotNull(a = BN_new());
- ExpectNotNull(b = BN_new());
- ExpectNotNull(r = BN_new());
- /* Invalid parameters. */
- ExpectIntEQ(BN_gcd(NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_gcd(r, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_gcd(NULL, a, NULL, NULL), 0);
- ExpectIntEQ(BN_gcd(NULL, NULL, b, NULL), 0);
- ExpectIntEQ(BN_gcd(NULL, a, b, NULL), 0);
- ExpectIntEQ(BN_gcd(r, NULL, b, NULL), 0);
- ExpectIntEQ(BN_gcd(r, a, NULL, NULL), 0);
- ExpectIntEQ(BN_gcd(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_gcd(r, &emptyBN, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_gcd(&emptyBN, a, &emptyBN, NULL), 0);
- ExpectIntEQ(BN_gcd(&emptyBN, &emptyBN, b, NULL), 0);
- ExpectIntEQ(BN_gcd(&emptyBN, a, b, NULL), 0);
- ExpectIntEQ(BN_gcd(r, &emptyBN, b, NULL), 0);
- ExpectIntEQ(BN_gcd(r, a, &emptyBN, NULL), 0);
- /* END Invalid parameters. */
- /* No common factors between 2 and 3. */
- ExpectIntEQ(BN_set_word(a, 2), 1);
- ExpectIntEQ(BN_set_word(b, 3), 1);
- ExpectIntEQ(BN_gcd(r, a, b, NULL), 1);
- ExpectIntEQ(BN_is_word(r, 1), 1);
- /* 3 is largest value that divides both 6 and 9. */
- ExpectIntEQ(BN_set_word(a, 6), 1);
- ExpectIntEQ(BN_set_word(b, 9), 1);
- ExpectIntEQ(BN_gcd(r, a, b, NULL), 1);
- ExpectIntEQ(BN_is_word(r, 3), 1);
- /* GCD of 0 and 0 is undefined. */
- ExpectIntEQ(BN_set_word(a, 0), 1);
- ExpectIntEQ(BN_set_word(b, 0), 1);
- ExpectIntEQ(BN_gcd(r, a, b, NULL), 0);
- /* Teardown */
- BN_free(r);
- BN_free(b);
- BN_free(a);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_rand(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(OPENSSL_EXTRA_NO_BN)
- BIGNUM* bn = NULL;
- BIGNUM* range = NULL;
- BIGNUM emptyBN;
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- ExpectNotNull(bn = BN_new());
- ExpectNotNull(range = BN_new());
- /* Invalid parameters. */
- ExpectIntEQ(BN_rand(NULL, -1, 0, 0), 0);
- ExpectIntEQ(BN_rand(bn, -1, 0, 0), 0);
- ExpectIntEQ(BN_rand(NULL, 1, 0, 0), 0);
- ExpectIntEQ(BN_rand(&emptyBN, -1, 0, 0), 0);
- ExpectIntEQ(BN_rand(bn, -1, 0, 0), 0);
- ExpectIntEQ(BN_rand(&emptyBN, 1, 0, 0), 0);
- ExpectIntEQ(BN_pseudo_rand(NULL, -1, 0, 0), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0);
- ExpectIntEQ(BN_pseudo_rand(NULL, 1, 0, 0), 0);
- ExpectIntEQ(BN_pseudo_rand(&emptyBN, -1, 0, 0), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0);
- ExpectIntEQ(BN_pseudo_rand(&emptyBN, 1, 0, 0), 0);
- ExpectIntEQ(BN_rand_range(NULL, NULL), 0);
- ExpectIntEQ(BN_rand_range(bn, NULL), 0);
- ExpectIntEQ(BN_rand_range(NULL, range), 0);
- ExpectIntEQ(BN_rand_range(&emptyBN, &emptyBN), 0);
- ExpectIntEQ(BN_rand_range(bn, &emptyBN), 0);
- ExpectIntEQ(BN_rand_range(&emptyBN, range), 0);
- /* 0 bit random value must be 0 and so cannot set bit in any position. */
- ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
- ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
- ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
- ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
- ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
- /* 1 bit random value must have no more than one top bit set. */
- ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
- ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
- ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
- /* END Invalid parameters. */
- /* 0 bit random: 0. */
- ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_is_zero(bn), 1);
- ExpectIntEQ(BN_set_word(bn, 2), 1); /* Make sure not zero. */
- ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_is_zero(bn), 1);
- /* 1 bit random: 0 or 1. */
- ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntLT(BN_get_word(bn), 2); /* Make sure valid range. */
- ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_get_word(bn), 1);
- ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
- ExpectIntEQ(BN_get_word(bn), 1);
- ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntLT(BN_get_word(bn), 2); /* Make sure valid range. */
- ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_get_word(bn), 1);
- ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
- ExpectIntEQ(BN_get_word(bn), 1);
- ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_num_bits(bn), 8);
- ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
- ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_num_bits(bn), 8);
- ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
- ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
- ExpectIntEQ(BN_is_bit_set(bn, 6), 1);
- ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
- ExpectIntEQ(BN_is_bit_set(bn, 6), 1);
- ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
- ExpectIntEQ(BN_is_bit_set(bn, 0), 1);
- ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
- ExpectIntEQ(BN_is_bit_set(bn, 0), 1);
- /* Regression test: Older versions of wolfSSL_BN_rand would round the
- * requested number of bits up to the nearest multiple of 8. E.g. in this
- * case, requesting a 13-bit random number would actually return a 16-bit
- * random number. */
- ExpectIntEQ(BN_rand(bn, 13, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_num_bits(bn), 13);
- ExpectIntEQ(BN_rand(range, 64, WOLFSSL_BN_RAND_TOP_ONE,
- WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
- ExpectIntEQ(BN_rand_range(bn, range), 1);
- ExpectIntEQ(BN_set_word(range, 0), 1);
- ExpectIntEQ(BN_rand_range(bn, range), 1);
- ExpectIntEQ(BN_set_word(range, 1), 1);
- ExpectIntEQ(BN_rand_range(bn, range), 1);
- BN_free(bn);
- BN_free(range);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BN_prime(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
- !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA))
- BIGNUM* a = NULL;
- BIGNUM* add = NULL;
- BIGNUM* rem = NULL;
- BIGNUM emptyBN;
- XMEMSET(&emptyBN, 0, sizeof(emptyBN));
- ExpectNotNull(a = BN_new());
- ExpectNotNull(add = BN_new());
- ExpectNotNull(rem = BN_new());
- /* Invalid parameters. */
- /* BN_generate_prime_ex()
- * prime - must have valid BIGNUM
- * bits - Greater then 0
- * safe - not supported, must be 0
- * add - not supported, must be NULL
- * rem - not supported, must be NULL
- * cb - anything
- */
- ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(a, -1, 1, add, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(NULL, 2, 1, add, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(&emptyBN, 2, 1, add, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 0, add, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 0, add, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, NULL, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, NULL, rem, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, NULL, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, NULL, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(NULL, 2, 0, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(&emptyBN, 2, 0, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(a, -1, 0, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(a, 0, 0, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(a, 2, 1, NULL, NULL, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(a, 2, 0, add, NULL, NULL), 0);
- ExpectIntEQ(BN_generate_prime_ex(a, 2, 0, NULL, rem, NULL), 0);
- ExpectIntEQ(BN_is_prime_ex(NULL, -1, NULL, NULL), -1);
- ExpectIntEQ(BN_is_prime_ex(&emptyBN, -1, NULL, NULL), -1);
- ExpectIntEQ(BN_is_prime_ex(a, -1, NULL, NULL), -1);
- ExpectIntEQ(BN_is_prime_ex(a, 2048, NULL, NULL), -1);
- ExpectIntEQ(BN_is_prime_ex(NULL, 1, NULL, NULL), -1);
- ExpectIntEQ(BN_is_prime_ex(&emptyBN, 1, NULL, NULL), -1);
- /* END Invalid parameters. */
- ExpectIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL), 1);
- ExpectIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 1);
- ExpectIntEQ(BN_clear_bit(a, 0), 1);
- ExpectIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 0);
- BN_free(rem);
- BN_free(add);
- BN_free(a);
- #endif
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- #define TEST_ARG 0x1234
- static void msg_cb(int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg)
- {
- (void)write_p;
- (void)version;
- (void)content_type;
- (void)buf;
- (void)len;
- (void)ssl;
- AssertTrue(arg == (void*)TEST_ARG);
- }
- #endif
- #if defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- #if defined(SESSION_CERTS)
- #include "wolfssl/internal.h"
- #endif
- static int msgCb(SSL_CTX *ctx, SSL *ssl)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO)
- STACK_OF(X509)* sk = NULL;
- X509* x509 = NULL;
- int i, num;
- BIO* bio = NULL;
- #endif
- ExpectNotNull(ctx);
- ExpectNotNull(ssl);
- fprintf(stderr, "\n===== msgcb called ====\n");
- #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
- ExpectTrue(SSL_get_peer_cert_chain(ssl) != NULL);
- ExpectIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2);
- ExpectNotNull(SSL_get0_verified_chain(ssl));
- #endif
- #if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO)
- ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
- ExpectNotNull(sk = SSL_get_peer_cert_chain(ssl));
- if (sk == NULL) {
- BIO_free(bio);
- return TEST_FAIL;
- }
- num = sk_X509_num(sk);
- ExpectTrue(num > 0);
- for (i = 0; i < num; i++) {
- ExpectNotNull(x509 = sk_X509_value(sk,i));
- if (x509 == NULL)
- break;
- fprintf(stderr, "Certificate at index [%d] = :\n",i);
- X509_print(bio,x509);
- fprintf(stderr, "\n\n");
- }
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_msgCb(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf client_cb;
- test_ssl_cbf server_cb;
- XMEMSET(&client_cb, 0, sizeof(client_cb));
- XMEMSET(&server_cb, 0, sizeof(server_cb));
- #ifndef WOLFSSL_NO_TLS12
- client_cb.method = wolfTLSv1_2_client_method;
- server_cb.method = wolfTLSv1_2_server_method;
- #else
- client_cb.method = wolfTLSv1_3_client_method;
- server_cb.method = wolfTLSv1_3_server_method;
- #endif
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb,
- &server_cb, msgCb), TEST_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_either_side(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf client_cb;
- test_ssl_cbf server_cb;
- XMEMSET(&client_cb, 0, sizeof(client_cb));
- XMEMSET(&server_cb, 0, sizeof(server_cb));
- /* Use different CTX for client and server */
- client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
- ExpectNotNull(client_cb.ctx);
- server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
- ExpectNotNull(server_cb.ctx);
- /* we are responsible for free'ing WOLFSSL_CTX */
- server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb,
- &server_cb, NULL), TEST_SUCCESS);
- wolfSSL_CTX_free(client_cb.ctx);
- wolfSSL_CTX_free(server_cb.ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DTLS_either_side(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS)
- test_ssl_cbf client_cb;
- test_ssl_cbf server_cb;
- XMEMSET(&client_cb, 0, sizeof(client_cb));
- XMEMSET(&server_cb, 0, sizeof(server_cb));
- /* Use different CTX for client and server */
- client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
- ExpectNotNull(client_cb.ctx);
- server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
- ExpectNotNull(server_cb.ctx);
- /* we are responsible for free'ing WOLFSSL_CTX */
- server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb,
- &server_cb, NULL), TEST_SUCCESS);
- wolfSSL_CTX_free(client_cb.ctx);
- wolfSSL_CTX_free(server_cb.ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_generate_cookie(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) && defined(USE_WOLFSSL_IO)
- SSL_CTX* ctx = NULL;
- SSL* ssl = NULL;
- byte buf[FOURK_BUF] = {0};
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method()));
- ExpectNotNull(ssl = SSL_new(ctx));
- /* Test unconnected */
- ExpectIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
- wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
- wolfSSL_SetCookieCtx(ssl, ctx);
- ExpectNotNull(wolfSSL_GetCookieCtx(ssl));
- ExpectNull(wolfSSL_GetCookieCtx(NULL));
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_set_options(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- char appData[] = "extra msg";
- #endif
- #ifdef OPENSSL_EXTRA
- unsigned char protos[] = {
- 7, 't', 'l', 's', '/', '1', '.', '2',
- 8, 'h', 't', 't', 'p', '/', '1', '.', '1'
- };
- unsigned int len = sizeof(protos);
- void *arg = (void *)TEST_ARG;
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1)
- == WOLFSSL_OP_NO_TLSv1);
- ExpectTrue(wolfSSL_CTX_get_options(ctx) == WOLFSSL_OP_NO_TLSv1);
- ExpectIntGT((int)wolfSSL_CTX_set_options(ctx, (WOLFSSL_OP_COOKIE_EXCHANGE |
- WOLFSSL_OP_NO_SSLv2)), 0);
- ExpectTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_COOKIE_EXCHANGE) &
- WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE);
- ExpectTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2) &
- WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2);
- ExpectTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_COMPRESSION) &
- WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION);
- ExpectFalse((wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_NO_COMPRESSION) &
- WOLFSSL_OP_NO_COMPRESSION));
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- #ifdef OPENSSL_EXTRA
- ExpectTrue(wolfSSL_CTX_set_msg_callback(ctx, msg_cb) == WOLFSSL_SUCCESS);
- #endif
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- #ifdef HAVE_EX_DATA
- ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_SUCCESS);
- ExpectNotNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
- if (ssl != NULL) {
- ExpectIntEQ(XMEMCMP(wolfSSL_get_app_data((const WOLFSSL*)ssl),
- appData, sizeof(appData)), 0);
- }
- #else
- ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_FAILURE);
- ExpectNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
- #endif
- #endif
- ExpectTrue(wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1) ==
- WOLFSSL_OP_NO_TLSv1);
- ExpectTrue(wolfSSL_get_options(ssl) == WOLFSSL_OP_NO_TLSv1);
- ExpectIntGT((int)wolfSSL_set_options(ssl, (WOLFSSL_OP_COOKIE_EXCHANGE |
- WOLFSSL_OP_NO_SSLv2)), 0);
- ExpectTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_COOKIE_EXCHANGE) &
- WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE);
- ExpectTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1_2) &
- WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2);
- ExpectTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_COMPRESSION) &
- WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION);
- #ifdef OPENSSL_EXTRA
- ExpectFalse((wolfSSL_clear_options(ssl, WOLFSSL_OP_NO_COMPRESSION) &
- WOLFSSL_OP_NO_COMPRESSION));
- #endif
- #ifdef OPENSSL_EXTRA
- ExpectTrue(wolfSSL_set_msg_callback(ssl, msg_cb) == WOLFSSL_SUCCESS);
- wolfSSL_set_msg_callback_arg(ssl, arg);
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == 0);
- #else
- ExpectTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == WOLFSSL_SUCCESS);
- #endif
- #endif
- #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
- defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
- defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
- #if defined(HAVE_ALPN) && !defined(NO_BIO)
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == 0);
- #else
- ExpectTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == WOLFSSL_SUCCESS);
- #endif
- #endif /* HAVE_ALPN && !NO_BIO */
- #endif
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_sk_SSL_CIPHER(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- SSL* ssl = NULL;
- SSL_CTX* ctx = NULL;
- STACK_OF(SSL_CIPHER) *sk = NULL;
- STACK_OF(SSL_CIPHER) *dupSk = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectNotNull(sk = SSL_get_ciphers(ssl));
- ExpectNotNull(dupSk = sk_SSL_CIPHER_dup(sk));
- ExpectIntGT(sk_SSL_CIPHER_num(sk), 0);
- ExpectIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dupSk));
- /* error case because connection has not been established yet */
- ExpectIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1);
- sk_SSL_CIPHER_free(dupSk);
- /* sk is pointer to internal struct that should be free'd in SSL_free */
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_set1_curves_list(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- SSL* ssl = NULL;
- SSL_CTX* ctx = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
- #ifdef HAVE_ECC
- ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
- ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);
- #endif
- #ifdef HAVE_CURVE25519
- ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_FAILURE);
- #endif
- #ifdef HAVE_CURVE448
- ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_FAILURE);
- #endif
- ExpectIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
- #ifdef HAVE_ECC
- ExpectIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
- ExpectIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);
- #endif
- #ifdef HAVE_CURVE25519
- ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_FAILURE);
- #endif
- #ifdef HAVE_CURVE448
- ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_FAILURE);
- #endif
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_set1_sigalgs_list(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
- #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
- SSL* ssl = NULL;
- SSL_CTX* ctx = NULL;
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE);
- #ifndef NO_RSA
- #ifndef NO_SHA256
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"),
- WOLFSSL_FAILURE);
- #ifdef WC_RSA_PSS
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-PSS+SHA256"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "PSS+SHA256"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "PSS+SHA256"),
- WOLFSSL_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA512
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
- "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
- "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
- #elif defined(WOLFSSL_SHA384)
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
- "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
- "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
- #endif
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"),
- WOLFSSL_FAILURE);
- #endif
- #endif
- #ifdef HAVE_ECC
- #ifndef NO_SHA256
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256"),
- WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_SHA512
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
- "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
- "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
- #elif defined(WOLFSSL_SHA384)
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
- "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
- "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
- #endif
- #endif
- #endif
- #ifdef HAVE_ED25519
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED25519"), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED25519"), WOLFSSL_SUCCESS);
- #endif
- #ifdef HAVE_ED448
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED448"), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED448"), WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_DSA
- #ifndef NO_SHA256
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA256"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA256"),
- WOLFSSL_SUCCESS);
- #endif
- #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
- defined(WOLFSSL_ALLOW_TLS_SHA1))
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA1"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA1"),
- WOLFSSL_SUCCESS);
- #endif
- #endif
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
- #endif
- return EXPECT_RESULT();
- }
- /* Testing wolfSSL_set_tlsext_status_type function.
- * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
- */
- static int test_wolfSSL_set_tlsext_status_type(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
- !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
- SSL* ssl = NULL;
- SSL_CTX* ctx = NULL;
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp),
- SSL_SUCCESS);
- ExpectIntEQ(SSL_get_tlsext_status_type(ssl), TLSEXT_STATUSTYPE_ocsp);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_PEM_read_bio(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- byte buff[6000];
- XFILE f = XBADFILE;
- int bytes;
- X509* x509 = NULL;
- BIO* bio = NULL;
- BUF_MEM* buf = NULL;
- ExpectTrue((f = XFOPEN(cliCertFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
- ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
- ExpectIntEQ(BIO_set_mem_eof_return(bio, -0xDEAD), 1);
- ExpectNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
- ExpectIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1);
- /* BIO should return the set EOF value */
- ExpectIntEQ(BIO_read(bio, buff, sizeof(buff)), -0xDEAD);
- ExpectIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1);
- ExpectIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1);
- ExpectIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf));
- BIO_free(bio);
- BUF_MEM_free(buf);
- X509_free(x509);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) &&
- * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA)
- static long bioCallback(BIO *bio, int cmd, const char* argp, int argi,
- long argl, long ret)
- {
- (void)bio;
- (void)cmd;
- (void)argp;
- (void)argi;
- (void)argl;
- return ret;
- }
- #endif
- static int test_wolfSSL_BIO(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- const unsigned char* p = NULL;
- byte buff[20];
- BIO* bio1 = NULL;
- BIO* bio2 = NULL;
- BIO* bio3 = NULL;
- char* bufPt = NULL;
- int i;
- for (i = 0; i < 20; i++) {
- buff[i] = i;
- }
- /* test BIO_free with NULL */
- ExpectIntEQ(BIO_free(NULL), WOLFSSL_FAILURE);
- /* Creating and testing type BIO_s_bio */
- ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
- ExpectNotNull(bio2 = BIO_new(BIO_s_bio()));
- ExpectNotNull(bio3 = BIO_new(BIO_s_bio()));
- /* read/write before set up */
- ExpectIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET);
- ExpectIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET);
- ExpectIntEQ(BIO_set_nbio(bio1, 1), 1);
- ExpectIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS);
- ExpectIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS);
- ExpectIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10);
- ExpectNotNull(XMEMCPY(bufPt, buff, 10));
- ExpectIntEQ(BIO_write(bio1, buff + 10, 10), 10);
- /* write buffer full */
- ExpectIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR);
- ExpectIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS);
- ExpectIntEQ((int)BIO_ctrl_pending(bio1), 0);
- /* write the other direction with pair */
- ExpectIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8);
- ExpectNotNull(XMEMCPY(bufPt, buff, 8));
- ExpectIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR);
- /* try read */
- ExpectIntEQ((int)BIO_ctrl_pending(bio1), 8);
- ExpectIntEQ((int)BIO_ctrl_pending(bio2), 20);
- /* try read using ctrl function */
- ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8);
- ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8);
- ExpectIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20);
- ExpectIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20);
- ExpectIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20);
- for (i = 0; i < 20; i++) {
- ExpectIntEQ((int)bufPt[i], i);
- }
- ExpectIntEQ(BIO_nread(bio2, &bufPt, 1), 0);
- ExpectIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
- for (i = 0; i < 8; i++) {
- ExpectIntEQ((int)bufPt[i], i);
- }
- ExpectIntEQ(BIO_nread(bio1, &bufPt, 1), 0);
- ExpectIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
- /* new pair */
- ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
- BIO_free(bio2); /* free bio2 and automatically remove from pair */
- bio2 = NULL;
- ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
- ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0);
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), 0);
- /* test wrap around... */
- ExpectIntEQ(BIO_reset(bio1), 0);
- ExpectIntEQ(BIO_reset(bio3), 0);
- /* fill write buffer, read only small amount then write again */
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
- ExpectNotNull(XMEMCPY(bufPt, buff, 20));
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 4), 4);
- for (i = 0; i < 4; i++) {
- ExpectIntEQ(bufPt[i], i);
- }
- /* try writing over read index */
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4);
- ExpectNotNull(XMEMSET(bufPt, 0, 4));
- ExpectIntEQ((int)BIO_ctrl_pending(bio3), 20);
- /* read and write 0 bytes */
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0);
- /* should read only to end of write buffer then need to read again */
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 20), 16);
- for (i = 0; i < 16; i++) {
- ExpectIntEQ(bufPt[i], buff[4 + i]);
- }
- ExpectIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
- ExpectIntEQ(BIO_nread0(bio3, &bufPt), 4);
- for (i = 0; i < 4; i++) {
- ExpectIntEQ(bufPt[i], 0);
- }
- /* read index should not have advanced with nread0 */
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 5), 4);
- for (i = 0; i < 4; i++) {
- ExpectIntEQ(bufPt[i], 0);
- }
- /* write and fill up buffer checking reset of index state */
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
- ExpectNotNull(XMEMCPY(bufPt, buff, 20));
- /* test reset on data in bio1 write buffer */
- ExpectIntEQ(BIO_reset(bio1), 0);
- ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0);
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), 0);
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
- ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
- ExpectNotNull(p);
- ExpectNotNull(XMEMCPY(bufPt, buff, 20));
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 6), 6);
- for (i = 0; i < 6; i++) {
- ExpectIntEQ(bufPt[i], i);
- }
- /* test case of writing twice with offset read index */
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3);
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
- ExpectIntEQ(BIO_nread(bio3, &bufPt, 1), 1);
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1);
- ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
- BIO_free(bio1);
- bio1 = NULL;
- BIO_free(bio3);
- bio3 = NULL;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
- {
- BIO* bioA = NULL;
- BIO* bioB = NULL;
- ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
- ExpectIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
- BIO_free(bioA);
- bioA = NULL;
- BIO_free(bioB);
- bioB = NULL;
- }
- #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
- /* BIOs with file pointers */
- #if !defined(NO_FILESYSTEM)
- {
- XFILE f1 = XBADFILE;
- XFILE f2 = XBADFILE;
- BIO* f_bio1 = NULL;
- BIO* f_bio2 = NULL;
- unsigned char cert[300];
- char testFile[] = "tests/bio_write_test.txt";
- char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n";
- ExpectNotNull(f_bio1 = BIO_new(BIO_s_file()));
- ExpectNotNull(f_bio2 = BIO_new(BIO_s_file()));
- /* Failure due to wrong BIO type */
- ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
- ExpectIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0);
- ExpectTrue((f1 = XFOPEN(svrCertFile, "rwb")) != XBADFILE);
- ExpectIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
- ExpectIntEQ(BIO_write_filename(f_bio2, testFile),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
- ExpectIntEQ(BIO_tell(f_bio1),sizeof(cert));
- ExpectIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg));
- ExpectIntEQ(BIO_tell(f_bio2),sizeof(msg));
- ExpectIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert));
- ExpectIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));
- ExpectIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
- ExpectIntEQ(BIO_reset(f_bio2), 0);
- ExpectIntEQ(BIO_tell(NULL),-1);
- ExpectIntEQ(BIO_tell(f_bio2),0);
- ExpectIntEQ(BIO_seek(f_bio2, 4), 0);
- ExpectIntEQ(BIO_tell(f_bio2),4);
- BIO_free(f_bio1);
- f_bio1 = NULL;
- BIO_free(f_bio2);
- f_bio2 = NULL;
- ExpectNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
- ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
- ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
- BIO_free(f_bio1);
- f_bio1 = NULL;
- }
- #endif /* !defined(NO_FILESYSTEM) */
- /* BIO info callback */
- {
- const char* testArg = "test";
- BIO* cb_bio = NULL;
- ExpectNotNull(cb_bio = BIO_new(BIO_s_mem()));
- BIO_set_callback(cb_bio, bioCallback);
- ExpectNotNull(BIO_get_callback(cb_bio));
- BIO_set_callback(cb_bio, NULL);
- ExpectNull(BIO_get_callback(cb_bio));
- BIO_set_callback_arg(cb_bio, (char*)testArg);
- ExpectStrEQ(BIO_get_callback_arg(cb_bio), testArg);
- ExpectNull(BIO_get_callback_arg(NULL));
- BIO_free(cb_bio);
- cb_bio = NULL;
- }
- /* BIO_vfree */
- ExpectNotNull(bio1 = BIO_new(BIO_s_bio()));
- BIO_vfree(NULL);
- BIO_vfree(bio1);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_BIO_ring_read(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL)
- BIO* bio1 = NULL;
- BIO* bio2 = NULL;
- byte data[50];
- byte tmp[50];
- XMEMSET(data, 42, sizeof(data));
- ExpectIntEQ(BIO_new_bio_pair(&bio1, sizeof(data), &bio2, sizeof(data)),
- SSL_SUCCESS);
- ExpectIntEQ(BIO_write(bio1, data, 40), 40);
- ExpectIntEQ(BIO_read(bio1, tmp, 20), -1);
- ExpectIntEQ(BIO_read(bio2, tmp, 20), 20);
- ExpectBufEQ(tmp, data, 20);
- ExpectIntEQ(BIO_write(bio1, data, 20), 20);
- ExpectIntEQ(BIO_read(bio2, tmp, 40), 40);
- ExpectBufEQ(tmp, data, 40);
- BIO_free(bio1);
- BIO_free(bio2);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* !NO_BIO */
- static int test_wolfSSL_a2i_IPADDRESS(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(WOLFSSL_USER_IO)
- const unsigned char* data = NULL;
- int dataSz = 0;
- ASN1_OCTET_STRING *st = NULL;
- const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1};
- const unsigned char ipv6_exp[] = {
- 0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77
- };
- const unsigned char ipv6_home[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
- };
- ExpectNull(st = a2i_IPADDRESS("127.0.0.1bad"));
- ExpectNotNull(st = a2i_IPADDRESS("127.0.0.1"));
- ExpectNotNull(data = ASN1_STRING_get0_data(st));
- ExpectIntEQ(dataSz = ASN1_STRING_length(st), WOLFSSL_IP4_ADDR_LEN);
- ExpectIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0);
- ASN1_STRING_free(st);
- st = NULL;
- ExpectNotNull(st = a2i_IPADDRESS("::1"));
- ExpectNotNull(data = ASN1_STRING_get0_data(st));
- ExpectIntEQ(dataSz = ASN1_STRING_length(st), WOLFSSL_IP6_ADDR_LEN);
- ExpectIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0);
- ASN1_STRING_free(st);
- st = NULL;
- ExpectNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777"));
- ExpectNotNull(data = ASN1_STRING_get0_data(st));
- ExpectIntEQ(dataSz = ASN1_STRING_length(st), WOLFSSL_IP6_ADDR_LEN);
- ExpectIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0);
- ASN1_STRING_free(st);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_cmp_time(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
- && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
- WOLFSSL_ASN1_TIME asn_time;
- time_t t;
- ExpectIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t));
- XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
- ExpectIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
- ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
- ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_time_adj(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
- !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \
- defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \
- !defined(NO_ASN_TIME)
- X509* x509 = NULL;
- time_t t;
- time_t not_before;
- time_t not_after;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
- client_cert_der_2048, sizeof_client_cert_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- t = 0;
- not_before = wc_Time(0);
- not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */
- ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
- ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
- /* Check X509_gmtime_adj, too. */
- ExpectNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after));
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA)
- X509* x509 = NULL;
- #ifndef NO_BIO
- BIO* bio = NULL;
- X509_STORE_CTX* ctx = NULL;
- X509_STORE* store = NULL;
- #endif
- char der[] = "certs/ca-cert.der";
- XFILE fp = XBADFILE;
- ExpectNotNull(x509 = X509_new());
- X509_free(x509);
- x509 = NULL;
- #ifndef NO_BIO
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- #ifdef WOLFSSL_CERT_GEN
- ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
- #endif
- ExpectNotNull(ctx = X509_STORE_CTX_new());
- ExpectIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
- ExpectNotNull(store = X509_STORE_new());
- ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
- ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
- ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
- X509_STORE_CTX_free(ctx);
- X509_STORE_free(store);
- X509_free(x509);
- x509 = NULL;
- BIO_free(bio);
- #endif
- /** d2i_X509_fp test **/
- ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
- ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
- ExpectNotNull(x509);
- X509_free(x509);
- x509 = NULL;
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
- ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
- ExpectNotNull(x509);
- X509_free(x509);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- /* X509_up_ref test */
- ExpectIntEQ(X509_up_ref(NULL), 0);
- ExpectNotNull(x509 = X509_new()); /* refCount = 1 */
- ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */
- ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */
- X509_free(x509); /* refCount = 2 */
- X509_free(x509); /* refCount = 1 */
- X509_free(x509); /* refCount = 0, free */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_get_ext_count(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA)
- int ret = 0;
- WOLFSSL_X509* x509 = NULL;
- const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem";
- XFILE f = XBADFILE;
- /* NULL parameter check */
- ExpectIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectIntEQ(X509_get_ext_count(x509), 5);
- wolfSSL_X509_free(x509);
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile,
- SSL_FILETYPE_PEM));
- ExpectIntEQ(X509_get_ext_count(x509), 5);
- wolfSSL_X509_free(x509);
- ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE)
- XFCLOSE(f);
- /* wolfSSL_X509_get_ext_count() valid input */
- ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
- /* wolfSSL_X509_get_ext_count() NULL argument */
- ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_sign2(void)
- {
- EXPECT_DECLS;
- /* test requires WOLFSSL_AKID_NAME to match expected output */
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \
- (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
- defined(WOLFSSL_IP_ALT_NAME))
- WOLFSSL_X509 *x509 = NULL;
- WOLFSSL_X509 *ca = NULL;
- const unsigned char *der = NULL;
- const unsigned char *pt = NULL;
- WOLFSSL_EVP_PKEY *priv = NULL;
- WOLFSSL_X509_NAME *name = NULL;
- int derSz;
- #ifndef NO_ASN_TIME
- WOLFSSL_ASN1_TIME *notBefore = NULL;
- WOLFSSL_ASN1_TIME *notAfter = NULL;
- const int year = 365*24*60*60;
- const int day = 24*60*60;
- const int hour = 60*60;
- const int mini = 60;
- time_t t;
- #endif
- const unsigned char expected[] = {
- 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01,
- 0x02, 0x02, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55, 0x8A,
- 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, 0xB8, 0xE8, 0x30,
- 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
- 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
- 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
- 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
- 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
- 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03,
- 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74,
- 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A,
- 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18,
- 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77,
- 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
- 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
- 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17,
- 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30,
- 0x30, 0x5A, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30,
- 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09,
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
- 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
- 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
- 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30,
- 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66,
- 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17,
- 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72,
- 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31,
- 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
- 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
- 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
- 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
- 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82,
- 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82,
- 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE,
- 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74,
- 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07,
- 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81,
- 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36,
- 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC,
- 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F,
- 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5,
- 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56,
- 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF,
- 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3,
- 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97,
- 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14,
- 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40,
- 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65,
- 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B,
- 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B,
- 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9,
- 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1,
- 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72,
- 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7,
- 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02,
- 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B,
- 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
- 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30,
- 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63,
- 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03,
- 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7,
- 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7,
- 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04,
- 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7,
- 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7,
- 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E,
- 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
- 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07,
- 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
- 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
- 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C,
- 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38,
- 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50,
- 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32,
- 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
- 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
- 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
- 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
- 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
- 0x6F, 0x6D, 0x82, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55,
- 0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, 0xB8, 0xE8,
- 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
- 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B,
- 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
- 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82,
- 0x01, 0x01, 0x00, 0x14, 0xFB, 0xD0, 0xCE, 0x31, 0x7F, 0xA5, 0x59, 0xFA,
- 0x7C, 0x68, 0x26, 0xA7, 0xE8, 0x0D, 0x9F, 0x50, 0x57, 0xFA, 0x1C, 0x7C,
- 0x5E, 0x43, 0xA4, 0x97, 0x47, 0xB6, 0x41, 0xAC, 0x63, 0xD3, 0x61, 0x8C,
- 0x1F, 0x42, 0xEF, 0x53, 0xD0, 0xBA, 0x31, 0x4D, 0x99, 0x74, 0xA4, 0x60,
- 0xDC, 0xC6, 0x6F, 0xCC, 0x1E, 0x25, 0x98, 0xE1, 0xA4, 0xA0, 0x67, 0x69,
- 0x97, 0xE3, 0x97, 0x7C, 0x83, 0x28, 0xF1, 0xF4, 0x7D, 0x03, 0xA8, 0x31,
- 0x77, 0xCC, 0xD1, 0x37, 0xEF, 0x7B, 0x4A, 0x71, 0x2D, 0x11, 0x7E, 0x92,
- 0xF5, 0x67, 0xB7, 0x56, 0xBA, 0x28, 0xF8, 0xD6, 0xCE, 0x2A, 0x71, 0xE3,
- 0x70, 0x6B, 0x09, 0x0F, 0x67, 0x6F, 0x7A, 0xE0, 0x89, 0xF6, 0x5E, 0x23,
- 0x0C, 0x0A, 0x44, 0x4E, 0x65, 0x8E, 0x7B, 0x68, 0xD0, 0xAD, 0x76, 0x3E,
- 0x2A, 0x0E, 0xA2, 0x05, 0x11, 0x74, 0x24, 0x08, 0x60, 0xED, 0x9F, 0x98,
- 0x18, 0xE9, 0x91, 0x58, 0x36, 0xEC, 0xEC, 0x25, 0x6B, 0xBA, 0x9C, 0x87,
- 0x38, 0x68, 0xDC, 0xDC, 0x15, 0x6F, 0x20, 0x68, 0xC4, 0xBF, 0x05, 0x5B,
- 0x4A, 0x0C, 0x44, 0x2B, 0x92, 0x3F, 0x10, 0x99, 0xDC, 0xF6, 0x6C, 0x0E,
- 0x34, 0x26, 0x6E, 0x6D, 0x4E, 0x12, 0xBC, 0x60, 0x8F, 0x27, 0x1D, 0x7A,
- 0x00, 0x50, 0xBE, 0x23, 0xDE, 0x48, 0x47, 0x9F, 0xAD, 0x2F, 0x94, 0x3D,
- 0x16, 0x73, 0x48, 0x6B, 0xC8, 0x97, 0xE6, 0xB4, 0xB3, 0x4B, 0xE1, 0x68,
- 0x08, 0xC3, 0xE5, 0x34, 0x5F, 0x9B, 0xDA, 0xAB, 0xCA, 0x6D, 0x55, 0x32,
- 0xEF, 0x6C, 0xEF, 0x9B, 0x8B, 0x5B, 0xC7, 0xF0, 0xC2, 0x0F, 0x8E, 0x93,
- 0x09, 0x60, 0x3C, 0x0B, 0xDC, 0xBD, 0xDB, 0x4A, 0x2D, 0xD0, 0x98, 0xAA,
- 0xAB, 0x6C, 0x6F, 0x6D, 0x6B, 0x6A, 0x5C, 0x33, 0xAC, 0xAD, 0xA8, 0x1B,
- 0x38, 0x5D, 0x9F, 0xDA, 0xE7, 0x70, 0x07
- };
- pt = ca_key_der_2048;
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
- sizeof_ca_key_der_2048));
- pt = client_cert_der_2048;
- ExpectNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt,
- sizeof_client_cert_der_2048));
- pt = ca_cert_der_2048;
- ExpectNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048));
- ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca));
- ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- #ifndef NO_ASN_TIME
- t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
- ExpectNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
- ExpectNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
- ExpectIntEQ(notAfter->length, 13);
- ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
- ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
- #endif
- ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
- ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
- ExpectIntEQ(derSz, sizeof(expected));
- #ifndef NO_ASN_TIME
- ExpectIntEQ(XMEMCMP(der, expected, derSz), 0);
- #endif
- wolfSSL_X509_free(ca);
- wolfSSL_X509_free(x509);
- wolfSSL_EVP_PKEY_free(priv);
- #ifndef NO_ASN_TIME
- wolfSSL_ASN1_TIME_free(notBefore);
- wolfSSL_ASN1_TIME_free(notAfter);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_sign(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
- int ret = 0;
- char *cn = NULL;
- word32 cnSz = 0;
- X509_NAME *name = NULL;
- X509 *x509 = NULL;
- X509 *ca = NULL;
- DecodedCert dCert;
- EVP_PKEY *pub = NULL;
- EVP_PKEY *priv = NULL;
- EVP_MD_CTX *mctx = NULL;
- #if defined(USE_CERT_BUFFERS_1024)
- const unsigned char* rsaPriv = client_key_der_1024;
- const unsigned char* rsaPub = client_keypub_der_1024;
- const unsigned char* certIssuer = client_cert_der_1024;
- long clientKeySz = (long)sizeof_client_key_der_1024;
- long clientPubKeySz = (long)sizeof_client_keypub_der_1024;
- long certIssuerSz = (long)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- const unsigned char* rsaPriv = client_key_der_2048;
- const unsigned char* rsaPub = client_keypub_der_2048;
- const unsigned char* certIssuer = client_cert_der_2048;
- long clientKeySz = (long)sizeof_client_key_der_2048;
- long clientPubKeySz = (long)sizeof_client_keypub_der_2048;
- long certIssuerSz = (long)sizeof_client_cert_der_2048;
- #endif
- byte sn[16];
- int snSz = sizeof(sn);
- /* Set X509_NAME fields */
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
- (byte*)"US", 2, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS);
- /* Get private and public keys */
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
- clientKeySz));
- ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
- ExpectNotNull(x509 = X509_new());
- /* Set version 3 */
- ExpectIntNE(X509_set_version(x509, 2L), 0);
- /* Set subject name, add pubkey, and sign certificate */
- ExpectIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS);
- X509_NAME_free(name);
- name = NULL;
- ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
- #ifdef WOLFSSL_ALT_NAMES
- /* Add some subject alt names */
- ExpectIntNE(wolfSSL_X509_add_altname(NULL,
- "ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_add_altname(x509,
- NULL, ASN_DNS_TYPE), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_add_altname(x509,
- "sphygmomanometer",
- ASN_DNS_TYPE), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_add_altname(x509,
- "supercalifragilisticexpialidocious",
- ASN_DNS_TYPE), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_add_altname(x509,
- "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
- ASN_DNS_TYPE), SSL_SUCCESS);
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- {
- unsigned char ip4_type[] = {127,128,0,255};
- unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab,
- 0xff, 0xee, 0x99, 0x88,
- 0x77, 0x66, 0x55, 0x44,
- 0x00, 0x33, 0x22, 0x11};
- ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type,
- sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type,
- sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS);
- }
- #endif
- #endif /* WOLFSSL_ALT_NAMES */
- /* test valid sign case */
- ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0);
- /* test valid X509_sign_ctx case */
- ExpectNotNull(mctx = EVP_MD_CTX_new());
- ExpectIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1);
- ExpectIntGT(X509_sign_ctx(x509, mctx), 0);
- #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
- ExpectIntEQ(X509_get_ext_count(x509), 1);
- #endif
- #if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
- ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1);
- ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1);
- #endif
- ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz),
- WOLFSSL_SUCCESS);
- DEBUG_WRITE_CERT_X509(x509, "signed.pem");
- /* Variation in size depends on ASN.1 encoding when MSB is set.
- * WOLFSSL_ASN_TEMPLATE code does not generate a serial number
- * with the MSB set. See GenerateInteger in asn.c */
- #ifndef USE_CERT_BUFFERS_1024
- #ifndef WOLFSSL_ALT_NAMES
- /* Valid case - size should be 781-786 with 16 byte serial number */
- ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz));
- #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- /* Valid case - size should be 955-960 with 16 byte serial number */
- ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz));
- #else
- /* Valid case - size should be 926-931 with 16 byte serial number */
- ExpectTrue((910 + snSz <= ret) && (ret <= 910 + 5 + snSz));
- #endif
- #else
- #ifndef WOLFSSL_ALT_NAMES
- /* Valid case - size should be 537-542 with 16 byte serial number */
- ExpectTrue((521 + snSz <= ret) && (ret <= 521 + 5 + snSz));
- #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- /* Valid case - size should be 695-670 with 16 byte serial number */
- ExpectTrue((679 + snSz <= ret) && (ret <= 679 + 5 + snSz));
- #else
- /* Valid case - size should be 666-671 with 16 byte serial number */
- ExpectTrue((650 + snSz <= ret) && (ret <= 650 + 5 + snSz));
- #endif
- #endif
- /* check that issuer name is as expected after signature */
- InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
- ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);
- ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
- ExpectNotNull(name = X509_get_subject_name(ca));
- cnSz = X509_NAME_get_sz(name);
- ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
- ExpectNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
- ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
- XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- cn = NULL;
- #ifdef WOLFSSL_MULTI_ATTRIB
- /* test adding multiple OU's to the signer */
- ExpectNotNull(name = X509_get_subject_name(ca));
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
- (byte*)"OU1", 3, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
- (byte*)"OU2", 3, -1, 0), SSL_SUCCESS);
- ExpectIntGT(X509_sign(ca, priv, EVP_sha256()), 0);
- #endif
- ExpectNotNull(name = X509_get_subject_name(ca));
- ExpectIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS);
- ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
- ExpectNotNull(name = X509_get_issuer_name(x509));
- cnSz = X509_NAME_get_sz(name);
- ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
- ExpectNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
- /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */
- ExpectIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer)));
- XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- cn = NULL;
- FreeDecodedCert(&dCert);
- /* Test invalid parameters */
- ExpectIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0);
- ExpectIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
- ExpectIntEQ(X509_sign(x509, priv, NULL), 0);
- ExpectIntEQ(X509_sign_ctx(NULL, mctx), 0);
- EVP_MD_CTX_free(mctx);
- mctx = NULL;
- ExpectNotNull(mctx = EVP_MD_CTX_new());
- ExpectIntEQ(X509_sign_ctx(x509, mctx), 0);
- ExpectIntEQ(X509_sign_ctx(x509, NULL), 0);
- /* test invalid version number */
- #if defined(OPENSSL_ALL)
- ExpectIntNE(X509_set_version(x509, 6L), 0);
- ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
- /* uses ParseCert which fails on bad version number */
- ExpectIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
- #endif
- EVP_MD_CTX_free(mctx);
- EVP_PKEY_free(priv);
- EVP_PKEY_free(pub);
- X509_free(x509);
- X509_free(ca);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_get0_tbs_sigalg(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
- X509* x509 = NULL;
- const X509_ALGOR* alg;
- ExpectNotNull(x509 = X509_new());
- ExpectNull(alg = X509_get0_tbs_sigalg(NULL));
- ExpectNotNull(alg = X509_get0_tbs_sigalg(x509));
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_ALGOR_get0(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
- !defined(NO_SHA256) && !defined(NO_RSA)
- X509* x509 = NULL;
- const ASN1_OBJECT* obj = NULL;
- const X509_ALGOR* alg = NULL;
- int pptype = 0;
- const void *ppval = NULL;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(alg = X509_get0_tbs_sigalg(x509));
- /* Invalid case */
- X509_ALGOR_get0(&obj, NULL, NULL, NULL);
- ExpectNull(obj);
- /* Valid case */
- X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
- ExpectNotNull(obj);
- ExpectNull(ppval);
- ExpectIntNE(pptype, 0);
- /* Make sure NID of X509_ALGOR is Sha256 with RSA */
- ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_VERIFY_PARAM(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- X509_VERIFY_PARAM *paramTo = NULL;
- X509_VERIFY_PARAM *paramFrom = NULL;
- char testIPv4[] = "127.0.0.1";
- char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32";
- char testhostName1[] = "foo.hoge.com";
- char testhostName2[] = "foobar.hoge.com";
- ExpectNotNull(paramTo = X509_VERIFY_PARAM_new());
- ExpectNotNull(XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM)));
- ExpectNotNull(paramFrom = X509_VERIFY_PARAM_new());
- ExpectNotNull(XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM)));
- ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1,
- (int)XSTRLEN(testhostName1)), 1);
- ExpectIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1,
- (int)XSTRLEN(testhostName1)));
- X509_VERIFY_PARAM_set_hostflags(NULL, 0x00);
- X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01);
- ExpectIntEQ(0x01, paramFrom->hostFlags);
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4), 0);
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4), 1);
- ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL), 1);
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6), 1);
- ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
- /* null pointer */
- ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, paramFrom), 0);
- /* in the case of "from" null, returns success */
- ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, NULL), 1);
- ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, NULL), 0);
- /* inherit flags test : VPARAM_DEFAULT */
- ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1);
- ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
- (int)XSTRLEN(testhostName1)));
- ExpectIntEQ(0x01, paramTo->hostFlags);
- ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
- /* inherit flags test : VPARAM OVERWRITE */
- ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
- (int)XSTRLEN(testhostName2)), 1);
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1);
- X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
- if (paramTo != NULL) {
- paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE;
- }
- ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1);
- ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
- (int)XSTRLEN(testhostName1)));
- ExpectIntEQ(0x01, paramTo->hostFlags);
- ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
- /* inherit flags test : VPARAM_RESET_FLAGS */
- ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
- (int)XSTRLEN(testhostName2)), 1);
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1);
- X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10);
- if (paramTo != NULL) {
- paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS;
- }
- ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1);
- ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
- (int)XSTRLEN(testhostName1)));
- ExpectIntEQ(0x01, paramTo->hostFlags);
- ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
- /* inherit flags test : VPARAM_LOCKED */
- ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
- (int)XSTRLEN(testhostName2)), 1);
- ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1);
- X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
- if (paramTo != NULL) {
- paramTo->inherit_flags = X509_VP_FLAG_LOCKED;
- }
- ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1);
- ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2,
- (int)XSTRLEN(testhostName2)));
- ExpectIntEQ(0x00, paramTo->hostFlags);
- ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
- /* test for incorrect parameters */
- ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL),
- 0);
- ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, 0), 0);
- /* inherit flags test : VPARAM_ONCE, not testable yet */
- ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL),
- 1);
- ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo),
- X509_V_FLAG_CRL_CHECK_ALL);
- ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo,
- X509_V_FLAG_CRL_CHECK_ALL), 1);
- ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0);
- X509_VERIFY_PARAM_free(paramTo);
- X509_VERIFY_PARAM_free(paramFrom);
- X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_wolfSSL_check_domain_verify_count = 0;
- static WC_INLINE int test_wolfSSL_check_domain_verify_cb(int preverify,
- WOLFSSL_X509_STORE_CTX* store)
- {
- EXPECT_DECLS;
- ExpectIntEQ(X509_STORE_CTX_get_error(store), 0);
- ExpectIntEQ(preverify, 1);
- ExpectIntGT(++test_wolfSSL_check_domain_verify_count, 0);
- return EXPECT_SUCCESS();
- }
- static int test_wolfSSL_check_domain_client_cb(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- X509_VERIFY_PARAM *param = NULL;
- ExpectNotNull(param = SSL_get0_param(ssl));
- /* Domain check should only be done on the leaf cert */
- X509_VERIFY_PARAM_set_hostflags(param,
- X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
- ExpectIntEQ(X509_VERIFY_PARAM_set1_host(param,
- "wolfSSL Server Chain", 0), 1);
- wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_PEER,
- test_wolfSSL_check_domain_verify_cb);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_check_domain_server_cb(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- /* Use a cert with different domains in chain */
- ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx,
- "certs/intermediate/server-chain.pem"), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_check_domain(void)
- {
- EXPECT_DECLS;
- test_ssl_cbf func_cb_client;
- test_ssl_cbf func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- func_cb_client.ssl_ready = &test_wolfSSL_check_domain_client_cb;
- func_cb_server.ctx_ready = &test_wolfSSL_check_domain_server_cb;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_SUCCESS);
- /* Should have been called once for each cert in sent chain */
- #ifdef WOLFSSL_VERIFY_CB_ALL_CERTS
- ExpectIntEQ(test_wolfSSL_check_domain_verify_count, 3);
- #else
- ExpectIntEQ(test_wolfSSL_check_domain_verify_count, 1);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
- static int test_wolfSSL_X509_get_X509_PUBKEY(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
- X509* x509 = NULL;
- X509_PUBKEY* pubKey;
- ExpectNotNull(x509 = X509_new());
- ExpectNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL));
- ExpectNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509));
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_PUBKEY_RSA(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
- !defined(NO_SHA256) && !defined(NO_RSA)
- X509* x509 = NULL;
- ASN1_OBJECT* obj = NULL;
- const ASN1_OBJECT* pa_oid = NULL;
- X509_PUBKEY* pubKey = NULL;
- X509_PUBKEY* pubKey2 = NULL;
- EVP_PKEY* evpKey = NULL;
- const unsigned char *pk = NULL;
- int ppklen;
- int pptype;
- X509_ALGOR *pa = NULL;
- const void *pval;
- ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509));
- ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
- ExpectNotNull(pk);
- ExpectNotNull(pa);
- ExpectNotNull(pubKey);
- ExpectIntGT(ppklen, 0);
- ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption);
- ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey));
- ExpectNotNull(pubKey2 = X509_PUBKEY_new());
- ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
- ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
- ExpectNotNull(pk);
- ExpectNotNull(pa);
- ExpectIntGT(ppklen, 0);
- X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
- ExpectNotNull(pa_oid);
- ExpectNull(pval);
- ExpectIntEQ(pptype, V_ASN1_NULL);
- ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);
- X509_PUBKEY_free(pubKey2);
- X509_free(x509);
- EVP_PKEY_free(evpKey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_PUBKEY_EC(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC)
- X509* x509 = NULL;
- ASN1_OBJECT* obj = NULL;
- ASN1_OBJECT* poid = NULL;
- const ASN1_OBJECT* pa_oid = NULL;
- X509_PUBKEY* pubKey = NULL;
- X509_PUBKEY* pubKey2 = NULL;
- EVP_PKEY* evpKey = NULL;
- const unsigned char *pk = NULL;
- int ppklen;
- int pptype;
- X509_ALGOR *pa = NULL;
- const void *pval;
- char buf[50];
- ExpectNotNull(x509 = X509_load_certificate_file(cliEccCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509));
- ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey));
- ExpectNotNull(pubKey2 = X509_PUBKEY_new());
- ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
- ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
- ExpectNotNull(pk);
- ExpectNotNull(pa);
- ExpectIntGT(ppklen, 0);
- X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
- ExpectNotNull(pa_oid);
- ExpectNotNull(pval);
- ExpectIntEQ(pptype, V_ASN1_OBJECT);
- ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC);
- poid = (ASN1_OBJECT *)pval;
- ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0);
- ExpectIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1);
- X509_PUBKEY_free(pubKey2);
- X509_free(x509);
- EVP_PKEY_free(evpKey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_PUBKEY_DSA(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA)
- word32 bytes;
- #ifdef USE_CERT_BUFFERS_1024
- byte tmp[ONEK_BUF];
- #elif defined(USE_CERT_BUFFERS_2048)
- byte tmp[TWOK_BUF];
- #else
- byte tmp[TWOK_BUF];
- #endif /* END USE_CERT_BUFFERS_1024 */
- const unsigned char* dsaKeyDer = tmp;
- ASN1_OBJECT* obj = NULL;
- ASN1_STRING* str;
- const ASN1_OBJECT* pa_oid = NULL;
- X509_PUBKEY* pubKey = NULL;
- EVP_PKEY* evpKey = NULL;
- const unsigned char *pk = NULL;
- int ppklen, pptype;
- X509_ALGOR *pa = NULL;
- const void *pval;
- #ifdef USE_CERT_BUFFERS_1024
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- {
- XFILE fp = XBADFILE;
- XMEMSET(tmp, 0, sizeof(tmp));
- ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
- ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- }
- #endif
- /* Initialize pkey with der format dsa key */
- ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes));
- ExpectNotNull(pubKey = X509_PUBKEY_new());
- ExpectIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1);
- ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
- ExpectNotNull(pk);
- ExpectNotNull(pa);
- ExpectIntGT(ppklen, 0);
- X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
- ExpectNotNull(pa_oid);
- ExpectNotNull(pval);
- ExpectIntEQ(pptype, V_ASN1_SEQUENCE);
- ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA);
- str = (ASN1_STRING *)pval;
- DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der");
- #ifdef USE_CERT_BUFFERS_1024
- ExpectIntEQ(ASN1_STRING_length(str), 291);
- #else
- ExpectIntEQ(ASN1_STRING_length(str), 549);
- #endif /* END USE_CERT_BUFFERS_1024 */
- X509_PUBKEY_free(pubKey);
- EVP_PKEY_free(evpKey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BUF(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- BUF_MEM* buf = NULL;
- ExpectNotNull(buf = BUF_MEM_new());
- ExpectIntEQ(BUF_MEM_grow(buf, 10), 10);
- ExpectIntEQ(BUF_MEM_grow(buf, -1), 0);
- BUF_MEM_free(buf);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
- static int stub_rand_seed(const void *buf, int num)
- {
- (void)buf;
- (void)num;
- return 123;
- }
- static int stub_rand_bytes(unsigned char *buf, int num)
- {
- (void)buf;
- (void)num;
- return 456;
- }
- static byte* was_stub_rand_cleanup_called(void)
- {
- static byte was_called = 0;
- return &was_called;
- }
- static void stub_rand_cleanup(void)
- {
- byte* was_called = was_stub_rand_cleanup_called();
- *was_called = 1;
- return;
- }
- static byte* was_stub_rand_add_called(void)
- {
- static byte was_called = 0;
- return &was_called;
- }
- static int stub_rand_add(const void *buf, int num, double entropy)
- {
- byte* was_called = was_stub_rand_add_called();
- (void)buf;
- (void)num;
- (void)entropy;
- *was_called = 1;
- return 0;
- }
- static int stub_rand_pseudo_bytes(unsigned char *buf, int num)
- {
- (void)buf;
- (void)num;
- return 9876;
- }
- static int stub_rand_status(void)
- {
- return 5432;
- }
- #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
- static int test_wolfSSL_RAND_set_rand_method(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
- RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL};
- unsigned char* buf = NULL;
- int num = 0;
- double entropy = 0;
- int ret;
- byte* was_cleanup_called = was_stub_rand_cleanup_called();
- byte* was_add_called = was_stub_rand_add_called();
- ExpectNotNull(buf = (byte*)XMALLOC(32 * sizeof(byte), NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntNE(wolfSSL_RAND_status(), 5432);
- ExpectIntEQ(*was_cleanup_called, 0);
- RAND_cleanup();
- ExpectIntEQ(*was_cleanup_called, 0);
- rand_methods.seed = &stub_rand_seed;
- rand_methods.bytes = &stub_rand_bytes;
- rand_methods.cleanup = &stub_rand_cleanup;
- rand_methods.add = &stub_rand_add;
- rand_methods.pseudorand = &stub_rand_pseudo_bytes;
- rand_methods.status = &stub_rand_status;
- ExpectIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS);
- ExpectIntEQ(RAND_seed(buf, num), 123);
- ExpectIntEQ(RAND_bytes(buf, num), 456);
- ExpectIntEQ(RAND_pseudo_bytes(buf, num), 9876);
- ExpectIntEQ(RAND_status(), 5432);
- ExpectIntEQ(*was_add_called, 0);
- /* The function pointer for RAND_add returns int, but RAND_add itself
- * returns void. */
- RAND_add(buf, num, entropy);
- ExpectIntEQ(*was_add_called, 1);
- was_add_called = 0;
- ExpectIntEQ(*was_cleanup_called, 0);
- RAND_cleanup();
- ExpectIntEQ(*was_cleanup_called, 1);
- *was_cleanup_called = 0;
- ret = RAND_set_rand_method(NULL);
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- ExpectIntNE(RAND_status(), 5432);
- ExpectIntEQ(*was_cleanup_called, 0);
- RAND_cleanup();
- ExpectIntEQ(*was_cleanup_called, 0);
- RAND_set_rand_method(NULL);
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RAND_bytes(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */
- const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */
- const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */
- const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */
- int max_bufsize;
- byte *my_buf = NULL;
- /* sanity check */
- ExpectIntEQ(RAND_bytes(NULL, 16), 0);
- ExpectIntEQ(RAND_bytes(NULL, 0), 0);
- max_bufsize = size4;
- ExpectNotNull(my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(RAND_bytes(my_buf, 0), 1);
- ExpectIntEQ(RAND_bytes(my_buf, -1), 0);
- ExpectNotNull(XMEMSET(my_buf, 0, max_bufsize));
- ExpectIntEQ(RAND_bytes(my_buf, size1), 1);
- ExpectIntEQ(RAND_bytes(my_buf, size2), 1);
- ExpectIntEQ(RAND_bytes(my_buf, size3), 1);
- ExpectIntEQ(RAND_bytes(my_buf, size4), 1);
- XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RAND(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- byte seed[16];
- XMEMSET(seed, 0, sizeof(seed));
- /* No global methods set. */
- ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1);
- ExpectIntEQ(RAND_poll(), 1);
- RAND_cleanup();
- ExpectIntEQ(RAND_egd(NULL), -1);
- #ifndef NO_FILESYSTEM
- {
- char fname[100];
- ExpectNotNull(RAND_file_name(fname, (sizeof(fname) - 1)));
- ExpectIntEQ(RAND_write_file(NULL), 0);
- }
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PKCS8_Compat(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \
- !defined(NO_BIO)
- PKCS8_PRIV_KEY_INFO* pt = NULL;
- BIO* bio = NULL;
- XFILE f = XBADFILE;
- int bytes;
- char pkcs8_buffer[512];
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
- EVP_PKEY *pkey = NULL;
- #endif
- /* file from wolfssl/certs/ directory */
- ExpectTrue((f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb")) != XBADFILE);
- ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)),
- 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
- ExpectNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
- ExpectNotNull(pkey = EVP_PKCS82PKEY(pt));
- ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
- /* gets PKCS8 pointer to pkey */
- ExpectNotNull(EVP_PKEY2PKCS8(pkey));
- EVP_PKEY_free(pkey);
- #endif
- BIO_free(bio);
- PKCS8_PRIV_KEY_INFO_free(pt);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PKCS8_d2i(void)
- {
- EXPECT_DECLS;
- #if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
- /* This test ends up using HMAC as a part of PBKDF2, and HMAC
- * requires a 12 byte password in FIPS mode. This test ends up
- * trying to use an 8 byte password. */
- #ifndef NO_FILESYSTEM
- unsigned char pkcs8_buffer[2048];
- const unsigned char* p = NULL;
- int bytes = 0;
- XFILE file = XBADFILE;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- #ifndef NO_BIO
- BIO* bio = NULL;
- #if defined(OPENSSL_ALL) && \
- ((!defined(NO_RSA) && !defined(NO_DES3)) || \
- defined(HAVE_ECC)) && \
- !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
- WOLFSSL_EVP_PKEY* evpPkey = NULL;
- #endif
- #endif
- #ifndef NO_RSA
- const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der";
- const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem";
- #ifndef NO_DES3
- const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der";
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
- const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
- #ifndef NO_DES3
- const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
- #endif
- #endif /* HAVE_ECC */
- #endif /* !NO_FILESYSTEM */
- #if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC))
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* rsa = (unsigned char*)server_key_der_1024;
- int rsaSz = sizeof_server_key_der_1024;
- #else
- const unsigned char* rsa = (unsigned char*)server_key_der_2048;
- int rsaSz = sizeof_server_key_der_2048;
- #endif
- #endif
- #ifdef HAVE_ECC
- const unsigned char* ec = (unsigned char*)ecc_key_der_256;
- int ecSz = sizeof_ecc_key_der_256;
- #endif
- #endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */
- #ifndef NO_FILESYSTEM
- (void)pkcs8_buffer;
- (void)p;
- (void)bytes;
- (void)file;
- #ifndef NO_BIO
- (void)bio;
- #endif
- #endif
- #ifdef OPENSSL_ALL
- #ifndef NO_RSA
- /* Try to auto-detect normal RSA private key */
- ExpectNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif
- #ifdef HAVE_ECC
- /* Try to auto-detect normal EC private key */
- ExpectNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif
- #endif /* OPENSSL_ALL */
- #ifndef NO_FILESYSTEM
- #ifndef NO_RSA
- /* Get DER encoded RSA PKCS#8 data. */
- ExpectTrue((file = XFOPEN(rsaDerPkcs8File, "rb")) != XBADFILE);
- ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)));
- ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- p = pkcs8_buffer;
- #ifdef OPENSSL_ALL
- /* Try to decode - auto-detect key type. */
- ExpectNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
- #else
- ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes));
- #endif
- /* Get PEM encoded RSA PKCS#8 data. */
- ExpectTrue((file = XFOPEN(rsaPemPkcs8File, "rb")) != XBADFILE);
- ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- #if defined(OPENSSL_ALL) && \
- !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write PKCS#8 PEM to BIO. */
- ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
- NULL), bytes);
- /* Compare file and written data */
- ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes);
- ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
- BIO_free(bio);
- bio = NULL;
- #if !defined(NO_DES3) && !defined(NO_SHA)
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write Encrypted PKCS#8 PEM to BIO. */
- bytes = 1834;
- ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(),
- NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
- ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
- (void*)"yassl123"));
- EVP_PKEY_free(evpPkey);
- evpPkey = NULL;
- BIO_free(bio);
- bio = NULL;
- #endif /* !NO_DES3 && !NO_SHA */
- #endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
- EVP_PKEY_free(pkey);
- pkey = NULL;
- /* PKCS#8 encrypted RSA key */
- #ifndef NO_DES3
- ExpectTrue((file = XFOPEN(rsaDerPkcs8EncFile, "rb")) != XBADFILE);
- ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)));
- ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- #if defined(OPENSSL_ALL) && \
- !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
- ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
- ExpectNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
- (void*)"yassl123"));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BIO_free(bio);
- bio = NULL;
- #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
- #endif /* !NO_DES3 */
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* PKCS#8 encode EC key */
- ExpectTrue((file = XFOPEN(ecDerPkcs8File, "rb")) != XBADFILE);
- ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)));
- ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- p = pkcs8_buffer;
- #ifdef OPENSSL_ALL
- /* Try to decode - auto-detect key type. */
- ExpectNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
- #else
- ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes));
- #endif
- /* Get PEM encoded RSA PKCS#8 data. */
- ExpectTrue((file = XFOPEN(ecPemPkcs8File, "rb")) != XBADFILE);
- ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)));
- ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- #if defined(OPENSSL_ALL) && \
- !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
- defined(HAVE_AES_CBC)
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write PKCS#8 PEM to BIO. */
- ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
- NULL), bytes);
- /* Compare file and written data */
- ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes);
- ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write Encrypted PKCS#8 PEM to BIO. */
- bytes = 379;
- ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
- NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
- ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
- (void*)"yassl123"));
- EVP_PKEY_free(evpPkey);
- evpPkey = NULL;
- BIO_free(bio);
- bio = NULL;
- #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
- EVP_PKEY_free(pkey);
- pkey = NULL;
- /* PKCS#8 encrypted EC key */
- #ifndef NO_DES3
- ExpectTrue((file = XFOPEN(ecDerPkcs8EncFile, "rb")) != XBADFILE);
- ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)));
- ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
- file)), 0);
- if (file != XBADFILE) {
- XFCLOSE(file);
- file = XBADFILE;
- }
- #if defined(OPENSSL_ALL) && \
- !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
- ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
- ExpectNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
- (void*)"yassl123"));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BIO_free(bio);
- bio = NULL;
- #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
- #endif /* !NO_DES3 */
- #endif /* HAVE_ECC */
- #endif /* !NO_FILESYSTEM */
- #endif /* HAVE_FIPS && OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
- defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
- #define LOGGING_THREADS 5
- #define ERROR_COUNT 10
- /* copied from logging.c since this is not exposed otherwise */
- #ifndef ERROR_QUEUE_MAX
- #ifdef ERROR_QUEUE_PER_THREAD
- #define ERROR_QUEUE_MAX 16
- #else
- /* this breaks from compat of unlimited error queue size */
- #define ERROR_QUEUE_MAX 100
- #endif
- #endif
- static volatile int loggingThreadsReady;
- static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args)
- {
- const char* file;
- int line;
- unsigned long err;
- int errorCount = 0;
- int i;
- (void)args;
- while (!loggingThreadsReady);
- for (i = 0; i < ERROR_COUNT; i++)
- ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
- while ((err = ERR_get_error_line(&file, &line))) {
- AssertIntEQ(err, 990 + errorCount);
- errorCount++;
- }
- AssertIntEQ(errorCount, ERROR_COUNT);
- /* test max queue behavior, trying to add an arbitrary 3 errors over */
- ERR_clear_error(); /* ERR_get_error_line() does not remove */
- errorCount = 0;
- for (i = 0; i < ERROR_QUEUE_MAX + 3; i++)
- ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
- while ((err = ERR_get_error_line(&file, &line))) {
- AssertIntEQ(err, 990 + errorCount);
- errorCount++;
- }
- /* test that the 3 errors over the max were dropped */
- AssertIntEQ(errorCount, ERROR_QUEUE_MAX);
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- #endif
- static int test_error_queue_per_thread(void)
- {
- int res = TEST_SKIPPED;
- #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
- defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
- THREAD_TYPE loggingThreads[LOGGING_THREADS];
- int i;
- ERR_clear_error(); /* clear out any error nodes */
- loggingThreadsReady = 0;
- for (i = 0; i < LOGGING_THREADS; i++)
- start_thread(test_logging, NULL, &loggingThreads[i]);
- loggingThreadsReady = 1;
- for (i = 0; i < LOGGING_THREADS; i++)
- join_thread(loggingThreads[i]);
- res = TEST_SUCCESS;
- #endif
- return res;
- }
- static int test_wolfSSL_ERR_put_error(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_WOLFSSL)
- const char* file;
- int line;
- ERR_clear_error(); /* clear out any error nodes */
- ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 0);
- ERR_put_error(0,SYS_F_BIND, 1, "this file", 1);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 1);
- ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 2);
- ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 3);
- ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 4);
- ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 5);
- ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 6);
- ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 7);
- ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 8);
- ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 9);
- ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 10);
- ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 11);
- ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 12);
- ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 13);
- ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 14);
- ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15);
- ExpectIntEQ(ERR_get_error_line(&file, &line), 15);
- #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
- ERR_put_error(ERR_LIB_ASN1, SYS_F_ACCEPT, ASN1_R_HEADER_TOO_LONG,
- "this file", 100);
- ExpectIntEQ(wolfSSL_ERR_peek_last_error_line(&file, &line),
- (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
- ExpectIntEQ(line, 100);
- ExpectIntEQ(wolfSSL_ERR_peek_error(),
- (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
- ExpectIntEQ(ERR_get_error_line(&file, &line), ASN1_R_HEADER_TOO_LONG);
- #endif
- /* try reading past end of error queue */
- file = NULL;
- ExpectIntEQ(ERR_get_error_line(&file, &line), 0);
- ExpectNull(file);
- ExpectIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);
- PEMerr(4,4);
- ExpectIntEQ(ERR_get_error(), 4);
- /* Empty and free up all error nodes */
- ERR_clear_error();
- /* Verify all nodes are cleared */
- ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
- ERR_clear_error();
- ExpectIntEQ(ERR_get_error_line(&file, &line), 0);
- #endif
- return EXPECT_RESULT();
- }
- /*
- * This is a regression test for a bug where the peek/get error functions were
- * drawing from the end of the queue rather than the front.
- */
- static int test_wolfSSL_ERR_get_error_order(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_HAVE_ERROR_QUEUE) && defined(OPENSSL_EXTRA)
- /* Empty the queue. */
- wolfSSL_ERR_clear_error();
- wolfSSL_ERR_put_error(0, 0, ASN_NO_SIGNER_E, "test", 0);
- wolfSSL_ERR_put_error(0, 0, ASN_SELF_SIGNED_E, "test", 0);
- ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_NO_SIGNER_E);
- ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E);
- ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E);
- ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E);
- #endif /* WOLFSSL_HAVE_ERROR_QUEUE && OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_ERR_print_errors(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS)
- BIO* bio = NULL;
- char buf[1024];
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ERR_clear_error(); /* clear out any error nodes */
- ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
- /* Choosing -600 as an unused errno. */
- ERR_put_error(0,SYS_F_BIND, -600, "asn.c", 100);
- ERR_print_errors(bio);
- ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
- ExpectIntEQ(XSTRNCMP(
- "error:173:wolfSSL library:Bad function argument:ssl.c:0",
- buf, 55), 0);
- ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
- ExpectIntEQ(XSTRNCMP(
- "error:600:wolfSSL library:unknown error number:asn.c:100",
- buf, 56), 0);
- ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1);
- ExpectIntEQ(buf[0], '\0');
- ExpectIntEQ(ERR_get_error_line(NULL, NULL), 0);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_WOLFSSL)
- static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
- {
- wolfSSL_BIO_write((BIO*)u, str, (int)len);
- return 0;
- }
- #endif
- static int test_wolfSSL_ERR_print_errors_cb(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
- defined(DEBUG_WOLFSSL)
- BIO* bio = NULL;
- char buf[1024];
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ERR_clear_error(); /* clear out any error nodes */
- ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
- ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);
- ERR_print_errors_cb(test_wolfSSL_error_cb, bio);
- ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108);
- ExpectIntEQ(XSTRNCMP(
- "wolfSSL error occurred, error = 173 line:0 file:ssl.c",
- buf, 53), 0);
- ExpectIntEQ(XSTRNCMP(
- "wolfSSL error occurred, error = 275 line:100 file:asn.c",
- buf + 53, 55), 0);
- ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- /*
- * Testing WOLFSSL_ERROR_MSG
- */
- static int test_WOLFSSL_ERROR_MSG(void)
- {
- int res = TEST_SKIPPED;
- #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
- defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
- const char* msg = TEST_STRING;
- WOLFSSL_ERROR_MSG(msg);
- res = TEST_SUCCESS;
- #endif
- return res;
- } /* End test_WOLFSSL_ERROR_MSG */
- /*
- * Testing wc_ERR_remove_state
- */
- static int test_wc_ERR_remove_state(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- wc_ERR_remove_state();
- res = TEST_SUCCESS;
- #endif
- return res;
- } /* End test_wc_ERR_remove_state */
- /*
- * Testing wc_ERR_print_errors_fp
- */
- static int test_wc_ERR_print_errors_fp(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \
- (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM))
- long sz;
- XFILE fp = XBADFILE;
- WOLFSSL_ERROR(BAD_FUNC_ARG);
- ExpectTrue((fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar")) !=
- XBADFILE);
- wc_ERR_print_errors_fp(fp);
- #if defined(DEBUG_WOLFSSL)
- ExpectTrue(XFSEEK(fp, 0, XSEEK_END) == 0);
- #ifdef NO_ERROR_QUEUE
- ExpectIntEQ(sz = XFTELL(fp), 0);
- #else
- ExpectIntNE(sz = XFTELL(fp), 0);
- #endif
- #endif
- if (fp != XBADFILE)
- XFCLOSE(fp);
- (void)sz;
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_ERR_print_errors_fp */
- #ifdef DEBUG_WOLFSSL
- static void Logging_cb(const int logLevel, const char *const logMessage)
- {
- (void)logLevel;
- (void)logMessage;
- }
- #endif
- /*
- * Testing wolfSSL_GetLoggingCb
- */
- static int test_wolfSSL_GetLoggingCb(void)
- {
- EXPECT_DECLS;
- #ifdef DEBUG_WOLFSSL
- /* Testing without wolfSSL_SetLoggingCb() */
- ExpectNull(wolfSSL_GetLoggingCb());
- /* Testing with wolfSSL_SetLoggingCb() */
- ExpectIntEQ(wolfSSL_SetLoggingCb(Logging_cb), 0);
- ExpectNotNull(wolfSSL_GetLoggingCb());
- ExpectIntEQ(wolfSSL_SetLoggingCb(NULL), 0);
- #endif
- ExpectNull(wolfSSL_GetLoggingCb());
- return EXPECT_RESULT();
- } /* End test_wolfSSL_GetLoggingCb */
- #endif /* !NO_BIO */
- static int test_wolfSSL_MD4(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
- MD4_CTX md4;
- unsigned char out[16]; /* MD4_DIGEST_SIZE */
- const char* msg = "12345678901234567890123456789012345678901234567890123456"
- "789012345678901234567890";
- const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
- "\xcc\x05\x36";
- int msgSz = (int)XSTRLEN(msg);
- XMEMSET(out, 0, sizeof(out));
- MD4_Init(&md4);
- MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
- MD4_Final(out, &md4);
- ExpectIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_MD5(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
- byte input1[] = "";
- byte input2[] = "message digest";
- byte hash[WC_MD5_DIGEST_SIZE];
- unsigned char output1[] =
- "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
- unsigned char output2[] =
- "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
- WOLFSSL_MD5_CTX md5;
- XMEMSET(&md5, 0, sizeof(md5));
- /* Test cases for illegal parameters */
- ExpectIntEQ(MD5_Init(NULL), 0);
- ExpectIntEQ(MD5_Init(&md5), 1);
- ExpectIntEQ(MD5_Update(NULL, input1, 0), 0);
- ExpectIntEQ(MD5_Update(NULL, NULL, 0), 0);
- ExpectIntEQ(MD5_Update(&md5, NULL, 1), 0);
- ExpectIntEQ(MD5_Final(NULL, &md5), 0);
- ExpectIntEQ(MD5_Final(hash, NULL), 0);
- ExpectIntEQ(MD5_Final(NULL, NULL), 0);
- /* Init MD5 CTX */
- ExpectIntEQ(wolfSSL_MD5_Init(&md5), 1);
- ExpectIntEQ(wolfSSL_MD5_Update(&md5, input1, XSTRLEN((const char*)&input1)),
- 1);
- ExpectIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
- ExpectIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
- /* Init MD5 CTX */
- ExpectIntEQ(wolfSSL_MD5_Init(&md5), 1);
- ExpectIntEQ(wolfSSL_MD5_Update(&md5, input2,
- (int)XSTRLEN((const char*)input2)), 1);
- ExpectIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
- ExpectIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
- #if !defined(NO_OLD_NAMES) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
- ExpectPtrNE(MD5(NULL, 1, (byte*)&hash), &hash);
- ExpectPtrEq(MD5(input1, 0, (byte*)&hash), &hash);
- ExpectPtrNE(MD5(input1, 1, NULL), NULL);
- ExpectPtrNE(MD5(NULL, 0, NULL), NULL);
- ExpectPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash),
- &hash);
- ExpectIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
- ExpectPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash),
- &hash);
- ExpectIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
- {
- byte data[] = "Data to be hashed.";
- XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE);
- ExpectNotNull(MD5(data, sizeof(data), NULL));
- ExpectNotNull(MD5(data, sizeof(data), hash));
- ExpectNotNull(MD5(NULL, 0, hash));
- ExpectNull(MD5(NULL, sizeof(data), hash));
- }
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_MD5_Transform(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
- byte input1[] = "";
- byte input2[] = "abc";
- byte local[WC_MD5_BLOCK_SIZE];
- word32 sLen = 0;
- #ifdef BIG_ENDIAN_ORDER
- unsigned char output1[] =
- "\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91";
- unsigned char output2[] =
- "\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc";
- #else
- unsigned char output1[] =
- "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
- unsigned char output2[] =
- "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
- #endif
- union {
- wc_Md5 native;
- MD5_CTX compat;
- } md5;
- XMEMSET(&md5.compat, 0, sizeof(md5.compat));
- XMEMSET(&local, 0, sizeof(local));
- /* sanity check */
- ExpectIntEQ(MD5_Transform(NULL, NULL), 0);
- ExpectIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
- ExpectIntEQ(MD5_Transform(&md5.compat, NULL), 0);
- ExpectIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), BAD_FUNC_ARG);
- /* Init MD5 CTX */
- ExpectIntEQ(wolfSSL_MD5_Init(&md5.compat), 1);
- /* Do Transform*/
- sLen = (word32)XSTRLEN((char*)input1);
- XMEMCPY(local, input1, sLen);
- ExpectIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(md5.native.digest, output1, WC_MD5_DIGEST_SIZE), 0);
- /* Init MD5 CTX */
- ExpectIntEQ(MD5_Init(&md5.compat), 1);
- sLen = (word32)XSTRLEN((char*)input2);
- XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
- XMEMCPY(local, input2, sLen);
- ExpectIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(md5.native.digest, output2, WC_MD5_DIGEST_SIZE), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SHA(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
- #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
- {
- const unsigned char in[] = "abc";
- unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
- "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
- unsigned char out[WC_SHA_DIGEST_SIZE];
- unsigned char* p = NULL;
- WOLFSSL_SHA_CTX sha;
- XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
- ExpectNotNull(SHA1(in, XSTRLEN((char*)in), out));
- ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
- /* SHA interface test */
- XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
- ExpectNull(SHA(NULL, XSTRLEN((char*)in), out));
- ExpectNotNull(SHA(in, 0, out));
- ExpectNotNull(SHA(in, XSTRLEN((char*)in), NULL));
- ExpectNotNull(SHA(NULL, 0, out));
- ExpectNotNull(SHA(NULL, 0, NULL));
- ExpectNotNull(SHA(in, XSTRLEN((char*)in), out));
- ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
- ExpectNotNull(p = SHA(in, XSTRLEN((char*)in), NULL));
- ExpectIntEQ(XMEMCMP(p, expected, WC_SHA_DIGEST_SIZE), 0);
- ExpectIntEQ(wolfSSL_SHA_Init(&sha), 1);
- ExpectIntEQ(wolfSSL_SHA_Update(&sha, in, XSTRLEN((char*)in)), 1);
- ExpectIntEQ(wolfSSL_SHA_Final(out, &sha), 1);
- ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
- ExpectIntEQ(wolfSSL_SHA1_Init(&sha), 1);
- ExpectIntEQ(wolfSSL_SHA1_Update(&sha, in, XSTRLEN((char*)in)), 1);
- ExpectIntEQ(wolfSSL_SHA1_Final(out, &sha), 1);
- ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
- }
- #endif
- #if !defined(NO_SHA256)
- {
- const unsigned char in[] = "abc";
- unsigned char expected[] =
- "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- unsigned char out[WC_SHA256_DIGEST_SIZE];
- unsigned char* p = NULL;
- XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- ExpectNotNull(SHA256(in, XSTRLEN((char*)in), out));
- #else
- ExpectNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
- #endif
- ExpectIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- ExpectNotNull(p = SHA256(in, XSTRLEN((char*)in), NULL));
- #else
- ExpectNotNull(p = wolfSSL_SHA256(in, XSTRLEN((char*)in), NULL));
- #endif
- ExpectIntEQ(XMEMCMP(p, expected, WC_SHA256_DIGEST_SIZE), 0);
- }
- #endif
- #if defined(WOLFSSL_SHA384)
- {
- const unsigned char in[] = "abc";
- unsigned char expected[] =
- "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- unsigned char out[WC_SHA384_DIGEST_SIZE];
- unsigned char* p = NULL;
- XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- ExpectNotNull(SHA384(in, XSTRLEN((char*)in), out));
- #else
- ExpectNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
- #endif
- ExpectIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- ExpectNotNull(p = SHA384(in, XSTRLEN((char*)in), NULL));
- #else
- ExpectNotNull(p = wolfSSL_SHA384(in, XSTRLEN((char*)in), NULL));
- #endif
- ExpectIntEQ(XMEMCMP(p, expected, WC_SHA384_DIGEST_SIZE), 0);
- }
- #endif
- #if defined(WOLFSSL_SHA512)
- {
- const unsigned char in[] = "abc";
- unsigned char expected[] =
- "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
- "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
- "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
- "\xa5\x4c\xa4\x9f";
- unsigned char out[WC_SHA512_DIGEST_SIZE];
- unsigned char* p = NULL;
- XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- ExpectNotNull(SHA512(in, XSTRLEN((char*)in), out));
- #else
- ExpectNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
- #endif
- ExpectIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
- #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
- ExpectNotNull(p = SHA512(in, XSTRLEN((char*)in), NULL));
- #else
- ExpectNotNull(p = wolfSSL_SHA512(in, XSTRLEN((char*)in), NULL));
- #endif
- ExpectIntEQ(XMEMCMP(p, expected, WC_SHA512_DIGEST_SIZE), 0);
- }
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SHA_Transform(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- byte input1[] = "";
- byte input2[] = "abc";
- byte local[WC_SHA_BLOCK_SIZE];
- word32 sLen = 0;
- #ifdef BIG_ENDIAN_ORDER
- unsigned char output1[] =
- "\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68"
- "\x09\xf7\x3a\x93";
- unsigned char output2[] =
- "\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0"
- "\x7c\x6e\x08\xb8";
- #else
- unsigned char output1[] =
- "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
- "\x93\x3a\xf7\x09";
- unsigned char output2[] =
- "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
- "\xb8\x08\x6e\x7c";
- #endif
- union {
- wc_Sha native;
- SHA_CTX compat;
- } sha;
- union {
- wc_Sha native;
- SHA_CTX compat;
- } sha1;
- XMEMSET(&sha.compat, 0, sizeof(sha.compat));
- XMEMSET(&local, 0, sizeof(local));
- /* sanity check */
- ExpectIntEQ(SHA_Transform(NULL, NULL), 0);
- ExpectIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
- ExpectIntEQ(SHA_Transform(&sha.compat, NULL), 0);
- ExpectIntEQ(SHA1_Transform(NULL, NULL), 0);
- ExpectIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
- ExpectIntEQ(SHA1_Transform(&sha.compat, NULL), 0);
- ExpectIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), BAD_FUNC_ARG);
- /* Init SHA CTX */
- ExpectIntEQ(SHA_Init(&sha.compat), 1);
- /* Do Transform*/
- sLen = (word32)XSTRLEN((char*)input1);
- XMEMCPY(local, input1, sLen);
- ExpectIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(sha.native.digest, output1, WC_SHA_DIGEST_SIZE), 0);
- ExpectIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */
- /* Init SHA CTX */
- ExpectIntEQ(SHA_Init(&sha.compat), 1);
- sLen = (word32)XSTRLEN((char*)input2);
- XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
- XMEMCPY(local, input2, sLen);
- ExpectIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(sha.native.digest, output2, WC_SHA_DIGEST_SIZE), 0);
- ExpectIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */
- /* SHA1 */
- XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
- /* Init SHA CTX */
- ExpectIntEQ(SHA1_Init(&sha1.compat), 1);
- /* Do Transform*/
- sLen = (word32)XSTRLEN((char*)input1);
- XMEMCPY(local, input1, sLen);
- ExpectIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(sha1.native.digest, output1, WC_SHA_DIGEST_SIZE), 0);
- ExpectIntEQ(SHA1_Final(local, &sha1.compat), 1); /* frees resources */
- /* Init SHA CTX */
- ExpectIntEQ(SHA1_Init(&sha1.compat), 1);
- sLen = (word32)XSTRLEN((char*)input2);
- XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
- XMEMCPY(local, input2, sLen);
- ExpectIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(sha1.native.digest, output2, WC_SHA_DIGEST_SIZE), 0);
- ExpectIntEQ(SHA_Final(local, &sha1.compat), 1); /* frees resources */
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SHA224(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
- !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
- unsigned char input[] =
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- unsigned char output[] =
- "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
- "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
- size_t inLen;
- byte hash[WC_SHA224_DIGEST_SIZE];
- unsigned char* p;
- inLen = XSTRLEN((char*)input);
- XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);
- ExpectNull(SHA224(NULL, inLen, hash));
- ExpectNotNull(SHA224(input, 0, hash));
- ExpectNotNull(SHA224(input, inLen, NULL));
- ExpectNotNull(SHA224(NULL, 0, hash));
- ExpectNotNull(SHA224(NULL, 0, NULL));
- ExpectNotNull(SHA224(input, inLen, hash));
- ExpectIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);
- ExpectNotNull(p = SHA224(input, inLen, NULL));
- ExpectIntEQ(XMEMCMP(p, output, WC_SHA224_DIGEST_SIZE), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SHA256(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
- defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- unsigned char input[] =
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- unsigned char output[] =
- "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- size_t inLen;
- byte hash[WC_SHA256_DIGEST_SIZE];
- inLen = XSTRLEN((char*)input);
- XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
- ExpectNotNull(SHA256(input, inLen, hash));
- ExpectIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SHA256_Transform(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
- !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH) && \
- !defined(WOLFSSL_KCAPI_HASH)
- byte input1[] = "";
- byte input2[] = "abc";
- byte local[WC_SHA256_BLOCK_SIZE];
- word32 sLen = 0;
- #ifdef BIG_ENDIAN_ORDER
- unsigned char output1[] =
- "\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca"
- "\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8";
- unsigned char output2[] =
- "\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8"
- "\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35";
- #else
- unsigned char output1[] =
- "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
- "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
- unsigned char output2[] =
- "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
- "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
- #endif
- union {
- wc_Sha256 native;
- SHA256_CTX compat;
- } sha256;
- XMEMSET(&sha256.compat, 0, sizeof(sha256.compat));
- XMEMSET(&local, 0, sizeof(local));
- /* sanity check */
- ExpectIntEQ(SHA256_Transform(NULL, NULL), 0);
- ExpectIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
- ExpectIntEQ(SHA256_Transform(&sha256.compat, NULL), 0);
- ExpectIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), BAD_FUNC_ARG);
- /* Init SHA256 CTX */
- ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
- /* Do Transform*/
- sLen = (word32)XSTRLEN((char*)input1);
- XMEMCPY(local, input1, sLen);
- ExpectIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(sha256.native.digest, output1, WC_SHA256_DIGEST_SIZE),
- 0);
- ExpectIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */
- /* Init SHA256 CTX */
- ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
- sLen = (word32)XSTRLEN((char*)input2);
- XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
- XMEMCPY(local, input2, sLen);
- ExpectIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(sha256.native.digest, output2, WC_SHA256_DIGEST_SIZE),
- 0);
- ExpectIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SHA512_Transform(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
- !defined(WOLFSSL_KCAPI_HASH)
- byte input1[] = "";
- byte input2[] = "abc";
- byte local[WC_SHA512_BLOCK_SIZE];
- word32 sLen = 0;
- #ifdef BIG_ENDIAN_ORDER
- unsigned char output1[] =
- "\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70"
- "\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0"
- "\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0"
- "\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee";
- unsigned char output2[] =
- "\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21"
- "\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab"
- "\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98"
- "\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0";
- #else
- unsigned char output1[] =
- "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
- "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
- "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
- "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
- unsigned char output2[] =
- "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
- "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
- "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
- "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
- #endif
- union {
- wc_Sha512 native;
- SHA512_CTX compat;
- } sha512;
- XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
- XMEMSET(&local, 0, sizeof(local));
- /* sanity check */
- ExpectIntEQ(SHA512_Transform(NULL, NULL), 0);
- ExpectIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
- ExpectIntEQ(SHA512_Transform(&sha512.compat, NULL), 0);
- ExpectIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), BAD_FUNC_ARG);
- /* Init SHA512 CTX */
- ExpectIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1);
- /* Do Transform*/
- sLen = (word32)XSTRLEN((char*)input1);
- XMEMCPY(local, input1, sLen);
- ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
- WC_SHA512_DIGEST_SIZE), 0);
- ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */
- /* Init SHA512 CTX */
- ExpectIntEQ(SHA512_Init(&sha512.compat), 1);
- sLen = (word32)XSTRLEN((char*)input2);
- XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
- XMEMCPY(local, input2, sLen);
- ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1);
- ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
- WC_SHA512_DIGEST_SIZE), 0);
- ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */
- (void)input1;
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SHA512_224_Transform(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) && \
- !defined(WOLFSSL_NOSHA512_224)
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
- !defined(WOLFSSL_KCAPI_HASH)
- byte input1[] = "";
- byte input2[] = "abc";
- byte local[WC_SHA512_BLOCK_SIZE];
- word32 sLen = 0;
- unsigned char output1[] =
- "\x94\x24\x66\xd4\x60\x3a\xeb\x23\x1d\xa8\x69\x31\x3c\xd2\xde\x11"
- "\x48\x0f\x4a\x5a\xdf\x3a\x8d\x87\xcf\xcd\xbf\xa5\x03\x21\x50\xf1"
- "\x8a\x0d\x0f\x0d\x3c\x07\xba\x52\xe0\xaa\x3c\xbb\xf1\xd3\x3f\xca"
- "\x12\xa7\x61\xf8\x47\xda\x0d\x1b\x79\xc2\x65\x13\x92\xc1\x9c\xa5";
- unsigned char output2[] =
- "\x51\x28\xe7\x0b\xca\x1e\xbc\x5f\xd7\x34\x0b\x48\x30\xd7\xc2\x75"
- "\x6d\x8d\x48\x2c\x1f\xc7\x9e\x2b\x20\x5e\xbb\x0f\x0e\x4d\xb7\x61"
- "\x31\x76\x33\xa0\xb4\x3d\x5f\x93\xc1\x73\xac\xf7\x21\xff\x69\x17"
- "\xce\x66\xe5\x1e\x31\xe7\xf3\x22\x0f\x0b\x34\xd7\x5a\x57\xeb\xbf";
- union {
- wc_Sha512 native;
- SHA512_CTX compat;
- } sha512;
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords64((word64*)output1, (word64*)output1, sizeof(output1));
- ByteReverseWords64((word64*)output2, (word64*)output2, sizeof(output2));
- #endif
- XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
- XMEMSET(&local, 0, sizeof(local));
- /* sanity check */
- ExpectIntEQ(SHA512_224_Transform(NULL, NULL), 0);
- ExpectIntEQ(SHA512_224_Transform(NULL, (const byte*)&input1), 0);
- ExpectIntEQ(SHA512_224_Transform(&sha512.compat, NULL), 0);
- ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_224Transform(NULL, (const byte*)&input1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), BAD_FUNC_ARG);
- /* Init SHA512 CTX */
- ExpectIntEQ(wolfSSL_SHA512_224_Init(&sha512.compat), 1);
- /* Do Transform*/
- sLen = (word32)XSTRLEN((char*)input1);
- XMEMCPY(local, input1, sLen);
- ExpectIntEQ(SHA512_224_Transform(&sha512.compat, (const byte*)&local[0]),
- 1);
- ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
- WC_SHA512_DIGEST_SIZE), 0);
- /* frees resources */
- ExpectIntEQ(SHA512_224_Final(local, &sha512.compat), 1);
- /* Init SHA512 CTX */
- ExpectIntEQ(SHA512_224_Init(&sha512.compat), 1);
- sLen = (word32)XSTRLEN((char*)input2);
- XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
- XMEMCPY(local, input2, sLen);
- ExpectIntEQ(SHA512_224_Transform(&sha512.compat, (const byte*)&local[0]),
- 1);
- ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
- WC_SHA512_DIGEST_SIZE), 0);
- /* frees resources */
- ExpectIntEQ(SHA512_224_Final(local, &sha512.compat), 1);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SHA512_256_Transform(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) && \
- !defined(WOLFSSL_NOSHA512_256)
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
- !defined(WOLFSSL_KCAPI_HASH)
- byte input1[] = "";
- byte input2[] = "abc";
- byte local[WC_SHA512_BLOCK_SIZE];
- word32 sLen = 0;
- unsigned char output1[] =
- "\xf8\x37\x37\x5a\xd7\x2e\x56\xec\xe2\x51\xa8\x31\x3a\xa0\x63\x2b"
- "\x7e\x7c\x64\xcc\xd9\xff\x2b\x6b\xeb\xc3\xd4\x4d\x7f\x8a\x3a\xb5"
- "\x61\x85\x0b\x37\x30\x9f\x3b\x08\x5e\x7b\xd3\xbc\x6d\x00\x61\xc0"
- "\x65\x9a\xd7\x73\xda\x40\xbe\xc1\xe5\x2f\xc6\x5d\xb7\x9f\xbe\x60";
- unsigned char output2[] =
- "\x22\xad\xc0\x30\xee\xd4\x6a\xef\x13\xee\x5a\x95\x8b\x1f\xb7\xb6"
- "\xb6\xba\xc0\x44\xb8\x18\x3b\xf0\xf6\x4b\x70\x9f\x03\xba\x64\xa1"
- "\xe1\xe3\x45\x15\x91\x7d\xcb\x0b\x9a\xf0\xd2\x8e\x47\x8b\x37\x78"
- "\x91\x41\xa6\xc4\xb0\x29\x8f\x8b\xdd\x78\x5c\xf2\x73\x3f\x21\x31";
- union {
- wc_Sha512 native;
- SHA512_CTX compat;
- } sha512;
- #ifdef BIG_ENDIAN_ORDER
- ByteReverseWords64((word64*)output1, (word64*)output1, sizeof(output1));
- ByteReverseWords64((word64*)output2, (word64*)output2, sizeof(output2));
- #endif
- XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
- XMEMSET(&local, 0, sizeof(local));
- /* sanity check */
- ExpectIntEQ(SHA512_256_Transform(NULL, NULL), 0);
- ExpectIntEQ(SHA512_256_Transform(NULL, (const byte*)&input1), 0);
- ExpectIntEQ(SHA512_256_Transform(&sha512.compat, NULL), 0);
- ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_256Transform(NULL, (const byte*)&input1),
- BAD_FUNC_ARG);
- ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), BAD_FUNC_ARG);
- /* Init SHA512 CTX */
- ExpectIntEQ(wolfSSL_SHA512_256_Init(&sha512.compat), 1);
- /* Do Transform*/
- sLen = (word32)XSTRLEN((char*)input1);
- XMEMCPY(local, input1, sLen);
- ExpectIntEQ(SHA512_256_Transform(&sha512.compat, (const byte*)&local[0]),
- 1);
- ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
- WC_SHA512_DIGEST_SIZE), 0);
- /* frees resources */
- ExpectIntEQ(SHA512_256_Final(local, &sha512.compat), 1);
- /* Init SHA512 CTX */
- ExpectIntEQ(SHA512_256_Init(&sha512.compat), 1);
- sLen = (word32)XSTRLEN((char*)input2);
- XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
- XMEMCPY(local, input2, sLen);
- ExpectIntEQ(SHA512_256_Transform(&sha512.compat, (const byte*)&local[0]),
- 1);
- ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
- WC_SHA512_DIGEST_SIZE), 0);
- /* frees resources */
- ExpectIntEQ(SHA512_256_Final(local, &sha512.compat), 1);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
- /* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
- * buffer of 64 bytes.
- *
- * returns the size of the digest buffer on success and a negative value on
- * failure.
- */
- static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest,
- int* sz)
- {
- EXPECT_DECLS;
- HMAC_CTX ctx1;
- HMAC_CTX ctx2;
- unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
- unsigned char long_key[] =
- "0123456789012345678901234567890123456789"
- "0123456789012345678901234567890123456789"
- "0123456789012345678901234567890123456789"
- "0123456789012345678901234567890123456789";
- unsigned char msg[] = "message to hash";
- unsigned int digestSz = 64;
- int keySz = sizeof(key);
- int long_keySz = sizeof(long_key);
- int msgSz = sizeof(msg);
- unsigned char digest2[64];
- unsigned int digestSz2 = 64;
- HMAC_CTX_init(&ctx1);
- ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx1);
- ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx2);
- ExpectIntEQ(digestSz, digestSz2);
- ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
- /* test HMAC_Init with NULL key */
- /* init after copy */
- HMAC_CTX_init(&ctx1);
- ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx1);
- ExpectIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx2);
- ExpectIntEQ(digestSz, digestSz2);
- ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
- /* long key */
- HMAC_CTX_init(&ctx1);
- ExpectIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type),
- SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx1);
- ExpectIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx2);
- ExpectIntEQ(digestSz, digestSz2);
- ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
- /* init before copy */
- HMAC_CTX_init(&ctx1);
- ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
- ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx1);
- ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
- ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
- HMAC_CTX_cleanup(&ctx2);
- ExpectIntEQ(digestSz, digestSz2);
- ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
- *sz = digestSz;
- return EXPECT_RESULT();
- }
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
- static int test_wolfSSL_HMAC_CTX(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
- unsigned char digest[64];
- int digestSz;
- WOLFSSL_HMAC_CTX* hmac_ctx = NULL;
- WOLFSSL_HMAC_CTX ctx1;
- WOLFSSL_HMAC_CTX ctx2;
- ExpectNotNull(hmac_ctx = wolfSSL_HMAC_CTX_new());
- ExpectIntEQ(wolfSSL_HMAC_CTX_Init(NULL), 1);
- ExpectIntEQ(wolfSSL_HMAC_CTX_Init(hmac_ctx), 1);
- wolfSSL_HMAC_CTX_free(NULL);
- wolfSSL_HMAC_CTX_free(hmac_ctx);
- XMEMSET(&ctx2, 0, sizeof(WOLFSSL_HMAC_CTX));
- ExpectIntEQ(HMAC_CTX_init(NULL), 1);
- ExpectIntEQ(HMAC_CTX_init(&ctx2), 1);
- ExpectIntEQ(HMAC_CTX_copy(NULL, NULL), 0);
- ExpectIntEQ(HMAC_CTX_copy(NULL, &ctx2), 0);
- ExpectIntEQ(HMAC_CTX_copy(&ctx2, NULL), 0);
- #if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
- ((! defined(HAVE_FIPS_VERSION)) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)))
- /* Copy object that hasn't had a digest set - MD5. */
- ExpectIntEQ(HMAC_CTX_copy(&ctx1, &ctx2), 1);
- #else
- /* Copy object that hasn't had a digest set. */
- ExpectIntEQ(HMAC_CTX_copy(&ctx1, &ctx2), 0);
- #endif
- HMAC_CTX_cleanup(NULL);
- HMAC_CTX_cleanup(&ctx2);
- ExpectNull(HMAC_CTX_get_md(NULL));
- #ifndef NO_SHA
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha1(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 20);
- ExpectIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
- "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
- #endif /* !NO_SHA */
- #ifdef WOLFSSL_SHA224
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha224(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 28);
- ExpectIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
- "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
- "\x02\x0E", digest, digestSz), 0);
- #endif /* WOLFSSL_SHA224 */
- #ifndef NO_SHA256
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha256(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 32);
- ExpectIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
- "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
- "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);
- #endif /* !NO_SHA256 */
- #ifdef WOLFSSL_SHA384
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha384(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 48);
- ExpectIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
- "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
- "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
- "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
- digest, digestSz), 0);
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA512
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha512(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 64);
- ExpectIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
- "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
- "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
- "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
- "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
- digest, digestSz), 0);
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_224(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 28);
- ExpectIntEQ(XMEMCMP("\xdc\x53\x25\x3f\xc0\x9d\x2b\x0c\x7f\x59\x11\x17\x08"
- "\x5c\xe8\x43\x31\x01\x5a\xb3\xe3\x08\x37\x71\x26\x0b"
- "\x29\x0f", digest, digestSz), 0);
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_256(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 32);
- ExpectIntEQ(XMEMCMP("\x0f\x00\x89\x82\x15\xce\xd6\x45\x01\x83\xce\xc8\x35"
- "\xab\x71\x07\xc9\xfe\x61\x22\x38\xf9\x09\xad\x35\x65"
- "\x43\x77\x24\xd4\x1e\xf4", digest, digestSz), 0);
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_384(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 48);
- ExpectIntEQ(XMEMCMP("\x0f\x6a\xc0\xfb\xc3\xf2\x80\xb1\xb4\x04\xb6\xc8\x45"
- "\x23\x3b\xb4\xbe\xc6\xea\x85\x07\xca\x8c\x71\xbb\x6e"
- "\x79\xf6\xf9\x2b\x98\xf5\xef\x11\x39\xd4\x5d\xd3\xca"
- "\xc0\xe6\x81\xf7\x73\xf9\x85\x5d\x4f",
- digest, digestSz), 0);
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_512(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 64);
- ExpectIntEQ(XMEMCMP("\x3e\x77\xe3\x59\x42\x89\xed\xc3\xa4\x26\x3d\xa4\x75"
- "\xd2\x84\x8c\xb2\xf3\x25\x04\x47\x61\xce\x1c\x42\x86"
- "\xcd\xf4\x56\xaa\x2f\x84\xb1\x3b\x18\xed\xe6\xd6\x48"
- "\x15\xb0\x29\xc5\x9d\x32\xef\xdd\x3e\x09\xf6\xed\x9e"
- "\x70\xbc\x1c\x63\xf7\x3b\x3e\xe1\xdc\x84\x9c\x1c",
- digest, digestSz), 0);
- #endif
- #endif
- #if !defined(NO_MD5) && (!defined(HAVE_FIPS_VERSION) || \
- HAVE_FIPS_VERSION <= 2)
- ExpectIntEQ((test_HMAC_CTX_helper(EVP_md5(), digest, &digestSz)),
- TEST_SUCCESS);
- ExpectIntEQ(digestSz, 16);
- ExpectIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
- "\xE4\x98\xDD", digest, digestSz), 0);
- #endif /* !NO_MD5 */
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
- defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
- defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
- static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
- {
- EXPECT_DECLS;
- static const unsigned char key[] = "simple test key";
- HMAC_CTX* hmac = NULL;
- ENGINE* e = NULL;
- unsigned char hash[WC_MAX_DIGEST_SIZE];
- unsigned int len;
- ExpectNotNull(hmac = HMAC_CTX_new());
- HMAC_CTX_init(hmac);
- #if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
- ((! defined(HAVE_FIPS_VERSION)) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)))
- /* Get size on object that hasn't had a digest set - MD5. */
- ExpectIntEQ(HMAC_size(hmac), 16);
- ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 1);
- ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 1);
- ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 1);
- #else
- ExpectIntEQ(HMAC_size(hmac), BAD_FUNC_ARG);
- ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 0);
- ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 0);
- ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 0);
- #endif
- ExpectIntEQ(HMAC_Init_ex(NULL, (void*)key, (int)sizeof(key), md, e), 0);
- ExpectIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e), 1);
- /* re-using test key as data to hash */
- ExpectIntEQ(HMAC_Update(NULL, key, (int)sizeof(key)), 0);
- ExpectIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), 1);
- ExpectIntEQ(HMAC_Update(hmac, key, 0), 1);
- ExpectIntEQ(HMAC_Update(hmac, NULL, 0), 1);
- ExpectIntEQ(HMAC_Update(hmac, NULL, (int)sizeof(key)), 1);
- ExpectIntEQ(HMAC_Final(NULL, NULL, &len), 0);
- ExpectIntEQ(HMAC_Final(hmac, NULL, &len), 0);
- ExpectIntEQ(HMAC_Final(NULL, hash, &len), 0);
- ExpectIntEQ(HMAC_Final(hmac, hash, &len), 1);
- ExpectIntEQ(HMAC_Final(hmac, hash, NULL), 1);
- ExpectIntEQ(len, md_len);
- ExpectIntEQ(HMAC_size(NULL), 0);
- ExpectIntEQ(HMAC_size(hmac), md_len);
- ExpectStrEQ(HMAC_CTX_get_md(hmac), md);
- HMAC_cleanup(NULL);
- HMAC_cleanup(hmac);
- HMAC_CTX_free(hmac);
- len = 0;
- ExpectNull(HMAC(NULL, key, (int)sizeof(key), NULL, 0, hash, &len));
- ExpectNull(HMAC(md, NULL, (int)sizeof(key), NULL, 0, hash, &len));
- ExpectNull(HMAC(md, key, (int)sizeof(key), NULL, 0, NULL, &len));
- ExpectNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len));
- ExpectIntEQ(len, md_len);
- ExpectNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, NULL));
- /* With data. */
- ExpectNotNull(HMAC(md, key, (int)sizeof(key), key, (int)sizeof(key), hash,
- &len));
- /* With NULL data. */
- ExpectNull(HMAC(md, key, (int)sizeof(key), NULL, (int)sizeof(key), hash,
- &len));
- /* With zero length data. */
- ExpectNotNull(HMAC(md, key, (int)sizeof(key), key, 0, hash, &len));
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_HMAC(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
- defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
- defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
- #ifndef NO_SHA256
- ExpectIntEQ(test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE),
- TEST_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA224
- ExpectIntEQ(test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE),
- TEST_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA384
- ExpectIntEQ(test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE),
- TEST_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA512
- ExpectIntEQ(test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE),
- TEST_SUCCESS);
- #endif
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- ExpectIntEQ(test_openssl_hmac(EVP_sha3_224(),
- (int)WC_SHA3_224_DIGEST_SIZE), TEST_SUCCESS);
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- ExpectIntEQ(test_openssl_hmac(EVP_sha3_256(),
- (int)WC_SHA3_256_DIGEST_SIZE), TEST_SUCCESS);
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- ExpectIntEQ(test_openssl_hmac(EVP_sha3_384(),
- (int)WC_SHA3_384_DIGEST_SIZE), TEST_SUCCESS);
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- ExpectIntEQ(test_openssl_hmac(EVP_sha3_512(),
- (int)WC_SHA3_512_DIGEST_SIZE), TEST_SUCCESS);
- #endif
- #endif
- #ifndef NO_SHA
- ExpectIntEQ(test_openssl_hmac(EVP_sha1(), (int)WC_SHA_DIGEST_SIZE),
- TEST_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CMAC(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_AES_DIRECT)
- int i;
- byte key[AES_256_KEY_SIZE];
- CMAC_CTX* cmacCtx = NULL;
- byte out[AES_BLOCK_SIZE];
- size_t outLen = AES_BLOCK_SIZE;
- for (i=0; i < AES_256_KEY_SIZE; ++i) {
- key[i] = i;
- }
- ExpectNotNull(cmacCtx = CMAC_CTX_new());
- /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */
- ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
- ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
- NULL), 1);
- /* re-using test key as data to hash */
- ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
- ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1);
- ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 1);
- ExpectIntEQ(outLen, AES_BLOCK_SIZE);
- /* No Update works. */
- ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
- NULL), 1);
- ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
- ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
- NULL), 1);
- /* Test parameters with CMAC_Update. */
- ExpectIntEQ(CMAC_Update(NULL, NULL, 0), 0);
- ExpectIntEQ(CMAC_Update(NULL, key, 0), 0);
- ExpectIntEQ(CMAC_Update(NULL, NULL, AES_128_KEY_SIZE), 0);
- ExpectIntEQ(CMAC_Update(NULL, key, AES_128_KEY_SIZE), 0);
- ExpectIntEQ(CMAC_Update(cmacCtx, key, 0), 1);
- ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1);
- ExpectIntEQ(CMAC_Update(cmacCtx, NULL, AES_128_KEY_SIZE), 1);
- /* Test parameters with CMAC_Final. */
- ExpectIntEQ(CMAC_Final(NULL, NULL, NULL), 0);
- ExpectIntEQ(CMAC_Final(NULL, out, NULL), 0);
- ExpectIntEQ(CMAC_Final(NULL, NULL, &outLen), 0);
- ExpectIntEQ(CMAC_Final(NULL, out, &outLen), 0);
- ExpectIntEQ(CMAC_Final(cmacCtx, NULL, NULL), 1);
- ExpectIntEQ(CMAC_Final(cmacCtx, NULL, &outLen), 1);
- ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
- CMAC_CTX_free(cmacCtx);
- /* Test parameters with CMAC Init. */
- cmacCtx = NULL;
- ExpectNotNull(cmacCtx = CMAC_CTX_new());
- ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
- ExpectIntEQ(CMAC_Init(NULL, NULL, 0, NULL, NULL), 0);
- ExpectIntEQ(CMAC_Init(NULL, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
- NULL), 0);
- ExpectIntEQ(CMAC_Init(cmacCtx, NULL, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
- NULL), 0);
- /* give a key too small for the cipher, verify we get failure */
- ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(),
- NULL), 0);
- ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, NULL, NULL), 0);
- #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
- /* Only AES-CBC supported. */
- ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_gcm(),
- NULL), 0);
- #endif
- CMAC_CTX_free(cmacCtx);
- ExpectNull(CMAC_CTX_get0_cipher_ctx(NULL));
- cmacCtx = NULL;
- ExpectNotNull(cmacCtx = CMAC_CTX_new());
- /* No Init. */
- ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 0);
- CMAC_CTX_free(cmacCtx);
- /* Test AES-256-CBC */
- cmacCtx = NULL;
- ExpectNotNull(cmacCtx = CMAC_CTX_new());
- ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_256_KEY_SIZE, EVP_aes_256_cbc(),
- NULL), 1);
- ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
- ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
- CMAC_CTX_free(cmacCtx);
- /* Test AES-192-CBC */
- cmacCtx = NULL;
- ExpectNotNull(cmacCtx = CMAC_CTX_new());
- ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
- NULL), 1);
- ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
- ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
- CMAC_CTX_free(cmacCtx);
- cmacCtx = NULL;
- ExpectNotNull(cmacCtx = CMAC_CTX_new());
- CMAC_CTX_free(cmacCtx);
- #endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DES(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
- const_DES_cblock myDes;
- DES_cblock iv;
- DES_key_schedule key;
- word32 i = 0;
- DES_LONG dl = 0;
- unsigned char msg[] = "hello wolfssl";
- unsigned char weakKey[][8] = {
- { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
- { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
- { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
- { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }
- };
- unsigned char semiWeakKey[][8] = {
- { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
- { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
- { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
- { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
- { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
- { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
- { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
- { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
- { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
- { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
- { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
- { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
- };
- DES_check_key(1);
- DES_set_key(&myDes, &key);
- /* check, check of odd parity */
- XMEMSET(myDes, 4, sizeof(const_DES_cblock));
- myDes[0] = 6; /* set even parity */
- XMEMSET(key, 5, sizeof(DES_key_schedule));
- ExpectIntEQ(DES_set_key_checked(&myDes, &key), -1);
- ExpectIntNE(key[0], myDes[0]); /* should not have copied over key */
- ExpectIntEQ(DES_set_key_checked(NULL, NULL), -2);
- ExpectIntEQ(DES_set_key_checked(&myDes, NULL), -2);
- ExpectIntEQ(DES_set_key_checked(NULL, &key), -2);
- /* set odd parity for success case */
- DES_set_odd_parity(&myDes);
- ExpectIntEQ(DES_check_key_parity(&myDes), 1);
- fprintf(stderr, "%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2],
- myDes[3]);
- ExpectIntEQ(DES_set_key_checked(&myDes, &key), 0);
- for (i = 0; i < sizeof(DES_key_schedule); i++) {
- ExpectIntEQ(key[i], myDes[i]);
- }
- ExpectIntEQ(DES_is_weak_key(&myDes), 0);
- /* check weak key */
- XMEMSET(myDes, 1, sizeof(const_DES_cblock));
- XMEMSET(key, 5, sizeof(DES_key_schedule));
- ExpectIntEQ(DES_set_key_checked(&myDes, &key), -2);
- ExpectIntNE(key[0], myDes[0]); /* should not have copied over key */
- DES_set_key_unchecked(NULL, NULL);
- DES_set_key_unchecked(&myDes, NULL);
- DES_set_key_unchecked(NULL, &key);
- /* compare arrays, should be the same */
- /* now do unchecked copy of a weak key over */
- DES_set_key_unchecked(&myDes, &key);
- /* compare arrays, should be the same */
- for (i = 0; i < sizeof(DES_key_schedule); i++) {
- ExpectIntEQ(key[i], myDes[i]);
- }
- ExpectIntEQ(DES_is_weak_key(&myDes), 1);
- myDes[7] = 2;
- ExpectIntEQ(DES_set_key_checked(&myDes, &key), 0);
- ExpectIntEQ(DES_is_weak_key(&myDes), 0);
- ExpectIntEQ(DES_is_weak_key(NULL), 1);
- /* Test all weak keys. */
- for (i = 0; i < sizeof(weakKey) / sizeof(*weakKey); i++) {
- ExpectIntEQ(DES_set_key_checked(&weakKey[i], &key), -2);
- }
- /* Test all semi-weak keys. */
- for (i = 0; i < sizeof(semiWeakKey) / sizeof(*semiWeakKey); i++) {
- ExpectIntEQ(DES_set_key_checked(&semiWeakKey[i], &key), -2);
- }
- /* check DES_key_sched API */
- XMEMSET(key, 1, sizeof(DES_key_schedule));
- ExpectIntEQ(DES_key_sched(&myDes, NULL), 0);
- ExpectIntEQ(DES_key_sched(NULL, &key), 0);
- ExpectIntEQ(DES_key_sched(&myDes, &key), 0);
- /* compare arrays, should be the same */
- for (i = 0; i < sizeof(DES_key_schedule); i++) {
- ExpectIntEQ(key[i], myDes[i]);
- }
- ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, NULL, NULL)), 0);
- ExpectIntEQ((DES_cbc_cksum(msg, NULL, 0, NULL, NULL)), 0);
- ExpectIntEQ((DES_cbc_cksum(NULL, &key, 0, NULL, NULL)), 0);
- ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, &myDes, NULL)), 0);
- ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, NULL, &iv)), 0);
- ExpectIntEQ((DES_cbc_cksum(NULL, &key, sizeof(msg), &myDes, &iv)), 0);
- ExpectIntEQ((DES_cbc_cksum(msg, NULL, sizeof(msg), &myDes, &iv)), 0);
- ExpectIntEQ((DES_cbc_cksum(msg, &key, sizeof(msg), NULL, &iv)), 0);
- ExpectIntEQ((DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, NULL)), 0);
- /* DES_cbc_cksum should return the last 4 of the last 8 bytes after
- * DES_cbc_encrypt on the input */
- XMEMSET(iv, 0, sizeof(DES_cblock));
- XMEMSET(myDes, 5, sizeof(DES_key_schedule));
- ExpectIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
- ExpectIntEQ(dl, 480052723);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DES_ncbc(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
- const_DES_cblock myDes;
- DES_cblock iv = {1};
- DES_key_schedule key = {0};
- unsigned char msg[] = "hello wolfssl";
- unsigned char out[DES_BLOCK_SIZE * 2] = {0};
- unsigned char pln[DES_BLOCK_SIZE * 2] = {0};
- unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
- unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};
- /* partial block test */
- DES_set_key(&key, &myDes);
- DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
- ExpectIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
- DES_set_key(&key, &myDes);
- XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
- *((byte*)&iv) = 1;
- DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
- ExpectIntEQ(XMEMCMP(msg, pln, 3), 0);
- ExpectIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
- /* full block test */
- DES_set_key(&key, &myDes);
- XMEMSET(pln, 0, DES_BLOCK_SIZE);
- XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
- *((byte*)&iv) = 1;
- DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
- ExpectIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
- ExpectIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
- DES_set_key(&key, &myDes);
- XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
- *((byte*)&iv) = 1;
- DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
- ExpectIntEQ(XMEMCMP(msg, pln, 8), 0);
- ExpectIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DES_ecb_encrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
- WOLFSSL_DES_cblock input1, input2, output1, output2, back1, back2;
- WOLFSSL_DES_key_schedule key;
- XMEMCPY(key, "12345678", sizeof(WOLFSSL_DES_key_schedule));
- XMEMCPY(input1, "Iamhuman", sizeof(WOLFSSL_DES_cblock));
- XMEMCPY(input2, "Whoisit?", sizeof(WOLFSSL_DES_cblock));
- XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
- XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
- XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
- XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
- wolfSSL_DES_ecb_encrypt(NULL, NULL, NULL, DES_ENCRYPT);
- wolfSSL_DES_ecb_encrypt(&input1, NULL, NULL, DES_ENCRYPT);
- wolfSSL_DES_ecb_encrypt(NULL, &output1, NULL, DES_ENCRYPT);
- wolfSSL_DES_ecb_encrypt(NULL, NULL, &key, DES_ENCRYPT);
- wolfSSL_DES_ecb_encrypt(&input1, &output1, NULL, DES_ENCRYPT);
- wolfSSL_DES_ecb_encrypt(&input1, NULL, &key, DES_ENCRYPT);
- wolfSSL_DES_ecb_encrypt(NULL, &output1, &key, DES_ENCRYPT);
- /* Encrypt messages */
- wolfSSL_DES_ecb_encrypt(&input1, &output1, &key, DES_ENCRYPT);
- wolfSSL_DES_ecb_encrypt(&input2, &output2, &key, DES_ENCRYPT);
- {
- /* Decrypt messages */
- int ret1 = 0;
- int ret2 = 0;
- wolfSSL_DES_ecb_encrypt(&output1, &back1, &key, DES_DECRYPT);
- ExpectIntEQ(ret1 = XMEMCMP((unsigned char *)back1,
- (unsigned char *)input1, sizeof(WOLFSSL_DES_cblock)), 0);
- wolfSSL_DES_ecb_encrypt(&output2, &back2, &key, DES_DECRYPT);
- ExpectIntEQ(ret2 = XMEMCMP((unsigned char *)back2,
- (unsigned char *)input2, sizeof(WOLFSSL_DES_cblock)), 0);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DES_ede3_cbc_encrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
- unsigned char input1[8], input2[8];
- unsigned char output1[8], output2[8];
- unsigned char back1[8], back2[8];
- WOLFSSL_DES_cblock iv1, iv2;
- WOLFSSL_DES_key_schedule key1, key2, key3;
- int i;
- XMEMCPY(key1, "12345678", sizeof(WOLFSSL_DES_key_schedule));
- XMEMCPY(key2, "23456781", sizeof(WOLFSSL_DES_key_schedule));
- XMEMCPY(key3, "34567823", sizeof(WOLFSSL_DES_key_schedule));
- XMEMCPY(input1, "Iamhuman", sizeof(input1));
- XMEMCPY(input2, "Whoisit?", sizeof(input2));
- XMEMSET(output1, 0, sizeof(output1));
- XMEMSET(output2, 0, sizeof(output2));
- XMEMSET(back1, 0, sizeof(back1));
- XMEMSET(back2, 0, sizeof(back2));
- XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
- XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
- /* Encrypt messages */
- wolfSSL_DES_ede3_cbc_encrypt(input1, output1, 8, &key1, &key2, &key3, &iv1,
- DES_ENCRYPT);
- wolfSSL_DES_ede3_cbc_encrypt(input2, output2, 8, &key1, &key2, &key3, &iv2,
- DES_ENCRYPT);
- {
- XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
- XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
- /* Decrypt messages */
- wolfSSL_DES_ede3_cbc_encrypt(output1, back1, 8, &key1, &key2, &key3,
- &iv1, DES_DECRYPT);
- ExpectIntEQ(XMEMCMP(back1, input1, sizeof(input1)), 0);
- wolfSSL_DES_ede3_cbc_encrypt(output2, back2, 8, &key1, &key2, &key3,
- &iv2, DES_DECRYPT);
- ExpectIntEQ(XMEMCMP(back2, input2, sizeof(input2)), 0);
- }
- for (i = 0; i < 8; i++) {
- XMEMSET(output1, 0, sizeof(output1));
- XMEMSET(output2, 0, sizeof(output2));
- XMEMSET(back1, 0, sizeof(back1));
- XMEMSET(back2, 0, sizeof(back2));
- XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
- XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
- /* Encrypt partial messages */
- wolfSSL_DES_ede3_cbc_encrypt(input1, output1, i, &key1, &key2, &key3,
- &iv1, DES_ENCRYPT);
- wolfSSL_DES_ede3_cbc_encrypt(input2, output2, i, &key1, &key2, &key3,
- &iv2, DES_ENCRYPT);
- {
- XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
- XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
- /* Decrypt messages */
- wolfSSL_DES_ede3_cbc_encrypt(output1, back1, i, &key1, &key2,
- &key3, &iv1, DES_DECRYPT);
- ExpectIntEQ(XMEMCMP(back1, input1, i), 0);
- wolfSSL_DES_ede3_cbc_encrypt(output2, back2, i, &key1, &key2,
- &key3, &iv2, DES_DECRYPT);
- ExpectIntEQ(XMEMCMP(back2, input2, i), 0);
- }
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_AES_encrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) \
- && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
- AES_KEY enc;
- AES_KEY dec;
- const byte msg[] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
- };
- const byte exp[] = {
- 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c,
- 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8,
- };
- const byte key[] = {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
- };
- byte eout[sizeof(msg)];
- byte dout[sizeof(msg)];
- ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &enc), 0);
- ExpectIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &dec), 0);
- wolfSSL_AES_encrypt(NULL, NULL, NULL);
- wolfSSL_AES_encrypt(msg, NULL, NULL);
- wolfSSL_AES_encrypt(NULL, eout, NULL);
- wolfSSL_AES_encrypt(NULL, NULL, &enc);
- wolfSSL_AES_encrypt(msg, eout, NULL);
- wolfSSL_AES_encrypt(msg, NULL, &enc);
- wolfSSL_AES_encrypt(NULL, eout, &enc);
- wolfSSL_AES_decrypt(NULL, NULL, NULL);
- wolfSSL_AES_decrypt(eout, NULL, NULL);
- wolfSSL_AES_decrypt(NULL, dout, NULL);
- wolfSSL_AES_decrypt(NULL, NULL, &dec);
- wolfSSL_AES_decrypt(eout, dout, NULL);
- wolfSSL_AES_decrypt(eout, NULL, &dec);
- wolfSSL_AES_decrypt(NULL, dout, &dec);
- wolfSSL_AES_encrypt(msg, eout, &enc);
- ExpectIntEQ(XMEMCMP(eout, exp, AES_BLOCK_SIZE), 0);
- wolfSSL_AES_decrypt(eout, dout, &dec);
- ExpectIntEQ(XMEMCMP(dout, msg, AES_BLOCK_SIZE), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_AES_ecb_encrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) \
- && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
- AES_KEY aes;
- const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte out[AES_BLOCK_SIZE];
- ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
- ExpectIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);
- #ifdef HAVE_AES_DECRYPT
- ExpectIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
- ExpectIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
- #endif
- /* test bad arguments */
- AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
- AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
- AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_AES_cbc_encrypt(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) && \
- !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
- AES_KEY aes;
- AES_KEY* aesN = NULL;
- size_t len = 0;
- size_t lenB = 0;
- int keySz0 = 0;
- int keySzN = -1;
- byte out[AES_BLOCK_SIZE] = {0};
- byte* outN = NULL;
- /* Test vectors retrieved from:
- * <begin URL>
- * https://csrc.nist.gov/
- * CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
- * documents/aes/KAT_AES.zip
- * </end URL>
- */
- const byte* pt128N = NULL;
- byte* key128N = NULL;
- byte* iv128N = NULL;
- byte iv128tmp[AES_BLOCK_SIZE] = {0};
- const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
- const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
- 0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };
- const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
- byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };
- len = sizeof(pt128);
- #define STRESS_T(a, b, c, d, e, f, g, h, i) \
- wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
- ExpectIntNE(XMEMCMP(b, g, h), i)
- #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
- /* Stressing wolfSSL_AES_cbc_encrypt() */
- STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
- STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0);
- wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT);
- ExpectIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
- wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT);
- ExpectIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
- STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
- /* Stressing wolfSSL_AES_set_encrypt_key */
- ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
- ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
- ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
- ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
- /* Stressing wolfSSL_AES_set_decrypt_key */
- ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
- ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
- ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
- ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
- #ifdef WOLFSSL_AES_128
- /* wolfSSL_AES_cbc_encrypt() 128-bit */
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- RESET_IV(iv128tmp, iv128);
- ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT);
- ExpectIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
- wc_AesFree((Aes*)&aes);
- #ifdef HAVE_AES_DECRYPT
- /* wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode */
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- RESET_IV(iv128tmp, iv128);
- len = sizeof(ct128);
- ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT);
- ExpectIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
- wc_AesFree((Aes*)&aes);
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- {
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
- * Appendix F.2.3 */
- byte iv192tmp[AES_BLOCK_SIZE] = {0};
- const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
- const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
- 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };
- const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
- byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };
- len = sizeof(pt192);
- /* wolfSSL_AES_cbc_encrypt() 192-bit */
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- RESET_IV(iv192tmp, iv192);
- ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT);
- ExpectIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
- wc_AesFree((Aes*)&aes);
- #ifdef HAVE_AES_DECRYPT
- /* wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode */
- len = sizeof(ct192);
- RESET_IV(iv192tmp, iv192);
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT);
- ExpectIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
- wc_AesFree((Aes*)&aes);
- #endif
- }
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- {
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
- * Appendix F.2.5 */
- byte iv256tmp[AES_BLOCK_SIZE] = {0};
- const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
- const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
- 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };
- const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
- byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
- len = sizeof(pt256);
- /* wolfSSL_AES_cbc_encrypt() 256-bit */
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- RESET_IV(iv256tmp, iv256);
- ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT);
- ExpectIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
- wc_AesFree((Aes*)&aes);
- #ifdef HAVE_AES_DECRYPT
- /* wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode */
- len = sizeof(ct256);
- RESET_IV(iv256tmp, iv256);
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
- wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT);
- ExpectIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
- wc_AesFree((Aes*)&aes);
- #endif
- #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && \
- !defined(HAVE_SELFTEST)
- {
- byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
- byte wrapPlain[sizeof(key256)] = { 0 };
- byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
- /* wolfSSL_AES_wrap_key() 256-bit NULL iv */
- ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
- 15), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
- sizeof(key256)), sizeof(wrapCipher));
- wc_AesFree((Aes*)&aes);
- /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */
- ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
- 23), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
- sizeof(wrapCipher)), sizeof(wrapPlain));
- ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
- XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
- XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
- wc_AesFree((Aes*)&aes);
- /* wolfSSL_AES_wrap_key() 256-bit custom iv */
- ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
- sizeof(key256)), sizeof(wrapCipher));
- wc_AesFree((Aes*)&aes);
- /* wolfSSL_AES_unwrap_key() 256-bit custom iv */
- ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
- sizeof(wrapCipher)), sizeof(wrapPlain));
- ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
- wc_AesFree((Aes*)&aes);
- ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, NULL, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, NULL, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, wrapIV, NULL, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, wrapCipher, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, NULL, key256, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, wrapIV, wrapCipher, key256, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, NULL, key256, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, NULL, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, NULL, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, wrapIV, NULL, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, wrapPlain, NULL, 0), 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, NULL, wrapCipher, 0), 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, wrapIV, wrapPlain, wrapCipher, 0),
- 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, 0),
- 0);
- ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, NULL, wrapCipher, 0), 0);
- ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapPlain, NULL, 0), 0);
- }
- #endif /* HAVE_AES_KEYWRAP */
- }
- #endif /* WOLFSSL_AES_256 */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_AES_cfb128_encrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(WOLFSSL_AES_CFB) && \
- !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
- AES_KEY aesEnc;
- AES_KEY aesDec;
- const byte msg[] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
- };
- const byte exp[] = {
- 0x16, 0xc9, 0x90, 0x6c, 0x04, 0x0c, 0xd1, 0x2f,
- 0x84, 0x7b, 0x18, 0xed, 0xed, 0x6a, 0xb5, 0xfd
- };
- const byte key[] = {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
- };
- const byte ivData[] = {
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- };
- byte out[AES_BLOCK_SIZE];
- byte iv[AES_BLOCK_SIZE];
- word32 i;
- int num;
- ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesEnc), 0);
- XMEMCPY(iv, ivData, sizeof(iv));
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AES_cfb128_encrypt(msg, out, sizeof(msg), &aesEnc, iv, NULL, AES_ENCRYPT);
- ExpectIntEQ(XMEMCMP(out, exp, sizeof(msg)), 0);
- ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
- #ifdef HAVE_AES_DECRYPT
- ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesDec), 0);
- XMEMCPY(iv, ivData, sizeof(iv));
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AES_cfb128_encrypt(exp, out, sizeof(msg), &aesDec, iv, NULL, AES_DECRYPT);
- ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
- ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
- #endif
- for (i = 0; EXPECT_SUCCESS() && (i <= sizeof(msg)); i++) {
- ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesEnc), 0);
- XMEMCPY(iv, ivData, sizeof(iv));
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AES_cfb128_encrypt(msg, out, i, &aesEnc, iv, &num, AES_ENCRYPT);
- ExpectIntEQ(num, i % AES_BLOCK_SIZE);
- ExpectIntEQ(XMEMCMP(out, exp, i), 0);
- if (i == 0) {
- ExpectIntEQ(XMEMCMP(iv, ivData, sizeof(iv)), 0);
- }
- else {
- ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
- }
- #ifdef HAVE_AES_DECRYPT
- ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesDec), 0);
- XMEMCPY(iv, ivData, sizeof(iv));
- XMEMSET(out, 0, AES_BLOCK_SIZE);
- AES_cfb128_encrypt(exp, out, i, &aesDec, iv, &num, AES_DECRYPT);
- ExpectIntEQ(num, i % AES_BLOCK_SIZE);
- ExpectIntEQ(XMEMCMP(out, msg, i), 0);
- if (i == 0) {
- ExpectIntEQ(XMEMCMP(iv, ivData, sizeof(iv)), 0);
- }
- else {
- ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
- }
- #endif
- }
- if (EXPECT_SUCCESS()) {
- /* test bad arguments */
- AES_cfb128_encrypt(NULL, NULL, 0, NULL, NULL, NULL, AES_DECRYPT);
- AES_cfb128_encrypt(msg, NULL, 0, NULL, NULL, NULL, AES_DECRYPT);
- AES_cfb128_encrypt(NULL, out, 0, NULL, NULL, NULL, AES_DECRYPT);
- AES_cfb128_encrypt(NULL, NULL, 0, &aesDec, NULL, NULL, AES_DECRYPT);
- AES_cfb128_encrypt(NULL, NULL, 0, NULL, iv, NULL, AES_DECRYPT);
- AES_cfb128_encrypt(NULL, out, 0, &aesDec, iv, NULL, AES_DECRYPT);
- AES_cfb128_encrypt(msg, NULL, 0, &aesDec, iv, NULL, AES_DECRYPT);
- AES_cfb128_encrypt(msg, out, 0, NULL, iv, NULL, AES_DECRYPT);
- AES_cfb128_encrypt(msg, out, 0, &aesDec, NULL, NULL, AES_DECRYPT);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CRYPTO_cts128(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) && \
- defined(HAVE_CTS) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
- byte tmp[64]; /* Largest vector size */
- /* Test vectors taken form RFC3962 Appendix B */
- const testVector vects[] = {
- {
- "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
- "\x20",
- "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
- "\x97",
- 17, 17
- },
- {
- "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
- "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
- "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
- "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
- 31, 31
- },
- {
- "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
- "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
- "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
- "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
- 32, 32
- },
- {
- "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
- "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
- "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
- "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
- "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
- "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
- 47, 47
- },
- {
- "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
- "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
- "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
- "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
- "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
- "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
- 48, 48
- },
- {
- "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
- "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
- "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
- "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
- "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
- "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
- "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
- "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
- 64, 64
- }
- };
- byte keyBytes[AES_128_KEY_SIZE] = {
- 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
- };
- size_t i;
- AES_KEY encKey;
- byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */
- XMEMSET(tmp, 0, sizeof(tmp));
- for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) {
- AES_KEY decKey;
- ExpectIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8,
- &encKey), 0);
- ExpectIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8,
- &decKey), 0);
- XMEMSET(iv, 0, sizeof(iv));
- ExpectIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input,
- tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt),
- vects[i].outLen);
- ExpectIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0);
- XMEMSET(iv, 0, sizeof(iv));
- ExpectIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output,
- tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt),
- vects[i].inLen);
- ExpectIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0);
- }
- ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, NULL, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, NULL, 17, NULL, NULL, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, tmp, 17, NULL, NULL, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, &encKey, NULL, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, iv, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, NULL,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, tmp, 17, &encKey, iv,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, NULL, 17, &encKey, iv,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, NULL, iv,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, &encKey, NULL,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, &encKey, iv, NULL), 0);
- /* Length too small. */
- ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 0, &encKey, iv,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, NULL, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, NULL, 17, NULL, NULL, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, tmp, 17, NULL, NULL, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, &encKey, NULL, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, iv, NULL), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, NULL,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, tmp, 17, &encKey, iv,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, NULL, 17, &encKey, iv,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, NULL, iv,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, &encKey, NULL,
- (cbc128_f)AES_cbc_encrypt), 0);
- ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, &encKey, iv, NULL), 0);
- /* Length too small. */
- ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 0, &encKey, iv,
- (cbc128_f)AES_cbc_encrypt), 0);
- #endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RC4(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RC4) && defined(OPENSSL_EXTRA)
- WOLFSSL_RC4_KEY rc4Key;
- unsigned char key[] = {
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- };
- unsigned char data[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- };
- unsigned char enc[sizeof(data)];
- unsigned char dec[sizeof(data)];
- word32 i;
- word32 j;
- wolfSSL_RC4_set_key(NULL, -1, NULL);
- wolfSSL_RC4_set_key(&rc4Key, -1, NULL);
- wolfSSL_RC4_set_key(NULL, 0, NULL);
- wolfSSL_RC4_set_key(NULL, -1, key);
- wolfSSL_RC4_set_key(&rc4Key, 0, NULL);
- wolfSSL_RC4_set_key(&rc4Key, -1, key);
- wolfSSL_RC4_set_key(NULL, 0, key);
- wolfSSL_RC4(NULL, 0, NULL, NULL);
- wolfSSL_RC4(&rc4Key, 0, NULL, NULL);
- wolfSSL_RC4(NULL, 0, data, NULL);
- wolfSSL_RC4(NULL, 0, NULL, enc);
- wolfSSL_RC4(&rc4Key, 0, data, NULL);
- wolfSSL_RC4(&rc4Key, 0, NULL, enc);
- wolfSSL_RC4(NULL, 0, data, enc);
- ExpectIntEQ(1, 1);
- for (i = 0; EXPECT_SUCCESS() && (i <= sizeof(key)); i++) {
- for (j = 0; EXPECT_SUCCESS() && (j <= sizeof(data)); j++) {
- XMEMSET(enc, 0, sizeof(enc));
- XMEMSET(dec, 0, sizeof(dec));
- /* Encrypt */
- wolfSSL_RC4_set_key(&rc4Key, i, key);
- wolfSSL_RC4(&rc4Key, j, data, enc);
- /* Decrypt */
- wolfSSL_RC4_set_key(&rc4Key, i, key);
- wolfSSL_RC4(&rc4Key, j, enc, dec);
- ExpectIntEQ(XMEMCMP(dec, data, j), 0);
- }
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OBJ(void)
- {
- /* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
- * mode
- */
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
- !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
- defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && \
- !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
- ASN1_OBJECT *obj = NULL;
- ASN1_OBJECT *obj2 = NULL;
- char buf[50];
- XFILE fp = XBADFILE;
- X509 *x509 = NULL;
- X509_NAME *x509Name = NULL;
- X509_NAME_ENTRY *x509NameEntry = NULL;
- ASN1_OBJECT *asn1Name = NULL;
- int numNames = 0;
- BIO *bio = NULL;
- int nid;
- int i, j;
- const char *f[] = {
- #ifndef NO_RSA
- "./certs/ca-cert.der",
- #endif
- #ifdef HAVE_ECC
- "./certs/ca-ecc-cert.der",
- "./certs/ca-ecc384-cert.der",
- #endif
- NULL};
- ASN1_OBJECT *field_name_obj = NULL;
- int lastpos = -1;
- int tmp = -1;
- ASN1_STRING *asn1 = NULL;
- unsigned char *buf_dyn = NULL;
- ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
- ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy));
- ExpectIntEQ(OBJ_obj2nid(obj), NID_any_policy);
- ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
- ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
- ASN1_OBJECT_free(obj);
- obj = NULL;
- ExpectNotNull(obj = OBJ_nid2obj(NID_sha256));
- ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256);
- ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22);
- #ifdef WOLFSSL_CERT_EXT
- ExpectIntEQ(OBJ_txt2nid(buf), NID_sha256);
- #endif
- ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
- ExpectNotNull(obj2 = OBJ_dup(obj));
- ExpectIntEQ(OBJ_cmp(obj, obj2), 0);
- ASN1_OBJECT_free(obj);
- obj = NULL;
- ASN1_OBJECT_free(obj2);
- obj2 = NULL;
- for (i = 0; f[i] != NULL; i++)
- {
- ExpectTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE);
- ExpectNotNull(x509 = d2i_X509_fp(fp, NULL));
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectNotNull(x509Name = X509_get_issuer_name(x509));
- ExpectIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
- /* Get the Common Name by using OBJ_txt2obj */
- ExpectNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
- do
- {
- lastpos = tmp;
- tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
- } while (tmp > -1);
- ExpectIntNE(lastpos, -1);
- ASN1_OBJECT_free(field_name_obj);
- field_name_obj = NULL;
- ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
- ExpectNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
- ExpectIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
- /*
- * All Common Names should be www.wolfssl.com
- * This makes testing easier as we can test for the expected value.
- */
- ExpectStrEQ((char*)buf_dyn, "www.wolfssl.com");
- OPENSSL_free(buf_dyn);
- buf_dyn = NULL;
- bio = BIO_new(BIO_s_mem());
- ExpectTrue(bio != NULL);
- for (j = 0; j < numNames; j++)
- {
- ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
- ExpectNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
- ExpectTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
- }
- BIO_free(bio);
- bio = NULL;
- X509_free(x509);
- x509 = NULL;
- }
- #ifdef HAVE_PKCS12
- {
- PKCS12 *p12 = NULL;
- int boolRet;
- EVP_PKEY *pkey = NULL;
- const char *p12_f[] = {
- #if !defined(NO_DES3) && !defined(NO_RSA)
- "./certs/test-servercert.p12",
- #endif
- NULL};
- for (i = 0; p12_f[i] != NULL; i++)
- {
- ExpectTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
- ExpectNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((boolRet = PKCS12_parse(p12, "wolfSSL test",
- &pkey, &x509, NULL)) > 0);
- wc_PKCS12_free(p12);
- p12 = NULL;
- EVP_PKEY_free(pkey);
- x509Name = X509_get_issuer_name(x509);
- ExpectNotNull(x509Name);
- ExpectIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
- ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL);
- for (j = 0; j < numNames; j++)
- {
- ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
- ExpectNotNull(asn1Name =
- X509_NAME_ENTRY_get_object(x509NameEntry));
- ExpectTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
- }
- BIO_free(bio);
- bio = NULL;
- X509_free(x509);
- x509 = NULL;
- }
- }
- #endif /* HAVE_PKCS12 */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OBJ_cmp(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
- ASN1_OBJECT *obj = NULL;
- ASN1_OBJECT *obj2 = NULL;
- ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy));
- ExpectNotNull(obj2 = OBJ_nid2obj(NID_sha256));
- ExpectIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(OBJ_cmp(obj, obj), 0);
- ExpectIntEQ(OBJ_cmp(obj2, obj2), 0);
- ASN1_OBJECT_free(obj);
- ASN1_OBJECT_free(obj2);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OBJ_txt2nid(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
- defined(WOLFSSL_APACHE_HTTPD)
- int i;
- static const struct {
- const char* sn;
- const char* ln;
- const char* oid;
- int nid;
- } testVals[] = {
- #ifdef WOLFSSL_APACHE_HTTPD
- { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature },
- { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7",
- NID_id_on_dnsSRV },
- { "msUPN", "Microsoft User Principal Name",
- "1.3.6.1.4.1.311.20.2.3", NID_ms_upn },
- #endif
- { NULL, NULL, NULL, NID_undef }
- };
- /* Invalid cases */
- ExpectIntEQ(OBJ_txt2nid(NULL), NID_undef);
- ExpectIntEQ(OBJ_txt2nid("Bad name"), NID_undef);
- /* Valid cases */
- for (i = 0; testVals[i].sn != NULL; i++) {
- ExpectIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid);
- ExpectIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid);
- ExpectIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OBJ_txt2obj(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
- int i;
- char buf[50];
- ASN1_OBJECT* obj = NULL;
- static const struct {
- const char* oidStr;
- const char* sn;
- const char* ln;
- } objs_list[] = {
- #if defined(WOLFSSL_APACHE_HTTPD)
- { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" },
- { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" },
- #endif
- { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"},
- { NULL, NULL, NULL }
- };
- static const struct {
- const char* numeric;
- const char* name;
- } objs_named[] = {
- /* In dictionary but not in normal list. */
- { "1.3.6.1.5.5.7.3.8", "Time Stamping" },
- /* Made up OID. */
- { "1.3.5.7", "1.3.5.7" },
- { NULL, NULL }
- };
- ExpectNull(obj = OBJ_txt2obj("Bad name", 0));
- ASN1_OBJECT_free(obj);
- obj = NULL;
- ExpectNull(obj = OBJ_txt2obj(NULL, 0));
- ASN1_OBJECT_free(obj);
- obj = NULL;
- for (i = 0; objs_list[i].oidStr != NULL; i++) {
- /* Test numerical value of oid (oidStr) */
- ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1));
- /* Convert object back to text to confirm oid is correct */
- wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
- ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
- ASN1_OBJECT_free(obj);
- obj = NULL;
- XMEMSET(buf, 0, sizeof(buf));
- /* Test short name (sn) */
- ExpectNull(obj = OBJ_txt2obj(objs_list[i].sn, 1));
- ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0));
- /* Convert object back to text to confirm oid is correct */
- wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
- ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
- ASN1_OBJECT_free(obj);
- obj = NULL;
- XMEMSET(buf, 0, sizeof(buf));
- /* Test long name (ln) - should fail when no_name = 1 */
- ExpectNull(obj = OBJ_txt2obj(objs_list[i].ln, 1));
- ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0));
- /* Convert object back to text to confirm oid is correct */
- wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
- ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
- ASN1_OBJECT_free(obj);
- obj = NULL;
- XMEMSET(buf, 0, sizeof(buf));
- }
- for (i = 0; objs_named[i].numeric != NULL; i++) {
- ExpectNotNull(obj = OBJ_txt2obj(objs_named[i].numeric, 1));
- wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0);
- ExpectIntEQ(XSTRNCMP(buf, objs_named[i].name, (int)XSTRLEN(buf)), 0);
- wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
- ExpectIntEQ(XSTRNCMP(buf, objs_named[i].numeric, (int)XSTRLEN(buf)), 0);
- ASN1_OBJECT_free(obj);
- obj = NULL;
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_write_bio_X509(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && \
- defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_EXT) && \
- defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_RSA) && \
- !defined(NO_FILESYSTEM)
- /* This test contains the hard coded expected
- * lengths. Update if necessary */
- XFILE fp = XBADFILE;
- WOLFSSL_EVP_PKEY *priv = NULL;
- BIO* input = NULL;
- BIO* output = NULL;
- X509* x509a = NULL;
- X509* x509b = NULL;
- ASN1_TIME* notBeforeA = NULL;
- ASN1_TIME* notAfterA = NULL;
- #ifndef NO_ASN_TIME
- ASN1_TIME* notBeforeB = NULL;
- ASN1_TIME* notAfterB = NULL;
- #endif
- int expectedLen;
- ExpectTrue((fp = XFOPEN("certs/server-key.pem", "rb")) != XBADFILE);
- ExpectNotNull(priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL));
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectNotNull(input = BIO_new_file("certs/test/cert-ext-multiple.pem",
- "rb"));
- ExpectIntEQ(wolfSSL_BIO_get_len(input), 2000);
- /* read PEM into X509 struct, get notBefore / notAfter to verify against */
- ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL));
- ExpectNotNull(notBeforeA = X509_get_notBefore(x509a));
- ExpectNotNull(notAfterA = X509_get_notAfter(x509a));
- /* write X509 back to PEM BIO; no need to sign as nothing changed. */
- ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
- /* compare length against expected */
- expectedLen = 2000;
- ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
- #ifndef NO_ASN_TIME
- /* read exported X509 PEM back into struct, sanity check on export,
- * make sure notBefore/notAfter are the same and certs are identical. */
- ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL));
- ExpectNotNull(notBeforeB = X509_get_notBefore(x509b));
- ExpectNotNull(notAfterB = X509_get_notAfter(x509b));
- ExpectIntEQ(ASN1_TIME_compare(notBeforeA, notBeforeB), 0);
- ExpectIntEQ(ASN1_TIME_compare(notAfterA, notAfterB), 0);
- ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b));
- X509_free(x509b);
- x509b = NULL;
- #endif
- /* Reset output buffer */
- BIO_free(output);
- output = NULL;
- ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
- /* Test forcing the AKID to be generated just from KeyIdentifier */
- if (EXPECT_SUCCESS() && x509a->authKeyIdSrc != NULL) {
- XMEMMOVE(x509a->authKeyIdSrc, x509a->authKeyId, x509a->authKeyIdSz);
- x509a->authKeyId = x509a->authKeyIdSrc;
- x509a->authKeyIdSrc = NULL;
- x509a->authKeyIdSrcSz = 0;
- }
- /* Resign to re-generate the der */
- ExpectIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0);
- ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
- /* Check that we generate a smaller output since the AKID will
- * only contain the KeyIdentifier without any additional
- * information */
- /* Here we copy the validity struct from the original */
- expectedLen = 1688;
- ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
- /* Reset buffers and x509 */
- BIO_free(input);
- input = NULL;
- BIO_free(output);
- output = NULL;
- X509_free(x509a);
- x509a = NULL;
- /* test CA and basicConstSet values are encoded when
- * the cert is a CA */
- ExpectNotNull(input = BIO_new_file("certs/server-cert.pem", "rb"));
- /* read PEM into X509 struct */
- ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL));
- /* write X509 back to PEM BIO; no need to sign as nothing changed */
- ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
- /* read exported X509 PEM back into struct, ensure isCa and basicConstSet
- * values are maintained and certs are identical.*/
- ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL));
- ExpectIntEQ(x509b->isCa, 1);
- ExpectIntEQ(x509b->basicConstSet, 1);
- ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b));
- X509_free(x509a);
- x509a = NULL;
- X509_free(x509b);
- x509b = NULL;
- BIO_free(input);
- input = NULL;
- BIO_free(output);
- output = NULL;
- /* test CA and basicConstSet values are encoded when
- * the cert is not CA */
- ExpectNotNull(input = BIO_new_file("certs/client-uri-cert.pem", "rb"));
- /* read PEM into X509 struct */
- ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL));
- /* write X509 back to PEM BIO; no need to sign as nothing changed */
- ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
- /* read exported X509 PEM back into struct, ensure isCa and
- * basicConstSet values are maintained and certs are identical */
- ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL));
- ExpectIntEQ(x509b->isCa, 0);
- ExpectIntEQ(x509b->basicConstSet, 1);
- ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b));
- wolfSSL_EVP_PKEY_free(priv);
- X509_free(x509a);
- X509_free(x509b);
- BIO_free(input);
- BIO_free(output);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_NAME_ENTRY(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
- X509* x509 = NULL;
- #ifndef NO_BIO
- BIO* bio = NULL;
- #endif
- X509_NAME* nm = NULL;
- X509_NAME_ENTRY* entry = NULL;
- unsigned char cn[] = "another name to add";
- #ifdef OPENSSL_ALL
- int i;
- int names_len = 0;
- #endif
- ExpectNotNull(x509 =
- wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
- #ifndef NO_BIO
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
- #endif
- #ifdef WOLFSSL_CERT_REQ
- {
- X509_REQ* req = NULL;
- #ifndef NO_BIO
- BIO* bReq = NULL;
- #endif
- ExpectNotNull(req =
- wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
- #ifndef NO_BIO
- ExpectNotNull(bReq = BIO_new(BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
- BIO_free(bReq);
- #endif
- X509_free(req);
- }
- #endif
- ExpectNotNull(nm = X509_get_subject_name(x509));
- /* Test add entry */
- ExpectNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName,
- 0x0c, cn, (int)sizeof(cn)));
- ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
- #ifdef WOLFSSL_CERT_EXT
- ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@wolfssl.com", 19, -1,
- 1), WOLFSSL_SUCCESS);
- #endif
- X509_NAME_ENTRY_free(entry);
- entry = NULL;
- #ifdef WOLFSSL_CERT_REQ
- {
- unsigned char srv_pkcs9p[] = "Server";
- unsigned char fvrtDrnk[] = "tequila";
- unsigned char* der = NULL;
- char* subject = NULL;
- ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
- MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink,
- MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS);
- ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0);
- ExpectNotNull(der);
- ExpectNotNull(subject = X509_NAME_oneline(nm, 0, 0));
- ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila"));
- ExpectNotNull(XSTRSTR(subject, "contentType=Server"));
- #ifdef DEBUG_WOLFSSL
- if (subject != NULL) {
- fprintf(stderr, "\n\t%s\n", subject);
- }
- #endif
- XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
- XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- #endif
- /* Test add entry by text */
- ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
- 0x0c, cn, (int)sizeof(cn)));
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
- || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
- ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
- V_ASN1_UTF8STRING, cn, (int)sizeof(cn)));
- #endif
- ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
- X509_NAME_ENTRY_free(entry);
- entry = NULL;
- /* Test add entry by NID */
- ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8,
- cn, -1, -1, 0), SSL_SUCCESS);
- #ifdef OPENSSL_ALL
- /* stack of name entry */
- ExpectIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0);
- for (i = 0; i < names_len; i++) {
- ExpectNotNull(entry = sk_X509_NAME_ENTRY_value(nm->entries, i));
- }
- #endif
- #ifndef NO_BIO
- BIO_free(bio);
- #endif
- X509_free(x509); /* free's nm */
- #endif
- return EXPECT_RESULT();
- }
- /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */
- static int test_GENERAL_NAME_set0_othername(void) {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
- defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
- defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
- defined(WOLFSSL_FPKI)
- /* ./configure --enable-opensslall --enable-certgen --enable-certreq
- * --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
- * -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */
- const char * cert_fname = "./certs/server-cert.der";
- const char * key_fname = "./certs/server-key.der";
- X509* x509 = NULL;
- GENERAL_NAME* gn = NULL;
- GENERAL_NAMES* gns = NULL;
- ASN1_OBJECT* upn_oid = NULL;
- ASN1_UTF8STRING *utf8str = NULL;
- ASN1_TYPE *value = NULL;
- X509_EXTENSION * ext = NULL;
- byte* pt = NULL;
- byte der[4096];
- int derSz = 0;
- EVP_PKEY* priv = NULL;
- XFILE f = XBADFILE;
- ExpectTrue((f = XFOPEN(cert_fname, "rb")) != XBADFILE);
- ExpectNotNull(x509 = d2i_X509_fp(f, NULL));
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectNotNull(gn = GENERAL_NAME_new());
- ExpectNotNull(upn_oid = OBJ_txt2obj("1.3.6.1.4.1.311.20.2.3", 1));
- ExpectNotNull(utf8str = ASN1_UTF8STRING_new());
- ExpectIntEQ(ASN1_STRING_set(utf8str, "othername@wolfssl.com", -1), 1);
- ExpectNotNull(value = ASN1_TYPE_new());
- ASN1_TYPE_set(value, V_ASN1_UTF8STRING, utf8str);
- if ((value == NULL) || (value->value.ptr != (char*)utf8str)) {
- wolfSSL_ASN1_STRING_free(utf8str);
- }
- ExpectIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1);
- if (EXPECT_FAIL()) {
- ASN1_TYPE_free(value);
- }
- ExpectNotNull(gns = sk_GENERAL_NAME_new(NULL));
- ExpectIntEQ(sk_GENERAL_NAME_push(gns, gn), 1);
- if (EXPECT_FAIL()) {
- GENERAL_NAME_free(gn);
- gn = NULL;
- }
- ExpectNotNull(ext = X509V3_EXT_i2d(NID_subject_alt_name, 0, gns));
- ExpectIntEQ(X509_add_ext(x509, ext, -1), 1);
- ExpectTrue((f = XFOPEN(key_fname, "rb")) != XBADFILE);
- ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- pt = der;
- ExpectNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- (const unsigned char**)&pt, derSz));
- ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
- sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
- gns = NULL;
- ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL,
- NULL));
- ExpectIntEQ(sk_GENERAL_NAME_num(gns), 3);
- ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 2));
- ExpectIntEQ(gn->type, 0);
- sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
- ASN1_OBJECT_free(upn_oid);
- X509_EXTENSION_free(ext);
- X509_free(x509);
- EVP_PKEY_free(priv);
- #endif
- return EXPECT_RESULT();
- }
- /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */
- static int test_othername_and_SID_ext(void) {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
- defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \
- defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \
- defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE)
- /* ./configure --enable-opensslall --enable-certgen --enable-certreq
- * --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID
- * -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */
- const char* csr_fname = "./certs/csr.signed.der";
- const char* key_fname = "./certs/server-key.der";
- byte der[4096];
- int derSz = 0;
- X509_REQ* x509 = NULL;
- STACK_OF(X509_EXTENSION) *exts = NULL;
- X509_EXTENSION * san_ext = NULL;
- X509_EXTENSION * ext = NULL;
- GENERAL_NAME* gn = NULL;
- GENERAL_NAMES* gns = NULL;
- ASN1_OBJECT* upn_oid = NULL;
- ASN1_UTF8STRING *utf8str = NULL;
- ASN1_TYPE *value = NULL;
- ASN1_STRING *extval = NULL;
- /* SID extension. SID data format explained here:
- * https://blog.qdsecurity.se/2022/05/27/manually-injecting-a-sid-in-a-certificate/
- */
- uint8_t SidExtension[] = {
- 48, 64, 160, 62, 6, 10, 43, 6, 1, 4, 1, 130, 55, 25, 2, 1, 160,
- 48, 4, 46, 83, 45, 49, 45, 53, 45, 50, 49, 45, 50, 56, 52, 51, 57,
- 48, 55, 52, 49, 56, 45, 51, 57, 50, 54, 50, 55, 55, 52, 50, 49, 45,
- 51, 56, 49, 53, 57, 57, 51, 57, 55, 50, 45, 52, 54, 48, 49};
- uint8_t expectedAltName[] = {
- 0x30, 0x27, 0xA0, 0x25, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82,
- 0x37, 0x14, 0x02, 0x03, 0xA0, 0x17, 0x0C, 0x15, 0x6F, 0x74, 0x68, 0x65,
- 0x72, 0x6E, 0x61, 0x6D, 0x65, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
- 0x6C, 0x2E, 0x63, 0x6F, 0x6D};
- X509_EXTENSION *sid_ext = NULL;
- ASN1_OBJECT* sid_oid = NULL;
- ASN1_OCTET_STRING *sid_data = NULL;
- EVP_PKEY* priv = NULL;
- XFILE f = XBADFILE;
- byte* pt = NULL;
- BIO* bio = NULL;
- ExpectTrue((f = XFOPEN(csr_fname, "rb")) != XBADFILE);
- ExpectNotNull(x509 = d2i_X509_REQ_fp(f, NULL));
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectIntEQ(X509_REQ_set_version(x509, 2), 1);
- ExpectNotNull(gn = GENERAL_NAME_new());
- ExpectNotNull(upn_oid = OBJ_txt2obj("1.3.6.1.4.1.311.20.2.3", 1));
- ExpectNotNull(utf8str = ASN1_UTF8STRING_new());
- ExpectIntEQ(ASN1_STRING_set(utf8str, "othername@wolfssl.com", -1), 1);
- ExpectNotNull(value = ASN1_TYPE_new());
- ASN1_TYPE_set(value, V_ASN1_UTF8STRING, utf8str);
- if (EXPECT_FAIL()) {
- ASN1_UTF8STRING_free(utf8str);
- }
- ExpectIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1);
- if (EXPECT_FAIL()) {
- ASN1_TYPE_free(value);
- GENERAL_NAME_free(gn);
- gn = NULL;
- }
- ExpectNotNull(gns = sk_GENERAL_NAME_new(NULL));
- ExpectIntEQ(sk_GENERAL_NAME_push(gns, gn), 1);
- if (EXPECT_FAIL()) {
- GENERAL_NAME_free(gn);
- }
- ExpectNotNull(san_ext = X509V3_EXT_i2d(NID_subject_alt_name, 0, gns));
- ExpectNotNull(sid_oid = OBJ_txt2obj("1.3.6.1.4.1.311.25.2", 1));
- ExpectNotNull(sid_data = ASN1_OCTET_STRING_new());
- ASN1_OCTET_STRING_set(sid_data, SidExtension, sizeof(SidExtension));
- ExpectNotNull(sid_ext = X509_EXTENSION_create_by_OBJ(NULL, sid_oid, 0,
- sid_data));
- ExpectNotNull(exts = sk_X509_EXTENSION_new_null());
- /* Ensure an empty stack doesn't raise an error. */
- ExpectIntEQ(X509_REQ_add_extensions(x509, exts), 1);
- ExpectIntEQ(sk_X509_EXTENSION_push(exts, san_ext), 1);
- if (EXPECT_FAIL()) {
- X509_EXTENSION_free(san_ext);
- }
- ExpectIntEQ(sk_X509_EXTENSION_push(exts, sid_ext), 2);
- if (EXPECT_FAIL()) {
- X509_EXTENSION_free(sid_ext);
- }
- ExpectIntEQ(X509_REQ_add_extensions(x509, exts), 1);
- ExpectTrue((f = XFOPEN(key_fname, "rb")) != XBADFILE);
- ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- pt = der;
- ExpectNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- (const unsigned char**)&pt, derSz));
- ExpectIntGT(X509_REQ_sign(x509, priv, EVP_sha256()), 0);
- pt = der;
- ExpectIntGT(derSz = i2d_X509_REQ(x509, &pt), 0);
- sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
- gns = NULL;
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- exts = NULL;
- ASN1_OBJECT_free(upn_oid);
- ASN1_OBJECT_free(sid_oid);
- ASN1_OCTET_STRING_free(sid_data);
- X509_REQ_free(x509);
- x509 = NULL;
- EVP_PKEY_free(priv);
- /* At this point everything used to generate what is in der is cleaned up.
- * We now read back from der to confirm the extensions were inserted
- * correctly. */
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
- ExpectNotNull(bio);
- ExpectIntEQ(BIO_write(bio, der, derSz), derSz); /* d2i consumes BIO */
- ExpectNotNull(d2i_X509_REQ_bio(bio, &x509));
- ExpectNotNull(x509);
- BIO_free(bio);
- ExpectNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(
- x509));
- ExpectIntEQ(sk_X509_EXTENSION_num(exts), 2);
- /* Check the SID extension. */
- ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, 0));
- ExpectNotNull(extval = X509_EXTENSION_get_data(ext));
- ExpectIntEQ(extval->length, sizeof(SidExtension));
- ExpectIntEQ(XMEMCMP(SidExtension, extval->data, sizeof(SidExtension)), 0);
- /* Check the AltNames extension. */
- ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, 1));
- ExpectNotNull(extval = X509_EXTENSION_get_data(ext));
- ExpectIntEQ(extval->length, sizeof(expectedAltName));
- ExpectIntEQ(XMEMCMP(expectedAltName, extval->data, sizeof(expectedAltName)),
- 0);
- /* Cleanup */
- ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL,
- NULL));
- ExpectIntEQ(sk_GENERAL_NAME_num(gns), 1);
- ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 0));
- ExpectIntEQ(gn->type, 0);
- sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- X509_REQ_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_set_name(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- X509* x509 = NULL;
- X509_NAME* name = NULL;
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, 0, 1),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@wolfssl.com", 19, -1,
- 1), WOLFSSL_SUCCESS);
- ExpectNotNull(x509 = X509_new());
- ExpectIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
- X509_free(x509);
- X509_NAME_free(name);
- #endif /* OPENSSL_ALL && !NO_CERTS */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_set_notAfter(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
- && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
- !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\
- !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO)
- /* Generalized time will overflow time_t if not long */
- X509* x = NULL;
- BIO* bio = NULL;
- ASN1_TIME *asn_time = NULL;
- ASN1_TIME *time_check = NULL;
- const int year = 365*24*60*60;
- const int day = 24*60*60;
- const int hour = 60*60;
- const int mini = 60;
- int offset_day;
- unsigned char buf[25];
- time_t t;
- /*
- * Setup asn_time. APACHE HTTPD uses time(NULL)
- */
- t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day;
- offset_day = 7;
- /*
- * Free these.
- */
- asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
- ExpectNotNull(asn_time);
- ExpectNotNull(x = X509_new());
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- /*
- * Tests
- */
- ExpectTrue(wolfSSL_X509_set_notAfter(x, asn_time));
- /* time_check is simply (ANS1_TIME*)x->notAfter */
- ExpectNotNull(time_check = X509_get_notAfter(x));
- /* ANS1_TIME_check validates by checking if argument can be parsed */
- ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
- /* Convert to human readable format and compare to intended date */
- ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1);
- ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
- ExpectIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0);
- ExpectFalse(wolfSSL_X509_set_notAfter(NULL, NULL));
- ExpectFalse(wolfSSL_X509_set_notAfter(x, NULL));
- ExpectFalse(wolfSSL_X509_set_notAfter(NULL, asn_time));
- /*
- * Cleanup
- */
- XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
- X509_free(x);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_set_notBefore(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
- && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
- !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
- X509* x = NULL;
- BIO* bio = NULL;
- ASN1_TIME *asn_time = NULL;
- ASN1_TIME *time_check = NULL;
- const int year = 365*24*60*60;
- const int day = 24*60*60;
- const int hour = 60*60;
- const int mini = 60;
- int offset_day;
- unsigned char buf[25];
- time_t t;
- /*
- * Setup asn_time. APACHE HTTPD uses time(NULL)
- */
- t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day;
- offset_day = 7;
- /*
- * Free these.
- */
- asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
- ExpectNotNull(asn_time);
- ExpectNotNull(x = X509_new());
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS);
- /*
- * Main Tests
- */
- ExpectTrue(wolfSSL_X509_set_notBefore(x, asn_time));
- /* time_check == (ANS1_TIME*)x->notBefore */
- ExpectNotNull(time_check = X509_get_notBefore(x));
- /* ANS1_TIME_check validates by checking if argument can be parsed */
- ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
- /* Convert to human readable format and compare to intended date */
- ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1);
- ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
- ExpectIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0);
- ExpectFalse(wolfSSL_X509_set_notBefore(NULL, NULL));
- ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL));
- ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time));
- /*
- * Cleanup
- */
- XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
- X509_free(x);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_set_version(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
- !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
- X509* x509 = NULL;
- long v = 2L;
- long maxInt = INT_MAX;
- ExpectNotNull(x509 = X509_new());
- /* These should pass. */
- ExpectTrue(wolfSSL_X509_set_version(x509, v));
- ExpectIntEQ(v, wolfSSL_X509_get_version(x509));
- /* Fail Case: When v(long) is greater than x509->version(int). */
- v = maxInt+1;
- ExpectFalse(wolfSSL_X509_set_version(x509, v));
- ExpectFalse(wolfSSL_X509_set_version(NULL, 2L));
- ExpectFalse(wolfSSL_X509_set_version(NULL, maxInt+1));
- /* Cleanup */
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_BIO_gets(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- BIO* bio = NULL;
- BIO* bio2 = NULL;
- char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
- char emp[] = "";
- char bio_buffer[20];
- int bufferSz = 20;
- #ifdef OPENSSL_ALL
- BUF_MEM* emp_bm = NULL;
- BUF_MEM* msg_bm = NULL;
- #endif
- /* try with bad args */
- ExpectNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
- #ifdef OPENSSL_ALL
- ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), BAD_FUNC_ARG);
- #endif
- /* try with real msg */
- ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
- XMEMSET(bio_buffer, 0, bufferSz);
- ExpectNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
- ExpectNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
- ExpectNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
- ExpectFalse(bio2 != BIO_next(bio));
- /* make buffer filled with no terminating characters */
- XMEMSET(bio_buffer, 1, bufferSz);
- /* BIO_gets reads a line of data */
- ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
- ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
- #ifdef OPENSSL_ALL
- /* test setting the mem_buf manually */
- BIO_free(bio);
- ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
- ExpectNotNull(emp_bm = BUF_MEM_new());
- ExpectNotNull(msg_bm = BUF_MEM_new());
- ExpectIntEQ(BUF_MEM_grow(msg_bm, sizeof(msg)), sizeof(msg));
- if (EXPECT_SUCCESS()) {
- XFREE(msg_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
- msg_bm->data = NULL;
- }
- /* emp size is 1 for terminator */
- ExpectIntEQ(BUF_MEM_grow(emp_bm, sizeof(emp)), sizeof(emp));
- if (EXPECT_SUCCESS()) {
- XFREE(emp_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
- emp_bm->data = emp;
- msg_bm->data = msg;
- }
- ExpectIntEQ(BIO_set_mem_buf(bio, emp_bm, BIO_CLOSE), WOLFSSL_SUCCESS);
- /* check reading an empty string */
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
- ExpectStrEQ(emp, bio_buffer);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
- /* BIO_gets reads a line of data */
- ExpectIntEQ(BIO_set_mem_buf(bio, msg_bm, BIO_NOCLOSE), WOLFSSL_SUCCESS);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
- ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
- if (EXPECT_SUCCESS())
- emp_bm->data = NULL;
- BUF_MEM_free(emp_bm);
- if (EXPECT_SUCCESS())
- msg_bm->data = NULL;
- BUF_MEM_free(msg_bm);
- #endif
- /* check not null terminated string */
- BIO_free(bio);
- bio = NULL;
- msg[0] = 0x33;
- msg[1] = 0x33;
- msg[2] = 0x33;
- ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
- ExpectIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
- ExpectIntEQ(bio_buffer[0], msg[0]);
- ExpectIntEQ(bio_buffer[1], msg[1]);
- ExpectIntNE(bio_buffer[2], msg[2]);
- BIO_free(bio);
- bio = NULL;
- msg[3] = 0x33;
- bio_buffer[3] = 0x33;
- ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
- ExpectIntEQ(bio_buffer[0], msg[0]);
- ExpectIntEQ(bio_buffer[1], msg[1]);
- ExpectIntEQ(bio_buffer[2], msg[2]);
- ExpectIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */
- /* check reading an empty string */
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
- ExpectStrEQ(emp, bio_buffer);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
- /* check error cases */
- BIO_free(bio);
- bio = NULL;
- ExpectIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
- #if !defined(NO_FILESYSTEM)
- {
- BIO* f_bio = NULL;
- XFILE f = XBADFILE;
- ExpectNotNull(f_bio = BIO_new(BIO_s_file()));
- ExpectIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
- ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE);
- ExpectIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
- if (EXPECT_FAIL() && (f != XBADFILE)) {
- XFCLOSE(f);
- }
- ExpectIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
- BIO_free(f_bio);
- f_bio = NULL;
- }
- #endif /* NO_FILESYSTEM */
- BIO_free(bio);
- bio = NULL;
- BIO_free(bio2);
- bio2 = NULL;
- /* try with type BIO */
- XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
- sizeof(msg));
- ExpectNotNull(bio = BIO_new(BIO_s_bio()));
- ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
- ExpectNotNull(bio2 = BIO_new(BIO_s_bio()));
- ExpectIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS);
- ExpectIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
- ExpectIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS);
- ExpectIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
- ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
- ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
- BIO_free(bio);
- bio = NULL;
- BIO_free(bio2);
- bio2 = NULL;
- /* check reading an empty string */
- ExpectNotNull(bio = BIO_new(BIO_s_bio()));
- ExpectIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
- ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
- ExpectStrEQ(emp, bio_buffer);
- BIO_free(bio);
- bio = NULL;
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_puts(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- BIO* bio = NULL;
- char input[] = "hello\0world\n.....ok\n\0";
- char output[128];
- XMEMSET(output, 0, sizeof(output));
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_puts(bio, input), 5);
- ExpectIntEQ(BIO_pending(bio), 5);
- ExpectIntEQ(BIO_puts(bio, input + 6), 14);
- ExpectIntEQ(BIO_pending(bio), 19);
- ExpectIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
- ExpectStrEQ(output, "helloworld\n");
- ExpectIntEQ(BIO_pending(bio), 8);
- ExpectIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
- ExpectStrEQ(output, ".....ok\n");
- ExpectIntEQ(BIO_pending(bio), 0);
- ExpectIntEQ(BIO_puts(bio, ""), -1);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_dump(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- BIO* bio;
- static const unsigned char data[] = {
- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
- 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
- 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
- 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
- 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
- 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
- 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
- 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
- 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
- 0xB4
- };
- /* Generated with OpenSSL. */
- static const char expected[] =
- "0000 - 30 59 30 13 06 07 2a 86-48 ce 3d 02 01 06 08 2a 0Y0...*.H.=....*\n"
- "0010 - 86 48 ce 3d 03 01 07 03-42 00 04 55 bf f4 0f 44 .H.=....B..U...D\n"
- "0020 - 50 9a 3d ce 9b b7 f0 c5-4d f5 70 7b d4 ec 24 8e P.=.....M.p{..$.\n"
- "0030 - 19 80 ec 5a 4c a2 24 03-62 2c 9b da ef a2 35 12 ...ZL.$.b,....5.\n"
- "0040 - 43 84 76 16 c6 56 95 06-cc 01 a9 bd f6 75 1a 42 C.v..V.......u.B\n"
- "0050 - f7 bd a9 b2 36 22 5f c7-5d 7f b4 ....6\"_.]..\n";
- static const char expectedAll[] =
- "0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f ................\n"
- "0010 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f ................\n"
- "0020 - 20 21 22 23 24 25 26 27-28 29 2a 2b 2c 2d 2e 2f !\"#$%&'()*+,-./\n"
- "0030 - 30 31 32 33 34 35 36 37-38 39 3a 3b 3c 3d 3e 3f 0123456789:;<=>?\n"
- "0040 - 40 41 42 43 44 45 46 47-48 49 4a 4b 4c 4d 4e 4f @ABCDEFGHIJKLMNO\n"
- "0050 - 50 51 52 53 54 55 56 57-58 59 5a 5b 5c 5d 5e 5f PQRSTUVWXYZ[\\]^_\n"
- "0060 - 60 61 62 63 64 65 66 67-68 69 6a 6b 6c 6d 6e 6f `abcdefghijklmno\n"
- "0070 - 70 71 72 73 74 75 76 77-78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n"
- "0080 - 80 81 82 83 84 85 86 87-88 89 8a 8b 8c 8d 8e 8f ................\n"
- "0090 - 90 91 92 93 94 95 96 97-98 99 9a 9b 9c 9d 9e 9f ................\n"
- "00a0 - a0 a1 a2 a3 a4 a5 a6 a7-a8 a9 aa ab ac ad ae af ................\n"
- "00b0 - b0 b1 b2 b3 b4 b5 b6 b7-b8 b9 ba bb bc bd be bf ................\n"
- "00c0 - c0 c1 c2 c3 c4 c5 c6 c7-c8 c9 ca cb cc cd ce cf ................\n"
- "00d0 - d0 d1 d2 d3 d4 d5 d6 d7-d8 d9 da db dc dd de df ................\n"
- "00e0 - e0 e1 e2 e3 e4 e5 e6 e7-e8 e9 ea eb ec ed ee ef ................\n"
- "00f0 - f0 f1 f2 f3 f4 f5 f6 f7-f8 f9 fa fb fc fd fe ff ................\n";
- char output[16 * 80];
- int i;
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- /* Example key dumped. */
- ExpectIntEQ(BIO_dump(bio, (const char*)data, (int)sizeof(data)),
- sizeof(expected) - 1);
- ExpectIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expected) - 1);
- ExpectIntEQ(XMEMCMP(output, expected, sizeof(expected) - 1), 0);
- /* Try every possible value for a character. */
- for (i = 0; i < 256; i++)
- output[i] = i;
- ExpectIntEQ(BIO_dump(bio, output, 256), sizeof(expectedAll) - 1);
- ExpectIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expectedAll) - 1);
- ExpectIntEQ(XMEMCMP(output, expectedAll, sizeof(expectedAll) - 1), 0);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
- static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
- {
- (void)ssl;
- (void)buf;
- (void)sz;
- (void)ctx;
- return WOLFSSL_CBIO_ERR_WANT_READ;
- }
- #endif
- static int test_wolfSSL_BIO_should_retry(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
- tcp_ready ready;
- func_args server_args;
- THREAD_TYPE serverThread;
- SOCKET_T sockfd = 0;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- char msg[64] = "hello wolfssl!";
- char reply[1024];
- int msgSz = (int)XSTRLEN(msg);
- int ret;
- BIO* bio = NULL;
- XMEMSET(&server_args, 0, sizeof(func_args));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #ifdef OPENSSL_COMPATIBLE_DEFAULTS
- ExpectIntEQ(wolfSSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY), 0);
- #endif
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
- /* force retry */
- ExpectNotNull(bio = wolfSSL_BIO_new_ssl(ctx, 1));
- ExpectIntEQ(BIO_get_ssl(bio, &ssl), 1);
- ExpectNotNull(ssl);
- ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
- wolfSSL_SSLSetIORecv(ssl, forceWantRead);
- if (EXPECT_FAIL()) {
- wolfSSL_free(ssl);
- ssl = NULL;
- }
- ExpectIntLE(BIO_write(bio, msg, msgSz), 0);
- ExpectIntNE(BIO_should_retry(bio), 0);
- ExpectIntEQ(BIO_should_read(bio), 0);
- ExpectIntEQ(BIO_should_write(bio), 0);
- /* now perform successful connection */
- wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
- ExpectIntEQ(BIO_write(bio, msg, msgSz), msgSz);
- ExpectIntNE(BIO_read(bio, reply, sizeof(reply)), 0);
- ret = wolfSSL_get_error(ssl, -1);
- if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
- ExpectIntNE(BIO_should_retry(bio), 0);
- if (ret == WOLFSSL_ERROR_WANT_READ)
- ExpectIntEQ(BIO_should_read(bio), 1);
- else
- ExpectIntEQ(BIO_should_read(bio), 0);
- if (ret == WOLFSSL_ERROR_WANT_WRITE)
- ExpectIntEQ(BIO_should_write(bio), 1);
- else
- ExpectIntEQ(BIO_should_write(bio), 0);
- }
- else {
- ExpectIntEQ(BIO_should_retry(bio), 0);
- ExpectIntEQ(BIO_should_read(bio), 0);
- ExpectIntEQ(BIO_should_write(bio), 0);
- }
- ExpectIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
- XSTRLEN("I hear you fa shizzle!")), 0);
- BIO_free(bio);
- wolfSSL_CTX_free(ctx);
- CloseSocket(sockfd);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_connect(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- defined(HAVE_HTTP_CLIENT) && !defined(NO_WOLFSSL_CLIENT)
- tcp_ready ready;
- func_args server_args;
- THREAD_TYPE serverThread;
- BIO *tcpBio = NULL;
- BIO *sslBio = NULL;
- SSL_CTX* ctx = NULL;
- SSL *ssl = NULL;
- SSL *sslPtr;
- char msg[] = "hello wolfssl!";
- char reply[30];
- char buff[10] = {0};
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
- ExpectIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
- /* Setup server */
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0);
- /* Start the test proper */
- /* Setup the TCP BIO */
- ExpectNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
- ExpectIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
- /* Setup the SSL object */
- ExpectNotNull(ssl = SSL_new(ctx));
- SSL_set_connect_state(ssl);
- /* Setup the SSL BIO */
- ExpectNotNull(sslBio = BIO_new(BIO_f_ssl()));
- ExpectIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1);
- if (EXPECT_FAIL()) {
- wolfSSL_free(ssl);
- }
- /* Verify that BIO_get_ssl works. */
- ExpectIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1);
- ExpectPtrEq(ssl, sslPtr);
- /* Link BIO's so that sslBio uses tcpBio for IO */
- ExpectPtrEq(BIO_push(sslBio, tcpBio), sslBio);
- /* Do TCP connect */
- ExpectIntEQ(BIO_do_connect(sslBio), 1);
- /* Do TLS handshake */
- ExpectIntEQ(BIO_do_handshake(sslBio), 1);
- /* Test writing */
- ExpectIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
- /* Expect length of default wolfSSL reply */
- ExpectIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
- /* Clean it all up */
- BIO_free_all(sslBio);
- /* Server clean up */
- join_thread(serverThread);
- FreeTcpReady(&ready);
- /* Run the same test, but use BIO_new_ssl_connect and set the IP and port
- * after. */
- XMEMSET(&server_args, 0, sizeof(func_args));
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0);
- ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx));
- ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
- ExpectIntEQ(BIO_set_conn_port(sslBio, buff), 1);
- ExpectIntEQ(BIO_do_connect(sslBio), 1);
- ExpectIntEQ(BIO_do_handshake(sslBio), 1);
- ExpectIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
- ExpectIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
- /* Attempt to close the TLS connection gracefully. */
- BIO_ssl_shutdown(sslBio);
- BIO_free_all(sslBio);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- SSL_CTX_free(ctx);
- #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_tls(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT)
- SSL_CTX* ctx = NULL;
- SSL *ssl = NULL;
- BIO *readBio = NULL;
- BIO *writeBio = NULL;
- int ret;
- int err = 0;
- ExpectNotNull(ctx = SSL_CTX_new(SSLv23_method()));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectNotNull(readBio = BIO_new(BIO_s_mem()));
- ExpectNotNull(writeBio = BIO_new(BIO_s_mem()));
- /* Qt reads data from write-bio,
- * then writes the read data into plain packet.
- * Qt reads data from plain packet,
- * then writes the read data into read-bio.
- */
- SSL_set_bio(ssl, readBio, writeBio);
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = SSL_connect(ssl);
- err = SSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- ExpectIntEQ(ret, WOLFSSL_FATAL_ERROR);
- /* in this use case, should return WANT READ
- * so that Qt will read the data from plain packet for next state.
- */
- ExpectIntEQ(err, SSL_ERROR_WANT_READ);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- defined(HAVE_HTTP_CLIENT)
- static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
- {
- BIO* clientBio;
- SSL* sslClient;
- SSL_CTX* ctx;
- char connectAddr[20]; /* IP + port */;
- (void)args;
- AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0);
- AssertNotNull(clientBio = BIO_new_connect(connectAddr));
- AssertIntEQ(BIO_do_connect(clientBio), 1);
- AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
- AssertNotNull(sslClient = SSL_new(ctx));
- AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS);
- SSL_set_bio(sslClient, clientBio, clientBio);
- AssertIntEQ(SSL_connect(sslClient), 1);
- SSL_free(sslClient);
- SSL_CTX_free(ctx);
- #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- #endif
- static int test_wolfSSL_BIO_accept(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- defined(HAVE_HTTP_CLIENT)
- BIO* serverBindBio = NULL;
- BIO* serverAcceptBio = NULL;
- SSL* sslServer = NULL;
- SSL_CTX* ctx = NULL;
- func_args args;
- THREAD_TYPE thread;
- char port[10]; /* 10 bytes should be enough to store the string
- * representation of the port */
- ExpectIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0);
- ExpectNotNull(serverBindBio = BIO_new_accept(port));
- /* First BIO_do_accept binds the port */
- ExpectIntEQ(BIO_do_accept(serverBindBio), 1);
- XMEMSET(&args, 0, sizeof(func_args));
- start_thread(test_wolfSSL_BIO_accept_client, &args, &thread);
- ExpectIntEQ(BIO_do_accept(serverBindBio), 1);
- /* Let's plug it into SSL to test */
- ExpectNotNull(ctx = SSL_CTX_new(SSLv23_method()));
- ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectNotNull(sslServer = SSL_new(ctx));
- ExpectNotNull(serverAcceptBio = BIO_pop(serverBindBio));
- SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio);
- ExpectIntEQ(SSL_accept(sslServer), 1);
- join_thread(thread);
- BIO_free(serverBindBio);
- SSL_free(sslServer);
- SSL_CTX_free(ctx);
- #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_write(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
- BIO* bio = NULL;
- BIO* bio64 = NULL;
- BIO* bio_mem = NULL;
- BIO* ptr = NULL;
- int sz;
- char msg[] = "conversion test";
- char out[40];
- char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
- void* bufPtr = NULL;
- BUF_MEM* buf = NULL;
- ExpectNotNull(bio64 = BIO_new(BIO_f_base64()));
- ExpectNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem())));
- if (EXPECT_FAIL()) {
- BIO_free(bio64);
- }
- /* now should convert to base64 then write to memory */
- ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
- BIO_flush(bio);
- /* test BIO chain */
- ExpectIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
- ExpectNotNull(buf);
- ExpectIntEQ(buf->length, 25);
- ExpectIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
- ExpectPtrEq(buf->data, bufPtr);
- ExpectNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
- sz = sizeof(out);
- XMEMSET(out, 0, sz);
- ExpectIntEQ((sz = BIO_read(ptr, out, sz)), 25);
- ExpectIntEQ(XMEMCMP(out, expected, sz), 0);
- /* write then read should return the same message */
- ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
- sz = sizeof(out);
- XMEMSET(out, 0, sz);
- ExpectIntEQ(BIO_read(bio, out, sz), 16);
- ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
- /* now try encoding with no line ending */
- BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
- #ifdef HAVE_EX_DATA
- BIO_set_ex_data(bio64, 0, (void*) "data");
- ExpectIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
- #endif
- ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
- BIO_flush(bio);
- sz = sizeof(out);
- XMEMSET(out, 0, sz);
- ExpectIntEQ((sz = BIO_read(ptr, out, sz)), 24);
- ExpectIntEQ(XMEMCMP(out, expected, sz), 0);
- BIO_free_all(bio); /* frees bio64 also */
- bio = NULL;
- /* test with more than one bio64 in list */
- ExpectNotNull(bio64 = BIO_new(BIO_f_base64()));
- ExpectNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64));
- if (EXPECT_FAIL()) {
- BIO_free(bio64);
- bio64 = NULL;
- }
- ExpectNotNull(bio_mem = BIO_new(BIO_s_mem()));
- ExpectNotNull(BIO_push(bio64, bio_mem));
- if (EXPECT_FAIL()) {
- BIO_free(bio_mem);
- }
- /* now should convert to base64 when stored and then decode with read */
- ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
- BIO_flush(bio);
- sz = sizeof(out);
- XMEMSET(out, 0, sz);
- ExpectIntEQ((sz = BIO_read(bio, out, sz)), 16);
- ExpectIntEQ(XMEMCMP(out, msg, sz), 0);
- BIO_clear_flags(bio64, ~0);
- BIO_set_retry_read(bio);
- BIO_free_all(bio); /* frees bio64s also */
- bio = NULL;
- ExpectNotNull(bio = BIO_new_mem_buf(out, 0));
- ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_printf(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL)
- BIO* bio = NULL;
- int sz = 7;
- char msg[] = "TLS 1.3 for the world";
- char out[60];
- char expected[] = "TLS 1.3 for the world : sz = 7";
- XMEMSET(out, 0, sizeof(out));
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
- ExpectIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 30);
- ExpectIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_f_md(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_SHA256)
- BIO* bio = NULL;
- BIO* mem = NULL;
- char msg[] = "message to hash";
- char out[60];
- EVP_MD_CTX* ctx = NULL;
- const unsigned char testKey[] =
- {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b
- };
- const char testData[] = "Hi There";
- const unsigned char testResult[] =
- {
- 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
- 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
- 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
- 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
- };
- const unsigned char expectedHash[] =
- {
- 0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
- 0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
- 0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
- 0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
- };
- const unsigned char emptyHash[] =
- {
- 0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
- 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
- 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
- 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
- };
- unsigned char check[sizeof(testResult) + 1];
- size_t checkSz = -1;
- EVP_PKEY* key = NULL;
- XMEMSET(out, 0, sizeof(out));
- ExpectNotNull(bio = BIO_new(BIO_f_md()));
- ExpectNotNull(mem = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
- ExpectIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);
- /* should not be able to write/read yet since just digest wrapper and no
- * data is passing through the bio */
- ExpectIntEQ(BIO_write(bio, msg, 0), 0);
- ExpectIntEQ(BIO_pending(bio), 0);
- ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 0);
- ExpectIntEQ(BIO_gets(bio, out, 3), 0);
- ExpectIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
- ExpectIntEQ(XMEMCMP(emptyHash, out, 32), 0);
- BIO_reset(bio);
- /* append BIO mem to bio in order to read/write */
- ExpectNotNull(bio = BIO_push(bio, mem));
- XMEMSET(out, 0, sizeof(out));
- ExpectIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
- ExpectIntEQ(BIO_pending(bio), 16);
- /* this just reads the message and does not hash it (gets calls final) */
- ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 16);
- ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
- /* create a message digest using BIO */
- XMEMSET(out, 0, sizeof(out));
- ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
- ExpectIntEQ(BIO_pending(mem), 16);
- ExpectIntEQ(BIO_pending(bio), 16);
- ExpectIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
- ExpectIntEQ(XMEMCMP(expectedHash, out, 32), 0);
- BIO_free(bio);
- bio = NULL;
- BIO_free(mem);
- mem = NULL;
- /* test with HMAC */
- XMEMSET(out, 0, sizeof(out));
- ExpectNotNull(bio = BIO_new(BIO_f_md()));
- ExpectNotNull(mem = BIO_new(BIO_s_mem()));
- BIO_get_md_ctx(bio, &ctx);
- ExpectNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testKey,
- (int)sizeof(testKey)));
- EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
- ExpectNotNull(bio = BIO_push(bio, mem));
- BIO_write(bio, testData, (int)strlen(testData));
- ExpectIntEQ(EVP_DigestSignFinal(ctx, NULL, &checkSz), 1);
- ExpectIntEQ(EVP_DigestSignFinal(ctx, check, &checkSz), 1);
- ExpectIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
- EVP_PKEY_free(key);
- BIO_free(bio);
- BIO_free(mem);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_up_ref(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
- BIO* bio = NULL;
- ExpectNotNull(bio = BIO_new(BIO_f_md()));
- ExpectIntEQ(BIO_up_ref(NULL), 0);
- ExpectIntEQ(BIO_up_ref(bio), 1);
- BIO_free(bio);
- ExpectIntEQ(BIO_up_ref(bio), 1);
- BIO_free(bio);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_reset(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
- BIO* bio = NULL;
- byte buf[16];
- ExpectNotNull(bio = BIO_new_mem_buf("secure your data",
- (word32)XSTRLEN("secure your data")));
- ExpectIntEQ(BIO_read(bio, buf, 6), 6);
- ExpectIntEQ(XMEMCMP(buf, "secure", 6), 0);
- XMEMSET(buf, 0, 16);
- ExpectIntEQ(BIO_read(bio, buf, 16), 10);
- ExpectIntEQ(XMEMCMP(buf, " your data", 10), 0);
- /* You cannot write to MEM BIO with read-only mode. */
- ExpectIntEQ(BIO_write(bio, "WriteToReadonly", 15), 0);
- ExpectIntEQ(BIO_read(bio, buf, 16), -1);
- XMEMSET(buf, 0, 16);
- ExpectIntEQ(BIO_reset(bio), 0);
- ExpectIntEQ(BIO_read(bio, buf, 16), 16);
- ExpectIntEQ(XMEMCMP(buf, "secure your data", 16), 0);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* !NO_BIO */
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- /* test that the callback arg is correct */
- static int certCbArg = 0;
- static int certCb(WOLFSSL* ssl, void* arg)
- {
- if (ssl == NULL || arg != &certCbArg)
- return 0;
- if (wolfSSL_is_server(ssl)) {
- if (wolfSSL_use_certificate_file(ssl, svrCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
- return 0;
- if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
- return 0;
- }
- else {
- if (wolfSSL_use_certificate_file(ssl, cliCertFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
- return 0;
- if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
- WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
- return 0;
- }
- return 1;
- }
- static int certSetupCb(WOLFSSL_CTX* ctx)
- {
- SSL_CTX_set_cert_cb(ctx, certCb, &certCbArg);
- return TEST_SUCCESS;
- }
- /**
- * This is only done because test_wolfSSL_client_server_nofail_memio has no way
- * to stop certificate and key loading
- */
- static int certClearCb(WOLFSSL* ssl)
- {
- /* Clear the loaded certs to force the callbacks to set them up */
- SSL_certs_clear(ssl);
- return TEST_SUCCESS;
- }
- #endif
- static int test_wolfSSL_cert_cb(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf func_cb_client;
- test_ssl_cbf func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- func_cb_client.ctx_ready = certSetupCb;
- func_cb_client.ssl_ready = certClearCb;
- func_cb_server.ctx_ready = certSetupCb;
- func_cb_server.ssl_ready = certClearCb;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static const char* test_wolfSSL_cert_cb_dyn_ciphers_client_cipher = NULL;
- static const char* test_wolfSSL_cert_cb_dyn_ciphers_client_sigalgs = NULL;
- static int test_wolfSSL_cert_cb_dyn_ciphers_client_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx,
- test_wolfSSL_cert_cb_dyn_ciphers_client_cipher), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
- test_wolfSSL_cert_cb_dyn_ciphers_client_sigalgs), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_cert_cb_dyn_ciphers_certCB(WOLFSSL* ssl, void* arg)
- {
- const byte* suites = NULL;
- word16 suiteSz = 0;
- const byte* hashSigAlgo = NULL;
- word16 hashSigAlgoSz = 0;
- word16 idx = 0;
- int haveRSA = 0;
- int haveECC = 0;
- (void)arg;
- if (wolfSSL_get_client_suites_sigalgs(ssl, &suites, &suiteSz, &hashSigAlgo,
- &hashSigAlgoSz) != WOLFSSL_SUCCESS)
- return 0;
- if (suites == NULL || suiteSz == 0 || hashSigAlgo == NULL ||
- hashSigAlgoSz == 0)
- return 0;
- for (idx = 0; idx < suiteSz; idx += 2) {
- WOLFSSL_CIPHERSUITE_INFO info =
- wolfSSL_get_ciphersuite_info(suites[idx], suites[idx+1]);
- if (info.rsaAuth)
- haveRSA = 1;
- else if (info.eccAuth)
- haveECC = 1;
- }
- if (hashSigAlgoSz > 0) {
- /* sigalgs extension takes precedence over ciphersuites */
- haveRSA = 0;
- haveECC = 0;
- }
- for (idx = 0; idx < hashSigAlgoSz; idx += 2) {
- int hashAlgo = 0;
- int sigAlgo = 0;
- if (wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1],
- &hashAlgo, &sigAlgo) != 0)
- return 0;
- if (sigAlgo == RSAk || sigAlgo == RSAPSSk)
- haveRSA = 1;
- else if (sigAlgo == ECDSAk)
- haveECC = 1;
- }
- if (haveRSA) {
- if (wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM)
- != WOLFSSL_SUCCESS)
- return 0;
- if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM)
- != WOLFSSL_SUCCESS)
- return 0;
- }
- else if (haveECC) {
- if (wolfSSL_use_certificate_file(ssl, eccCertFile, WOLFSSL_FILETYPE_PEM)
- != WOLFSSL_SUCCESS)
- return 0;
- if (wolfSSL_use_PrivateKey_file(ssl, eccKeyFile, WOLFSSL_FILETYPE_PEM)
- != WOLFSSL_SUCCESS)
- return 0;
- }
- return 1;
- }
- static int test_wolfSSL_cert_cb_dyn_ciphers_server_ctx_ready(WOLFSSL_CTX* ctx)
- {
- SSL_CTX_set_cert_cb(ctx, test_wolfSSL_cert_cb_dyn_ciphers_certCB, NULL);
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
- return TEST_SUCCESS;
- }
- #endif
- /* Testing dynamic ciphers offered by client */
- static int test_wolfSSL_cert_cb_dyn_ciphers(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf func_cb_client;
- test_ssl_cbf func_cb_server;
- struct {
- method_provider client_meth;
- const char* client_ciphers;
- const char* client_sigalgs;
- const char* client_ca;
- method_provider server_meth;
- } test_params[] = {
- #if !defined(NO_SHA256) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_TLS13
- #if !defined(NO_RSA) && defined(WC_RSA_PSS)
- {wolfTLSv1_3_client_method,
- "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256",
- "RSA-PSS+SHA256", caCertFile, wolfTLSv1_3_server_method},
- #endif
- #ifdef HAVE_ECC
- {wolfTLSv1_3_client_method,
- "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256",
- "ECDSA+SHA256", caEccCertFile, wolfTLSv1_3_server_method},
- #endif
- #endif
- #ifndef WOLFSSL_NO_TLS12
- #if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_DH)
- {wolfTLSv1_2_client_method,
- "DHE-RSA-AES128-GCM-SHA256",
- "RSA-PSS+SHA256", caCertFile, wolfTLSv1_2_server_method},
- #endif
- #ifdef HAVE_ECC
- {wolfTLSv1_2_client_method,
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "ECDSA+SHA256", caEccCertFile, wolfTLSv1_2_server_method},
- #endif
- #endif
- #endif
- };
- size_t i;
- size_t testCount = sizeof(test_params)/sizeof(*test_params);
- if (testCount > 0) {
- for (i = 0; i < testCount; i++) {
- printf("\tTesting %s ciphers with %s sigalgs\n",
- test_params[i].client_ciphers,
- test_params[i].client_sigalgs);
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- test_wolfSSL_cert_cb_dyn_ciphers_client_cipher =
- test_params[i].client_ciphers;
- test_wolfSSL_cert_cb_dyn_ciphers_client_sigalgs =
- test_params[i].client_sigalgs;
- func_cb_client.method = test_params[i].client_meth;
- func_cb_client.caPemFile = test_params[i].client_ca;
- func_cb_client.ctx_ready =
- test_wolfSSL_cert_cb_dyn_ciphers_client_ctx_ready;
- func_cb_server.ctx_ready =
- test_wolfSSL_cert_cb_dyn_ciphers_server_ctx_ready;
- func_cb_server.ssl_ready = certClearCb; /* Reuse from prev test */
- func_cb_server.method = test_params[i].server_meth;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_SUCCESS);
- }
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ciphersuite_auth(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
- WOLFSSL_CIPHERSUITE_INFO info;
- (void)info;
- #ifndef WOLFSSL_NO_TLS12
- #ifdef HAVE_CHACHA
- info = wolfSSL_get_ciphersuite_info(CHACHA_BYTE,
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
- ExpectIntEQ(info.rsaAuth, 1);
- ExpectIntEQ(info.eccAuth, 0);
- ExpectIntEQ(info.eccStatic, 0);
- ExpectIntEQ(info.psk, 0);
- info = wolfSSL_get_ciphersuite_info(CHACHA_BYTE,
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
- ExpectIntEQ(info.rsaAuth, 0);
- ExpectIntEQ(info.eccAuth, 1);
- ExpectIntEQ(info.eccStatic, 0);
- ExpectIntEQ(info.psk, 0);
- info = wolfSSL_get_ciphersuite_info(CHACHA_BYTE,
- TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
- ExpectIntEQ(info.rsaAuth, 0);
- ExpectIntEQ(info.eccAuth, 0);
- ExpectIntEQ(info.eccStatic, 0);
- ExpectIntEQ(info.psk, 1);
- #endif
- #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
- #ifndef NO_RSA
- info = wolfSSL_get_ciphersuite_info(ECC_BYTE,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
- ExpectIntEQ(info.rsaAuth, 1);
- ExpectIntEQ(info.eccAuth, 0);
- ExpectIntEQ(info.eccStatic, 0);
- ExpectIntEQ(info.psk, 0);
- info = wolfSSL_get_ciphersuite_info(ECC_BYTE,
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
- ExpectIntEQ(info.rsaAuth, 1);
- ExpectIntEQ(info.eccAuth, 0);
- ExpectIntEQ(info.eccStatic, 1);
- ExpectIntEQ(info.psk, 0);
- info = wolfSSL_get_ciphersuite_info(ECC_BYTE,
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
- ExpectIntEQ(info.rsaAuth, 1);
- ExpectIntEQ(info.eccAuth, 0);
- ExpectIntEQ(info.eccStatic, 1);
- ExpectIntEQ(info.psk, 0);
- #endif
- info = wolfSSL_get_ciphersuite_info(ECC_BYTE,
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
- ExpectIntEQ(info.rsaAuth, 0);
- ExpectIntEQ(info.eccAuth, 1);
- ExpectIntEQ(info.eccStatic, 0);
- ExpectIntEQ(info.psk, 0);
- info = wolfSSL_get_ciphersuite_info(ECC_BYTE,
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
- ExpectIntEQ(info.rsaAuth, 0);
- ExpectIntEQ(info.eccAuth, 1);
- ExpectIntEQ(info.eccStatic, 1);
- ExpectIntEQ(info.psk, 0);
- info = wolfSSL_get_ciphersuite_info(ECDHE_PSK_BYTE,
- TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256);
- ExpectIntEQ(info.rsaAuth, 0);
- ExpectIntEQ(info.eccAuth, 0);
- ExpectIntEQ(info.eccStatic, 0);
- ExpectIntEQ(info.psk, 1);
- #endif
- #endif
- #ifdef WOLFSSL_TLS13
- info = wolfSSL_get_ciphersuite_info(TLS13_BYTE,
- TLS_AES_128_GCM_SHA256);
- ExpectIntEQ(info.rsaAuth, 0);
- ExpectIntEQ(info.eccAuth, 0);
- ExpectIntEQ(info.eccStatic, 0);
- ExpectIntEQ(info.psk, 0);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_sigalg_info(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
- byte hashSigAlgo[WOLFSSL_MAX_SIGALGO];
- word16 len = 0;
- word16 idx = 0;
- int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_DILITHIUM;
- InitSuitesHashSigAlgo_ex2(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len);
- for (idx = 0; idx < len; idx += 2) {
- int hashAlgo = 0;
- int sigAlgo = 0;
- ExpectIntEQ(wolfSSL_get_sigalg_info(hashSigAlgo[idx+0],
- hashSigAlgo[idx+1], &hashAlgo, &sigAlgo), 0);
- ExpectIntNE(hashAlgo, 0);
- ExpectIntNE(sigAlgo, 0);
- }
- InitSuitesHashSigAlgo_ex2(hashSigAlgo, allSigAlgs | SIG_ANON, 1,
- 0xFFFFFFFF, &len);
- for (idx = 0; idx < len; idx += 2) {
- int hashAlgo = 0;
- int sigAlgo = 0;
- ExpectIntEQ(wolfSSL_get_sigalg_info(hashSigAlgo[idx+0],
- hashSigAlgo[idx+1], &hashAlgo, &sigAlgo), 0);
- ExpectIntNE(hashAlgo, 0);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SESSION(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- !defined(NO_SESSION_CACHE)
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL_SESSION* sess = NULL;
- WOLFSSL_SESSION* sess_copy = NULL;
- #ifdef OPENSSL_EXTRA
- #ifdef HAVE_EXT_CACHE
- unsigned char* sessDer = NULL;
- unsigned char* ptr = NULL;
- int sz = 0;
- #endif
- const unsigned char context[] = "user app context";
- unsigned int contextSz = (unsigned int)sizeof(context);
- #endif
- int ret = 0, err = 0;
- SOCKET_T sockfd;
- tcp_ready ready;
- func_args server_args;
- THREAD_TYPE serverThread;
- char msg[80];
- const char* sendGET = "GET";
- /* TLS v1.3 requires session tickets */
- /* CHACHA and POLY1305 required for myTicketEncCb */
- #if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
- !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
- defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
- WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
- #endif
- #ifdef HAVE_SESSION_TICKET
- /* Use session tickets, for ticket tests below */
- ExpectIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS);
- #endif
- XMEMSET(&server_args, 0, sizeof(func_args));
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- server_args.signal = &ready;
- start_thread(test_server_nofail, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- /* client connection */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
- ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_connect(ssl);
- err = wolfSSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
- err = wolfSSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- ExpectIntEQ(ret, (int)XSTRLEN(sendGET));
- #ifdef WOLFSSL_ASYNC_CRYPT
- err = 0; /* Reset error */
- #endif
- do {
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (err == WC_PENDING_E) {
- ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
- if (ret < 0) { break; } else if (ret == 0) { continue; }
- }
- #endif
- ret = wolfSSL_read(ssl, msg, sizeof(msg));
- err = wolfSSL_get_error(ssl, 0);
- } while (err == WC_PENDING_E);
- ExpectIntEQ(ret, 23);
- ExpectPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */
- ExpectPtrNE((sess_copy = wolfSSL_get1_session(ssl)), NULL); /* ref count 2 */
- #ifdef HAVE_EXT_CACHE
- ExpectPtrEq(sess, sess_copy); /* they should be the same pointer but without
- * HAVE_EXT_CACHE we get new objects each time */
- #endif
- wolfSSL_SESSION_free(sess_copy); sess_copy = NULL;
- wolfSSL_SESSION_free(sess); sess = NULL; /* free session ref */
- sess = wolfSSL_get_session(ssl);
- #ifdef OPENSSL_EXTRA
- ExpectIntEQ(SSL_SESSION_is_resumable(NULL), 0);
- ExpectIntEQ(SSL_SESSION_is_resumable(sess), 1);
- ExpectIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0);
- ExpectIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0);
- #ifdef HAVE_SESSION_TICKET
- ExpectIntEQ(wolfSSL_SESSION_has_ticket(sess), 1);
- ExpectIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess),
- SESSION_TICKET_HINT_DEFAULT);
- #else
- ExpectIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
- #endif
- #else
- (void)sess;
- #endif /* OPENSSL_EXTRA */
- /* Retain copy of the session for later testing */
- ExpectNotNull(sess = wolfSSL_get1_session(ssl));
- wolfSSL_shutdown(ssl);
- wolfSSL_free(ssl); ssl = NULL;
- CloseSocket(sockfd);
- join_thread(serverThread);
- FreeTcpReady(&ready);
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
- {
- X509 *x509 = NULL;
- char buf[30];
- int bufSz = 0;
- ExpectNotNull(x509 = SSL_SESSION_get0_peer(sess));
- ExpectIntGT((bufSz = X509_NAME_get_text_by_NID(
- X509_get_subject_name(x509), NID_organizationalUnitName, buf,
- sizeof(buf))), 0);
- ExpectIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/
- if (bufSz == 7) {
- ExpectIntEQ(XMEMCMP(buf, "Support", bufSz), 0);
- }
- if (bufSz == 16) {
- ExpectIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0);
- }
- }
- #endif
- #ifdef HAVE_EXT_CACHE
- ExpectNotNull(sess_copy = wolfSSL_SESSION_dup(sess));
- wolfSSL_SESSION_free(sess_copy); sess_copy = NULL;
- sess_copy = NULL;
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
- /* get session from DER and update the timeout */
- ExpectIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
- ExpectIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
- wolfSSL_SESSION_free(sess); sess = NULL;
- sess = NULL;
- ptr = sessDer;
- ExpectNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz));
- ExpectNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL,
- (const unsigned char**)&ptr, sz));
- XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL);
- sessDer = NULL;
- ExpectIntGT(wolfSSL_SESSION_get_time(sess), 0);
- ExpectIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
- #endif
- /* successful set session test */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(wolfSSL_set_session(ssl, sess), WOLFSSL_SUCCESS);
- #ifdef HAVE_SESSION_TICKET
- /* Test set/get session ticket */
- {
- const char* ticket = "This is a session ticket";
- char buf[64] = {0};
- word32 bufSz = (word32)sizeof(buf);
- ExpectIntEQ(SSL_SUCCESS,
- wolfSSL_set_SessionTicket(ssl, (byte *)ticket,
- (word32)XSTRLEN(ticket)));
- ExpectIntEQ(SSL_SUCCESS,
- wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
- ExpectStrEQ(ticket, buf);
- }
- #endif
- #ifdef OPENSSL_EXTRA
- /* session timeout case */
- /* make the session to be expired */
- ExpectIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS);
- XSLEEP_MS(1200);
- /* SSL_set_session should reject specified session but return success
- * if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility.
- */
- #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
- ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
- #endif
- ExpectIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
- #ifdef WOLFSSL_SESSION_ID_CTX
- /* fail case with miss match session context IDs (use compatibility API) */
- ExpectIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
- SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
- wolfSSL_free(ssl); ssl = NULL;
- ExpectIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
- SSL_FAILURE);
- ExpectIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
- SSL_SUCCESS);
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
- #endif
- #endif /* OPENSSL_EXTRA */
- wolfSSL_free(ssl);
- wolfSSL_SESSION_free(sess);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- !defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \
- !defined(WOLFSSL_NO_TLS12)
- static WOLFSSL_SESSION* test_wolfSSL_SESSION_expire_sess = NULL;
- static void test_wolfSSL_SESSION_expire_downgrade_ctx_ready(WOLFSSL_CTX* ctx)
- {
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- /* returns previous timeout value */
- AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 1), 500);
- #else
- AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 1), WOLFSSL_SUCCESS);
- #endif
- }
- /* set the session to timeout in a second */
- static void test_wolfSSL_SESSION_expire_downgrade_ssl_ready(WOLFSSL* ssl)
- {
- AssertIntEQ(wolfSSL_set_timeout(ssl, 2), 1);
- }
- /* store the client side session from the first successful connection */
- static void test_wolfSSL_SESSION_expire_downgrade_ssl_result(WOLFSSL* ssl)
- {
- AssertPtrNE((test_wolfSSL_SESSION_expire_sess = wolfSSL_get1_session(ssl)),
- NULL); /* ref count 1 */
- }
- /* wait till session is expired then set it in the WOLFSSL struct for use */
- static void test_wolfSSL_SESSION_expire_downgrade_ssl_ready_wait(WOLFSSL* ssl)
- {
- AssertIntEQ(wolfSSL_set_timeout(ssl, 1), 1);
- AssertIntEQ(wolfSSL_set_session(ssl, test_wolfSSL_SESSION_expire_sess),
- WOLFSSL_SUCCESS);
- XSLEEP_MS(2000); /* wait 2 seconds for session to expire */
- }
- /* set expired session in the WOLFSSL struct for use */
- static void test_wolfSSL_SESSION_expire_downgrade_ssl_ready_set(WOLFSSL* ssl)
- {
- XSLEEP_MS(1200); /* wait a second for session to expire */
- /* set the expired session, call to set session fails but continuing on
- after failure should be handled here */
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
- AssertIntEQ(wolfSSL_set_session(ssl, test_wolfSSL_SESSION_expire_sess),
- WOLFSSL_SUCCESS);
- #else
- AssertIntNE(wolfSSL_set_session(ssl, test_wolfSSL_SESSION_expire_sess),
- WOLFSSL_SUCCESS);
- #endif
- }
- /* check that the expired session was not reused */
- static void test_wolfSSL_SESSION_expire_downgrade_ssl_result_reuse(WOLFSSL* ssl)
- {
- /* since the session has expired it should not have been reused */
- AssertIntEQ(wolfSSL_session_reused(ssl), 0);
- }
- #endif
- static int test_wolfSSL_SESSION_expire_downgrade(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- !defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \
- !defined(WOLFSSL_NO_TLS12)
- WOLFSSL_CTX* ctx = NULL;
- callback_functions server_cbf, client_cbf;
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- XMEMSET(&client_cbf, 0, sizeof(callback_functions));
- /* force server side to use TLS 1.2 */
- server_cbf.ctx = ctx;
- server_cbf.method = wolfTLSv1_2_server_method;
- client_cbf.method = wolfSSLv23_client_method;
- server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
- client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready;
- client_cbf.on_result = test_wolfSSL_SESSION_expire_downgrade_ssl_result;
- test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- /* set the previously created session and wait till expired */
- server_cbf.ctx = ctx;
- client_cbf.method = wolfSSLv23_client_method;
- server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
- client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_wait;
- client_cbf.on_result =
- test_wolfSSL_SESSION_expire_downgrade_ssl_result_reuse;
- test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- /* set the previously created expired session */
- server_cbf.ctx = ctx;
- client_cbf.method = wolfSSLv23_client_method;
- server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
- client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_set;
- client_cbf.on_result =
- test_wolfSSL_SESSION_expire_downgrade_ssl_result_reuse;
- test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- wolfSSL_SESSION_free(test_wolfSSL_SESSION_expire_sess);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
- static int clientSessRemCountMalloc = 0;
- static int serverSessRemCountMalloc = 0;
- static int clientSessRemCountFree = 0;
- static int serverSessRemCountFree = 0;
- static WOLFSSL_CTX* serverSessCtx = NULL;
- static WOLFSSL_SESSION* serverSess = NULL;
- #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
- !defined(NO_SESSION_CACHE_REF)
- static WOLFSSL_CTX* clientSessCtx = NULL;
- static WOLFSSL_SESSION* clientSess = NULL;
- #endif
- static int serverSessRemIdx = 3;
- static int sessRemCtx_Server = WOLFSSL_SERVER_END;
- static int sessRemCtx_Client = WOLFSSL_CLIENT_END;
- static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
- {
- int* side;
- (void)ctx;
- side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx);
- if (side != NULL) {
- if (*side == WOLFSSL_CLIENT_END)
- clientSessRemCountFree++;
- else
- serverSessRemCountFree++;
- SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL);
- }
- }
- static int SessRemCtxSetupCb(WOLFSSL_CTX* ctx)
- {
- SSL_CTX_sess_set_remove_cb(ctx, SessRemCtxCb);
- #if defined(WOLFSSL_TLS13) && !defined(HAVE_SESSION_TICKET) && \
- !defined(NO_SESSION_CACHE_REF)
- {
- EXPECT_DECLS;
- /* Allow downgrade, set min version, and disable TLS 1.3.
- * Do this because without NO_SESSION_CACHE_REF we will want to return a
- * reference to the session cache. But with WOLFSSL_TLS13 and without
- * HAVE_SESSION_TICKET we won't have a session ID to be able to place
- * the session in the cache. In this case we need to downgrade to
- * previous versions to just use the legacy session ID field. */
- ExpectIntEQ(SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION),
- SSL_SUCCESS);
- ExpectIntEQ(SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION),
- SSL_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- return TEST_SUCCESS;
- #endif
- }
- static int SessRemSslSetupCb(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- int* side;
- if (SSL_is_server(ssl)) {
- side = &sessRemCtx_Server;
- serverSessRemCountMalloc++;
- ExpectNotNull(serverSess = SSL_get1_session(ssl));
- ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)),
- SSL_SUCCESS);
- }
- else {
- side = &sessRemCtx_Client;
- clientSessRemCountMalloc++;
- #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
- !defined(NO_SESSION_CACHE_REF)
- ExpectNotNull(clientSess = SSL_get1_session(ssl));
- ExpectIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)),
- SSL_SUCCESS);
- #endif
- }
- ExpectIntEQ(SSL_SESSION_set_ex_data(SSL_get_session(ssl),
- serverSessRemIdx, side), SSL_SUCCESS);
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_CTX_sess_set_remove_cb(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
- defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
- /* Check that the remove callback gets called for external data in a
- * session object */
- test_ssl_cbf func_cb;
- XMEMSET(&func_cb, 0, sizeof(func_cb));
- func_cb.ctx_ready = SessRemCtxSetupCb;
- func_cb.on_result = SessRemSslSetupCb;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb, &func_cb,
- NULL), TEST_SUCCESS);
- /* Both should have been allocated */
- ExpectIntEQ(clientSessRemCountMalloc, 1);
- ExpectIntEQ(serverSessRemCountMalloc, 1);
- /* This should not be called yet. Session wasn't evicted from cache yet. */
- ExpectIntEQ(clientSessRemCountFree, 0);
- #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
- !defined(NO_SESSION_CACHE_REF)
- /* Force a cache lookup */
- ExpectNotNull(SSL_SESSION_get_ex_data(clientSess, serverSessRemIdx));
- /* Force a cache update */
- ExpectNotNull(SSL_SESSION_set_ex_data(clientSess, serverSessRemIdx - 1, 0));
- /* This should set the timeout to 0 and call the remove callback from within
- * the session cache. */
- ExpectIntEQ(SSL_CTX_remove_session(clientSessCtx, clientSess), 0);
- ExpectNull(SSL_SESSION_get_ex_data(clientSess, serverSessRemIdx));
- ExpectIntEQ(clientSessRemCountFree, 1);
- #endif
- /* Server session is in the cache so ex_data isn't free'd with the SSL
- * object */
- ExpectIntEQ(serverSessRemCountFree, 0);
- /* Force a cache lookup */
- ExpectNotNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx));
- /* Force a cache update */
- ExpectNotNull(SSL_SESSION_set_ex_data(serverSess, serverSessRemIdx - 1, 0));
- /* This should set the timeout to 0 and call the remove callback from within
- * the session cache. */
- ExpectIntEQ(SSL_CTX_remove_session(serverSessCtx, serverSess), 0);
- ExpectNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx));
- ExpectIntEQ(serverSessRemCountFree, 1);
- /* Need to free the references that we kept */
- SSL_CTX_free(serverSessCtx);
- SSL_SESSION_free(serverSess);
- #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
- !defined(NO_SESSION_CACHE_REF)
- SSL_CTX_free(clientSessCtx);
- SSL_SESSION_free(clientSess);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ticket_keys(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
- !defined(NO_WOLFSSL_SERVER)
- WOLFSSL_CTX* ctx = NULL;
- byte keys[WOLFSSL_TICKET_KEYS_SZ];
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
- WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_d2i_PUBKEY(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- BIO* bio = NULL;
- EVP_PKEY* pkey = NULL;
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectNull(d2i_PUBKEY_bio(NULL, NULL));
- #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
- /* RSA PUBKEY test */
- ExpectIntGT(BIO_write(bio, client_keypub_der_2048,
- sizeof_client_keypub_der_2048), 0);
- ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif
- #if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC)
- /* ECC PUBKEY test */
- ExpectIntGT(BIO_write(bio, ecc_clikeypub_der_256,
- sizeof_ecc_clikeypub_der_256), 0);
- ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif
- #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA)
- /* DSA PUBKEY test */
- ExpectIntGT(BIO_write(bio, dsa_pub_key_der_2048,
- sizeof_dsa_pub_key_der_2048), 0);
- ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif
- #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \
- defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION > 2))
- /* DH PUBKEY test */
- ExpectIntGT(BIO_write(bio, dh_pub_key_der_2048,
- sizeof_dh_pub_key_der_2048), 0);
- ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */
- BIO_free(bio);
- (void)pkey;
- #endif
- return EXPECT_RESULT();
- }
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
- static int test_wolfSSL_d2i_PrivateKeys_bio(void)
- {
- EXPECT_DECLS;
- BIO* bio = NULL;
- EVP_PKEY* pkey = NULL;
- WOLFSSL_CTX* ctx = NULL;
- #if defined(WOLFSSL_KEY_GEN)
- unsigned char buff[4096];
- unsigned char* bufPtr = buff;
- #endif
- /* test creating new EVP_PKEY with bad arg */
- ExpectNull((pkey = d2i_PrivateKey_bio(NULL, NULL)));
- /* test loading RSA key using BIO */
- #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- {
- XFILE file = XBADFILE;
- const char* fname = "./certs/server-key.der";
- size_t sz = 0;
- byte* buf = NULL;
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- ExpectTrue((sz = XFTELL(file)) != 0);
- ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
- ExpectNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
- ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
- if (file != XBADFILE) {
- XFCLOSE(file);
- }
- /* Test using BIO new mem and loading DER private key */
- ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- ExpectNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
- XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- /* test loading ECC key using BIO */
- #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
- {
- XFILE file = XBADFILE;
- const char* fname = "./certs/ecc-key.der";
- size_t sz = 0;
- byte* buf = NULL;
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0);
- ExpectTrue((sz = XFTELL(file)) != 0);
- ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0);
- ExpectNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
- ExpectIntEQ(XFREAD(buf, 1, sz, file), sz);
- if (file != XBADFILE)
- XFCLOSE(file);
- /* Test using BIO new mem and loading DER private key */
- ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- ExpectNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
- XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
- #endif
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- #ifndef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- #else
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
- #endif
- #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
- {
- RSA* rsa = NULL;
- /* Tests bad parameters */
- ExpectNull(d2i_RSAPrivateKey_bio(NULL, NULL));
- /* RSA not set yet, expecting to fail*/
- ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
- #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
- /* set RSA using bio*/
- ExpectIntGT(BIO_write(bio, client_key_der_2048,
- sizeof_client_key_der_2048), 0);
- ExpectNotNull(d2i_RSAPrivateKey_bio(bio, &rsa));
- ExpectNotNull(rsa);
- ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
- /* i2d RSAprivate key tests */
- ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
- ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
- sizeof_client_key_der_2048);
- bufPtr -= sizeof_client_key_der_2048;
- ExpectIntEQ(XMEMCMP(bufPtr, client_key_der_2048,
- sizeof_client_key_der_2048), 0);
- bufPtr = NULL;
- ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
- sizeof_client_key_der_2048);
- ExpectNotNull(bufPtr);
- ExpectIntEQ(XMEMCMP(bufPtr, client_key_der_2048,
- sizeof_client_key_der_2048), 0);
- XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
- RSA_free(rsa);
- rsa = RSA_new();
- ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0);
- #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
- RSA_free(rsa);
- }
- #endif /* WOLFSSL_KEY_GEN && !NO_RSA */
- SSL_CTX_free(ctx);
- ctx = NULL;
- BIO_free(bio);
- bio = NULL;
- return EXPECT_RESULT();
- }
- #endif /* OPENSSL_ALL || (WOLFSSL_ASIO && !NO_RSA) */
- #endif /* !NO_BIO */
- static int test_wolfSSL_sk_GENERAL_NAME(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA)
- X509* x509 = NULL;
- GENERAL_NAME* gn = NULL;
- unsigned char buf[4096];
- const unsigned char* bufPt = NULL;
- int bytes = 0;
- int i;
- int j;
- XFILE f = XBADFILE;
- STACK_OF(GENERAL_NAME)* sk = NULL;
- ExpectTrue((f = XFOPEN(cliCertDerFileExt, "rb")) != XBADFILE);
- ExpectIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- for (j = 0; j < 2; ++j) {
- bufPt = buf;
- ExpectNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
- ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
- NID_subject_alt_name, NULL, NULL));
- ExpectIntEQ(sk_GENERAL_NAME_num(sk), 1);
- for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
- ExpectNotNull(gn = sk_GENERAL_NAME_value(sk, i));
- if (gn != NULL) {
- switch (gn->type) {
- case GEN_DNS:
- fprintf(stderr, "found type GEN_DNS\n");
- break;
- case GEN_EMAIL:
- fprintf(stderr, "found type GEN_EMAIL\n");
- break;
- case GEN_URI:
- fprintf(stderr, "found type GEN_URI\n");
- break;
- }
- }
- }
- X509_free(x509);
- x509 = NULL;
- if (j == 0) {
- sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
- }
- else {
- /*
- * We had a bug where GENERAL_NAMES_free didn't free all the memory
- * it was supposed to. This is a regression test for that bug.
- */
- GENERAL_NAMES_free(sk);
- }
- sk = NULL;
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_GENERAL_NAME_print(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_RSA)
- X509* x509 = NULL;
- GENERAL_NAME* gn = NULL;
- unsigned char buf[4096];
- const unsigned char* bufPt = NULL;
- int bytes;
- XFILE f = XBADFILE;
- STACK_OF(GENERAL_NAME)* sk = NULL;
- BIO* out = NULL;
- unsigned char outbuf[128];
- X509_EXTENSION* ext = NULL;
- AUTHORITY_INFO_ACCESS* aia = NULL;
- ACCESS_DESCRIPTION* ad = NULL;
- ASN1_IA5STRING *dnsname = NULL;
- const unsigned char v4Addr[] = {192,168,53,1};
- const unsigned char v6Addr[] =
- {0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77};
- const unsigned char email[] =
- {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l',
- 'f', 's', 's', 'l', '.', 'c', 'o', 'm'};
- const char* dnsStr = "DNS:example.com";
- const char* uriStr = "URI:http://127.0.0.1:22220";
- const char* v4addStr = "IP Address:192.168.53.1";
- const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
- const char* emailStr = "email:info@wolfssl.com";
- const char* othrStr = "othername:<unsupported>";
- const char* x400Str = "X400Name:<unsupported>";
- const char* ediStr = "EdiPartyName:<unsupported>";
- /* BIO to output */
- ExpectNotNull(out = BIO_new(BIO_s_mem()));
- /* test for NULL param */
- gn = NULL;
- ExpectIntEQ(GENERAL_NAME_print(NULL, NULL), 0);
- ExpectIntEQ(GENERAL_NAME_print(NULL, gn), 0);
- ExpectIntEQ(GENERAL_NAME_print(out, NULL), 0);
- /* test for GEN_DNS */
- ExpectTrue((f = XFOPEN(cliCertDerFileExt, "rb")) != XBADFILE);
- ExpectIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- bufPt = buf;
- ExpectNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
- ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
- NID_subject_alt_name, NULL, NULL));
- ExpectNotNull(gn = sk_GENERAL_NAME_value(sk, 0));
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- XMEMSET(outbuf, 0, sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);
- sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
- gn = NULL;
- sk = NULL;
- X509_free(x509);
- x509 = NULL;
- /* Lets test for setting as well. */
- ExpectNotNull(gn = GENERAL_NAME_new());
- ExpectNotNull(dnsname = ASN1_IA5STRING_new());
- ExpectIntEQ(ASN1_STRING_set(dnsname, "example.com", -1), 1);
- GENERAL_NAME_set0_value(gn, GEN_DNS, dnsname);
- dnsname = NULL;
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- XMEMSET(outbuf, 0, sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);
- GENERAL_NAME_free(gn);
- /* test for GEN_URI */
- ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 4));
- ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(
- ext));
- ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION *)wolfSSL_sk_value(aia, 0));
- if (ad != NULL) {
- gn = ad->location;
- }
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- gn = NULL;
- XMEMSET(outbuf,0,sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, uriStr, XSTRLEN(uriStr)), 0);
- wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
- aia = NULL;
- aia = (AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
- ExpectNotNull(aia);
- AUTHORITY_INFO_ACCESS_pop_free(aia, NULL);
- aia = NULL;
- X509_free(x509);
- x509 = NULL;
- /* test for GEN_IPADD */
- /* ip v4 address */
- ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
- if (gn != NULL) {
- gn->type = GEN_IPADD;
- if (gn->d.iPAddress != NULL) {
- gn->d.iPAddress->length = sizeof(v4Addr);
- }
- }
- ExpectIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v4Addr,
- sizeof(v4Addr)), 1);
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- XMEMSET(outbuf,0,sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0);
- GENERAL_NAME_free(gn);
- gn = NULL;
- /* ip v6 address */
- ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
- if (gn != NULL) {
- gn->type = GEN_IPADD;
- if (gn->d.iPAddress != NULL) {
- gn->d.iPAddress->length = sizeof(v6Addr);
- }
- }
- ExpectIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v6Addr,
- sizeof(v6Addr)), 1);
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- XMEMSET(outbuf,0,sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0);
- GENERAL_NAME_free(gn);
- gn = NULL;
- /* test for GEN_EMAIL */
- ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
- if (gn != NULL) {
- gn->type = GEN_EMAIL;
- if (gn->d.rfc822Name != NULL) {
- gn->d.rfc822Name->length = sizeof(email);
- }
- }
- ExpectIntEQ(wolfSSL_ASN1_STRING_set(gn->d.rfc822Name, email, sizeof(email)),
- 1);
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- XMEMSET(outbuf,0,sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0);
- GENERAL_NAME_free(gn);
- gn = NULL;
- /* test for GEN_OTHERNAME */
- ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
- if (gn != NULL) {
- gn->type = GEN_OTHERNAME;
- }
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- XMEMSET(outbuf,0,sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, othrStr, XSTRLEN(othrStr)), 0);
- GENERAL_NAME_free(gn);
- gn = NULL;
- /* test for GEN_X400 */
- ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
- if (gn != NULL) {
- gn->type = GEN_X400;
- }
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- XMEMSET(outbuf,0,sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, x400Str, XSTRLEN(x400Str)), 0);
- /* Restore to GEN_IA5 (default) to avoid memory leak. */
- if (gn != NULL) {
- gn->type = GEN_IA5;
- }
- GENERAL_NAME_free(gn);
- gn = NULL;
- /* test for GEN_EDIPARTY */
- ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
- if (gn != NULL) {
- gn->type = GEN_EDIPARTY;
- }
- ExpectIntEQ(GENERAL_NAME_print(out, gn), 1);
- XMEMSET(outbuf,0,sizeof(outbuf));
- ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
- ExpectIntEQ(XSTRNCMP((const char*)outbuf, ediStr, XSTRLEN(ediStr)), 0);
- /* Restore to GEN_IA5 (default) to avoid memory leak. */
- if (gn != NULL) {
- gn->type = GEN_IA5;
- }
- GENERAL_NAME_free(gn);
- gn = NULL;
- BIO_free(out);
- #endif /* OPENSSL_ALL */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_sk_DIST_POINT(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
- !defined(NO_RSA)
- X509* x509 = NULL;
- unsigned char buf[4096];
- const unsigned char* bufPt;
- int bytes = 0;
- int i = 0;
- int j = 0;
- XFILE f = XBADFILE;
- DIST_POINT* dp = NULL;
- DIST_POINT_NAME* dpn = NULL;
- GENERAL_NAME* gn = NULL;
- ASN1_IA5STRING* uri = NULL;
- STACK_OF(DIST_POINT)* dps = NULL;
- STACK_OF(GENERAL_NAME)* gns = NULL;
- const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der";
- ExpectTrue((f = XFOPEN(cliCertDerCrlDistPoint, "rb")) != XBADFILE);
- ExpectIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- bufPt = buf;
- ExpectNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
- ExpectNotNull(dps = (STACK_OF(DIST_POINT)*)X509_get_ext_d2i(x509,
- NID_crl_distribution_points, NULL, NULL));
- ExpectIntEQ(sk_DIST_POINT_num(dps), 1);
- for (i = 0; i < sk_DIST_POINT_num(dps); i++) {
- ExpectNotNull(dp = sk_DIST_POINT_value(dps, i));
- ExpectNotNull(dpn = dp->distpoint);
- /* this should be type 0, fullname */
- ExpectIntEQ(dpn->type, 0);
- ExpectNotNull(gns = dp->distpoint->name.fullname);
- ExpectIntEQ(sk_GENERAL_NAME_num(gns), 1);
- for (j = 0; j < sk_GENERAL_NAME_num(gns); j++) {
- ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, j));
- ExpectIntEQ(gn->type, GEN_URI);
- ExpectNotNull(uri = gn->d.uniformResourceIdentifier);
- ExpectNotNull(uri->data);
- ExpectIntGT(uri->length, 0);
- }
- }
- X509_free(x509);
- CRL_DIST_POINTS_free(dps);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_verify_mode(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_RSA)
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
- SSL_free(ssl);
- ssl = NULL;
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
- wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
- ExpectIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER);
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
- SSL_free(ssl);
- ssl = NULL;
- wolfSSL_CTX_set_verify(ctx,
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
- ExpectIntEQ(SSL_get_verify_mode(ssl),
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
- wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
- ExpectIntEQ(SSL_CTX_get_verify_mode(ctx),
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
- wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
- wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
- wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0);
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK);
- #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
- wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0);
- ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE);
- #endif
- ExpectIntEQ(SSL_CTX_get_verify_mode(ctx),
- WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_verify_depth(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- long depth;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx));
- SSL_free(ssl);
- ssl = NULL;
- SSL_CTX_set_verify_depth(ctx, -1);
- ExpectIntEQ(depth, SSL_CTX_get_verify_depth(ctx));
- SSL_CTX_set_verify_depth(ctx, 2);
- ExpectIntEQ(2, SSL_CTX_get_verify_depth(ctx));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(2, SSL_get_verify_depth(ssl));
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_verify_result(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
- defined(OPENSSL_ALL)) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- long result = 0xDEADBEEF;
- ExpectIntEQ(WOLFSSL_FAILURE, wolfSSL_get_verify_result(ssl));
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectNotNull(ssl = SSL_new(ctx));
- wolfSSL_set_verify_result(ssl, result);
- ExpectIntEQ(result, wolfSSL_get_verify_result(ssl));
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
- static void sslMsgCb(int w, int version, int type, const void* buf,
- size_t sz, SSL* ssl, void* arg)
- {
- int i;
- unsigned char* pt = (unsigned char*)buf;
- fprintf(stderr, "%s %d bytes of version %d , type %d : ",
- (w)?"Writing":"Reading", (int)sz, version, type);
- for (i = 0; i < (int)sz; i++) fprintf(stderr, "%02X", pt[i]);
- fprintf(stderr, "\n");
- (void)ssl;
- (void)arg;
- }
- #endif /* OPENSSL_EXTRA */
- static int test_wolfSSL_msg_callback(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL* ssl = NULL;
- WOLFSSL_CTX* ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
- ExpectIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
- ExpectIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- /* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
- (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
- static void binary_dump(void *ptr, int size)
- {
- #ifdef WOLFSSL_EVP_PRINT
- int i = 0;
- unsigned char *p = (unsigned char *) ptr;
- fprintf(stderr, "{");
- while ((p != NULL) && (i < size)) {
- if ((i % 8) == 0) {
- fprintf(stderr, "\n");
- fprintf(stderr, " ");
- }
- fprintf(stderr, "0x%02x, ", p[i]);
- i++;
- }
- fprintf(stderr, "\n};\n");
- #else
- (void) ptr;
- (void) size;
- #endif
- }
- static int last_val = 0x0f;
- static int check_result(unsigned char *data, int len)
- {
- int i;
- for ( ; len; ) {
- last_val = (last_val + 1) % 16;
- for (i = 0; i < 16; len--, i++, data++)
- if (*data != last_val) {
- return -1;
- }
- }
- return 0;
- }
- static int r_offset;
- static int w_offset;
- static void init_offset(void)
- {
- r_offset = 0;
- w_offset = 0;
- }
- static void get_record(unsigned char *data, unsigned char *buf, int len)
- {
- XMEMCPY(buf, data+r_offset, len);
- r_offset += len;
- }
- static void set_record(unsigned char *data, unsigned char *buf, int len)
- {
- XMEMCPY(data+w_offset, buf, len);
- w_offset += len;
- }
- static void set_plain(unsigned char *plain, int rec)
- {
- int i, j;
- unsigned char *p = plain;
- #define BLOCKSZ 16
- for (i=0; i<(rec/BLOCKSZ); i++) {
- for (j=0; j<BLOCKSZ; j++)
- *p++ = (i % 16);
- }
- }
- #endif
- static int test_wolfSSL_EVP_Cipher_extra(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
- (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
- /* aes128-cbc, keylen=16, ivlen=16 */
- byte aes128_cbc_key[] = {
- 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
- 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
- };
- byte aes128_cbc_iv[] = {
- 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
- 0x99, 0x00, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
- };
- /* teset data size table */
- int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
- int test_drive2[] = {8, 3, 8, 512, 0};
- int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};
- int *test_drive[] = {test_drive1, test_drive2, test_drive3, NULL};
- int test_drive_len[100];
- int ret = 0;
- EVP_CIPHER_CTX *evp = NULL;
- int ilen = 0;
- int klen = 0;
- int i, j;
- const EVP_CIPHER *type;
- byte *iv;
- byte *key;
- int ivlen;
- int keylen;
- #define RECORDS 16
- #define BUFFSZ 512
- byte plain [BUFFSZ * RECORDS];
- byte cipher[BUFFSZ * RECORDS];
- byte inb[BUFFSZ];
- byte outb[BUFFSZ+16];
- int outl = 0;
- int inl;
- iv = aes128_cbc_iv;
- ivlen = sizeof(aes128_cbc_iv);
- key = aes128_cbc_key;
- keylen = sizeof(aes128_cbc_key);
- type = EVP_aes_128_cbc();
- set_plain(plain, BUFFSZ * RECORDS);
- SSL_library_init();
- ExpectNotNull(evp = EVP_CIPHER_CTX_new());
- ExpectIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0);
- ExpectIntEQ(EVP_CIPHER_CTX_nid(evp), NID_aes_128_cbc);
- klen = EVP_CIPHER_CTX_key_length(evp);
- if (klen > 0 && keylen != klen) {
- ExpectIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0);
- }
- ilen = EVP_CIPHER_CTX_iv_length(evp);
- if (ilen > 0 && ivlen != ilen) {
- ExpectIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0);
- }
- ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
- for (j = 0; j<RECORDS; j++)
- {
- inl = BUFFSZ;
- get_record(plain, inb, inl);
- ExpectIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, inb, inl)), 0);
- set_record(cipher, outb, outl);
- }
- for (i = 0; test_drive[i]; i++) {
- ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
- init_offset();
- test_drive_len[i] = 0;
- for (j = 0; test_drive[i][j]; j++)
- {
- inl = test_drive[i][j];
- test_drive_len[i] += inl;
- get_record(plain, inb, inl);
- ExpectIntNE((ret = EVP_EncryptUpdate(evp, outb, &outl, inb, inl)),
- 0);
- /* output to cipher buffer, so that following Dec test can detect
- if any error */
- set_record(cipher, outb, outl);
- }
- EVP_CipherFinal(evp, outb, &outl);
- if (outl > 0)
- set_record(cipher, outb, outl);
- }
- for (i = 0; test_drive[i]; i++) {
- last_val = 0x0f;
- ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0);
- init_offset();
- for (j = 0; test_drive[i][j]; j++) {
- inl = test_drive[i][j];
- get_record(cipher, inb, inl);
- ExpectIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)),
- 0);
- binary_dump(outb, outl);
- ExpectIntEQ((ret = check_result(outb, outl)), 0);
- ExpectFalse(outl > ((inl/16+1)*16) && outl > 16);
- }
- ret = EVP_CipherFinal(evp, outb, &outl);
- binary_dump(outb, outl);
- ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) ||
- (((test_drive_len[i] % 16) == 0) && (ret == 1));
- ExpectTrue(ret);
- }
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(evp), WOLFSSL_SUCCESS);
- EVP_CIPHER_CTX_free(evp);
- evp = NULL;
- /* Do an extra test to verify correct behavior with empty input. */
- ExpectNotNull(evp = EVP_CIPHER_CTX_new());
- ExpectIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0);
- ExpectIntEQ(EVP_CIPHER_CTX_nid(evp), NID_aes_128_cbc);
- klen = EVP_CIPHER_CTX_key_length(evp);
- if (klen > 0 && keylen != klen) {
- ExpectIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0);
- }
- ilen = EVP_CIPHER_CTX_iv_length(evp);
- if (ilen > 0 && ivlen != ilen) {
- ExpectIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0);
- }
- ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
- /* outl should be set to 0 after passing NULL, 0 for input args. */
- outl = -1;
- ExpectIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, NULL, 0)), 0);
- ExpectIntEQ(outl, 0);
- EVP_CIPHER_CTX_free(evp);
- #endif /* test_EVP_Cipher */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_read_DHparams(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && \
- !defined(NO_FILESYSTEM)
- DH* dh = NULL;
- XFILE fp = XBADFILE;
- unsigned char derOut[300];
- unsigned char* derOutBuf = derOut;
- int derOutSz = 0;
- unsigned char derExpected[300];
- int derExpectedSz = 0;
- XMEMSET(derOut, 0, sizeof(derOut));
- XMEMSET(derExpected, 0, sizeof(derExpected));
- /* open DH param file, read into DH struct */
- ExpectTrue((fp = XFOPEN(dhParamFile, "rb")) != XBADFILE);
- /* bad args */
- ExpectNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL));
- ExpectNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL));
- /* good args */
- ExpectNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- /* read in certs/dh2048.der for comparison against exported params */
- ExpectTrue((fp = XFOPEN("./certs/dh2048.der", "rb")) != XBADFILE);
- ExpectIntGT(derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected),
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- /* export DH back to DER and compare */
- derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
- ExpectIntEQ(derOutSz, derExpectedSz);
- ExpectIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
- DH_free(dh);
- dh = NULL;
- /* Test parsing with X9.42 header */
- ExpectTrue((fp = XFOPEN("./certs/x942dh2048.pem", "rb")) != XBADFILE);
- ExpectNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
- if (fp != XBADFILE)
- XFCLOSE(fp);
- DH_free(dh);
- dh = NULL;
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_get_serialNumber(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
- ASN1_INTEGER* a = NULL;
- BIGNUM* bn = NULL;
- X509* x509 = NULL;
- char *serialHex = NULL;
- byte serial[3];
- int serialSz;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(a = X509_get_serialNumber(x509));
- /* check on value of ASN1 Integer */
- ExpectNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));
- a = NULL;
- /* test setting serial number and then retrieving it */
- ExpectNotNull(a = ASN1_INTEGER_new());
- ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1);
- ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
- serialSz = sizeof(serial);
- ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(serialSz, 1);
- ExpectIntEQ(serial[0], 3);
- ASN1_INTEGER_free(a);
- a = NULL;
- /* test setting serial number with 0's in it */
- serial[0] = 0x01;
- serial[1] = 0x00;
- serial[2] = 0x02;
- ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new());
- if (a != NULL) {
- a->data[0] = ASN_INTEGER;
- a->data[1] = sizeof(serial);
- XMEMCPY(&a->data[2], serial, sizeof(serial));
- a->length = sizeof(serial) + 2;
- }
- ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
- XMEMSET(serial, 0, sizeof(serial));
- serialSz = sizeof(serial);
- ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(serialSz, 3);
- ExpectIntEQ(serial[0], 0x01);
- ExpectIntEQ(serial[1], 0x00);
- ExpectIntEQ(serial[2], 0x02);
- ASN1_INTEGER_free(a);
- a = NULL;
- X509_free(x509); /* free's a */
- ExpectNotNull(serialHex = BN_bn2hex(bn));
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- ExpectStrEQ(serialHex, "01");
- #else
- ExpectStrEQ(serialHex, "1");
- #endif
- OPENSSL_free(serialHex);
- ExpectIntEQ(BN_get_word(bn), 1);
- BN_free(bn);
- /* hard test free'ing with dynamic buffer to make sure there is no leaks */
- ExpectNotNull(a = ASN1_INTEGER_new());
- if (a != NULL) {
- ExpectNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
- DYNAMIC_TYPE_OPENSSL));
- a->isDynamic = 1;
- ASN1_INTEGER_free(a);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OpenSSL_add_all_algorithms(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- ExpectIntEQ(wolfSSL_add_all_algorithms(), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(), WOLFSSL_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OPENSSL_hexstr2buf(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- #define MAX_HEXSTR_BUFSZ 9
- #define NUM_CASES 5
- struct Output {
- const unsigned char buffer[MAX_HEXSTR_BUFSZ];
- long ret;
- };
- int i;
- int j;
- const char* inputs[NUM_CASES] = {
- "aabcd1357e",
- "01:12:23:34:a5:b6:c7:d8:e9",
- ":01:02",
- "012",
- ":ab:ac:d"
- };
- struct Output expectedOutputs[NUM_CASES] = {
- {{0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5},
- {{0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, 0xd8, 0xe9}, 9},
- {{0x01, 0x02}, 2},
- {{0x00}, 0},
- {{0x00}, 0}
- };
- long len = 0;
- unsigned char* returnedBuf = NULL;
- for (i = 0; i < NUM_CASES && !EXPECT_FAIL(); ++i) {
- returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len);
- if (returnedBuf == NULL) {
- ExpectIntEQ(expectedOutputs[i].ret, 0);
- continue;
- }
- ExpectIntEQ(expectedOutputs[i].ret, len);
- for (j = 0; j < len; ++j) {
- ExpectIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]);
- }
- OPENSSL_free(returnedBuf);
- returnedBuf = NULL;
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_CA_num(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
- defined(HAVE_ECC) && !defined(NO_RSA)
- WOLFSSL_X509_STORE *store = NULL;
- WOLFSSL_X509 *x509_1 = NULL;
- WOLFSSL_X509 *x509_2 = NULL;
- int ca_num = 0;
- ExpectNotNull(store = wolfSSL_X509_STORE_new());
- ExpectNotNull(x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_1), 1);
- ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 1);
- ExpectNotNull(x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_2), 1);
- ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 2);
- wolfSSL_X509_free(x509_1);
- wolfSSL_X509_free(x509_2);
- wolfSSL_X509_STORE_free(store);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_check_ca(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- WOLFSSL_X509 *x509 = NULL;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1);
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_check_ip_asc(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- WOLFSSL_X509 *x509 = NULL;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- WOLFSSL_FILETYPE_PEM));
- #if 0
- /* TODO: add cert gen for testing positive case */
- ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
- #endif
- ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
- ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_make_cert(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_EXT)
- int ret = 0;
- Cert cert;
- CertName name;
- RsaKey key;
- WC_RNG rng;
- byte der[FOURK_BUF];
- word32 idx = 0;
- const byte mySerial[8] = {1,2,3,4,5,6,7,8};
- #ifdef OPENSSL_EXTRA
- const unsigned char* pt = NULL;
- int certSz = 0;
- X509* x509 = NULL;
- X509_NAME* x509name = NULL;
- X509_NAME_ENTRY* entry = NULL;
- ASN1_STRING* entryValue = NULL;
- #endif
- XMEMSET(&name, 0, sizeof(CertName));
- /* set up cert name */
- XMEMCPY(name.country, "US", sizeof("US"));
- name.countryEnc = CTC_PRINTABLE;
- XMEMCPY(name.state, "Oregon", sizeof("Oregon"));
- name.stateEnc = CTC_UTF8;
- XMEMCPY(name.locality, "Portland", sizeof("Portland"));
- name.localityEnc = CTC_UTF8;
- XMEMCPY(name.sur, "Test", sizeof("Test"));
- name.surEnc = CTC_UTF8;
- XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL"));
- name.orgEnc = CTC_UTF8;
- XMEMCPY(name.unit, "Development", sizeof("Development"));
- name.unitEnc = CTC_UTF8;
- XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
- name.commonNameEnc = CTC_UTF8;
- XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
- name.serialDevEnc = CTC_PRINTABLE;
- XMEMCPY(name.userId, "TestUserID", sizeof("TestUserID"));
- name.userIdEnc = CTC_PRINTABLE;
- #ifdef WOLFSSL_MULTI_ATTRIB
- #if CTC_MAX_ATTRIB > 2
- {
- NameAttrib* n;
- n = &name.name[0];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("com");
- XMEMCPY(n->value, "com", sizeof("com"));
- n = &name.name[1];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("wolfssl");
- XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
- }
- #endif
- #endif /* WOLFSSL_MULTI_ATTRIB */
- ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
- #ifndef HAVE_FIPS
- ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0);
- #else
- ExpectIntEQ(wc_InitRng(&rng), 0);
- #endif
- /* load test RSA key */
- idx = 0;
- #if defined(USE_CERT_BUFFERS_1024)
- ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key,
- sizeof_server_key_der_1024), 0);
- #elif defined(USE_CERT_BUFFERS_2048)
- ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
- sizeof_server_key_der_2048), 0);
- #else
- /* error case, no RSA key loaded, happens later */
- (void)idx;
- #endif
- XMEMSET(&cert, 0 , sizeof(Cert));
- ExpectIntEQ(wc_InitCert(&cert), 0);
- XMEMCPY(&cert.subject, &name, sizeof(CertName));
- XMEMCPY(cert.serial, mySerial, sizeof(mySerial));
- cert.serialSz = (int)sizeof(mySerial);
- cert.isCA = 1;
- #ifndef NO_SHA256
- cert.sigType = CTC_SHA256wRSA;
- #else
- cert.sigType = CTC_SHAwRSA;
- #endif
- /* add SKID from the Public Key */
- ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0);
- /* add AKID from the Public Key */
- ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0);
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
- }
- } while (ret == WC_PENDING_E);
- ExpectIntGT(ret, 0);
- #ifdef OPENSSL_EXTRA
- /* der holds a certificate with DC's now check X509 parsing of it */
- certSz = ret;
- pt = der;
- ExpectNotNull(x509 = d2i_X509(NULL, &pt, certSz));
- ExpectNotNull(x509name = X509_get_subject_name(x509));
- #ifdef WOLFSSL_MULTI_ATTRIB
- ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- -1)), 5);
- ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- idx)), 6);
- ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- idx)), -1);
- #endif /* WOLFSSL_MULTI_ATTRIB */
- /* compare DN at index 0 */
- ExpectNotNull(entry = X509_NAME_get_entry(x509name, 0));
- ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
- ExpectIntEQ(ASN1_STRING_length(entryValue), 2);
- ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "US");
- #ifndef WOLFSSL_MULTI_ATTRIB
- /* compare Serial Number */
- ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_serialNumber,
- -1)), 7);
- ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx));
- ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
- ExpectIntEQ(ASN1_STRING_length(entryValue), XSTRLEN("wolfSSL12345"));
- ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "wolfSSL12345");
- #endif
- #ifdef WOLFSSL_MULTI_ATTRIB
- /* get first and second DC and compare result */
- ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- -1)), 5);
- ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx));
- ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
- ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "com");
- ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
- idx)), 6);
- ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx));
- ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
- ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
- #endif /* WOLFSSL_MULTI_ATTRIB */
- /* try invalid index locations for regression test and sanity check */
- ExpectNull(entry = X509_NAME_get_entry(x509name, 11));
- ExpectNull(entry = X509_NAME_get_entry(x509name, 20));
- X509_free(x509);
- #endif /* OPENSSL_EXTRA */
- wc_FreeRsaKey(&key);
- wc_FreeRng(&rng);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_get_version(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- WOLFSSL_X509 *x509 = NULL;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ((int)wolfSSL_X509_get_version(x509), 2);
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_ALL)
- static int test_wolfSSL_sk_CIPHER_description(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA)
- const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
- int i;
- int numCiphers = 0;
- const SSL_METHOD *method = NULL;
- const SSL_CIPHER *cipher = NULL;
- STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
- SSL_CTX *ctx = NULL;
- SSL *ssl = NULL;
- char buf[256];
- char test_str[9] = "0000000";
- const char badStr[] = "unknown";
- const char certPath[] = "./certs/client-cert.pem";
- XMEMSET(buf, 0, sizeof(buf));
- ExpectNotNull(method = TLSv1_2_client_method());
- ExpectNotNull(ctx = SSL_CTX_new(method));
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
- SSL_CTX_set_verify_depth(ctx, 4);
- SSL_CTX_set_options(ctx, flags);
- ExpectIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
- WOLFSSL_SUCCESS);
- ExpectNotNull(ssl = SSL_new(ctx));
- /* SSL_get_ciphers returns a stack of all configured ciphers
- * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description
- */
- ExpectNotNull(supportedCiphers = SSL_get_ciphers(ssl));
- /* loop through the amount of supportedCiphers */
- numCiphers = sk_num(supportedCiphers);
- for (i = 0; i < numCiphers; ++i) {
- int j;
- /* sk_value increments "sk->data.cipher->cipherOffset".
- * wolfSSL_sk_CIPHER_description sets the description for
- * the cipher based on the provided offset.
- */
- if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
- SSL_CIPHER_description(cipher, buf, sizeof(buf));
- }
- /* Search cipher description string for "unknown" descriptor */
- for (j = 0; j < (int)XSTRLEN(buf); j++) {
- int k = 0;
- while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) {
- test_str[k] = badStr[k];
- j++;
- k++;
- }
- }
- /* Fail if test_str == badStr == "unknown" */
- ExpectStrNE(test_str,badStr);
- }
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_get_ciphers_compat(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA)
- const SSL_METHOD *method = NULL;
- const char certPath[] = "./certs/client-cert.pem";
- STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
- SSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
- ExpectNotNull(method = SSLv23_client_method());
- ExpectNotNull(ctx = SSL_CTX_new(method));
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
- SSL_CTX_set_verify_depth(ctx, 4);
- SSL_CTX_set_options(ctx, flags);
- ExpectIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
- WOLFSSL_SUCCESS);
- ExpectNotNull(ssl = SSL_new(ctx));
- /* Test Bad NULL input */
- ExpectNull(supportedCiphers = SSL_get_ciphers(NULL));
- /* Test for Good input */
- ExpectNotNull(supportedCiphers = SSL_get_ciphers(ssl));
- /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is
- * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_PUBKEY_get(void)
- {
- EXPECT_DECLS;
- WOLFSSL_X509_PUBKEY pubkey;
- WOLFSSL_X509_PUBKEY* key;
- WOLFSSL_EVP_PKEY evpkey ;
- WOLFSSL_EVP_PKEY* evpPkey;
- WOLFSSL_EVP_PKEY* retEvpPkey;
- XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY));
- XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY));
- key = &pubkey;
- evpPkey = &evpkey;
- evpPkey->type = WOLFSSL_SUCCESS;
- key->pkey = evpPkey;
- ExpectNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
- ExpectIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS);
- ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL));
- key->pkey = NULL;
- ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
- {
- EXPECT_DECLS;
- #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
- DSA *dsa = NULL;
- DSA *setDsa = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *set1Pkey = NULL;
- SHA_CTX sha;
- byte signature[DSA_SIG_SIZE];
- byte hash[WC_SHA_DIGEST_SIZE];
- word32 bytes;
- int answer;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* dsaKeyDer = dsa_key_der_1024;
- int dsaKeySz = sizeof_dsa_key_der_1024;
- byte tmp[ONEK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
- bytes = dsaKeySz;
- #elif defined(USE_CERT_BUFFERS_2048)
- const unsigned char* dsaKeyDer = dsa_key_der_2048;
- int dsaKeySz = sizeof_dsa_key_der_2048;
- byte tmp[TWOK_BUF];
- XMEMSET(tmp, 0, sizeof(tmp));
- XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
- bytes = dsaKeySz;
- #else
- byte tmp[TWOK_BUF];
- const unsigned char* dsaKeyDer = (const unsigned char*)tmp;
- int dsaKeySz;
- XFILE fp = XBADFILE;
- XMEMSET(tmp, 0, sizeof(tmp));
- ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE);
- ExpectIntGT(dsaKeySz = bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif /* END USE_CERT_BUFFERS_1024 */
- /* Create hash to later Sign and Verify */
- ExpectIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS);
- ExpectIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS);
- ExpectIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);
- /* Initialize pkey with der format dsa key */
- ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer,
- (long)dsaKeySz));
- /* Test wolfSSL_EVP_PKEY_get1_DSA */
- /* Should Fail: NULL argument */
- ExpectNull(dsa = EVP_PKEY_get0_DSA(NULL));
- ExpectNull(dsa = EVP_PKEY_get1_DSA(NULL));
- /* Should Pass: Initialized pkey argument */
- ExpectNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
- ExpectNotNull(dsa = EVP_PKEY_get1_DSA(pkey));
- #ifdef USE_CERT_BUFFERS_1024
- ExpectIntEQ(DSA_bits(dsa), 1024);
- #else
- ExpectIntEQ(DSA_bits(dsa), 2048);
- #endif
- /* Sign */
- ExpectIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
- /* Verify. */
- ExpectIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer),
- WOLFSSL_SUCCESS);
- /* Test wolfSSL_EVP_PKEY_set1_DSA */
- /* Should Fail: set1Pkey not initialized */
- ExpectIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
- /* Initialize set1Pkey */
- set1Pkey = EVP_PKEY_new();
- /* Should Fail Verify: setDsa not initialized from set1Pkey */
- ExpectIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
- WOLFSSL_SUCCESS);
- /* Should Pass: set dsa into set1Pkey */
- ExpectIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
- DSA_free(dsa);
- DSA_free(setDsa);
- EVP_PKEY_free(pkey);
- EVP_PKEY_free(set1Pkey);
- #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
- return EXPECT_RESULT();
- } /* END test_EVP_PKEY_set1_get1_DSA */
- static int test_wolfSSL_DSA_generate_parameters(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_FIPS)
- DSA *dsa = NULL;
- ExpectNotNull(dsa = DSA_generate_parameters(2048, NULL, 0, NULL, NULL, NULL,
- NULL));
- DSA_free(dsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DSA_SIG(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_FIPS)
- DSA *dsa = NULL;
- DSA *dsa2 = NULL;
- DSA_SIG *sig = NULL;
- const BIGNUM *p = NULL;
- const BIGNUM *q = NULL;
- const BIGNUM *g = NULL;
- const BIGNUM *pub = NULL;
- const BIGNUM *priv = NULL;
- BIGNUM *dup_p = NULL;
- BIGNUM *dup_q = NULL;
- BIGNUM *dup_g = NULL;
- BIGNUM *dup_pub = NULL;
- BIGNUM *dup_priv = NULL;
- const byte digest[WC_SHA_DIGEST_SIZE] = {0};
- ExpectNotNull(dsa = DSA_new());
- ExpectIntEQ(DSA_generate_parameters_ex(dsa, 2048, NULL, 0, NULL, NULL,
- NULL), 1);
- ExpectIntEQ(DSA_generate_key(dsa), 1);
- DSA_get0_pqg(dsa, &p, &q, &g);
- DSA_get0_key(dsa, &pub, &priv);
- ExpectNotNull(dup_p = BN_dup(p));
- ExpectNotNull(dup_q = BN_dup(q));
- ExpectNotNull(dup_g = BN_dup(g));
- ExpectNotNull(dup_pub = BN_dup(pub));
- ExpectNotNull(dup_priv = BN_dup(priv));
- ExpectNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa));
- ExpectNotNull(dsa2 = DSA_new());
- ExpectIntEQ(DSA_set0_pqg(dsa2, dup_p, dup_q, dup_g), 1);
- if (EXPECT_FAIL()) {
- BN_free(dup_p);
- BN_free(dup_q);
- BN_free(dup_g);
- }
- ExpectIntEQ(DSA_set0_key(dsa2, dup_pub, dup_priv), 1);
- if (EXPECT_FAIL()) {
- BN_free(dup_pub);
- BN_free(dup_priv);
- }
- ExpectIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1);
- DSA_free(dsa);
- DSA_free(dsa2);
- DSA_SIG_free(sig);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_ECC
- WOLFSSL_EC_KEY* ecKey = NULL;
- WOLFSSL_EC_KEY* ecGet1 = NULL;
- EVP_PKEY* pkey = NULL;
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
- ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
- /* Should fail since ecKey is empty */
- ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
- /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
- ExpectNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL));
- ExpectNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey));
- wolfSSL_EC_KEY_free(ecKey);
- wolfSSL_EC_KEY_free(ecGet1);
- EVP_PKEY_free(pkey);
- #endif /* HAVE_ECC */
- return EXPECT_RESULT();
- } /* END test_EVP_PKEY_set1_get1_EC_KEY */
- static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
- DH *dh = NULL;
- DH *setDh = NULL;
- EVP_PKEY *pkey = NULL;
- XFILE f = XBADFILE;
- unsigned char buf[4096];
- const unsigned char* pt = buf;
- const char* dh2048 = "./certs/dh2048.der";
- long len = 0;
- int code = -1;
- XMEMSET(buf, 0, sizeof(buf));
- ExpectTrue((f = XFOPEN(dh2048, "rb")) != XBADFILE);
- ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- /* Load dh2048.der into DH with internal format */
- ExpectNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- ExpectIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS);
- ExpectIntEQ(code, 0);
- code = -1;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- /* Set DH into PKEY */
- ExpectIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
- /* Get DH from PKEY */
- ExpectNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey));
- ExpectIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS);
- ExpectIntEQ(code, 0);
- EVP_PKEY_free(pkey);
- DH_free(setDh);
- setDh = NULL;
- DH_free(dh);
- dh = NULL;
- #endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
- return EXPECT_RESULT();
- } /* END test_EVP_PKEY_set1_get1_DH */
- static int test_wolfSSL_CTX_ctrl(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- char caFile[] = "./certs/client-ca.pem";
- char clientFile[] = "./certs/client-cert.pem";
- SSL_CTX* ctx = NULL;
- X509* x509 = NULL;
- #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
- byte buf[6000];
- char file[] = "./certs/dsaparams.pem";
- XFILE f = XBADFILE;
- int bytes = 0;
- BIO* bio = NULL;
- DSA* dsa = NULL;
- DH* dh = NULL;
- #endif
- #ifdef HAVE_ECC
- WOLFSSL_EC_KEY* ecKey = NULL;
- #endif
- ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- wolfSSL_X509_free(x509);
- }
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile,
- WOLFSSL_FILETYPE_PEM));
- #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
- /* Initialize DH */
- ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
- ExpectNotNull(dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL));
- ExpectNotNull(dh = wolfSSL_DSA_dup_DH(dsa));
- #endif
- #ifdef HAVE_ECC
- /* Initialize WOLFSSL_EC_KEY */
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- #endif
- /* additional test of getting EVP_PKEY key size from X509
- * Do not run with user RSA because wolfSSL_RSA_size is not currently
- * allowed with user RSA */
- {
- EVP_PKEY* pkey = NULL;
- #if defined(HAVE_ECC)
- X509* ecX509 = NULL;
- #endif /* HAVE_ECC */
- ExpectNotNull(pkey = X509_get_pubkey(x509));
- /* current RSA key is 2048 bit (256 bytes) */
- ExpectIntEQ(EVP_PKEY_size(pkey), 256);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #if defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- ExpectNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
- cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
- SSL_FILETYPE_ASN1));
- #else
- ExpectNotNull(ecX509 = wolfSSL_X509_load_certificate_file(
- cliEccCertFile, SSL_FILETYPE_PEM));
- #endif
- ExpectNotNull(pkey = X509_get_pubkey(ecX509));
- /* current ECC key is 256 bit (32 bytes) */
- ExpectIntEQ(EVP_PKEY_size(pkey), 32);
- X509_free(ecX509);
- EVP_PKEY_free(pkey);
- #endif /* HAVE_ECC */
- }
- /* Tests should fail with passed in NULL pointer */
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, NULL),
- SSL_FAILURE);
- #if !defined(NO_DH) && !defined(NO_DSA)
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, NULL),
- SSL_FAILURE);
- #endif
- #ifdef HAVE_ECC
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, NULL),
- SSL_FAILURE);
- #endif
- /* Test with SSL_CTRL_EXTRA_CHAIN_CERT
- * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert
- */
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509),
- SSL_SUCCESS);
- if (EXPECT_FAIL()) {
- wolfSSL_X509_free(x509);
- }
- /* Test with SSL_CTRL_OPTIONS
- * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options
- */
- ExpectTrue(wolfSSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, SSL_OP_NO_TLSv1,
- NULL) == SSL_OP_NO_TLSv1);
- ExpectTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
- /* Test with SSL_CTRL_SET_TMP_DH
- * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh
- */
- #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh),
- SSL_SUCCESS);
- #endif
- /* Test with SSL_CTRL_SET_TMP_ECDH
- * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh
- */
- #ifdef HAVE_ECC
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, ecKey),
- SSL_SUCCESS);
- #endif
- #ifdef WOLFSSL_ENCRYPTED_KEYS
- ExpectNull(SSL_CTX_get_default_passwd_cb(ctx));
- ExpectNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
- #endif
- /* Test for min/max proto */
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
- 0, NULL), SSL_SUCCESS);
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
- TLS1_2_VERSION, NULL), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
- #endif
- #ifdef WOLFSSL_TLS13
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
- 0, NULL), SSL_SUCCESS);
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
- TLS1_3_VERSION, NULL), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_3_VERSION);
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
- TLS1_2_VERSION, NULL), SSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION);
- #endif
- #endif
- /* Cleanup and Pass */
- #if !defined(NO_DH) && !defined(NO_DSA)
- #ifndef NO_BIO
- BIO_free(bio);
- DSA_free(dsa);
- DH_free(dh);
- dh = NULL;
- #endif
- #endif
- #ifdef HAVE_ECC
- wolfSSL_EC_KEY_free(ecKey);
- #endif
- SSL_CTX_free(ctx);
- #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_assign(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) || !defined(NO_DSA) || defined(HAVE_ECC)
- int type;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- #ifndef NO_RSA
- WOLFSSL_RSA* rsa = NULL;
- #endif
- #ifndef NO_DSA
- WOLFSSL_DSA* dsa = NULL;
- #endif
- #ifdef HAVE_ECC
- WOLFSSL_EC_KEY* ecKey = NULL;
- #endif
- #ifndef NO_RSA
- type = EVP_PKEY_RSA;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(rsa = wolfSSL_RSA_new());
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, rsa), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- wolfSSL_RSA_free(rsa);
- }
- wolfSSL_EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif /* NO_RSA */
- #ifndef NO_DSA
- type = EVP_PKEY_DSA;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(dsa = wolfSSL_DSA_new());
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, dsa), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- wolfSSL_DSA_free(dsa);
- }
- wolfSSL_EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif /* NO_DSA */
- #ifdef HAVE_ECC
- type = EVP_PKEY_EC;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- wolfSSL_EC_KEY_free(ecKey);
- }
- wolfSSL_EVP_PKEY_free(pkey);
- pkey = NULL;
- #endif /* HAVE_ECC */
- #endif /* !NO_RSA || !NO_DSA || HAVE_ECC */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_assign_DH(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DH) && \
- !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- XFILE f = XBADFILE;
- unsigned char buf[4096];
- const unsigned char* pt = buf;
- const char* params1 = "./certs/dh2048.der";
- long len = 0;
- WOLFSSL_DH* dh = NULL;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- XMEMSET(buf, 0, sizeof(buf));
- /* Load DH parameters DER. */
- ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE);
- ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- ExpectIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- /* Bad cases */
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);
- /* Good case */
- ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- wolfSSL_DH_free(dh);
- }
- EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_base_id(void)
- {
- EXPECT_DECLS;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef);
- ExpectIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA);
- EVP_PKEY_free(pkey);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_id(void)
- {
- EXPECT_DECLS;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0);
- ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA);
- EVP_PKEY_free(pkey);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_paramgen(void)
- {
- EXPECT_DECLS;
- /* ECC check taken from ecc.c. It is the condition that defines ECC256 */
- #if defined(OPENSSL_ALL) && !defined(NO_ECC_SECP) && \
- ((!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
- ECC_MIN_KEY_SZ <= 256)
- EVP_PKEY_CTX* ctx = NULL;
- EVP_PKEY* pkey = NULL;
- /* Test error conditions. */
- ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WOLFSSL_FAILURE);
- ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
- ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WOLFSSL_FAILURE);
- #ifndef NO_RSA
- EVP_PKEY_CTX_free(ctx);
- /* Parameter generation for RSA not supported yet. */
- ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL));
- ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_FAILURE);
- #endif
- #ifdef HAVE_ECC
- EVP_PKEY_CTX_free(ctx);
- ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
- ExpectIntEQ(EVP_PKEY_paramgen_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx,
- NID_X9_62_prime256v1), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS);
- #endif
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_keygen(void)
- {
- EXPECT_DECLS;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- EVP_PKEY_CTX* ctx = NULL;
- #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- WOLFSSL_EVP_PKEY* params = NULL;
- DH* dh = NULL;
- const BIGNUM* pubkey = NULL;
- const BIGNUM* privkey = NULL;
- ASN1_INTEGER* asn1int = NULL;
- unsigned int length = 0;
- byte* derBuffer = NULL;
- #endif
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- /* Bad cases */
- ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);
- /* Good case */
- ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
- EVP_PKEY_CTX_free(ctx);
- ctx = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- /* Test DH keygen */
- {
- ExpectNotNull(params = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(dh = DH_get_2048_256());
- ExpectIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS);
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(params, NULL));
- ExpectIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS);
- DH_free(dh);
- dh = NULL;
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(params);
- /* try exporting generated key to DER, to verify */
- ExpectNotNull(dh = EVP_PKEY_get1_DH(pkey));
- DH_get0_key(dh, &pubkey, &privkey);
- ExpectNotNull(pubkey);
- ExpectNotNull(privkey);
- ExpectNotNull(asn1int = BN_to_ASN1_INTEGER(pubkey, NULL));
- ExpectIntGT((length = i2d_ASN1_INTEGER(asn1int, &derBuffer)), 0);
- ASN1_INTEGER_free(asn1int);
- DH_free(dh);
- dh = NULL;
- XFREE(derBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- EVP_PKEY_free(pkey);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_keygen_init(void)
- {
- EXPECT_DECLS;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- EVP_PKEY_CTX *ctx = NULL;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_PKEY_keygen_init(NULL), WOLFSSL_SUCCESS);
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_missing_parameters(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
- WOLFSSL_EVP_PKEY* pkey = NULL;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0);
- ExpectIntEQ(wolfSSL_EVP_PKEY_missing_parameters(NULL), 0);
- EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_copy_parameters(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DH) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_SELFTEST) && (defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
- defined(WOLFSSL_OPENSSH)) && defined(WOLFSSL_DH_EXTRA) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL_EVP_PKEY* params = NULL;
- WOLFSSL_EVP_PKEY* copy = NULL;
- DH* dh = NULL;
- BIGNUM* p1;
- BIGNUM* g1;
- BIGNUM* q1;
- BIGNUM* p2;
- BIGNUM* g2;
- BIGNUM* q2;
- /* create DH with DH_get_2048_256 params */
- ExpectNotNull(params = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(dh = DH_get_2048_256());
- ExpectIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS);
- DH_get0_pqg(dh, (const BIGNUM**)&p1,
- (const BIGNUM**)&q1,
- (const BIGNUM**)&g1);
- DH_free(dh);
- dh = NULL;
- /* create DH with random generated DH params */
- ExpectNotNull(copy = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
- ExpectIntEQ(EVP_PKEY_set1_DH(copy, dh), WOLFSSL_SUCCESS);
- DH_free(dh);
- dh = NULL;
- ExpectIntEQ(EVP_PKEY_copy_parameters(copy, params), WOLFSSL_SUCCESS);
- ExpectNotNull(dh = EVP_PKEY_get1_DH(copy));
- ExpectNotNull(dh->p);
- ExpectNotNull(dh->g);
- ExpectNotNull(dh->q);
- DH_get0_pqg(dh, (const BIGNUM**)&p2,
- (const BIGNUM**)&q2,
- (const BIGNUM**)&g2);
- ExpectIntEQ(BN_cmp(p1, p2), 0);
- ExpectIntEQ(BN_cmp(q1, q2), 0);
- ExpectIntEQ(BN_cmp(g1, g2), 0);
- DH_free(dh);
- dh = NULL;
- EVP_PKEY_free(copy);
- EVP_PKEY_free(params);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void)
- {
- EXPECT_DECLS;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- EVP_PKEY_CTX* ctx = NULL;
- int bits = 2048;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits),
- WOLFSSL_SUCCESS);
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_CIPHER_CTX_iv_length(void)
- {
- EXPECT_DECLS;
- /* This is large enough to be used for all key sizes */
- byte key[AES_256_KEY_SIZE] = {0};
- byte iv[AES_BLOCK_SIZE] = {0};
- int i;
- int nids[] = {
- #ifdef HAVE_AES_CBC
- NID_aes_128_cbc,
- #endif
- #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- #ifdef HAVE_AESGCM
- NID_aes_128_gcm,
- #endif
- #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
- #ifdef WOLFSSL_AES_COUNTER
- NID_aes_128_ctr,
- #endif
- #ifndef NO_DES3
- NID_des_cbc,
- NID_des_ede3_cbc,
- #endif
- };
- int iv_lengths[] = {
- #ifdef HAVE_AES_CBC
- AES_BLOCK_SIZE,
- #endif
- #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- #ifdef HAVE_AESGCM
- GCM_NONCE_MID_SZ,
- #endif
- #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
- #ifdef WOLFSSL_AES_COUNTER
- AES_BLOCK_SIZE,
- #endif
- #ifndef NO_DES3
- DES_BLOCK_SIZE,
- DES_BLOCK_SIZE,
- #endif
- };
- int nidsLen = (sizeof(nids)/sizeof(int));
- for (i = 0; i < nidsLen; i++) {
- const EVP_CIPHER* init = wolfSSL_EVP_get_cipherbynid(nids[i]);
- EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]);
- EVP_CIPHER_CTX_free(ctx);
- }
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_CIPHER_CTX_key_length(void)
- {
- EXPECT_DECLS;
- byte key[AES_256_KEY_SIZE] = {0};
- byte iv[AES_BLOCK_SIZE] = {0};
- int i;
- int nids[] = {
- #ifdef HAVE_AES_CBC
- NID_aes_128_cbc,
- NID_aes_256_cbc,
- #endif
- #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- #ifdef HAVE_AESGCM
- NID_aes_128_gcm,
- NID_aes_256_gcm,
- #endif
- #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
- #ifdef WOLFSSL_AES_COUNTER
- NID_aes_128_ctr,
- NID_aes_256_ctr,
- #endif
- #ifndef NO_DES3
- NID_des_cbc,
- NID_des_ede3_cbc,
- #endif
- };
- int key_lengths[] = {
- #ifdef HAVE_AES_CBC
- AES_128_KEY_SIZE,
- AES_256_KEY_SIZE,
- #endif
- #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- #ifdef HAVE_AESGCM
- AES_128_KEY_SIZE,
- AES_256_KEY_SIZE,
- #endif
- #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
- #ifdef WOLFSSL_AES_COUNTER
- AES_128_KEY_SIZE,
- AES_256_KEY_SIZE,
- #endif
- #ifndef NO_DES3
- DES_KEY_SIZE,
- DES3_KEY_SIZE,
- #endif
- };
- int nidsLen = (sizeof(nids)/sizeof(int));
- for (i = 0; i < nidsLen; i++) {
- const EVP_CIPHER *init = wolfSSL_EVP_get_cipherbynid(nids[i]);
- EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), key_lengths[i]);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, key_lengths[i]),
- WOLFSSL_SUCCESS);
- EVP_CIPHER_CTX_free(ctx);
- }
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_AESGCM) && !defined(NO_DES3)
- int ivLen, keyLen;
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
- #ifdef HAVE_AESGCM
- byte key[AES_128_KEY_SIZE] = {0};
- byte iv[AES_BLOCK_SIZE] = {0};
- const EVP_CIPHER *init = EVP_aes_128_gcm();
- #else
- byte key[DES3_KEY_SIZE] = {0};
- byte iv[DES_BLOCK_SIZE] = {0};
- const EVP_CIPHER *init = EVP_des_ede3_cbc();
- #endif
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
- keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
- /* Bad cases */
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen),
- WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen),
- WOLFSSL_FAILURE);
- /* Good case */
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);
- EVP_CIPHER_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_CTX_new_id(void)
- {
- EXPECT_DECLS;
- WOLFSSL_ENGINE* e = NULL;
- int id = 0;
- EVP_PKEY_CTX *ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e));
- EVP_PKEY_CTX_free(ctx);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_rc4(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RC4)
- ExpectNotNull(wolfSSL_EVP_rc4());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_enc_null(void)
- {
- EXPECT_DECLS;
- ExpectNotNull(wolfSSL_EVP_enc_null());
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_rc2_cbc(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB)
- ExpectNull(wolfSSL_EVP_rc2_cbc());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_mdc2(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_WOLFSSL_STUB)
- ExpectNull(wolfSSL_EVP_mdc2());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_md4(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_MD4)
- ExpectNotNull(wolfSSL_EVP_md4());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_aes_256_gcm(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_AESGCM
- ExpectNotNull(wolfSSL_EVP_aes_256_gcm());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_aes_192_gcm(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_AESGCM
- ExpectNotNull(wolfSSL_EVP_aes_192_gcm());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_aes_256_ccm(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_AESCCM
- ExpectNotNull(wolfSSL_EVP_aes_256_ccm());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_aes_192_ccm(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_AESCCM
- ExpectNotNull(wolfSSL_EVP_aes_192_ccm());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_aes_128_ccm(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_AESCCM
- ExpectNotNull(wolfSSL_EVP_aes_128_ccm());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_ripemd160(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_WOLFSSL_STUB)
- ExpectNull(wolfSSL_EVP_ripemd160());
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_get_digestbynid(void)
- {
- EXPECT_DECLS;
- #ifndef NO_MD5
- ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
- #endif
- #ifndef NO_SHA
- ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
- #endif
- #ifndef NO_SHA256
- ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256));
- #endif
- ExpectNull(wolfSSL_EVP_get_digestbynid(0));
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_MD_nid(void)
- {
- EXPECT_DECLS;
- #ifndef NO_MD5
- ExpectIntEQ(EVP_MD_nid(EVP_md5()), NID_md5);
- #endif
- #ifndef NO_SHA
- ExpectIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1);
- #endif
- #ifndef NO_SHA256
- ExpectIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256);
- #endif
- ExpectIntEQ(EVP_MD_nid(NULL), NID_undef);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_get0_EC_KEY(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC)
- WOLFSSL_EVP_PKEY* pkey = NULL;
- ExpectNull(EVP_PKEY_get0_EC_KEY(NULL));
- ExpectNotNull(pkey = EVP_PKEY_new());
- ExpectNull(EVP_PKEY_get0_EC_KEY(pkey));
- EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_X_STATE(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DES3) && !defined(NO_RC4)
- byte key[DES3_KEY_SIZE] = {0};
- byte iv[DES_IV_SIZE] = {0};
- EVP_CIPHER_CTX *ctx = NULL;
- const EVP_CIPHER *init = NULL;
- /* Bad test cases */
- ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
- ExpectNotNull(init = EVP_des_ede3_cbc());
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- ExpectNull(wolfSSL_EVP_X_STATE(NULL));
- ExpectNull(wolfSSL_EVP_X_STATE(ctx));
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- /* Good test case */
- ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
- ExpectNotNull(init = wolfSSL_EVP_rc4());
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- ExpectNotNull(wolfSSL_EVP_X_STATE(ctx));
- EVP_CIPHER_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_X_STATE_LEN(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DES3) && !defined(NO_RC4)
- byte key[DES3_KEY_SIZE] = {0};
- byte iv[DES_IV_SIZE] = {0};
- EVP_CIPHER_CTX *ctx = NULL;
- const EVP_CIPHER *init = NULL;
- /* Bad test cases */
- ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
- ExpectNotNull(init = EVP_des_ede3_cbc());
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0);
- ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0);
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- /* Good test case */
- ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
- ExpectNotNull(init = wolfSSL_EVP_rc4());
- wolfSSL_EVP_CIPHER_CTX_init(ctx);
- ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4));
- EVP_CIPHER_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_CIPHER_block_size(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_AES_CBC) || defined(HAVE_AESGCM) || \
- defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) || \
- defined(WOLFSSL_AES_OFB) || !defined(NO_RC4) || \
- (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE);
- #endif
- #endif
- #ifdef HAVE_AESGCM
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1);
- #endif
- #endif
- #ifdef HAVE_AESCCM
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ccm()), 1);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ccm()), 1);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ccm()), 1);
- #endif
- #endif
- #ifdef WOLFSSL_AES_COUNTER
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1);
- #endif
- #endif
- #ifdef HAVE_AES_ECB
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE);
- #endif
- #endif
- #ifdef WOLFSSL_AES_OFB
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1);
- #endif
- #ifdef WOLFSSL_AES_192
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1);
- #endif
- #ifdef WOLFSSL_AES_256
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1);
- #endif
- #endif
- #ifndef NO_RC4
- ExpectIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1);
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- ExpectIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_chacha20_poly1305()), 1);
- #endif
- #endif
- #ifdef WOLFSSL_SM4_ECB
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ecb()), SM4_BLOCK_SIZE);
- #endif
- #ifdef WOLFSSL_SM4_CBC
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_cbc()), SM4_BLOCK_SIZE);
- #endif
- #ifdef WOLFSSL_SM4_CTR
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ctr()), 1);
- #endif
- #ifdef WOLFSSL_SM4_GCM
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_gcm()), 1);
- #endif
- #ifdef WOLFSSL_SM4_CCM
- ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ccm()), 1);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_CIPHER_iv_length(void)
- {
- EXPECT_DECLS;
- int nids[] = {
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
- #ifdef WOLFSSL_AES_128
- NID_aes_128_cbc,
- #endif
- #ifdef WOLFSSL_AES_192
- NID_aes_192_cbc,
- #endif
- #ifdef WOLFSSL_AES_256
- NID_aes_256_cbc,
- #endif
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
- #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- #ifdef HAVE_AESGCM
- #ifdef WOLFSSL_AES_128
- NID_aes_128_gcm,
- #endif
- #ifdef WOLFSSL_AES_192
- NID_aes_192_gcm,
- #endif
- #ifdef WOLFSSL_AES_256
- NID_aes_256_gcm,
- #endif
- #endif /* HAVE_AESGCM */
- #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
- #ifdef WOLFSSL_AES_COUNTER
- #ifdef WOLFSSL_AES_128
- NID_aes_128_ctr,
- #endif
- #ifdef WOLFSSL_AES_192
- NID_aes_192_ctr,
- #endif
- #ifdef WOLFSSL_AES_256
- NID_aes_256_ctr,
- #endif
- #endif
- #ifndef NO_DES3
- NID_des_cbc,
- NID_des_ede3_cbc,
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- NID_chacha20_poly1305,
- #endif
- };
- int iv_lengths[] = {
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
- #ifdef WOLFSSL_AES_128
- AES_BLOCK_SIZE,
- #endif
- #ifdef WOLFSSL_AES_192
- AES_BLOCK_SIZE,
- #endif
- #ifdef WOLFSSL_AES_256
- AES_BLOCK_SIZE,
- #endif
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
- #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- #ifdef HAVE_AESGCM
- #ifdef WOLFSSL_AES_128
- GCM_NONCE_MID_SZ,
- #endif
- #ifdef WOLFSSL_AES_192
- GCM_NONCE_MID_SZ,
- #endif
- #ifdef WOLFSSL_AES_256
- GCM_NONCE_MID_SZ,
- #endif
- #endif /* HAVE_AESGCM */
- #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
- #ifdef WOLFSSL_AES_COUNTER
- #ifdef WOLFSSL_AES_128
- AES_BLOCK_SIZE,
- #endif
- #ifdef WOLFSSL_AES_192
- AES_BLOCK_SIZE,
- #endif
- #ifdef WOLFSSL_AES_256
- AES_BLOCK_SIZE,
- #endif
- #endif
- #ifndef NO_DES3
- DES_BLOCK_SIZE,
- DES_BLOCK_SIZE,
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- CHACHA20_POLY1305_AEAD_IV_SIZE,
- #endif
- };
- int i;
- int nidsLen = (sizeof(nids)/sizeof(int));
- for (i = 0; i < nidsLen; i++) {
- const EVP_CIPHER *c = EVP_get_cipherbynid(nids[i]);
- ExpectIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]);
- }
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_SignInit_ex(void)
- {
- EXPECT_DECLS;
- WOLFSSL_EVP_MD_CTX mdCtx;
- WOLFSSL_ENGINE* e = 0;
- const EVP_MD* md = EVP_sha256();
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_DigestFinal_ex(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_SHA256)
- WOLFSSL_EVP_MD_CTX mdCtx;
- unsigned int s = 0;
- unsigned char md[WC_SHA256_DIGEST_SIZE];
- unsigned char md2[WC_SHA256_DIGEST_SIZE];
- /* Bad Case */
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION > 2))
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
- #else
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
- #endif
- /* Good Case */
- wolfSSL_EVP_MD_CTX_init(&mdCtx);
- ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, EVP_sha256()), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_QT_EVP_PKEY_CTX_free(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- EVP_PKEY* pkey = NULL;
- EVP_PKEY_CTX* ctx = NULL;
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
- /* void */
- EVP_PKEY_CTX_free(ctx);
- #else
- /* int */
- ExpectIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS);
- #endif
- EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_param_check(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
- #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
- DH *dh = NULL;
- DH *setDh = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX* ctx = NULL;
- FILE* f = NULL;
- unsigned char buf[512];
- const unsigned char* pt = buf;
- const char* dh2048 = "./certs/dh2048.der";
- long len = 0;
- int code = -1;
- XMEMSET(buf, 0, sizeof(buf));
- ExpectTrue((f = XFOPEN(dh2048, "rb")) != XBADFILE);
- ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- /* Load dh2048.der into DH with internal format */
- ExpectNotNull(setDh = d2i_DHparams(NULL, &pt, len));
- ExpectIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS);
- ExpectIntEQ(code, 0);
- code = -1;
- pkey = wolfSSL_EVP_PKEY_new();
- /* Set DH into PKEY */
- ExpectIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
- /* create ctx from pkey */
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */);
- /* TODO: more invalid cases */
- ExpectIntEQ(EVP_PKEY_param_check(NULL), 0);
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
- DH_free(setDh);
- setDh = NULL;
- DH_free(dh);
- dh = NULL;
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_BytesToKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- byte key[AES_BLOCK_SIZE] = {0};
- byte iv[AES_BLOCK_SIZE] = {0};
- int count = 0;
- const EVP_MD* md = EVP_sha256();
- const EVP_CIPHER *type;
- const unsigned char *salt = (unsigned char *)"salt1234";
- int sz = 5;
- const byte data[] = {
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);
- /* Bad cases */
- ExpectIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
- 0);
- ExpectIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
- 16);
- md = "2";
- ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
- WOLFSSL_FAILURE);
- /* Good case */
- md = EVP_sha256();
- ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
- 16);
- #endif
- return EXPECT_RESULT();
- }
- static int test_evp_cipher_aes_gcm(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && \
- !defined(HAVE_SELFTEST)) || (defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION >= 2)))
- /*
- * This test checks data at various points in the encrypt/decrypt process
- * against known values produced using the same test with OpenSSL. This
- * interop testing is critical for verifying the correctness of our
- * EVP_Cipher implementation with AES-GCM. Specifically, this test exercises
- * a flow supported by OpenSSL that uses the control command
- * EVP_CTRL_GCM_IV_GEN to increment the IV between cipher operations without
- * the need to call EVP_CipherInit. OpenSSH uses this flow, for example. We
- * had a bug with OpenSSH where wolfSSL OpenSSH servers could only talk to
- * wolfSSL OpenSSH clients because there was a bug in this flow that
- * happened to "cancel out" if both sides of the connection had the bug.
- */
- enum {
- NUM_ENCRYPTIONS = 3,
- AAD_SIZE = 4
- };
- byte plainText1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
- };
- byte plainText2[] = {
- 0x42, 0x49, 0x3b, 0x27, 0x03, 0x35, 0x59, 0x14, 0x41, 0x47, 0x37, 0x14,
- 0x0e, 0x34, 0x0d, 0x28, 0x63, 0x09, 0x0a, 0x5b, 0x22, 0x57, 0x42, 0x22,
- 0x0f, 0x5c, 0x1e, 0x53, 0x45, 0x15, 0x62, 0x08, 0x60, 0x43, 0x50, 0x2c
- };
- byte plainText3[] = {
- 0x36, 0x0d, 0x2b, 0x09, 0x4a, 0x56, 0x3b, 0x4c, 0x21, 0x22, 0x58, 0x0e,
- 0x5b, 0x57, 0x10
- };
- byte* plainTexts[NUM_ENCRYPTIONS] = {
- plainText1,
- plainText2,
- plainText3
- };
- const int plainTextSzs[NUM_ENCRYPTIONS] = {
- sizeof(plainText1),
- sizeof(plainText2),
- sizeof(plainText3)
- };
- byte aad1[AAD_SIZE] = {
- 0x00, 0x00, 0x00, 0x01
- };
- byte aad2[AAD_SIZE] = {
- 0x00, 0x00, 0x00, 0x10
- };
- byte aad3[AAD_SIZE] = {
- 0x00, 0x00, 0x01, 0x00
- };
- byte* aads[NUM_ENCRYPTIONS] = {
- aad1,
- aad2,
- aad3
- };
- const byte iv[GCM_NONCE_MID_SZ] = {
- 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF
- };
- byte currentIv[GCM_NONCE_MID_SZ];
- const byte key[] = {
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
- 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
- };
- const byte expIvs[NUM_ENCRYPTIONS][GCM_NONCE_MID_SZ] = {
- {
- 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE,
- 0xEF
- },
- {
- 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE,
- 0xF0
- },
- {
- 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE,
- 0xF1
- }
- };
- const byte expTags[NUM_ENCRYPTIONS][AES_BLOCK_SIZE] = {
- {
- 0x65, 0x4F, 0xF7, 0xA0, 0xBB, 0x7B, 0x90, 0xB7, 0x9C, 0xC8, 0x14,
- 0x3D, 0x32, 0x18, 0x34, 0xA9
- },
- {
- 0x50, 0x3A, 0x13, 0x8D, 0x91, 0x1D, 0xEC, 0xBB, 0xBA, 0x5B, 0x57,
- 0xA2, 0xFD, 0x2D, 0x6B, 0x7F
- },
- {
- 0x3B, 0xED, 0x18, 0x9C, 0xB3, 0xE3, 0x61, 0x1E, 0x11, 0xEB, 0x13,
- 0x5B, 0xEC, 0x52, 0x49, 0x32,
- }
- };
- const byte expCipherText1[] = {
- 0xCB, 0x93, 0x4F, 0xC8, 0x22, 0xE2, 0xC0, 0x35, 0xAA, 0x6B, 0x41, 0x15,
- 0x17, 0x30, 0x2F, 0x97, 0x20, 0x74, 0x39, 0x28, 0xF8, 0xEB, 0xC5, 0x51,
- 0x7B, 0xD9, 0x8A, 0x36, 0xB8, 0xDA, 0x24, 0x80, 0xE7, 0x9E, 0x09, 0xDE
- };
- const byte expCipherText2[] = {
- 0xF9, 0x32, 0xE1, 0x87, 0x37, 0x0F, 0x04, 0xC1, 0xB5, 0x59, 0xF0, 0x45,
- 0x3A, 0x0D, 0xA0, 0x26, 0xFF, 0xA6, 0x8D, 0x38, 0xFE, 0xB8, 0xE5, 0xC2,
- 0x2A, 0x98, 0x4A, 0x54, 0x8F, 0x1F, 0xD6, 0x13, 0x03, 0xB2, 0x1B, 0xC0
- };
- const byte expCipherText3[] = {
- 0xD0, 0x37, 0x59, 0x1C, 0x2F, 0x85, 0x39, 0x4D, 0xED, 0xC2, 0x32, 0x5B,
- 0x80, 0x5E, 0x6B,
- };
- const byte* expCipherTexts[NUM_ENCRYPTIONS] = {
- expCipherText1,
- expCipherText2,
- expCipherText3
- };
- byte* cipherText = NULL;
- byte* calcPlainText = NULL;
- byte tag[AES_BLOCK_SIZE];
- EVP_CIPHER_CTX* encCtx = NULL;
- EVP_CIPHER_CTX* decCtx = NULL;
- int i, j, outl;
- /****************************************************/
- for (i = 0; i < 3; ++i) {
- ExpectNotNull(encCtx = EVP_CIPHER_CTX_new());
- ExpectNotNull(decCtx = EVP_CIPHER_CTX_new());
- /* First iteration, set key before IV. */
- if (i == 0) {
- ExpectIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1),
- SSL_SUCCESS);
- /*
- * The call to EVP_CipherInit below (with NULL key) should clear the
- * authIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a
- * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL
- * behavior.
- */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
- (void*)iv), SSL_SUCCESS);
- ExpectIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1),
- SSL_SUCCESS);
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
- currentIv), SSL_FAILURE);
- ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0),
- SSL_SUCCESS);
- ExpectIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0),
- SSL_SUCCESS);
- }
- /* Second iteration, IV before key. */
- else {
- ExpectIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), NULL, iv, 1),
- SSL_SUCCESS);
- ExpectIntEQ(EVP_CipherInit(encCtx, NULL, key, NULL, 1),
- SSL_SUCCESS);
- ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), NULL, iv, 0),
- SSL_SUCCESS);
- ExpectIntEQ(EVP_CipherInit(decCtx, NULL, key, NULL, 0),
- SSL_SUCCESS);
- }
- /*
- * EVP_CTRL_GCM_IV_GEN should fail if EVP_CTRL_GCM_SET_IV_FIXED hasn't
- * been issued first.
- */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
- currentIv), SSL_FAILURE);
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
- (void*)iv), SSL_SUCCESS);
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
- (void*)iv), SSL_SUCCESS);
- for (j = 0; j < NUM_ENCRYPTIONS; ++j) {
- /*************** Encrypt ***************/
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
- currentIv), SSL_SUCCESS);
- /* Check current IV against expected. */
- ExpectIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0);
- /* Add AAD. */
- if (i == 2) {
- /* Test streaming API. */
- ExpectIntEQ(EVP_CipherUpdate(encCtx, NULL, &outl, aads[j],
- AAD_SIZE), SSL_SUCCESS);
- }
- else {
- ExpectIntEQ(EVP_Cipher(encCtx, NULL, aads[j], AAD_SIZE),
- AAD_SIZE);
- }
- ExpectNotNull(cipherText = (byte*)XMALLOC(plainTextSzs[j], NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- /* Encrypt plaintext. */
- if (i == 2) {
- ExpectIntEQ(EVP_CipherUpdate(encCtx, cipherText, &outl,
- plainTexts[j], plainTextSzs[j]),
- SSL_SUCCESS);
- }
- else {
- ExpectIntEQ(EVP_Cipher(encCtx, cipherText, plainTexts[j],
- plainTextSzs[j]), plainTextSzs[j]);
- }
- if (i == 2) {
- ExpectIntEQ(EVP_CipherFinal(encCtx, cipherText, &outl),
- SSL_SUCCESS);
- }
- else {
- /*
- * Calling EVP_Cipher with NULL input and output for AES-GCM is
- * akin to calling EVP_CipherFinal.
- */
- ExpectIntGE(EVP_Cipher(encCtx, NULL, NULL, 0), 0);
- }
- /* Check ciphertext against expected. */
- ExpectIntEQ(XMEMCMP(cipherText, expCipherTexts[j], plainTextSzs[j]),
- 0);
- /* Get and check tag against expected. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_GET_TAG,
- sizeof(tag), tag), SSL_SUCCESS);
- ExpectIntEQ(XMEMCMP(tag, expTags[j], sizeof(tag)), 0);
- /*************** Decrypt ***************/
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_IV_GEN, -1,
- currentIv), SSL_SUCCESS);
- /* Check current IV against expected. */
- ExpectIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0);
- /* Add AAD. */
- if (i == 2) {
- /* Test streaming API. */
- ExpectIntEQ(EVP_CipherUpdate(decCtx, NULL, &outl, aads[j],
- AAD_SIZE), SSL_SUCCESS);
- }
- else {
- ExpectIntEQ(EVP_Cipher(decCtx, NULL, aads[j], AAD_SIZE),
- AAD_SIZE);
- }
- /* Set expected tag. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_TAG,
- sizeof(tag), tag), SSL_SUCCESS);
- /* Decrypt ciphertext. */
- ExpectNotNull(calcPlainText = (byte*)XMALLOC(plainTextSzs[j], NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (i == 2) {
- ExpectIntEQ(EVP_CipherUpdate(decCtx, calcPlainText, &outl,
- cipherText, plainTextSzs[j]),
- SSL_SUCCESS);
- }
- else {
- /* This first EVP_Cipher call will check the tag, too. */
- ExpectIntEQ(EVP_Cipher(decCtx, calcPlainText, cipherText,
- plainTextSzs[j]), plainTextSzs[j]);
- }
- if (i == 2) {
- ExpectIntEQ(EVP_CipherFinal(decCtx, calcPlainText, &outl),
- SSL_SUCCESS);
- }
- else {
- ExpectIntGE(EVP_Cipher(decCtx, NULL, NULL, 0), 0);
- }
- /* Check plaintext against expected. */
- ExpectIntEQ(XMEMCMP(calcPlainText, plainTexts[j], plainTextSzs[j]),
- 0);
- XFREE(cipherText, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- cipherText = NULL;
- XFREE(calcPlainText, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- calcPlainText = NULL;
- }
- EVP_CIPHER_CTX_free(encCtx);
- encCtx = NULL;
- EVP_CIPHER_CTX_free(decCtx);
- decCtx = NULL;
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OBJ_ln(void)
- {
- EXPECT_DECLS;
- const int nid_set[] = {
- NID_commonName,
- NID_serialNumber,
- NID_countryName,
- NID_localityName,
- NID_stateOrProvinceName,
- NID_organizationName,
- NID_organizationalUnitName,
- NID_domainComponent,
- NID_businessCategory,
- NID_jurisdictionCountryName,
- NID_jurisdictionStateOrProvinceName,
- NID_emailAddress
- };
- const char* ln_set[] = {
- "commonName",
- "serialNumber",
- "countryName",
- "localityName",
- "stateOrProvinceName",
- "organizationName",
- "organizationalUnitName",
- "domainComponent",
- "businessCategory",
- "jurisdictionCountryName",
- "jurisdictionStateOrProvinceName",
- "emailAddress",
- };
- size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);
- ExpectIntEQ(OBJ_ln2nid(NULL), NID_undef);
- #ifdef HAVE_ECC
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- {
- EC_builtin_curve r[27];
- size_t nCurves = sizeof(r) / sizeof(r[0]);
- nCurves = EC_get_builtin_curves(r, nCurves);
- for (i = 0; i < nCurves; i++) {
- /* skip ECC_CURVE_INVALID */
- if (r[i].nid != ECC_CURVE_INVALID) {
- ExpectIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
- ExpectStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment);
- }
- }
- }
- #endif
- #endif
- for (i = 0; i < maxIdx; i++) {
- ExpectIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]);
- ExpectStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]);
- }
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OBJ_sn(void)
- {
- EXPECT_DECLS;
- int i = 0, maxIdx = 7;
- const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName,
- NID_stateOrProvinceName,NID_organizationName,
- NID_organizationalUnitName,NID_emailAddress};
- const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
- const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
- WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
- WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
- WOLFSSL_EMAIL_ADDR};
- ExpectIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
- for (i = 0; i < maxIdx; i++) {
- ExpectIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
- ExpectStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
- }
- return EXPECT_RESULT();
- }
- #if !defined(NO_BIO)
- static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
- {
- return lh_strhash(s[3]);
- }
- static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
- {
- return XSTRCMP(a[3], b[3]);
- }
- #endif
- static int test_wolfSSL_TXT_DB(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
- BIO *bio = NULL;
- TXT_DB *db = NULL;
- const int columns = 6;
- const char *fields[6] = {
- "V",
- "320926161116Z",
- "",
- "12BD",
- "unknown",
- "/CN=rsa doe",
- };
- char** fields_copy = NULL;
- /* Test read */
- ExpectNotNull(bio = BIO_new(BIO_s_file()));
- ExpectIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
- ExpectNotNull(db = TXT_DB_read(bio, columns));
- ExpectNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL,
- DYNAMIC_TYPE_OPENSSL));
- if (fields_copy != NULL) {
- XMEMCPY(fields_copy, fields, sizeof(fields));
- }
- ExpectIntEQ(TXT_DB_insert(db, fields_copy), 1);
- if (EXPECT_FAIL()) {
- XFREE(fields_copy, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- BIO_free(bio);
- bio = NULL;
- /* Test write */
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(TXT_DB_write(bio, db), 1484);
- BIO_free(bio);
- /* Test index */
- ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
- (wolf_lh_compare_cb)TXT_DB_cmp), 1);
- ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
- fields[3] = "12DA";
- ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
- fields[3] = "FFFF";
- ExpectNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
- fields[3] = "";
- ExpectNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
- TXT_DB_free(db);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_NCONF(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
- const char* confFile = "./tests/NCONF_test.cnf";
- CONF* conf = NULL;
- long eline = 0;
- long num = 0;
- ExpectNotNull(conf = NCONF_new(NULL));
- ExpectIntEQ(NCONF_load(conf, confFile, &eline), 1);
- ExpectIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1);
- ExpectIntEQ(num, 1234);
- ExpectIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1);
- ExpectIntEQ(num, 4321);
- ExpectStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir");
- ExpectStrEQ(NCONF_get_string(conf, "section1", "file1_copy"),
- "./test-dir/file1");
- ExpectStrEQ(NCONF_get_string(conf, "section2", "file_list"),
- "./test-dir/file1:./test-dir/file2:./section1:file2");
- NCONF_free(conf);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* OPENSSL_ALL */
- static int test_wolfSSL_X509V3_EXT_get(void) {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
- XFILE f = XBADFILE;
- int numOfExt =0;
- int extNid = 0;
- int i = 0;
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509_EXTENSION* ext = NULL;
- const WOLFSSL_v3_ext_method* method = NULL;
- ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE)
- XFCLOSE(f);
- /* wolfSSL_X509V3_EXT_get() return struct and nid test */
- ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
- for (i = 0; i < numOfExt; i++) {
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- ExpectIntNE((extNid = ext->obj->nid), NID_undef);
- ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
- ExpectIntEQ(method->ext_nid, extNid);
- }
- /* wolfSSL_X509V3_EXT_get() NULL argument test */
- ExpectNull(method = wolfSSL_X509V3_EXT_get(NULL));
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509V3_EXT_nconf(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_ALL
- const char *ext_names[] = {
- "subjectKeyIdentifier",
- "authorityKeyIdentifier",
- "subjectAltName",
- "keyUsage",
- "extendedKeyUsage",
- };
- size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names);
- int ext_nids[] = {
- NID_subject_key_identifier,
- NID_authority_key_identifier,
- NID_subject_alt_name,
- NID_key_usage,
- NID_ext_key_usage,
- };
- size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids);
- const char *ext_values[] = {
- "hash",
- "hash",
- "DNS:example.com, IP:127.0.0.1",
- "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,"
- "keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly",
- "serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,"
- "OCSPSigning",
- };
- size_t i;
- X509_EXTENSION* ext = NULL;
- X509* x509 = NULL;
- unsigned int keyUsageFlags;
- unsigned int extKeyUsageFlags;
- ExpectNotNull(x509 = X509_new());
- /* keyUsage / extKeyUsage should match string above */
- keyUsageFlags = KU_DIGITAL_SIGNATURE
- | KU_NON_REPUDIATION
- | KU_KEY_ENCIPHERMENT
- | KU_DATA_ENCIPHERMENT
- | KU_KEY_AGREEMENT
- | KU_KEY_CERT_SIGN
- | KU_CRL_SIGN
- | KU_ENCIPHER_ONLY
- | KU_DECIPHER_ONLY;
- extKeyUsageFlags = XKU_SSL_CLIENT
- | XKU_SSL_SERVER
- | XKU_CODE_SIGN
- | XKU_SMIME
- | XKU_TIMESTAMP
- | XKU_OCSP_SIGN;
- for (i = 0; i < ext_names_count; i++) {
- ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i],
- ext_values[i]));
- X509_EXTENSION_free(ext);
- ext = NULL;
- }
- for (i = 0; i < ext_nids_count; i++) {
- ExpectNotNull(ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i],
- ext_values[i]));
- X509_EXTENSION_free(ext);
- ext = NULL;
- }
- /* Test adding extension to X509 */
- for (i = 0; i < ext_nids_count; i++) {
- ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i],
- ext_values[i]));
- ExpectIntEQ(X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
- if (ext_nids[i] == NID_key_usage) {
- ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags);
- }
- else if (ext_nids[i] == NID_ext_key_usage) {
- ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags);
- }
- X509_EXTENSION_free(ext);
- ext = NULL;
- }
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509V3_EXT(void) {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
- XFILE f = XBADFILE;
- int numOfExt = 0, nid = 0, i = 0, expected, actual = 0;
- char* str = NULL;
- unsigned char* data = NULL;
- const WOLFSSL_v3_ext_method* method = NULL;
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509_EXTENSION* ext = NULL;
- WOLFSSL_X509_EXTENSION* ext2 = NULL;
- WOLFSSL_ASN1_OBJECT *obj = NULL;
- WOLFSSL_ASN1_OBJECT *adObj = NULL;
- WOLFSSL_ASN1_STRING* asn1str = NULL;
- WOLFSSL_AUTHORITY_KEYID* aKeyId = NULL;
- WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL;
- WOLFSSL_BASIC_CONSTRAINTS* bc = NULL;
- WOLFSSL_ACCESS_DESCRIPTION* ad = NULL;
- WOLFSSL_GENERAL_NAME* gn = NULL;
- /* Check NULL argument */
- ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL));
- /* Using OCSP cert with X509V3 extensions */
- ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
- /* Basic Constraints */
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints);
- ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
- ExpectIntEQ(bc->ca, 1);
- ExpectNull(bc->pathlen);
- wolfSSL_BASIC_CONSTRAINTS_free(bc);
- bc = NULL;
- i++;
- /* Subject Key Identifier */
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);
- ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
- ExpectNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0,
- asn1str));
- X509_EXTENSION_free(ext2);
- ext2 = NULL;
- ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
- ExpectNotNull(method->i2s);
- ExpectNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
- wolfSSL_ASN1_STRING_free(asn1str);
- asn1str = NULL;
- if (str != NULL) {
- actual = strcmp(str,
- "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
- }
- ExpectIntEQ(actual, 0);
- XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- str = NULL;
- i++;
- /* Authority Key Identifier */
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier);
- ExpectNotNull(aKeyId = (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(
- ext));
- ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext));
- ExpectNotNull(asn1str = aKeyId->keyid);
- ExpectNotNull(str = wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method,
- asn1str));
- asn1str = NULL;
- if (str != NULL) {
- actual = strcmp(str,
- "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
- }
- ExpectIntEQ(actual, 0);
- XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- str = NULL;
- wolfSSL_AUTHORITY_KEYID_free(aKeyId);
- aKeyId = NULL;
- i++;
- /* Key Usage */
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
- ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
- #if defined(WOLFSSL_QT)
- ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str));
- #else
- ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
- #endif
- expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
- if (data != NULL) {
- #ifdef BIG_ENDIAN_ORDER
- actual = data[1];
- #else
- actual = data[0];
- #endif
- }
- ExpectIntEQ(actual, expected);
- wolfSSL_ASN1_STRING_free(asn1str);
- asn1str = NULL;
- #if 1
- i++;
- /* Authority Info Access */
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i));
- ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
- ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access);
- ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(
- ext));
- #if defined(WOLFSSL_QT)
- ExpectIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
- #else
- ExpectIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
- #endif
- /* URI entry is an ACCESS_DESCRIPTION type */
- #if defined(WOLFSSL_QT)
- ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0));
- #else
- ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0));
- #endif
- ExpectNotNull(adObj = ad->method);
- /* Make sure nid is OCSP */
- ExpectIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP);
- /* GENERAL_NAME stores URI as an ASN1_STRING */
- ExpectNotNull(gn = ad->location);
- ExpectIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */
- ExpectNotNull(asn1str = gn->d.uniformResourceIdentifier);
- ExpectIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22);
- #if defined(WOLFSSL_QT)
- ExpectNotNull(str = (char*)ASN1_STRING_get0_data(asn1str));
- #else
- ExpectNotNull(str = (char*)wolfSSL_ASN1_STRING_data(asn1str));
- #endif
- if (str != NULL) {
- actual = strcmp(str, "http://127.0.0.1:22220");
- }
- ExpectIntEQ(actual, 0);
- wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
- aia = NULL;
- #else
- (void) aia; (void) ad; (void) adObj; (void) gn;
- #endif
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_get_extension_flags(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_RSA)
- XFILE f = XBADFILE;
- X509* x509 = NULL;
- unsigned int extFlags;
- unsigned int keyUsageFlags;
- unsigned int extKeyUsageFlags;
- /* client-int-cert.pem has the following extension flags. */
- extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
- /* and the following key usage flags. */
- keyUsageFlags = KU_DIGITAL_SIGNATURE
- | KU_NON_REPUDIATION
- | KU_KEY_ENCIPHERMENT;
- /* and the following extended key usage flags. */
- extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME;
- ExpectTrue((f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb")) !=
- XBADFILE);
- ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- ExpectIntEQ(X509_get_extension_flags(x509), extFlags);
- ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags);
- ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags);
- X509_free(x509);
- x509 = NULL;
- /* client-cert-ext.pem has the following extension flags. */
- extFlags = EXFLAG_KUSAGE;
- /* and the following key usage flags. */
- keyUsageFlags = KU_DIGITAL_SIGNATURE
- | KU_KEY_CERT_SIGN
- | KU_CRL_SIGN;
- ExpectTrue((f = fopen("./certs/client-cert-ext.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectIntEQ(X509_get_extension_flags(x509), extFlags);
- ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags);
- X509_free(x509);
- #endif /* OPENSSL_ALL */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_get_ext(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
- int ret = 0;
- XFILE f = XBADFILE;
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509_EXTENSION* foundExtension;
- ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
- /* wolfSSL_X509_get_ext() valid input */
- ExpectNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0));
- /* wolfSSL_X509_get_ext() valid x509, idx out of bounds */
- ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, -1));
- ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, 100));
- /* wolfSSL_X509_get_ext() NULL x509, idx out of bounds */
- ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1));
- ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100));
- /* wolfSSL_X509_get_ext() NULL x509, valid idx */
- ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_get_ext_by_NID(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_RSA)
- int rc = 0;
- XFILE f = XBADFILE;
- WOLFSSL_X509* x509 = NULL;
- ASN1_OBJECT* obj = NULL;
- ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
- -1), 0);
- /* Start search from last location (should fail) */
- ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
- rc), -1);
- ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints,
- -2), -1);
- ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints,
- -1), -1);
- ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1), -1);
- /* NID_ext_key_usage, check also its nid and oid */
- ExpectIntGT(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_ext_key_usage, -1),
- -1);
- ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext(
- x509, rc)));
- ExpectIntEQ(obj->nid, NID_ext_key_usage);
- ExpectIntEQ(obj->type, EXT_KEY_USAGE_OID);
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_get_ext_subj_alt_name(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_RSA)
- int rc = 0;
- XFILE f = XBADFILE;
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509_EXTENSION* ext = NULL;
- WOLFSSL_ASN1_STRING* sanString = NULL;
- byte* sanDer = NULL;
- const byte expectedDer[] = {
- 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
- 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01};
- ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectIntNE(rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1), -1);
- ExpectNotNull(ext = X509_get_ext(x509, rc));
- ExpectNotNull(sanString = X509_EXTENSION_get_data(ext));
- ExpectIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer));
- ExpectNotNull(sanDer = ASN1_STRING_data(sanString));
- ExpectIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0);
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_EXTENSION_new(void)
- {
- EXPECT_DECLS;
- #if defined (OPENSSL_ALL)
- WOLFSSL_X509_EXTENSION* ext = NULL;
- ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new());
- ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
- wolfSSL_X509_EXTENSION_free(ext);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_EXTENSION_get_object(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509_EXTENSION* ext = NULL;
- WOLFSSL_ASN1_OBJECT* o = NULL;
- XFILE file = XBADFILE;
- ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
- if (file != XBADFILE)
- XFCLOSE(file);
- /* wolfSSL_X509_EXTENSION_get_object() testing ext idx 0 */
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
- ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL));
- ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
- ExpectIntEQ(o->nid, 128);
- /* wolfSSL_X509_EXTENSION_get_object() NULL argument */
- ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_EXTENSION_get_data(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509_EXTENSION* ext = NULL;
- WOLFSSL_ASN1_STRING* str = NULL;
- XFILE file = XBADFILE;
- ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
- if (file != XBADFILE)
- XFCLOSE(file);
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
- ExpectNull(str = wolfSSL_X509_EXTENSION_get_data(NULL));
- ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_EXTENSION_get_critical(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
- WOLFSSL_X509* x509 = NULL;
- WOLFSSL_X509_EXTENSION* ext = NULL;
- XFILE file = XBADFILE;
- int crit = 0;
- ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
- if (file != XBADFILE)
- XFCLOSE(file);
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
- ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), BAD_FUNC_ARG);
- ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0);
- wolfSSL_X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509V3_EXT_print(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \
- !defined(NO_RSA)
- {
- XFILE f = XBADFILE;
- WOLFSSL_X509* x509 = NULL;
- X509_EXTENSION * ext = NULL;
- int loc = 0;
- BIO *bio = NULL;
- ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE);
- ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
- if (f != XBADFILE)
- fclose(f);
- ExpectNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
- ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
- NID_basic_constraints, -1), -1);
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
- ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
- ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
- NID_subject_key_identifier, -1), -1);
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
- ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
- ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509,
- NID_authority_key_identifier, -1), -1);
- ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
- ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
- wolfSSL_BIO_free(bio);
- wolfSSL_X509_free(x509);
- }
- {
- X509 *x509 = NULL;
- BIO *bio = NULL;
- X509_EXTENSION *ext = NULL;
- unsigned int i = 0;
- unsigned int idx = 0;
- /* Some NIDs to test with */
- int nids[] = {
- /* NID_key_usage, currently X509_get_ext returns this as a bit
- * string, which messes up X509V3_EXT_print */
- /* NID_ext_key_usage, */
- NID_subject_alt_name,
- };
- int* n = NULL;
- ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE));
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntGT(fprintf(stderr, "\nPrinting extension values:\n"), 0);
- for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
- /* X509_get_ext_by_NID should return 3 for now. If that changes then
- * update the index */
- ExpectIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
- ExpectNotNull(ext = X509_get_ext(x509, idx));
- ExpectIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
- ExpectIntGT(fprintf(stderr, "\n"), 0);
- }
- BIO_free(bio);
- X509_free(x509);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_cmp(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_RSA)
- XFILE file1 = XBADFILE;
- XFILE file2 = XBADFILE;
- WOLFSSL_X509* cert1 = NULL;
- WOLFSSL_X509* cert2 = NULL;
- ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
- ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) !=
- XBADFILE);
- ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
- ExpectNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL));
- if (file1 != XBADFILE)
- fclose(file1);
- if (file2 != XBADFILE)
- fclose(file2);
- /* wolfSSL_X509_cmp() testing matching certs */
- ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
- /* wolfSSL_X509_cmp() testing mismatched certs */
- ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
- /* wolfSSL_X509_cmp() testing NULL, valid args */
- ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
- /* wolfSSL_X509_cmp() testing valid, NULL args */
- ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
- /* wolfSSL_X509_cmp() testing NULL, NULL args */
- ExpectIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
- wolfSSL_X509_free(cert1);
- wolfSSL_X509_free(cert2);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_up_ref(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL)
- EVP_PKEY* pkey;
- pkey = EVP_PKEY_new();
- ExpectNotNull(pkey);
- ExpectIntEQ(EVP_PKEY_up_ref(NULL), 0);
- ExpectIntEQ(EVP_PKEY_up_ref(pkey), 1);
- EVP_PKEY_free(pkey);
- ExpectIntEQ(EVP_PKEY_up_ref(pkey), 1);
- EVP_PKEY_free(pkey);
- EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_d2i_and_i2d_PublicKey(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- EVP_PKEY* pkey = NULL;
- const unsigned char* p;
- unsigned char *der = NULL;
- unsigned char *tmp = NULL;
- int derLen;
- p = client_keypub_der_2048;
- /* Check that key can be successfully decoded. */
- ExpectNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p,
- sizeof_client_keypub_der_2048));
- /* Check that key can be successfully encoded. */
- ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0);
- /* Ensure that the encoded version matches the original. */
- ExpectIntEQ(derLen, sizeof_client_keypub_der_2048);
- ExpectIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0);
- /* Do same test except with pre-allocated buffer to ensure the der pointer
- * is advanced. */
- tmp = der;
- ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &tmp)), 0);
- ExpectIntEQ(derLen, sizeof_client_keypub_der_2048);
- ExpectIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0);
- ExpectTrue(der + derLen == tmp);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_CERTS) && \
- !defined(NO_ASN) && !defined(NO_PWDBASED)
- EVP_PKEY* pkey = NULL;
- const unsigned char* p;
- unsigned char *der = NULL;
- unsigned char *tmp = NULL;
- int derLen;
- unsigned char pub_buf[65];
- const int pub_len = 65;
- BN_CTX* ctx;
- EC_GROUP* curve = NULL;
- EC_KEY* ephemeral_key = NULL;
- const EC_POINT* h;
- /* Generate an x963 key pair and get public part into pub_buf */
- ExpectNotNull(ctx = BN_CTX_new());
- ExpectNotNull(curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectNotNull(ephemeral_key = EC_KEY_new_by_curve_name(
- NID_X9_62_prime256v1));
- ExpectIntEQ(EC_KEY_generate_key(ephemeral_key), 1);
- ExpectNotNull(h = EC_KEY_get0_public_key(ephemeral_key));
- ExpectIntEQ(pub_len, EC_POINT_point2oct(curve, h,
- POINT_CONVERSION_UNCOMPRESSED, pub_buf, pub_len, ctx));
- /* Prepare the EVP_PKEY */
- ExpectNotNull(pkey = EVP_PKEY_new());
- p = pub_buf;
- /* Check that key can be successfully decoded. */
- ExpectNotNull(wolfSSL_d2i_PublicKey(EVP_PKEY_EC, &pkey, &p,
- pub_len));
- /* Check that key can be successfully encoded. */
- ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0);
- /* Ensure that the encoded version matches the original. */
- ExpectIntEQ(derLen, pub_len);
- ExpectIntEQ(XMEMCMP(der, pub_buf, derLen), 0);
- /* Do same test except with pre-allocated buffer to ensure the der pointer
- * is advanced. */
- tmp = der;
- ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &tmp)), 0);
- ExpectIntEQ(derLen, pub_len);
- ExpectIntEQ(XMEMCMP(der, pub_buf, derLen), 0);
- ExpectTrue(der + derLen == tmp);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- EVP_PKEY_free(pkey);
- EC_KEY_free(ephemeral_key);
- EC_GROUP_free(curve);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_d2i_and_i2d_DSAparams(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DSA)
- DSA* dsa = NULL;
- byte derIn[] = {
- 0x30, 0x82, 0x01, 0x1f, 0x02, 0x81, 0x81, 0x00,
- 0xcd, 0xde, 0x25, 0x68, 0x80, 0x53, 0x0d, 0xe5,
- 0x77, 0xd6, 0xd2, 0x90, 0x39, 0x3f, 0x90, 0xa2,
- 0x3f, 0x33, 0x94, 0x6e, 0xe8, 0x4f, 0x2b, 0x63,
- 0xab, 0x30, 0xab, 0x15, 0xba, 0x11, 0xea, 0x8a,
- 0x5d, 0x8d, 0xcc, 0xb8, 0xd4, 0xa1, 0xd5, 0xc1,
- 0x47, 0x9d, 0x5a, 0x73, 0x6a, 0x62, 0x49, 0xd1,
- 0x06, 0x07, 0x67, 0xf6, 0x2f, 0xa3, 0x39, 0xbd,
- 0x4e, 0x0d, 0xb4, 0xd3, 0x22, 0x23, 0x84, 0xec,
- 0x93, 0x26, 0x5a, 0x49, 0xee, 0x7c, 0x89, 0x48,
- 0x66, 0x4d, 0xe8, 0xe8, 0xd8, 0x50, 0xfb, 0xa5,
- 0x71, 0x9f, 0x22, 0x18, 0xe5, 0xe6, 0x0b, 0x46,
- 0x87, 0x66, 0xee, 0x52, 0x8f, 0x46, 0x4f, 0xb5,
- 0x03, 0xce, 0xed, 0xe3, 0xbe, 0xe5, 0xb5, 0x81,
- 0xd2, 0x59, 0xe9, 0xc0, 0xad, 0x4d, 0xd0, 0x4d,
- 0x26, 0xf7, 0xba, 0x50, 0xe8, 0xc9, 0x8f, 0xfe,
- 0x24, 0x19, 0x3d, 0x2e, 0xa7, 0x52, 0x3c, 0x6d,
- 0x02, 0x15, 0x00, 0xfb, 0x47, 0xfb, 0xec, 0x81,
- 0x20, 0xc8, 0x1c, 0xe9, 0x4a, 0xba, 0x04, 0x6f,
- 0x19, 0x9b, 0x94, 0xee, 0x82, 0x67, 0xd3, 0x02,
- 0x81, 0x81, 0x00, 0x9b, 0x95, 0xbb, 0x85, 0xc5,
- 0x58, 0x4a, 0x32, 0x9c, 0xaa, 0x44, 0x85, 0xd6,
- 0x68, 0xdc, 0x3e, 0x14, 0xf4, 0xce, 0x6d, 0xa3,
- 0x49, 0x38, 0xea, 0xd6, 0x61, 0x48, 0x92, 0x5a,
- 0x40, 0x95, 0x49, 0x38, 0xaa, 0xe1, 0x39, 0x29,
- 0x68, 0x58, 0x47, 0x8a, 0x4b, 0x01, 0xe1, 0x2e,
- 0x8e, 0x6c, 0x63, 0x6f, 0x40, 0xca, 0x50, 0x3f,
- 0x8c, 0x0b, 0x99, 0xe4, 0x72, 0x42, 0xb8, 0xb1,
- 0xc2, 0x26, 0x48, 0xf1, 0x9c, 0x83, 0xc6, 0x37,
- 0x2e, 0x5a, 0xae, 0x11, 0x09, 0xd9, 0xf3, 0xad,
- 0x1f, 0x6f, 0xad, 0xad, 0x50, 0xe3, 0x78, 0x32,
- 0xe6, 0xde, 0x8e, 0xaa, 0xbf, 0xd1, 0x00, 0x9f,
- 0xb3, 0x02, 0x12, 0x19, 0xa2, 0x15, 0xec, 0x14,
- 0x18, 0x5c, 0x0e, 0x26, 0xce, 0xf9, 0xae, 0xcc,
- 0x7b, 0xb5, 0xd1, 0x26, 0xfc, 0x85, 0xfe, 0x14,
- 0x93, 0xb6, 0x9d, 0x7d, 0x76, 0xe3, 0x35, 0x97,
- 0x1e, 0xde, 0xc4
- };
- int derInLen = sizeof(derIn);
- byte* derOut = NULL;
- int derOutLen;
- byte* p = derIn;
- /* Check that params can be successfully decoded. */
- ExpectNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&p, derInLen));
- /* Check that params can be successfully encoded. */
- ExpectIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0);
- /* Ensure that the encoded version matches the original. */
- ExpectIntEQ(derInLen, derOutLen);
- ExpectIntEQ(XMEMCMP(derIn, derOut, derInLen), 0);
- XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
- DSA_free(dsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_i2d_PrivateKey(void)
- {
- EXPECT_DECLS;
- #if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && \
- !defined(NO_ASN) && !defined(NO_PWDBASED)
- #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
- {
- EVP_PKEY* pkey = NULL;
- const unsigned char* server_key =
- (const unsigned char*)server_key_der_2048;
- unsigned char buf[FOURK_BUF];
- unsigned char* pt = NULL;
- int bufSz = 0;
- ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
- (long)sizeof_server_key_der_2048));
- ExpectIntEQ(i2d_PrivateKey(pkey, NULL), 1193);
- pt = buf;
- ExpectIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193);
- ExpectIntNE((pt - buf), 0);
- ExpectIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0);
- EVP_PKEY_free(pkey);
- }
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- {
- EVP_PKEY* pkey = NULL;
- const unsigned char* client_key =
- (const unsigned char*)ecc_clikey_der_256;
- unsigned char buf[FOURK_BUF];
- unsigned char* pt = NULL;
- int bufSz = 0;
- ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
- (long)sizeof_ecc_clikey_der_256)));
- ExpectIntEQ(i2d_PrivateKey(pkey, NULL), 121);
- pt = buf;
- ExpectIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121);
- ExpectIntNE((pt - buf), 0);
- ExpectIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0);
- EVP_PKEY_free(pkey);
- }
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OCSP_id_get0_info(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && \
- defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509* cert = NULL;
- X509* issuer = NULL;
- OCSP_CERTID* id = NULL;
- OCSP_CERTID* id2 = NULL;
- ASN1_STRING* name = NULL;
- ASN1_OBJECT* pmd = NULL;
- ASN1_STRING* keyHash = NULL;
- ASN1_INTEGER* serial = NULL;
- ASN1_INTEGER* x509Int = NULL;
- ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull(id = OCSP_cert_to_id(NULL, cert, issuer));
- ExpectNotNull(id2 = OCSP_cert_to_id(NULL, cert, issuer));
- ExpectIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1);
- /* name, pmd, keyHash not supported yet, expect failure if not NULL */
- ExpectIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0);
- ExpectIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0);
- ExpectIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0);
- ExpectIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1);
- ExpectNotNull(serial);
- /* compare serial number to one in cert, should be equal */
- ExpectNotNull(x509Int = X509_get_serialNumber(cert));
- ExpectIntEQ(x509Int->length, serial->length);
- ExpectIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0);
- /* test OCSP_id_cmp */
- ExpectIntNE(OCSP_id_cmp(NULL, NULL), 0);
- ExpectIntNE(OCSP_id_cmp(id, NULL), 0);
- ExpectIntNE(OCSP_id_cmp(NULL, id2), 0);
- ExpectIntEQ(OCSP_id_cmp(id, id2), 0);
- if (id != NULL) {
- id->issuerHash[0] = ~id->issuerHash[0];
- }
- ExpectIntNE(OCSP_id_cmp(id, id2), 0);
- OCSP_CERTID_free(id);
- OCSP_CERTID_free(id2);
- X509_free(cert); /* free's x509Int */
- X509_free(issuer);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_i2d_OCSP_CERTID(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
- WOLFSSL_OCSP_CERTID certId;
- byte* targetBuffer = NULL;
- byte* p;
- /* OCSP CertID bytes taken from PCAP */
- byte rawCertId[] = {
- 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
- 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
- 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
- 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
- 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
- 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
- 0xcf, 0xbc, 0x91
- };
- int ret = 0;
- int i;
- XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
- certId.rawCertId = rawCertId;
- certId.rawCertIdSize = sizeof(rawCertId);
- ExpectNotNull(targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- p = targetBuffer;
- /* Function returns the size of the encoded data. */
- ExpectIntEQ(ret = wolfSSL_i2d_OCSP_CERTID(&certId, &p), sizeof(rawCertId));
- /* If target buffer is not null, function increments targetBuffer to point
- * just past the end of the encoded data. */
- ExpectPtrEq(p, (targetBuffer + sizeof(rawCertId)));
- for (i = 0; EXPECT_SUCCESS() && i < ret; ++i) {
- ExpectIntEQ(targetBuffer[i], rawCertId[i]);
- }
- XFREE(targetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- targetBuffer = NULL;
- /* If target buffer is null, function allocates memory for a buffer and
- * copies the encoded data into it. targetBuffer then points to the start of
- * this newly allocate buffer. */
- ExpectIntEQ(ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer),
- sizeof(rawCertId));
- for (i = 0; EXPECT_SUCCESS() && i < ret; ++i) {
- ExpectIntEQ(targetBuffer[i], rawCertId[i]);
- }
- XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_d2i_OCSP_CERTID(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
- WOLFSSL_OCSP_CERTID* certId;
- WOLFSSL_OCSP_CERTID* certIdGood;
- WOLFSSL_OCSP_CERTID* certIdBad;
- const unsigned char* rawCertIdPtr;
- const unsigned char rawCertId[] = {
- 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
- 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
- 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
- 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
- 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
- 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
- 0xcf, 0xbc, 0x91
- };
- rawCertIdPtr = &rawCertId[0];
- /* If the cert ID is NULL the function should allocate it and copy the
- * data to it. */
- certId = NULL;
- ExpectNotNull(certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
- sizeof(rawCertId)));
- ExpectIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
- if (certId != NULL) {
- XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
- XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- /* If the cert ID is not NULL the function will just copy the data to it. */
- ExpectNotNull(certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectNotNull(certId);
- ExpectNotNull(XMEMSET(certId, 0, sizeof(*certId)));
- /* Reset rawCertIdPtr since it was push forward in the previous call. */
- rawCertIdPtr = &rawCertId[0];
- ExpectNotNull(certIdGood = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr,
- sizeof(rawCertId)));
- ExpectPtrEq(certIdGood, certId);
- ExpectIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
- if (certId != NULL) {
- XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
- XFREE(certId, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- certId = NULL;
- }
- /* The below tests should fail when passed bad parameters. NULL should
- * always be returned. */
- ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(NULL, &rawCertIdPtr,
- sizeof(rawCertId)));
- ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL,
- sizeof(rawCertId)));
- ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0));
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OCSP_id_cmp(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
- OCSP_CERTID id1;
- OCSP_CERTID id2;
- XMEMSET(&id1, 0, sizeof(id1));
- XMEMSET(&id2, 0, sizeof(id2));
- ExpectIntEQ(OCSP_id_cmp(&id1, &id2), 0);
- ExpectIntNE(OCSP_id_cmp(NULL, NULL), 0);
- ExpectIntNE(OCSP_id_cmp(&id1, NULL), 0);
- ExpectIntNE(OCSP_id_cmp(NULL, &id2), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
- WOLFSSL_OCSP_SINGLERESP single;
- const WOLFSSL_OCSP_CERTID* certId;
- XMEMSET(&single, 0, sizeof(single));
- certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single);
- ExpectPtrEq(&single, certId);
- ExpectNull(wolfSSL_OCSP_SINGLERESP_get0_id(NULL));
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OCSP_single_get0_status(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
- WOLFSSL_OCSP_SINGLERESP single;
- CertStatus certStatus;
- WOLFSSL_ASN1_TIME* thisDate;
- WOLFSSL_ASN1_TIME* nextDate;
- int ret, i;
- XMEMSET(&single, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
- XMEMSET(&certStatus, 0, sizeof(CertStatus));
- /* Fill the date fields with some dummy data. */
- for (i = 0; i < CTC_DATE_SIZE; ++i) {
- certStatus.thisDateParsed.data[i] = i;
- certStatus.nextDateParsed.data[i] = i;
- }
- certStatus.status = CERT_GOOD;
- single.status = &certStatus;
- ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate,
- &nextDate);
- ExpectIntEQ(ret, CERT_GOOD);
- ExpectPtrEq(thisDate, &certStatus.thisDateParsed);
- ExpectPtrEq(nextDate, &certStatus.nextDateParsed);
- ExpectIntEQ(wolfSSL_OCSP_single_get0_status(NULL, NULL, NULL, NULL, NULL),
- CERT_GOOD);
- ExpectIntEQ(wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, NULL,
- NULL), CERT_GOOD);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OCSP_resp_count(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
- WOLFSSL_OCSP_BASICRESP basicResp;
- WOLFSSL_OCSP_SINGLERESP singleRespOne;
- WOLFSSL_OCSP_SINGLERESP singleRespTwo;
- XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
- XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
- XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
- ExpectIntEQ(wolfSSL_OCSP_resp_count(&basicResp), 0);
- basicResp.single = &singleRespOne;
- ExpectIntEQ(wolfSSL_OCSP_resp_count(&basicResp), 1);
- singleRespOne.next = &singleRespTwo;
- ExpectIntEQ(wolfSSL_OCSP_resp_count(&basicResp), 2);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OCSP_resp_get0(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
- WOLFSSL_OCSP_BASICRESP basicResp;
- WOLFSSL_OCSP_SINGLERESP singleRespOne;
- WOLFSSL_OCSP_SINGLERESP singleRespTwo;
- XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
- XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
- XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
- basicResp.single = &singleRespOne;
- singleRespOne.next = &singleRespTwo;
- ExpectPtrEq(wolfSSL_OCSP_resp_get0(&basicResp, 0), &singleRespOne);
- ExpectPtrEq(wolfSSL_OCSP_resp_get0(&basicResp, 1), &singleRespTwo);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_derive(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
- #if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)
- EVP_PKEY_CTX *ctx = NULL;
- unsigned char *skey = NULL;
- size_t skeylen;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *peerkey = NULL;
- const unsigned char* key;
- #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
- /* DH */
- key = dh_key_der_2048;
- ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
- sizeof_dh_key_der_2048)));
- ExpectIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1);
- key = dh_key_der_2048;
- ExpectNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
- sizeof_dh_key_der_2048)));
- ExpectIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1);
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(EVP_PKEY_derive_init(ctx), 1);
- ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
- ExpectIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
- ExpectNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL,
- DYNAMIC_TYPE_OPENSSL));
- ExpectIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
- EVP_PKEY_CTX_free(ctx);
- ctx = NULL;
- EVP_PKEY_free(peerkey);
- peerkey = NULL;
- EVP_PKEY_free(pkey);
- pkey = NULL;
- XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
- skey = NULL;
- #endif
- #ifdef HAVE_ECC
- /* ECDH */
- key = ecc_clikey_der_256;
- ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key,
- sizeof_ecc_clikey_der_256)));
- key = ecc_clikeypub_der_256;
- ExpectNotNull((peerkey = d2i_PUBKEY(NULL, &key,
- sizeof_ecc_clikeypub_der_256)));
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(EVP_PKEY_derive_init(ctx), 1);
- ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
- ExpectIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
- ExpectNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL,
- DYNAMIC_TYPE_OPENSSL));
- ExpectIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(peerkey);
- EVP_PKEY_free(pkey);
- XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
- #endif /* HAVE_ECC */
- #endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */
- #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PBE_scrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5))
- #if !defined(NO_PWDBASED) && !defined(NO_SHA256)
- int ret;
- const char pwd[] = {'p','a','s','s','w','o','r','d'};
- int pwdlen = sizeof(pwd);
- const byte salt[] = {'N','a','C','l'};
- int saltlen = sizeof(salt);
- byte key[80];
- word64 numOvr32 = (word64)INT32_MAX + 1;
- /* expected derived key for N:16, r:1, p:1 */
- const byte expectedKey[] = {
- 0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B,
- 0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A,
- 0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97,
- 0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6,
- 0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C,
- 0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53,
- 0xE7, 0xE9, 0xC0, 0x9A};
- /* N r p mx key keylen */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 0); /* N must be greater than 1 */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 0); /* N must be power of 2 */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64);
- ExpectIntEQ(ret, 0); /* r must be greater than 0 */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64);
- ExpectIntEQ(ret, 0); /* p must be greater than 0 */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0);
- ExpectIntEQ(ret, 0); /* keylen must be greater than 0 */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64);
- ExpectIntEQ(ret, 0); /* r must be smaller than 9 */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64);
- ExpectIntEQ(ret, 1); /* should succeed if key is NULL */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 1); /* should succeed */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0,
- key, 64);
- ExpectIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0,
- key, 64);
- ExpectIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */
- ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 1); /* should succeed even if salt is NULL */
- ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/
- ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/
- ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */
- ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */
- ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64);
- ExpectIntEQ(ret, 1);
- ret = XMEMCMP(expectedKey, key, sizeof(expectedKey));
- ExpectIntEQ(ret, 0); /* derived key must be the same as expected-key */
- #endif /* !NO_PWDBASED && !NO_SHA256 */
- #endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */
- return EXPECT_RESULT();
- }
- static int test_no_op_functions(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- /* this makes sure wolfSSL can compile and run these no-op functions */
- SSL_load_error_strings();
- ENGINE_load_builtin_engines();
- OpenSSL_add_all_ciphers();
- ExpectIntEQ(CRYPTO_malloc_init(), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CRYPTO_memcmp(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
- "implementation of TLS/SSL for embedded devices to the cloud.";
- char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
- "implementation of TLS/SSL for embedded devices to the cloud.";
- char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
- "implementation of TLS/SSL for embedded devices to the cloud!";
- ExpectIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0);
- ExpectIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0);
- #endif
- return EXPECT_RESULT();
- }
- /*----------------------------------------------------------------------------*
- | wolfCrypt ASN
- *----------------------------------------------------------------------------*/
- static int test_wc_CreateEncryptedPKCS8Key(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \
- && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA)
- WC_RNG rng;
- byte* encKey = NULL;
- word32 encKeySz = 0;
- word32 decKeySz = 0;
- const char password[] = "Lorem ipsum dolor sit amet";
- word32 passwordSz = (word32)XSTRLEN(password);
- word32 tradIdx = 0;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- /* Call with NULL for out buffer to get necessary length. */
- ExpectIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
- sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz,
- PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
- LENGTH_ONLY_E);
- ExpectNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- /* Call with the allocated out buffer. */
- ExpectIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
- sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz,
- PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
- 0);
- /* Decrypt the encrypted PKCS8 key we just made. */
- ExpectIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password,
- passwordSz)), 0);
- /* encKey now holds the decrypted key (decrypted in place). */
- ExpectIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0);
- /* Check that the decrypted key matches the key prior to encryption. */
- ExpectIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048,
- sizeof_server_key_der_2048), 0);
- XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_GetPkcs8TraditionalOffset(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8)
- int length;
- int derSz = 0;
- word32 inOutIdx;
- const char* path = "./certs/server-keyPkcs8.der";
- XFILE file = XBADFILE;
- byte der[2048];
- ExpectTrue((file = XFOPEN(path, "rb")) != XBADFILE);
- ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0);
- if (file != XBADFILE)
- XFCLOSE(file);
- /* valid case */
- inOutIdx = 0;
- ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz),
- 0);
- /* inOutIdx > sz */
- inOutIdx = 4000;
- ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz),
- BAD_FUNC_ARG);
- /* null input */
- inOutIdx = 0;
- ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0),
- BAD_FUNC_ARG);
- /* invalid input, fill buffer with 1's */
- XMEMSET(der, 1, sizeof(der));
- inOutIdx = 0;
- ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz),
- ASN_PARSE_E);
- #endif /* NO_ASN */
- return EXPECT_RESULT();
- }
- static int test_wc_SetSubjectRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
- const char* joiCertFile = "./certs/test/cert-ext-joi.der";
- WOLFSSL_X509* x509 = NULL;
- int peerCertSz;
- const byte* peerCertBuf = NULL;
- Cert forgedCert;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
- ExpectIntEQ(0, wc_InitCert(&forgedCert));
- ExpectIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz));
- wolfSSL_FreeX509(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_GetSubjectRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
- Cert cert;
- byte *subjectRaw;
- ExpectIntEQ(0, wc_InitCert(&cert));
- ExpectIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert));
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_SetIssuerRaw(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
- const char* joiCertFile = "./certs/test/cert-ext-joi.der";
- WOLFSSL_X509* x509 = NULL;
- int peerCertSz;
- const byte* peerCertBuf;
- Cert forgedCert;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
- ExpectIntEQ(0, wc_InitCert(&forgedCert));
- ExpectIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz));
- wolfSSL_FreeX509(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_SetIssueBuffer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
- const char* joiCertFile = "./certs/test/cert-ext-joi.der";
- WOLFSSL_X509* x509 = NULL;
- int peerCertSz;
- const byte* peerCertBuf;
- Cert forgedCert;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile,
- WOLFSSL_FILETYPE_ASN1));
- ExpectNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
- ExpectIntEQ(0, wc_InitCert(&forgedCert));
- ExpectIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz));
- wolfSSL_FreeX509(x509);
- #endif
- return EXPECT_RESULT();
- }
- /*
- * Testing wc_SetSubjectKeyId
- */
- static int test_wc_SetSubjectKeyId(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC)
- Cert cert;
- const char* file = "certs/ecc-client-keyPub.pem";
- ExpectIntEQ(0, wc_InitCert(&cert));
- ExpectIntEQ(0, wc_SetSubjectKeyId(&cert, file));
- ExpectIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
- ExpectIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_SetSubjectKeyId */
- /*
- * Testing wc_SetSubject
- */
- static int test_wc_SetSubject(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC)
- Cert cert;
- const char* file = "./certs/ca-ecc-cert.pem";
- ExpectIntEQ(0, wc_InitCert(&cert));
- ExpectIntEQ(0, wc_SetSubject(&cert, file));
- ExpectIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
- ExpectIntGT(0, wc_SetSubject(&cert, "badfile.name"));
- #endif
- return EXPECT_RESULT();
- } /* END test_wc_SetSubject */
- static int test_CheckCertSignature(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY)
- WOLFSSL_CERT_MANAGER* cm = NULL;
- #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
- XFILE fp = XBADFILE;
- byte cert[4096];
- int certSz;
- #endif
- ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
- ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
- sizeof_server_cert_der_1024, NULL, cm));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
- ca_cert_der_1024, sizeof_ca_cert_der_1024,
- WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(0, CheckCertSignature(server_cert_der_1024,
- sizeof_server_cert_der_1024, NULL, cm));
- #elif defined(USE_CERT_BUFFERS_2048)
- ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
- sizeof_server_cert_der_2048, NULL, cm));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
- ca_cert_der_2048, sizeof_ca_cert_der_2048,
- WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(0, CheckCertSignature(server_cert_der_2048,
- sizeof_server_cert_der_2048, NULL, cm));
- #endif
- #endif
- #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
- sizeof_serv_ecc_der_256, NULL, cm));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
- ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
- WOLFSSL_FILETYPE_ASN1));
- ExpectIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
- NULL, cm));
- #endif
- #if !defined(NO_FILESYSTEM)
- wolfSSL_CertManagerFree(cm);
- cm = NULL;
- ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
- #ifndef NO_RSA
- ExpectTrue((fp = XFOPEN("./certs/server-cert.der", "rb")) != XBADFILE);
- ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
- "./certs/ca-cert.pem", NULL));
- ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
- #endif
- #ifdef HAVE_ECC
- ExpectTrue((fp = XFOPEN("./certs/server-ecc.der", "rb")) != XBADFILE);
- ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
- "./certs/ca-ecc-cert.pem", NULL));
- ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
- #endif
- #endif
- #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
- (void)fp;
- (void)cert;
- (void)certSz;
- #endif
- wolfSSL_CertManagerFree(cm);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wc_ParseCert(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_RSA)
- DecodedCert decodedCert;
- const byte* rawCert = client_cert_der_2048;
- const int rawCertSize = sizeof_client_cert_der_2048;
- wc_InitDecodedCert(&decodedCert, rawCert, rawCertSize, NULL);
- ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
- #ifndef IGNORE_NAME_CONSTRAINTS
- /* check that the subjects emailAddress was not put in the alt name list */
- ExpectNotNull(decodedCert.subjectEmail);
- ExpectNull(decodedCert.altEmailNames);
- #endif
- wc_FreeDecodedCert(&decodedCert);
- #endif
- return EXPECT_RESULT();
- }
- /* Test wc_ParseCert decoding of various encodings and scenarios ensuring that
- * the API safely errors out on badly-formed ASN input.
- * NOTE: Test not compatible with released FIPS implementations!
- */
- static int test_wc_ParseCert_Error(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- DecodedCert decodedCert;
- int i;
- /* Certificate data */
- const byte c0[] = { 0x30, 0x04, 0x30, 0x02, 0x02, 0x80, 0x00, 0x00};
- const byte c1[] = { 0x30, 0x04, 0x30, 0x04, 0x02, 0x80, 0x00, 0x00};
- const byte c2[] = { 0x30, 0x06, 0x30, 0x04, 0x02, 0x80, 0x00, 0x00};
- const byte c3[] = { 0x30, 0x07, 0x30, 0x05, 0x02, 0x80, 0x10, 0x00, 0x00};
- const byte c4[] = { 0x02, 0x80, 0x10, 0x00, 0x00};
- /* Test data */
- const struct testStruct {
- const byte* c;
- const int cSz;
- const int expRet;
- } t[] = {
- {c0, sizeof(c0), ASN_PARSE_E}, /* Invalid bit-string length */
- {c1, sizeof(c1), ASN_PARSE_E}, /* Invalid bit-string length */
- {c2, sizeof(c2), ASN_PARSE_E}, /* Invalid integer length (zero) */
- {c3, sizeof(c3), ASN_PARSE_E}, /* Valid INTEGER, but buffer too short */
- {c4, sizeof(c4), ASN_PARSE_E}, /* Valid INTEGER, but not in bit-string */
- };
- const int tSz = (int)(sizeof(t) / sizeof(struct testStruct));
- for (i = 0; i < tSz; i++) {
- WOLFSSL_MSG_EX("i == %d", i);
- wc_InitDecodedCert(&decodedCert, t[i].c, t[i].cSz, NULL);
- ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), t[i].expRet);
- wc_FreeDecodedCert(&decodedCert);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_MakeCertWithPathLen(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) && \
- defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC)
- const byte expectedPathLen = 7;
- Cert cert;
- DecodedCert decodedCert;
- byte der[FOURK_BUF];
- int derSize = 0;
- WC_RNG rng;
- ecc_key key;
- int ret;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&cert, 0, sizeof(Cert));
- XMEMSET(&decodedCert, 0, sizeof(DecodedCert));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0);
- ExpectIntEQ(wc_InitCert(&cert), 0);
- (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com",
- CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com",
- CTC_NAME_SIZE);
- cert.selfSigned = 1;
- cert.isCA = 1;
- cert.pathLen = expectedPathLen;
- cert.pathLenSet = 1;
- cert.sigType = CTC_SHA256wECDSA;
- #ifdef WOLFSSL_CERT_EXT
- cert.keyUsage |= KEYUSE_KEY_CERT_SIGN;
- #endif
- ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0);
- ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der,
- FOURK_BUF, NULL, &key, &rng), 0);
- wc_InitDecodedCert(&decodedCert, der, derSize, NULL);
- ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
- ExpectIntEQ(decodedCert.pathLength, expectedPathLen);
- wc_FreeDecodedCert(&decodedCert);
- ret = wc_ecc_free(&key);
- ExpectIntEQ(ret, 0);
- ret = wc_FreeRng(&rng);
- ExpectIntEQ(ret, 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_MakeCertWithCaFalse(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_ALLOW_ENCODING_CA_FALSE) && defined(WOLFSSL_CERT_REQ) && \
- !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC)
- const byte expectedIsCa = 0;
- Cert cert;
- DecodedCert decodedCert;
- byte der[FOURK_BUF];
- int derSize = 0;
- WC_RNG rng;
- ecc_key key;
- int ret;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- XMEMSET(&key, 0, sizeof(ecc_key));
- XMEMSET(&cert, 0, sizeof(Cert));
- XMEMSET(&decodedCert, 0, sizeof(DecodedCert));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(wc_ecc_init(&key), 0);
- ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0);
- ExpectIntEQ(wc_InitCert(&cert), 0);
- (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com",
- CTC_NAME_SIZE);
- (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com",
- CTC_NAME_SIZE);
- cert.selfSigned = 1;
- cert.isCA = expectedIsCa;
- cert.isCaSet = 1;
- cert.sigType = CTC_SHA256wECDSA;
- ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0);
- ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der,
- FOURK_BUF, NULL, &key, &rng), 0);
- wc_InitDecodedCert(&decodedCert, der, derSize, NULL);
- ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
- ExpectIntEQ(decodedCert.isCA, expectedIsCa);
- wc_FreeDecodedCert(&decodedCert);
- ret = wc_ecc_free(&key);
- ExpectIntEQ(ret, 0);
- ret = wc_FreeRng(&rng);
- ExpectIntEQ(ret, 0);
- #endif
- return EXPECT_RESULT();
- }
- /*----------------------------------------------------------------------------*
- | wolfCrypt ECC
- *----------------------------------------------------------------------------*/
- static int test_wc_ecc_get_curve_size_from_name(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_ECC
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- ExpectIntEQ(wc_ecc_get_curve_size_from_name("SECP256R1"), 32);
- #endif
- /* invalid case */
- ExpectIntEQ(wc_ecc_get_curve_size_from_name("BADCURVE"), -1);
- /* NULL input */
- ExpectIntEQ(wc_ecc_get_curve_size_from_name(NULL), BAD_FUNC_ARG);
- #endif /* HAVE_ECC */
- return EXPECT_RESULT();
- }
- static int test_wc_ecc_get_curve_id_from_name(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_ECC
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- ExpectIntEQ(wc_ecc_get_curve_id_from_name("SECP256R1"),
- ECC_SECP256R1);
- #endif
- /* invalid case */
- ExpectIntEQ(wc_ecc_get_curve_id_from_name("BADCURVE"), -1);
- /* NULL input */
- ExpectIntEQ(wc_ecc_get_curve_id_from_name(NULL), BAD_FUNC_ARG);
- #endif /* HAVE_ECC */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
- !defined(HAVE_SELFTEST) && \
- !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
- static int test_wc_ecc_get_curve_id_from_dp_params(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- ecc_key* key;
- const ecc_set_type* params = NULL;
- int ret;
- #endif
- WOLFSSL_EC_KEY *ecKey = NULL;
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- ExpectIntEQ(wc_ecc_get_curve_id_from_name("SECP256R1"), ECC_SECP256R1);
- ExpectNotNull(ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- if (EXPECT_SUCCESS()) {
- ret = EC_KEY_generate_key(ecKey);
- } else
- ret = 0;
- if (ret == 1) {
- /* normal test */
- key = (ecc_key*)ecKey->internal;
- if (key != NULL) {
- params = key->dp;
- }
- ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(params),
- ECC_SECP256R1);
- }
- #endif
- /* invalid case, NULL input*/
- ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(NULL), BAD_FUNC_ARG);
- wolfSSL_EC_KEY_free(ecKey);
- return EXPECT_RESULT();
- }
- #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
- static int test_wc_ecc_get_curve_id_from_params(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_ECC
- const byte prime[] =
- {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
- };
- const byte primeInvalid[] =
- {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
- };
- const byte Af[] =
- {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
- };
- const byte Bf[] =
- {
- 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
- 0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
- 0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
- 0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
- };
- const byte order[] =
- {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
- 0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
- };
- const byte Gx[] =
- {
- 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
- 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
- 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
- 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
- };
- const byte Gy[] =
- {
- 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
- 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
- 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
- 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
- };
- int cofactor = 1;
- int fieldSize = 256;
- #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize,
- prime, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf),
- order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor),
- ECC_SECP256R1);
- #endif
- /* invalid case, fieldSize = 0 */
- ExpectIntEQ(wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
- Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
- Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), ECC_CURVE_INVALID);
- /* invalid case, NULL prime */
- ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
- Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
- Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), BAD_FUNC_ARG);
- /* invalid case, invalid prime */
- ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize,
- primeInvalid, sizeof(primeInvalid),
- Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
- Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), ECC_CURVE_INVALID);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_encrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- WOLFSSL_RSA* rsa = NULL;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
- const char* in = "What is easy to do is easy not to do.";
- size_t inlen = XSTRLEN(in);
- size_t outEncLen = 0;
- byte* outEnc = NULL;
- byte* outDec = NULL;
- size_t outDecLen = 0;
- size_t rsaKeySz = 2048/8; /* Bytes */
- #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING)
- byte* inTmp = NULL;
- byte* outEncTmp = NULL;
- byte* outDecTmp = NULL;
- #endif
- ExpectNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (outEnc != NULL) {
- XMEMSET(outEnc, 0, rsaKeySz);
- }
- ExpectNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (outDec != NULL) {
- XMEMSET(outDec, 0, rsaKeySz);
- }
- ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- RSA_free(rsa);
- }
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
- WOLFSSL_SUCCESS);
- /* Test pkey references count is decremented. pkey shouldn't be destroyed
- since ctx uses it.*/
- ExpectIntEQ(pkey->ref.count, 2);
- EVP_PKEY_free(pkey);
- ExpectIntEQ(pkey->ref.count, 1);
- /* Encrypt data */
- /* Check that we can get the required output buffer length by passing in a
- * NULL output buffer. */
- ExpectIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen,
- (const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
- ExpectIntEQ(rsaKeySz, outEncLen);
- /* Now do the actual encryption. */
- ExpectIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen,
- (const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
- /* Decrypt data */
- ExpectIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
- /* Check that we can get the required output buffer length by passing in a
- * NULL output buffer. */
- ExpectIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(rsaKeySz, outDecLen);
- /* Now do the actual decryption. */
- ExpectIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(XMEMCMP(in, outDec, outDecLen), 0);
- #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING)
- /* The input length must be the same size as the RSA key.*/
- ExpectNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (inTmp != NULL) {
- XMEMSET(inTmp, 9, rsaKeySz);
- }
- ExpectNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (outEncTmp != NULL) {
- XMEMSET(outEncTmp, 0, rsaKeySz);
- }
- ExpectNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER));
- if (outDecTmp != NULL) {
- XMEMSET(outDecTmp, 0, rsaKeySz);
- }
- ExpectIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp,
- outEncLen), WOLFSSL_SUCCESS);
- ExpectIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0);
- #endif
- EVP_PKEY_CTX_free(ctx);
- XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING)
- XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
- #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
- #endif
- #endif
- #endif
- #if defined(OPENSSL_EXTRA)
- #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
- #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
- #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
- #endif
- #endif
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
- #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
- #endif
- #endif
- #endif
- #ifdef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY
- static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- WOLFSSL_RSA* rsa = NULL;
- #endif
- #endif
- #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
- WOLFSSL_DSA* dsa = NULL;
- #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- WOLFSSL_EC_KEY* ecKey = NULL;
- #endif
- #endif
- WOLFSSL_EVP_PKEY* pkey = NULL;
- WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
- WOLFSSL_EVP_PKEY_CTX* ctx_verify = NULL;
- const char* in = "What is easy to do is easy not to do.";
- size_t inlen = XSTRLEN(in);
- byte hash[SHA256_DIGEST_LENGTH] = {0};
- byte zero[SHA256_DIGEST_LENGTH] = {0};
- SHA256_CTX c;
- byte* sig = NULL;
- byte* sigVerify = NULL;
- size_t siglen;
- size_t siglenOnlyLen;
- size_t keySz = 2048/8; /* Bytes */
- ExpectNotNull(sig =
- (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- ExpectNotNull(sigVerify =
- (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
- siglen = keySz;
- ExpectNotNull(XMEMSET(sig, 0, keySz));
- ExpectNotNull(XMEMSET(sigVerify, 0, keySz));
- /* Generate hash */
- SHA256_Init(&c);
- SHA256_Update(&c, in, inlen);
- SHA256_Final(hash, &c);
- #ifdef WOLFSSL_SMALL_STACK_CACHE
- /* workaround for small stack cache case */
- wc_Sha256Free((wc_Sha256*)&c);
- #endif
- /* Generate key */
- ExpectNotNull(pkey = EVP_PKEY_new());
- switch (keyType) {
- case EVP_PKEY_RSA:
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- {
- ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
- }
- #endif
- #endif
- break;
- case EVP_PKEY_DSA:
- #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
- ExpectNotNull(dsa = DSA_new());
- ExpectIntEQ(DSA_generate_parameters_ex(dsa, 2048,
- NULL, 0, NULL, NULL, NULL), 1);
- ExpectIntEQ(DSA_generate_key(dsa), 1);
- ExpectIntEQ(EVP_PKEY_set1_DSA(pkey, dsa), WOLFSSL_SUCCESS);
- #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
- break;
- case EVP_PKEY_EC:
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- {
- ExpectNotNull(ecKey = EC_KEY_new());
- ExpectIntEQ(EC_KEY_generate_key(ecKey), 1);
- ExpectIntEQ(
- EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- EC_KEY_free(ecKey);
- }
- }
- #endif
- #endif
- break;
- }
- ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- if (keyType == EVP_PKEY_RSA)
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
- WOLFSSL_SUCCESS);
- #endif
- #endif
- /* Check returning only length */
- ExpectIntEQ(EVP_PKEY_sign(ctx, NULL, &siglenOnlyLen, hash,
- SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS);
- ExpectIntGT(siglenOnlyLen, 0);
- /* Sign data */
- ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash,
- SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS);
- ExpectIntGE(siglenOnlyLen, siglen);
- /* Verify signature */
- ExpectNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL));
- ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- if (keyType == EVP_PKEY_RSA)
- ExpectIntEQ(
- EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING),
- WOLFSSL_SUCCESS);
- #endif
- #endif
- ExpectIntEQ(EVP_PKEY_verify(
- ctx_verify, sig, siglen, hash, SHA256_DIGEST_LENGTH),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_verify(
- ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH),
- WOLFSSL_FAILURE);
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- if (keyType == EVP_PKEY_RSA) {
- #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
- /* Try RSA sign/verify with no padding. */
- ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig,
- siglen), WOLFSSL_SUCCESS);
- ExpectIntGE(siglenOnlyLen, siglen);
- ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify,
- RSA_NO_PADDING), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig,
- siglen), WOLFSSL_SUCCESS);
- #endif
- /* Wrong padding schemes. */
- ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx,
- RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS);
- ExpectIntNE(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig,
- siglen), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify,
- RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS);
- ExpectIntNE(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig,
- siglen), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify,
- RSA_PKCS1_PADDING), WOLFSSL_SUCCESS);
- }
- #endif
- #endif
- /* error cases */
- siglen = keySz; /* Reset because sig size may vary slightly */
- ExpectIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
- ExpectIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen),
- WOLFSSL_SUCCESS);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
- DSA_free(dsa);
- dsa = NULL;
- #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
- EVP_PKEY_CTX_free(ctx_verify);
- ctx_verify = NULL;
- EVP_PKEY_CTX_free(ctx);
- ctx = NULL;
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- #endif
- static int test_wolfSSL_EVP_PKEY_sign_verify_rsa(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(HAVE_SELFTEST)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_RSA), TEST_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_sign_verify_dsa(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
- ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_DSA), TEST_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_PKEY_sign_verify_ec(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_EC), TEST_SUCCESS);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_EVP_PKEY_rsa(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- WOLFSSL_RSA* rsa = NULL;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- ExpectNotNull(rsa = wolfSSL_RSA_new());
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- wolfSSL_RSA_free(rsa);
- }
- ExpectPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
- wolfSSL_EVP_PKEY_free(pkey);
- #endif
- return EXPECT_RESULT();
- }
- static int test_EVP_PKEY_ec(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- WOLFSSL_EC_KEY* ecKey = NULL;
- WOLFSSL_EVP_PKEY* pkey = NULL;
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
- ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
- /* Should fail since ecKey is empty */
- ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
- if (EXPECT_FAIL()) {
- wolfSSL_EC_KEY_free(ecKey);
- }
- wolfSSL_EVP_PKEY_free(pkey);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_EVP_PKEY_cmp(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- EVP_PKEY *a = NULL;
- EVP_PKEY *b = NULL;
- const unsigned char *in;
- #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
- in = client_key_der_2048;
- ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- &in, (long)sizeof_client_key_der_2048));
- in = client_key_der_2048;
- ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- &in, (long)sizeof_client_key_der_2048));
- /* Test success case RSA */
- #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
- ExpectIntEQ(EVP_PKEY_cmp(a, b), 1);
- #else
- ExpectIntEQ(EVP_PKEY_cmp(a, b), 0);
- #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
- EVP_PKEY_free(b);
- b = NULL;
- EVP_PKEY_free(a);
- a = NULL;
- #endif
- #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- in = ecc_clikey_der_256;
- ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
- &in, (long)sizeof_ecc_clikey_der_256));
- in = ecc_clikey_der_256;
- ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
- &in, (long)sizeof_ecc_clikey_der_256));
- /* Test success case ECC */
- #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
- ExpectIntEQ(EVP_PKEY_cmp(a, b), 1);
- #else
- ExpectIntEQ(EVP_PKEY_cmp(a, b), 0);
- #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
- EVP_PKEY_free(b);
- b = NULL;
- EVP_PKEY_free(a);
- a = NULL;
- #endif
- /* Test failure cases */
- #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \
- defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
- in = client_key_der_2048;
- ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
- &in, (long)sizeof_client_key_der_2048));
- in = ecc_clikey_der_256;
- ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
- &in, (long)sizeof_ecc_clikey_der_256));
- #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
- ExpectIntEQ(EVP_PKEY_cmp(a, b), -1);
- #else
- ExpectIntNE(EVP_PKEY_cmp(a, b), 0);
- #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
- EVP_PKEY_free(b);
- b = NULL;
- EVP_PKEY_free(a);
- a = NULL;
- #endif
- /* invalid or empty failure cases */
- a = EVP_PKEY_new();
- b = EVP_PKEY_new();
- #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
- ExpectIntEQ(EVP_PKEY_cmp(NULL, NULL), 0);
- ExpectIntEQ(EVP_PKEY_cmp(a, NULL), 0);
- ExpectIntEQ(EVP_PKEY_cmp(NULL, b), 0);
- #ifdef NO_RSA
- /* Type check will fail since RSA is the default EVP key type */
- ExpectIntEQ(EVP_PKEY_cmp(a, b), -2);
- #else
- ExpectIntEQ(EVP_PKEY_cmp(a, b), 0);
- #endif
- #else
- ExpectIntNE(EVP_PKEY_cmp(NULL, NULL), 0);
- ExpectIntNE(EVP_PKEY_cmp(a, NULL), 0);
- ExpectIntNE(EVP_PKEY_cmp(NULL, b), 0);
- ExpectIntNE(EVP_PKEY_cmp(a, b), 0);
- #endif
- EVP_PKEY_free(b);
- EVP_PKEY_free(a);
- (void)in;
- #endif
- return EXPECT_RESULT();
- }
- static int test_ERR_load_crypto_strings(void)
- {
- #if defined(OPENSSL_ALL)
- ERR_load_crypto_strings();
- return TEST_SUCCESS;
- #else
- return TEST_SKIPPED;
- #endif
- }
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
- static void free_x509(X509* x)
- {
- AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
- }
- #endif
- static int test_sk_X509(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
- {
- STACK_OF(X509)* s = NULL;
- ExpectNotNull(s = sk_X509_new_null());
- ExpectIntEQ(sk_X509_num(s), 0);
- sk_X509_pop_free(s, NULL);
- ExpectNotNull(s = sk_X509_new_null());
- ExpectIntEQ(sk_X509_num(s), 0);
- sk_X509_pop_free(s, NULL);
- ExpectNotNull(s = sk_X509_new_null());
- sk_X509_push(s, (X509*)1);
- ExpectIntEQ(sk_X509_num(s), 1);
- ExpectIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
- sk_X509_push(s, (X509*)2);
- ExpectIntEQ(sk_X509_num(s), 2);
- ExpectIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
- ExpectIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
- sk_X509_push(s, (X509*)2);
- sk_X509_pop_free(s, free_x509);
- }
- {
- /* Push a list of 10 X509s onto stack, then verify that
- * value(), push(), shift(), and pop() behave as expected. */
- STACK_OF(X509)* s = NULL;
- X509* xList[10];
- int i = 0;
- const int len = (sizeof(xList) / sizeof(xList[0]));
- for (i = 0; i < len; ++i) {
- xList[i] = NULL;
- ExpectNotNull(xList[i] = X509_new());
- }
- /* test push, pop, and free */
- ExpectNotNull(s = sk_X509_new_null());
- for (i = 0; i < len; ++i) {
- sk_X509_push(s, xList[i]);
- ExpectIntEQ(sk_X509_num(s), i + 1);
- ExpectIntEQ((sk_X509_value(s, 0) == xList[i]), 1);
- ExpectIntEQ((sk_X509_value(s, i) == xList[0]), 1);
- }
- /* pop returns and removes last pushed on stack, which is index 0
- * in sk_x509_value */
- for (i = 0; i < len; ++i) {
- X509 * x = sk_X509_value(s, 0);
- X509 * y = sk_X509_pop(s);
- X509 * z = xList[len - 1 - i];
- ExpectIntEQ((x == y), 1);
- ExpectIntEQ((x == z), 1);
- ExpectIntEQ(sk_X509_num(s), len - 1 - i);
- }
- sk_free(s);
- s = NULL;
- /* test push, shift, and free */
- ExpectNotNull(s = sk_X509_new_null());
- for (i = 0; i < len; ++i) {
- sk_X509_push(s, xList[i]);
- ExpectIntEQ(sk_X509_num(s), i + 1);
- ExpectIntEQ((sk_X509_value(s, 0) == xList[i]), 1);
- ExpectIntEQ((sk_X509_value(s, i) == xList[0]), 1);
- }
- /* shift returns and removes first pushed on stack, which is index i
- * in sk_x509_value() */
- for (i = 0; i < len; ++i) {
- X509 * x = sk_X509_value(s, len - 1 - i);
- X509 * y = sk_X509_shift(s);
- X509 * z = xList[i];
- ExpectIntEQ((x == y), 1);
- ExpectIntEQ((x == z), 1);
- ExpectIntEQ(sk_X509_num(s), len - 1 - i);
- }
- sk_free(s);
- for (i = 0; i < len; ++i)
- X509_free(xList[i]);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_sk_X509_CRL(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL)
- X509_CRL* crl = NULL;
- XFILE fp = XBADFILE;
- STACK_OF(X509_CRL)* s = NULL;
- ExpectTrue((fp = XFOPEN("./certs/crl/crl.pem", "rb")) != XBADFILE);
- ExpectNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
- NULL, NULL));
- if (fp != XBADFILE)
- XFCLOSE(fp);
- ExpectNotNull(s = sk_X509_CRL_new());
- ExpectIntEQ(sk_X509_CRL_num(s), 0);
- ExpectIntEQ(sk_X509_CRL_push(s, crl), 1);
- if (EXPECT_FAIL()) {
- X509_CRL_free(crl);
- }
- ExpectIntEQ(sk_X509_CRL_num(s), 1);
- ExpectPtrEq(sk_X509_CRL_value(s, 0), crl);
- sk_X509_CRL_free(s);
- #endif
- return EXPECT_RESULT();
- }
- static int test_X509_get_signature_nid(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509* x509 = NULL;
- ExpectIntEQ(X509_get_signature_nid(NULL), 0);
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM));
- ExpectIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption);
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_X509_REQ(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
- X509_NAME* name = NULL;
- #ifndef NO_RSA
- X509_NAME* subject = NULL;
- #endif
- #if !defined(NO_RSA) || defined(HAVE_ECC)
- X509_REQ* req = NULL;
- EVP_PKEY* priv = NULL;
- EVP_PKEY* pub = NULL;
- unsigned char* der = NULL;
- int len;
- #endif
- #ifndef NO_RSA
- EVP_MD_CTX *mctx = NULL;
- EVP_PKEY_CTX *pkctx = NULL;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
- const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048;
- const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048;
- #endif
- #endif
- #ifdef HAVE_ECC
- const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
- const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
- #endif
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
- (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
- (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS);
- #ifndef NO_RSA
- ExpectNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
- (long)sizeof_client_key_der_2048));
- ExpectNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
- (long)sizeof_client_keypub_der_2048));
- ExpectNotNull(req = X509_REQ_new());
- ExpectIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
- len = i2d_X509_REQ(req, &der);
- DEBUG_WRITE_DER(der, len, "req.der");
- #ifdef USE_CERT_BUFFERS_1024
- ExpectIntEQ(len, 381);
- #else
- ExpectIntEQ(len, 643);
- #endif
- XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
- der = NULL;
- mctx = EVP_MD_CTX_new();
- ExpectIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
- EVP_MD_CTX_free(mctx);
- mctx = NULL;
- X509_REQ_free(NULL);
- X509_REQ_free(req);
- req = NULL;
- /* Test getting the subject from a newly created X509_REQ */
- ExpectNotNull(req = X509_REQ_new());
- ExpectNotNull(subject = X509_REQ_get_subject_name(req));
- ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_commonName,
- MBSTRING_UTF8, (unsigned char*)"www.wolfssl.com", -1, -1, 0), 1);
- ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_countryName,
- MBSTRING_UTF8, (unsigned char*)"US", -1, -1, 0), 1);
- ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_localityName,
- MBSTRING_UTF8, (unsigned char*)"Bozeman", -1, -1, 0), 1);
- ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_stateOrProvinceName,
- MBSTRING_UTF8, (unsigned char*)"Montana", -1, -1, 0), 1);
- ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_organizationName,
- MBSTRING_UTF8, (unsigned char*)"wolfSSL", -1, -1, 0), 1);
- ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_organizationalUnitName,
- MBSTRING_UTF8, (unsigned char*)"Testing", -1, -1, 0), 1);
- ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
- len = i2d_X509_REQ(req, &der);
- DEBUG_WRITE_DER(der, len, "req2.der");
- #ifdef USE_CERT_BUFFERS_1024
- ExpectIntEQ(len, 435);
- #else
- ExpectIntEQ(len, 696);
- #endif
- XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
- der = NULL;
- EVP_PKEY_free(pub);
- pub = NULL;
- EVP_PKEY_free(priv);
- priv = NULL;
- X509_REQ_free(req);
- req = NULL;
- #endif
- #ifdef HAVE_ECC
- ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv,
- sizeof_ecc_clikey_der_256));
- ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub,
- sizeof_ecc_clikeypub_der_256));
- ExpectNotNull(req = X509_REQ_new());
- ExpectIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
- ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
- /* Signature is random and may be shorter or longer. */
- ExpectIntGE((len = i2d_X509_REQ(req, &der)), 245);
- ExpectIntLE(len, 253);
- XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
- X509_REQ_free(req);
- EVP_PKEY_free(pub);
- EVP_PKEY_free(priv);
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif /* HAVE_ECC */
- X509_NAME_free(name);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfssl_PKCS7(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \
- !defined(NO_RSA)
- PKCS7* pkcs7 = NULL;
- byte data[FOURK_BUF];
- word32 len = sizeof(data);
- const byte* p = data;
- byte content[] = "Test data to encode.";
- #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
- BIO* bio = NULL;
- byte key[sizeof(client_key_der_2048)];
- word32 keySz = (word32)sizeof(key);
- byte* out = NULL;
- #endif
- ExpectIntGT((len = CreatePKCS7SignedData(data, len, content,
- (word32)sizeof(content), 0, 0, 0, RSA_TYPE)), 0);
- ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, len));
- ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
- ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
- ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
- PKCS7_NOVERIFY), WOLFSSL_FAILURE);
- PKCS7_free(pkcs7);
- pkcs7 = NULL;
- /* fail case, without PKCS7_NOVERIFY */
- p = data;
- ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
- ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
- 0), WOLFSSL_FAILURE);
- PKCS7_free(pkcs7);
- pkcs7 = NULL;
- /* success case, with PKCS7_NOVERIFY */
- p = data;
- ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
- ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
- PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
- #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
- /* test i2d */
- XMEMCPY(key, client_key_der_2048, keySz);
- if (pkcs7 != NULL) {
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- #ifdef NO_SHA
- pkcs7->hashOID = SHA256h;
- #else
- pkcs7->hashOID = SHAh;
- #endif
- }
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
- #ifndef NO_ASN_TIME
- ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 655);
- #else
- ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 625);
- #endif
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- BIO_free(bio);
- #endif
- PKCS7_free(NULL);
- PKCS7_free(pkcs7);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PKCS7_sign(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- PKCS7* p7 = NULL;
- PKCS7* p7Ver = NULL;
- byte* out = NULL;
- byte* tmpPtr = NULL;
- int outLen = 0;
- int flags = 0;
- byte data[] = "Test data to encode.";
- const char* cert = "./certs/server-cert.pem";
- const char* key = "./certs/server-key.pem";
- const char* ca = "./certs/ca-cert.pem";
- WOLFSSL_BIO* certBio = NULL;
- WOLFSSL_BIO* keyBio = NULL;
- WOLFSSL_BIO* caBio = NULL;
- WOLFSSL_BIO* inBio = NULL;
- X509* signCert = NULL;
- EVP_PKEY* signKey = NULL;
- X509* caCert = NULL;
- X509_STORE* store = NULL;
- #ifndef NO_PKCS7_STREAM
- int z;
- int ret;
- #endif /* !NO_PKCS7_STREAM */
- /* read signer cert/key into BIO */
- ExpectNotNull(certBio = BIO_new_file(cert, "r"));
- ExpectNotNull(keyBio = BIO_new_file(key, "r"));
- ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL));
- ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL));
- /* read CA cert into store (for verify) */
- ExpectNotNull(caBio = BIO_new_file(ca, "r"));
- ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
- ExpectNotNull(store = X509_STORE_new());
- ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1);
- /* data to be signed into BIO */
- ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
- ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
- /* PKCS7_sign, bad args: signer NULL */
- ExpectNull(p7 = PKCS7_sign(NULL, signKey, NULL, inBio, 0));
- /* PKCS7_sign, bad args: signer key NULL */
- ExpectNull(p7 = PKCS7_sign(signCert, NULL, NULL, inBio, 0));
- /* PKCS7_sign, bad args: in data NULL without PKCS7_STREAM */
- ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, NULL, 0));
- /* PKCS7_sign, bad args: PKCS7_NOCERTS flag not supported */
- ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_NOCERTS));
- /* PKCS7_sign, bad args: PKCS7_PARTIAL flag not supported */
- ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_PARTIAL));
- /* TEST SUCCESS: Not detached, not streaming, not MIME */
- {
- flags = PKCS7_BINARY;
- ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
- ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
- /* verify with d2i_PKCS7 */
- tmpPtr = out;
- ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
- ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
- PKCS7_free(p7Ver);
- p7Ver = NULL;
- /* verify with wc_PKCS7_VerifySignedData */
- ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
- ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
- #ifndef NO_PKCS7_STREAM
- /* verify with wc_PKCS7_VerifySignedData streaming */
- wc_PKCS7_Free(p7Ver);
- p7Ver = NULL;
- ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
- ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outLen && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- #endif /* !NO_PKCS7_STREAM */
- /* compare the signer found to expected signer */
- ExpectIntNE(p7Ver->verifyCertSz, 0);
- tmpPtr = NULL;
- ExpectIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz);
- ExpectIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0);
- XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL);
- tmpPtr = NULL;
- wc_PKCS7_Free(p7Ver);
- p7Ver = NULL;
- ExpectNotNull(out);
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- out = NULL;
- PKCS7_free(p7);
- p7 = NULL;
- }
- /* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg
- * tests for PKCS7_final() while we have a PKCS7 pointer to use */
- {
- /* re-populate input BIO, may have been consumed */
- BIO_free(inBio);
- inBio = NULL;
- ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
- ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
- flags = PKCS7_BINARY | PKCS7_STREAM;
- ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
- ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1);
- ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
- /* PKCS7_final, bad args: PKCS7 null */
- ExpectIntEQ(PKCS7_final(NULL, inBio, 0), 0);
- /* PKCS7_final, bad args: PKCS7 null */
- ExpectIntEQ(PKCS7_final(p7, NULL, 0), 0);
- tmpPtr = out;
- ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
- ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
- PKCS7_free(p7Ver);
- p7Ver = NULL;
- ExpectNotNull(out);
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- out = NULL;
- PKCS7_free(p7);
- p7 = NULL;
- }
- /* TEST SUCCESS: Detached, not streaming, not MIME */
- {
- /* re-populate input BIO, may have been consumed */
- BIO_free(inBio);
- inBio = NULL;
- ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
- ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
- flags = PKCS7_BINARY | PKCS7_DETACHED;
- ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
- ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
- /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
- ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
- if (p7Ver != NULL) {
- p7Ver->content = data;
- p7Ver->contentSz = sizeof(data);
- }
- ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
- wc_PKCS7_Free(p7Ver);
- p7Ver = NULL;
- #ifndef NO_PKCS7_STREAM
- /* verify with wc_PKCS7_VerifySignedData streaming */
- ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
- if (p7Ver != NULL) {
- p7Ver->content = data;
- p7Ver->contentSz = sizeof(data);
- }
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outLen && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- wc_PKCS7_Free(p7Ver);
- p7Ver = NULL;
- #endif /* !NO_PKCS7_STREAM */
- /* verify expected failure (NULL return) from d2i_PKCS7, it does not
- * yet support detached content */
- tmpPtr = out;
- ExpectNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
- PKCS7_free(p7Ver);
- p7Ver = NULL;
- ExpectNotNull(out);
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- out = NULL;
- PKCS7_free(p7);
- p7 = NULL;
- }
- /* TEST SUCCESS: Detached, streaming, not MIME */
- {
- /* re-populate input BIO, may have been consumed */
- BIO_free(inBio);
- inBio = NULL;
- ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
- ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
- flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM;
- ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
- ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1);
- ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
- /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
- ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
- if (p7Ver != NULL) {
- p7Ver->content = data;
- p7Ver->contentSz = sizeof(data);
- }
- ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
- wc_PKCS7_Free(p7Ver);
- p7Ver = NULL;
- ExpectNotNull(out);
- #ifndef NO_PKCS7_STREAM
- /* verify with wc_PKCS7_VerifySignedData streaming */
- ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
- if (p7Ver != NULL) {
- p7Ver->content = data;
- p7Ver->contentSz = sizeof(data);
- }
- /* test for streaming */
- ret = -1;
- for (z = 0; z < outLen && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
- if (ret < 0){
- ExpectIntEQ(ret, WC_PKCS7_WANT_READ_E);
- }
- }
- ExpectIntEQ(ret, 0);
- ExpectNotNull(out);
- wc_PKCS7_Free(p7Ver);
- p7Ver = NULL;
- #endif /* !NO_PKCS7_STREAM */
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- PKCS7_free(p7);
- p7 = NULL;
- }
- X509_STORE_free(store);
- X509_free(caCert);
- X509_free(signCert);
- EVP_PKEY_free(signKey);
- BIO_free(inBio);
- BIO_free(keyBio);
- BIO_free(certBio);
- BIO_free(caBio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PKCS7_SIGNED_new(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
- PKCS7_SIGNED* pkcs7 = NULL;
- ExpectNotNull(pkcs7 = PKCS7_SIGNED_new());
- ExpectIntEQ(pkcs7->contentOID, SIGNED_DATA);
- PKCS7_SIGNED_free(pkcs7);
- #endif
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_PEM_write_bio_PKCS7(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
- PKCS7* pkcs7 = NULL;
- BIO* bio = NULL;
- const byte* cert_buf = NULL;
- int ret = 0;
- WC_RNG rng;
- const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_RSA
- #if defined(USE_CERT_BUFFERS_2048)
- byte key[sizeof(client_key_der_2048)];
- byte cert[sizeof(client_cert_der_2048)];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_2048, keySz);
- XMEMCPY(cert, client_cert_der_2048, certSz);
- #elif defined(USE_CERT_BUFFERS_1024)
- byte key[sizeof_client_key_der_1024];
- byte cert[sizeof(sizeof_client_cert_der_1024)];
- word32 keySz = (word32)sizeof(key);
- word32 certSz = (word32)sizeof(cert);
- XMEMSET(key, 0, keySz);
- XMEMSET(cert, 0, certSz);
- XMEMCPY(key, client_key_der_1024, keySz);
- XMEMCPY(cert, client_cert_der_1024, certSz);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz;
- int keySz;
- ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
- 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- #endif
- #elif defined(HAVE_ECC)
- #if defined(USE_CERT_BUFFERS_256)
- unsigned char cert[sizeof(cliecc_cert_der_256)];
- unsigned char key[sizeof(ecc_clikey_der_256)];
- int certSz = (int)sizeof(cert);
- int keySz = (int)sizeof(key);
- XMEMSET(cert, 0, certSz);
- XMEMSET(key, 0, keySz);
- XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- #else
- unsigned char cert[ONEK_BUF];
- unsigned char key[ONEK_BUF];
- XFILE fp = XBADFILE;
- int certSz, keySz;
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
- fp), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
- XBADFILE);
- ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
- 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- #endif
- #else
- #error PKCS7 requires ECC or RSA
- #endif
- ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
- /* initialize with DER encoded cert */
- ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
- /* init rng */
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- if (pkcs7 != NULL) {
- pkcs7->rng = &rng;
- pkcs7->content = (byte*)data; /* not used for ex */
- pkcs7->contentSz = (word32)sizeof(data);
- pkcs7->contentOID = SIGNED_DATA;
- pkcs7->privateKey = key;
- pkcs7->privateKeySz = (word32)sizeof(key);
- pkcs7->encryptOID = RSAk;
- #ifdef NO_SHA
- pkcs7->hashOID = SHA256h;
- #else
- pkcs7->hashOID = SHAh;
- #endif
- pkcs7->signedAttribs = NULL;
- pkcs7->signedAttribsSz = 0;
- }
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
- ExpectIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
- /* Read PKCS#7 PEM from BIO */
- ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
- ExpectIntGE(ret, 0);
- BIO_free(bio);
- wc_PKCS7_Free(pkcs7);
- wc_FreeRng(&rng);
- #endif
- return EXPECT_RESULT();
- }
- #ifdef HAVE_SMIME
- static int test_wolfSSL_SMIME_read_PKCS7(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA)
- PKCS7* pkcs7 = NULL;
- BIO* bio = NULL;
- BIO* bcont = NULL;
- BIO* out = NULL;
- const byte* outBuf = NULL;
- int outBufLen = 0;
- static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
- XFILE smimeTestFile = XBADFILE;
- ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r")) !=
- XBADFILE);
- /* smime-test.p7s */
- bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
- ExpectNotNull(bio);
- ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
- pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
- ExpectNotNull(pkcs7);
- ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
- PKCS7_NOVERIFY), SSL_SUCCESS);
- XFCLOSE(smimeTestFile);
- if (bcont) BIO_free(bcont);
- bcont = NULL;
- wolfSSL_PKCS7_free(pkcs7);
- pkcs7 = NULL;
- /* smime-test-multipart.p7s */
- smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
- ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
- pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
- ExpectNotNull(pkcs7);
- ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
- PKCS7_NOVERIFY), SSL_SUCCESS);
- XFCLOSE(smimeTestFile);
- if (bcont) BIO_free(bcont);
- bcont = NULL;
- wolfSSL_PKCS7_free(pkcs7);
- pkcs7 = NULL;
- /* smime-test-multipart-badsig.p7s */
- smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
- ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
- pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
- ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */
- ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
- PKCS7_NOVERIFY), SSL_FAILURE);
- XFCLOSE(smimeTestFile);
- if (bcont) BIO_free(bcont);
- bcont = NULL;
- wolfSSL_PKCS7_free(pkcs7);
- pkcs7 = NULL;
- /* smime-test-canon.p7s */
- smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
- ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
- pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
- ExpectNotNull(pkcs7);
- ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
- PKCS7_NOVERIFY), SSL_SUCCESS);
- XFCLOSE(smimeTestFile);
- if (bcont) BIO_free(bcont);
- bcont = NULL;
- wolfSSL_PKCS7_free(pkcs7);
- pkcs7 = NULL;
- /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
- smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
- ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
- pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
- ExpectNotNull(pkcs7);
- out = wolfSSL_BIO_new(BIO_s_mem());
- ExpectNotNull(out);
- ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out,
- PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS);
- ExpectIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0);
- /* Content-Type should not show up at beginning of output buffer */
- ExpectIntGT(outBufLen, XSTRLEN(contTypeText));
- ExpectIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0);
- BIO_free(out);
- BIO_free(bio);
- if (bcont) BIO_free(bcont);
- wolfSSL_PKCS7_free(pkcs7);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SMIME_write_PKCS7(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_RSA)
- PKCS7* p7 = NULL;
- PKCS7* p7Ver = NULL;
- int flags = 0;
- byte data[] = "Test data to encode.";
- const char* cert = "./certs/server-cert.pem";
- const char* key = "./certs/server-key.pem";
- const char* ca = "./certs/ca-cert.pem";
- WOLFSSL_BIO* certBio = NULL;
- WOLFSSL_BIO* keyBio = NULL;
- WOLFSSL_BIO* caBio = NULL;
- WOLFSSL_BIO* inBio = NULL;
- WOLFSSL_BIO* outBio = NULL;
- WOLFSSL_BIO* content = NULL;
- X509* signCert = NULL;
- EVP_PKEY* signKey = NULL;
- X509* caCert = NULL;
- X509_STORE* store = NULL;
- /* read signer cert/key into BIO */
- ExpectNotNull(certBio = BIO_new_file(cert, "r"));
- ExpectNotNull(keyBio = BIO_new_file(key, "r"));
- ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL));
- ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL));
- /* read CA cert into store (for verify) */
- ExpectNotNull(caBio = BIO_new_file(ca, "r"));
- ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
- ExpectNotNull(store = X509_STORE_new());
- ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1);
- /* generate and verify SMIME: not detached */
- {
- ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
- ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
- flags = PKCS7_STREAM;
- ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
- ExpectNotNull(outBio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
- /* bad arg: out NULL */
- ExpectIntEQ(SMIME_write_PKCS7(NULL, p7, inBio, flags), 0);
- /* bad arg: pkcs7 NULL */
- ExpectIntEQ(SMIME_write_PKCS7(outBio, NULL, inBio, flags), 0);
- ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
- ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
- BIO_free(content);
- content = NULL;
- BIO_free(inBio);
- inBio = NULL;
- BIO_free(outBio);
- outBio = NULL;
- PKCS7_free(p7Ver);
- p7Ver = NULL;
- PKCS7_free(p7);
- p7 = NULL;
- }
- /* generate and verify SMIME: not detached, add Content-Type */
- {
- ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
- ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
- flags = PKCS7_STREAM | PKCS7_TEXT;
- ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
- ExpectNotNull(outBio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
- ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
- ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
- BIO_free(content);
- content = NULL;
- BIO_free(inBio);
- inBio = NULL;
- BIO_free(outBio);
- outBio = NULL;
- PKCS7_free(p7Ver);
- p7Ver = NULL;
- PKCS7_free(p7);
- p7 = NULL;
- }
- /* generate and verify SMIME: detached */
- {
- ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
- ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
- flags = PKCS7_DETACHED | PKCS7_STREAM;
- ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
- ExpectNotNull(outBio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
- ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
- ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1);
- BIO_free(content);
- content = NULL;
- BIO_free(inBio);
- inBio = NULL;
- BIO_free(outBio);
- outBio = NULL;
- PKCS7_free(p7Ver);
- p7Ver = NULL;
- PKCS7_free(p7);
- p7 = NULL;
- }
- /* generate and verify SMIME: PKCS7_TEXT to add Content-Type header */
- {
- ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
- ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
- flags = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_TEXT;
- ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
- ExpectNotNull(outBio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
- ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
- ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1);
- BIO_free(content);
- content = NULL;
- BIO_free(inBio);
- inBio = NULL;
- BIO_free(outBio);
- outBio = NULL;
- PKCS7_free(p7Ver);
- p7Ver = NULL;
- PKCS7_free(p7);
- p7 = NULL;
- }
- X509_STORE_free(store);
- X509_free(caCert);
- X509_free(signCert);
- EVP_PKEY_free(signKey);
- BIO_free(keyBio);
- BIO_free(certBio);
- BIO_free(caBio);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* HAVE_SMIME */
- #endif /* !NO_BIO */
- /* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS
- * returns 0) */
- static int test_X509_STORE_No_SSL_CTX(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
- (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
- !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
- (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \
- defined(HAVE_CRL) && !defined(NO_RSA)
- X509_STORE * store = NULL;
- X509_STORE_CTX * storeCtx = NULL;
- X509_CRL * crl = NULL;
- X509 * ca = NULL;
- X509 * cert = NULL;
- const char cliCrlPem[] = "./certs/crl/cliCrl.pem";
- const char srvCert[] = "./certs/server-cert.pem";
- const char caCert[] = "./certs/ca-cert.pem";
- const char caDir[] = "./certs/crl/hash_pem";
- XFILE fp = XBADFILE;
- X509_LOOKUP * lookup = NULL;
- ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
- /* Set up store with CA */
- ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
- /* Add CRL lookup directory to store
- * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy
- * of crl.pem */
- ExpectNotNull((lookup = X509_STORE_add_lookup(store,
- X509_LOOKUP_hash_dir())));
- ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir,
- X509_FILETYPE_PEM, NULL), SSL_SUCCESS);
- ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
- SSL_SUCCESS);
- /* Add CRL to store NOT containing the verified certificate, which
- * forces use of the CRL lookup directory */
- ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE);
- ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
- NULL, NULL));
- if (fp != XBADFILE)
- XFCLOSE(fp);
- ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
- /* Create verification context outside of an SSL session */
- ExpectNotNull((storeCtx = X509_STORE_CTX_new()));
- ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
- /* Perform verification, which should NOT indicate CRL missing due to the
- * store CM's X509 store pointer being NULL */
- ExpectIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
- X509_CRL_free(crl);
- X509_STORE_free(store);
- X509_STORE_CTX_free(storeCtx);
- X509_free(cert);
- X509_free(ca);
- #endif
- return EXPECT_RESULT();
- }
- /* Test of X509 store use outside of SSL context w/ CRL lookup, but
- * with X509_LOOKUP_add_dir and X509_FILETYPE_ASN1. */
- static int test_X509_LOOKUP_add_dir(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
- (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
- !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
- (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \
- defined(HAVE_CRL) && !defined(NO_RSA)
- X509_STORE * store = NULL;
- X509_STORE_CTX * storeCtx = NULL;
- X509_CRL * crl = NULL;
- X509 * ca = NULL;
- X509 * cert = NULL;
- const char cliCrlPem[] = "./certs/crl/cliCrl.pem";
- const char srvCert[] = "./certs/server-cert.pem";
- const char caCert[] = "./certs/ca-cert.pem";
- const char caDir[] = "./certs/crl/hash_der";
- XFILE fp = XBADFILE;
- X509_LOOKUP * lookup = NULL;
- ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
- /* Set up store with CA */
- ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
- /* Add CRL lookup directory to store.
- * Test uses ./certs/crl/hash_der/0fdb2da4.r0, which is a copy
- * of crl.der */
- ExpectNotNull((lookup = X509_STORE_add_lookup(store,
- X509_LOOKUP_hash_dir())));
- ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_ASN1),
- SSL_SUCCESS);
- ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
- SSL_SUCCESS);
- /* Add CRL to store NOT containing the verified certificate, which
- * forces use of the CRL lookup directory */
- ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE);
- ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
- NULL, NULL));
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
- /* Create verification context outside of an SSL session */
- ExpectNotNull((storeCtx = X509_STORE_CTX_new()));
- ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
- /* Perform verification, which should NOT return CRL missing */
- ExpectIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
- X509_CRL_free(crl);
- crl = NULL;
- X509_STORE_free(store);
- store = NULL;
- X509_STORE_CTX_free(storeCtx);
- storeCtx = NULL;
- X509_free(cert);
- cert = NULL;
- X509_free(ca);
- ca = NULL;
- /* Now repeat the same, but look for X509_FILETYPE_PEM.
- * We should get CRL_MISSING at the end, because the lookup
- * dir has only ASN1 CRLs. */
- ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
- ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
- ExpectNotNull((lookup = X509_STORE_add_lookup(store,
- X509_LOOKUP_hash_dir())));
- ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_PEM),
- SSL_SUCCESS);
- ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
- SSL_SUCCESS);
- ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE);
- ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
- NULL, NULL));
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
- ExpectNotNull((storeCtx = X509_STORE_CTX_new()));
- ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
- SSL_FILETYPE_PEM)));
- ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
- /* Now we SHOULD get CRL_MISSING, because we looked for PEM
- * in dir containing only ASN1/DER. */
- ExpectIntEQ(X509_verify_cert(storeCtx), WOLFSSL_FAILURE);
- ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_MISSING);
- X509_CRL_free(crl);
- X509_STORE_free(store);
- X509_STORE_CTX_free(storeCtx);
- X509_free(cert);
- X509_free(ca);
- #endif
- return EXPECT_RESULT();
- }
- /*----------------------------------------------------------------------------*
- | Certificate Failure Checks
- *----------------------------------------------------------------------------*/
- #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
- !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)
- #if !defined(NO_RSA) || defined(HAVE_ECC)
- /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
- static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
- int type)
- {
- int ret;
- WOLFSSL_CERT_MANAGER* cm = NULL;
- switch (type) {
- case TESTING_RSA:
- #ifdef NO_RSA
- fprintf(stderr, "RSA disabled, skipping test\n");
- return ASN_SIG_CONFIRM_E;
- #else
- break;
- #endif
- case TESTING_ECC:
- #ifndef HAVE_ECC
- fprintf(stderr, "ECC disabled, skipping test\n");
- return ASN_SIG_CONFIRM_E;
- #else
- break;
- #endif
- default:
- fprintf(stderr, "Bad function argument\n");
- return BAD_FUNC_ARG;
- }
- cm = wolfSSL_CertManagerNew();
- if (cm == NULL) {
- fprintf(stderr, "wolfSSL_CertManagerNew failed\n");
- return -1;
- }
- #ifndef NO_FILESYSTEM
- ret = wolfSSL_CertManagerLoadCA(cm, ca, 0);
- if (ret != WOLFSSL_SUCCESS) {
- fprintf(stderr, "wolfSSL_CertManagerLoadCA failed\n");
- wolfSSL_CertManagerFree(cm);
- return ret;
- }
- #else
- (void)ca;
- #endif
- ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz,
- WOLFSSL_FILETYPE_ASN1);
- /* Let ExpectIntEQ handle return code */
- wolfSSL_CertManagerFree(cm);
- return ret;
- }
- #endif
- #if !defined(NO_FILESYSTEM)
- static int test_RsaSigFailure_cm(void)
- {
- EXPECT_DECLS;
- #ifndef NO_RSA
- const char* ca_cert = "./certs/ca-cert.pem";
- const char* server_cert = "./certs/server-cert.der";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0);
- if (cert_buf != NULL) {
- /* corrupt DER - invert last byte, which is signature */
- cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
- /* test bad cert */
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
- WOLFSSL_FATAL_ERROR);
- #else
- ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA),
- ASN_SIG_CONFIRM_E);
- #endif
- }
- /* load_file() uses malloc. */
- if (cert_buf != NULL) {
- free(cert_buf);
- }
- #endif /* !NO_RSA */
- return EXPECT_RESULT();
- }
- static int test_EccSigFailure_cm(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_ECC
- /* self-signed ECC cert, so use server cert as CA */
- const char* ca_cert = "./certs/ca-ecc-cert.pem";
- const char* server_cert = "./certs/server-ecc.der";
- byte* cert_buf = NULL;
- size_t cert_sz = 0;
- ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0);
- if (cert_buf != NULL) {
- /* corrupt DER - invert last byte, which is signature */
- cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
- /* test bad cert */
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
- WOLFSSL_FATAL_ERROR);
- #else
- ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC),
- ASN_SIG_CONFIRM_E);
- #endif
- }
- /* load_file() uses malloc. */
- if (cert_buf != NULL) {
- free(cert_buf);
- }
- #ifdef FP_ECC
- wc_ecc_fp_free();
- #endif
- #endif /* HAVE_ECC */
- return EXPECT_RESULT();
- }
- #endif /* !NO_FILESYSTEM */
- #endif /* NO_CERTS */
- #ifdef WOLFSSL_TLS13
- #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
- #ifdef WC_SHA384_DIGEST_SIZE
- static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
- #else
- static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, };
- #endif
- #endif
- #ifdef WOLFSSL_EARLY_DATA
- static const char earlyData[] = "Early Data";
- static char earlyDataBuffer[1];
- #endif
- static int test_tls13_apis(void)
- {
- EXPECT_DECLS;
- int ret;
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_CLIENT
- WOLFSSL_CTX* clientTls12Ctx = NULL;
- WOLFSSL* clientTls12Ssl = NULL;
- #endif
- #ifndef NO_WOLFSSL_SERVER
- WOLFSSL_CTX* serverTls12Ctx = NULL;
- WOLFSSL* serverTls12Ssl = NULL;
- #endif
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- WOLFSSL_CTX* clientCtx = NULL;
- WOLFSSL* clientSsl = NULL;
- #endif
- #ifndef NO_WOLFSSL_SERVER
- WOLFSSL_CTX* serverCtx = NULL;
- WOLFSSL* serverSsl = NULL;
- #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
- const char* ourCert = svrCertFile;
- const char* ourKey = svrKeyFile;
- #endif
- #endif
- int required;
- #ifdef WOLFSSL_EARLY_DATA
- int outSz;
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
- int groups[2] = { WOLFSSL_ECC_SECP256R1,
- #ifdef HAVE_PQC
- WOLFSSL_KYBER_LEVEL1
- #else
- WOLFSSL_ECC_SECP256R1
- #endif
- };
- #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
- int bad_groups[2] = { 0xDEAD, 0xBEEF };
- #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
- int numGroups = 2;
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
- char groupList[] =
- #ifndef NO_ECC_SECP
- #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
- "P-521:"
- #endif
- #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
- "P-384:"
- #endif
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- "P-256"
- #if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
- ":P256_KYBER_LEVEL1"
- #endif
- #endif
- #endif /* !defined(NO_ECC_SECP) */
- #ifdef HAVE_PQC
- ":KYBER_LEVEL1"
- #endif
- "";
- #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
- (void)ret;
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_CLIENT
- clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
- clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
- #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
- wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
- wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey,
- WOLFSSL_FILETYPE_PEM);
- #endif
- serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
- #endif
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
- clientSsl = wolfSSL_new(clientCtx);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
- #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
- wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
- wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
- #endif
- serverSsl = wolfSSL_new(serverCtx);
- ExpectNotNull(serverSsl);
- #endif
- #ifdef WOLFSSL_SEND_HRR_COOKIE
- ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
- WOLFSSL_SUCCESS);
- #endif
- #endif
- #ifdef HAVE_SUPPORTED_CURVES
- #ifdef HAVE_ECC
- ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
- BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- do {
- ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1);
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (ret == WC_PENDING_E)
- wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW);
- #endif
- }
- while (ret == WC_PENDING_E);
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- do {
- ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1);
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (ret == WC_PENDING_E)
- wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW);
- #endif
- }
- while (ret == WC_PENDING_E);
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- #endif
- do {
- ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1);
- #ifdef WOLFSSL_ASYNC_CRYPT
- if (ret == WC_PENDING_E)
- wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW);
- #endif
- }
- while (ret == WC_PENDING_E);
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- #endif
- #elif defined(HAVE_CURVE25519)
- ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
- WOLFSSL_SUCCESS);
- #endif
- ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
- WOLFSSL_SUCCESS);
- #endif
- #elif defined(HAVE_CURVE448)
- ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
- WOLFSSL_SUCCESS);
- #endif
- ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
- WOLFSSL_SUCCESS);
- #endif
- #else
- ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
- BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
- NOT_COMPILED_IN);
- #endif
- ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
- NOT_COMPILED_IN);
- #endif
- #endif
- #if defined(HAVE_PQC)
- ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3),
- WOLFSSL_SUCCESS);
- #endif
- #endif
- ExpectIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
- #endif
- ExpectIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
- #endif
- #endif /* HAVE_SUPPORTED_CURVES */
- ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
- #endif
- ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
- #endif
- ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
- #endif
- ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
- #endif
- ExpectIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
- #endif
- ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
- #endif
- #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
- ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
- #endif
- ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
- #endif
- ExpectIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
- #endif
- #endif
- #ifdef HAVE_ECC
- #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
- ExpectIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
- #endif
- #endif
- #ifdef HAVE_SUPPORTED_CURVES
- ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
- WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
- BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
- BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
- WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
- BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
- BAD_FUNC_ARG);
- #endif
- #ifdef OPENSSL_EXTRA
- ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL),
- WOLFSSL_FAILURE);
- #endif
- ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList),
- WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
- WOLFSSL_FAILURE);
- #endif
- ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
- WOLFSSL_SUCCESS);
- #endif
- ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
- #endif
- ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
- WOLFSSL_FAILURE);
- #endif
- ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
- WOLFSSL_SUCCESS);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
- WOLFSSL_SUCCESS);
- #endif
- #endif /* OPENSSL_EXTRA */
- #endif /* HAVE_SUPPORTED_CURVES */
- #endif /* HAVE_ECC */
- #ifdef WOLFSSL_EARLY_DATA
- #ifndef OPENSSL_EXTRA
- ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
- #else
- ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef OPENSSL_EXTRA
- ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
- ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
- #else
- ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
- ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
- #endif
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- #ifndef OPENSSL_EXTRA
- ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
- #else
- ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
- BAD_FUNC_ARG);
- ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
- #endif
- #endif
- #ifndef OPENSSL_EXTRA
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32),
- WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0);
- #endif
- ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32);
- #else
- ExpectIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1);
- ExpectIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32);
- #endif
- #endif
- #ifndef OPENSSL_EXTRA
- ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG);
- #else
- ExpectIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef OPENSSL_EXTRA
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0);
- #endif
- ExpectIntEQ(wolfSSL_get_max_early_data(clientSsl), 17);
- #else
- ExpectIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_get_max_early_data(clientSsl), 17);
- #endif
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- #ifndef OPENSSL_EXTRA
- ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
- #else
- ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
- ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
- #endif
- #endif
- #ifndef OPENSSL_EXTRA
- #ifdef WOLFSSL_ERROR_CODE_OPENSSL
- ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0);
- #endif
- ExpectIntEQ(wolfSSL_get_max_early_data(serverSsl), 16);
- #else
- ExpectIntEQ(SSL_set_max_early_data(serverSsl, 16), 1);
- ExpectIntEQ(SSL_get_max_early_data(serverSsl), 16);
- #endif
- #endif
- ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
- &outSz), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
- &outSz), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
- sizeof(earlyData), NULL), BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
- sizeof(earlyData), &outSz), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
- sizeof(earlyData), &outSz), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
- sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR);
- #endif
- ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
- sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
- #ifndef NO_WOLFSSL_SERVER
- ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
- sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1,
- &outSz), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
- sizeof(earlyDataBuffer), NULL), BAD_FUNC_ARG);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
- sizeof(earlyDataBuffer), &outSz), SIDE_ERROR);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
- sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG);
- #endif
- ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
- sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR);
- #endif
- #endif
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA)
- ExpectIntLT(SSL_get_early_data_status(NULL), 0);
- #endif
- #ifndef NO_WOLFSSL_SERVER
- wolfSSL_free(serverSsl);
- wolfSSL_CTX_free(serverCtx);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- wolfSSL_free(clientSsl);
- wolfSSL_CTX_free(clientCtx);
- #endif
- #ifndef WOLFSSL_NO_TLS12
- #ifndef NO_WOLFSSL_SERVER
- wolfSSL_free(serverTls12Ssl);
- wolfSSL_CTX_free(serverTls12Ctx);
- #endif
- #ifndef NO_WOLFSSL_CLIENT
- wolfSSL_free(clientTls12Ssl);
- wolfSSL_CTX_free(clientTls12Ctx);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
- defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \
- defined(BUILD_TLS_AES_256_GCM_SHA384)
- /* Called when writing. */
- static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
- {
- (void)ssl;
- (void)buf;
- (void)sz;
- (void)ctx;
- /* Force error return from wolfSSL_accept_TLSv13(). */
- return WANT_WRITE;
- }
- /* Called when reading. */
- static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
- {
- WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx;
- int len = (int)msg->length;
- (void)ssl;
- (void)sz;
- /* Pass back as much of message as will fit in buffer. */
- if (len > sz)
- len = sz;
- XMEMCPY(buf, msg->buffer, len);
- /* Move over returned data. */
- msg->buffer += len;
- msg->length -= len;
- /* Amount actually copied. */
- return len;
- }
- #endif
- static int test_tls13_cipher_suites(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
- defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \
- defined(BUILD_TLS_AES_256_GCM_SHA384)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL *ssl = NULL;
- int i;
- byte clientHello[] = {
- 0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01,
- 0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
- 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55,
- 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8,
- 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c,
- 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b,
- 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda,
- 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
- /* Cipher suites: 0x13, 0x01 = TLS13-AES128-GCM-SHA256, twice. */
- 0x13, 0x01,
- 0x13, 0x01, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d,
- 0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00,
- 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04,
- 0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23,
- 0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9,
- 0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90,
- 0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8,
- 0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca,
- 0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15,
- 0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13,
- 0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d,
- 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00,
- 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05,
- 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08,
- 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08,
- 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03,
- 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00,
- 0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00,
- 0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00,
- 0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f,
- 0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51,
- 0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd,
- 0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73,
- 0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48,
- 0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f,
- 0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05,
- 0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd,
- 0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a,
- 0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe,
- 0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c,
- 0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9,
- 0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c,
- 0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3,
- 0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47,
- 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5,
- 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20,
- 0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5,
- 0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc,
- 0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12,
- 0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c
- };
- WOLFSSL_BUFFER_INFO msg;
- /* Offset into ClientHello message data of first cipher suite. */
- const int csOff = 78;
- /* Server cipher list. */
- const char* serverCs = "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256";
- /* Suite list with duplicates. */
- const char* dupCs = "TLS13-AES128-GCM-SHA256:"
- "TLS13-AES128-GCM-SHA256:"
- "TLS13-AES256-GCM-SHA384:"
- "TLS13-AES256-GCM-SHA384:"
- "TLS13-AES128-GCM-SHA256";
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
- const byte dupCsBytes[] = { TLS13_BYTE, TLS_AES_256_GCM_SHA384,
- TLS13_BYTE, TLS_AES_256_GCM_SHA384,
- TLS13_BYTE, TLS_AES_128_GCM_SHA256,
- TLS13_BYTE, TLS_AES_128_GCM_SHA256,
- TLS13_BYTE, TLS_AES_256_GCM_SHA384 };
- #endif
- /* Set up wolfSSL context. */
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
- WOLFSSL_FILETYPE_PEM));
- /* Read from 'msg'. */
- wolfSSL_SetIORecv(ctx, CsRecv);
- /* No where to send to - dummy sender. */
- wolfSSL_SetIOSend(ctx, CsSend);
- /* Test cipher suite list with many copies of a cipher suite. */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- msg.buffer = clientHello;
- msg.length = (unsigned int)sizeof(clientHello);
- wolfSSL_SetIOReadCtx(ssl, &msg);
- /* Force server to have as many occurrences of same cipher suite as
- * possible. */
- if (ssl != NULL) {
- Suites* suites = (Suites*)WOLFSSL_SUITES(ssl);
- suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
- for (i = 0; i < suites->suiteSz; i += 2) {
- suites->suites[i + 0] = TLS13_BYTE;
- suites->suites[i + 1] = TLS_AES_128_GCM_SHA256;
- }
- }
- /* Test multiple occurrences of same cipher suite. */
- ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
- wolfSSL_free(ssl);
- ssl = NULL;
- /* Set client order opposite to server order:
- * TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 */
- clientHello[csOff + 0] = TLS13_BYTE;
- clientHello[csOff + 1] = TLS_AES_128_GCM_SHA256;
- clientHello[csOff + 2] = TLS13_BYTE;
- clientHello[csOff + 3] = TLS_AES_256_GCM_SHA384;
- /* Test server order negotiation. */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- msg.buffer = clientHello;
- msg.length = (unsigned int)sizeof(clientHello);
- wolfSSL_SetIOReadCtx(ssl, &msg);
- /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
- ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
- /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */
- ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
- /* Check refined order - server order. */
- ExpectIntEQ(ssl->suites->suiteSz, 4);
- ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
- ExpectIntEQ(ssl->suites->suites[1], TLS_AES_256_GCM_SHA384);
- ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE);
- ExpectIntEQ(ssl->suites->suites[3], TLS_AES_128_GCM_SHA256);
- wolfSSL_free(ssl);
- ssl = NULL;
- /* Test client order negotiation. */
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- msg.buffer = clientHello;
- msg.length = (unsigned int)sizeof(clientHello);
- wolfSSL_SetIOReadCtx(ssl, &msg);
- /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
- ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0);
- /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */
- ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WOLFSSL_FATAL_ERROR);
- /* Check refined order - client order. */
- ExpectIntEQ(ssl->suites->suiteSz, 4);
- ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
- ExpectIntEQ(ssl->suites->suites[1], TLS_AES_128_GCM_SHA256);
- ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE);
- ExpectIntEQ(ssl->suites->suites[3], TLS_AES_256_GCM_SHA384);
- wolfSSL_free(ssl);
- ssl = NULL;
- /* Check duplicate detection is working. */
- ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, dupCs), WOLFSSL_SUCCESS);
- ExpectIntEQ(ctx->suites->suiteSz, 4);
- ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE);
- ExpectIntEQ(ctx->suites->suites[1], TLS_AES_128_GCM_SHA256);
- ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE);
- ExpectIntEQ(ctx->suites->suites[3], TLS_AES_256_GCM_SHA384);
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
- ExpectIntEQ(wolfSSL_CTX_set_cipher_list_bytes(ctx, dupCsBytes,
- sizeof(dupCsBytes)), WOLFSSL_SUCCESS);
- ExpectIntEQ(ctx->suites->suiteSz, 4);
- ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE);
- ExpectIntEQ(ctx->suites->suites[1], TLS_AES_256_GCM_SHA384);
- ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE);
- ExpectIntEQ(ctx->suites->suites[3], TLS_AES_128_GCM_SHA256);
- #endif
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #endif
- #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12)
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && \
- !defined(NO_AES) && defined(HAVE_AES_CBC) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
- const unsigned char* priv, unsigned int privSz,
- const unsigned char* pubKeyDer, unsigned int pubKeySz,
- unsigned char* out, unsigned int* outlen,
- void* ctx)
- {
- int result;
- /* Test fail when context associated with WOLFSSL is NULL */
- if (ctx == NULL) {
- return -1;
- }
- (void)ssl;
- /* return 0 on success */
- PRIVATE_KEY_UNLOCK();
- result = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
- PRIVATE_KEY_LOCK();
- return result;
- }
- static int test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
- EXPECT_DECLS;
- wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
- WOLFSSL_SUCCESS);
- #endif
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
- WOLFSSL_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_dh_ssl_setup(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- static int dh_test_ctx = 1;
- int ret;
- wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
- ExpectIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
- ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- }
- return EXPECT_RESULT();
- }
- static int test_dh_ssl_setup_fail(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- int ret;
- wolfSSL_SetDhAgreeCtx(ssl, NULL);
- ExpectNull(wolfSSL_GetDhAgreeCtx(ssl));
- ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
- if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- }
- return EXPECT_RESULT();
- }
- #endif
- static int test_DhCallbacks(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && \
- !defined(NO_AES) && defined(HAVE_AES_CBC) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- int test;
- test_ssl_cbf func_cb_client;
- test_ssl_cbf func_cb_server;
- /* Test that DH callback APIs work. */
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
- wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
- /* load client ca cert */
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
- WOLFSSL_SUCCESS);
- /* test with NULL arguments */
- wolfSSL_SetDhAgreeCtx(NULL, &test);
- ExpectNull(wolfSSL_GetDhAgreeCtx(NULL));
- /* test success case */
- test = 1;
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- wolfSSL_SetDhAgreeCtx(ssl, &test);
- ExpectIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- /* set callbacks to use DH functions */
- func_cb_client.ctx_ready = &test_dh_ctx_setup;
- func_cb_client.ssl_ready = &test_dh_ssl_setup;
- func_cb_client.method = wolfTLSv1_2_client_method;
- func_cb_server.ctx_ready = &test_dh_ctx_setup;
- func_cb_server.ssl_ready = &test_dh_ssl_setup;
- func_cb_server.method = wolfTLSv1_2_server_method;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_SUCCESS);
- /* Test fail */
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- /* set callbacks to use DH functions */
- func_cb_client.ctx_ready = &test_dh_ctx_setup;
- func_cb_client.ssl_ready = &test_dh_ssl_setup_fail;
- func_cb_client.method = wolfTLSv1_2_client_method;
- func_cb_server.ctx_ready = &test_dh_ctx_setup;
- func_cb_server.ssl_ready = &test_dh_ssl_setup_fail;
- func_cb_server.method = wolfTLSv1_2_server_method;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
- &func_cb_server, NULL), TEST_FAIL);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* HAVE_PK_CALLBACKS */
- #ifdef HAVE_HASHDRBG
- #ifdef TEST_RESEED_INTERVAL
- static int test_wc_RNG_GenerateBlock_Reseed(void)
- {
- EXPECT_DECLS;
- int i;
- WC_RNG rng;
- byte key[32];
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- for (i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
- ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0);
- }
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- return EXPECT_RESULT();
- }
- #endif /* TEST_RESEED_INTERVAL */
- static int test_wc_RNG_GenerateBlock(void)
- {
- EXPECT_DECLS;
- int i;
- WC_RNG rng;
- byte key[32];
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- for (i = 0; i < 10; i++) {
- ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0);
- }
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- return EXPECT_RESULT();
- }
- #endif /* HAVE_HASHDRBG */
- /*
- * Testing get_rand_digit
- */
- static int test_get_rand_digit(void)
- {
- EXPECT_DECLS;
- #if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
- WC_RNG rng;
- mp_digit d;
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(get_rand_digit(&rng, &d), 0);
- ExpectIntEQ(get_rand_digit(NULL, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(get_rand_digit(NULL, &d), BAD_FUNC_ARG);
- ExpectIntEQ(get_rand_digit(&rng, NULL), BAD_FUNC_ARG);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* End test_get_rand_digit*/
- /*
- * Testing get_digit_count
- */
- static int test_get_digit_count(void)
- {
- EXPECT_DECLS;
- #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
- mp_int a;
- XMEMSET(&a, 0, sizeof(mp_int));
- ExpectIntEQ(mp_init(&a), 0);
- ExpectIntEQ(get_digit_count(NULL), 0);
- ExpectIntEQ(get_digit_count(&a), 0);
- mp_clear(&a);
- #endif
- return EXPECT_RESULT();
- } /* End test_get_digit_count*/
- /*
- * Testing mp_cond_copy
- */
- static int test_mp_cond_copy(void)
- {
- EXPECT_DECLS;
- #if (defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY)) && \
- defined(WOLFSSL_PUBLIC_MP)
- mp_int a;
- mp_int b;
- int copy = 0;
- XMEMSET(&a, 0, sizeof(mp_int));
- XMEMSET(&b, 0, sizeof(mp_int));
- ExpectIntEQ(mp_init(&a), MP_OKAY);
- ExpectIntEQ(mp_init(&b), MP_OKAY);
- ExpectIntEQ(mp_cond_copy(NULL, copy, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(mp_cond_copy(NULL, copy, &b), BAD_FUNC_ARG);
- ExpectIntEQ(mp_cond_copy(&a, copy, NULL), BAD_FUNC_ARG);
- ExpectIntEQ(mp_cond_copy(&a, copy, &b), 0);
- mp_clear(&a);
- mp_clear(&b);
- #endif
- return EXPECT_RESULT();
- } /* End test_mp_cond_copy*/
- /*
- * Testing mp_rand
- */
- static int test_mp_rand(void)
- {
- EXPECT_DECLS;
- #if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
- mp_int a;
- WC_RNG rng;
- int digits = 1;
- XMEMSET(&a, 0, sizeof(mp_int));
- XMEMSET(&rng, 0, sizeof(WC_RNG));
- ExpectIntEQ(mp_init(&a), MP_OKAY);
- ExpectIntEQ(wc_InitRng(&rng), 0);
- ExpectIntEQ(mp_rand(&a, digits, NULL), MISSING_RNG_E);
- ExpectIntEQ(mp_rand(NULL, digits, &rng), BAD_FUNC_ARG);
- ExpectIntEQ(mp_rand(&a, 0, &rng), BAD_FUNC_ARG);
- ExpectIntEQ(mp_rand(&a, digits, &rng), 0);
- mp_clear(&a);
- DoExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* End test_mp_rand*/
- /*
- * Testing get_digit
- */
- static int test_get_digit(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_PUBLIC_MP)
- mp_int a;
- int n = 0;
- XMEMSET(&a, 0, sizeof(mp_int));
- ExpectIntEQ(mp_init(&a), MP_OKAY);
- ExpectIntEQ(get_digit(NULL, n), 0);
- ExpectIntEQ(get_digit(&a, n), 0);
- mp_clear(&a);
- #endif
- return EXPECT_RESULT();
- } /* End test_get_digit*/
- /*
- * Testing wc_export_int
- */
- static int test_wc_export_int(void)
- {
- EXPECT_DECLS;
- #if (defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)) && \
- defined(WOLFSSL_PUBLIC_MP)
- mp_int mp;
- byte buf[32];
- word32 keySz = (word32)sizeof(buf);
- word32 len = (word32)sizeof(buf);
- XMEMSET(&mp, 0, sizeof(mp_int));
- ExpectIntEQ(mp_init(&mp), MP_OKAY);
- ExpectIntEQ(mp_set(&mp, 1234), 0);
- ExpectIntEQ(wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
- BAD_FUNC_ARG);
- len = sizeof(buf)-1;
- ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN),
- BUFFER_E);
- len = sizeof(buf);
- ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN), 0);
- len = 4; /* test input too small */
- ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), BUFFER_E);
- len = sizeof(buf);
- ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), 0);
- /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
- ExpectIntEQ(len, 5);
- mp_clear(&mp);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_export_int*/
- static int test_wc_InitRngNonce(void)
- {
- EXPECT_DECLS;
- #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- HAVE_FIPS_VERSION >= 2))
- WC_RNG rng;
- byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
- "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
- word32 nonceSz = sizeof(nonce);
- ExpectIntEQ(wc_InitRngNonce(&rng, nonce, nonceSz), 0);
- ExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_InitRngNonce*/
- /*
- * Testing wc_InitRngNonce_ex
- */
- static int test_wc_InitRngNonce_ex(void)
- {
- EXPECT_DECLS;
- #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
- HAVE_FIPS_VERSION >= 2))
- WC_RNG rng;
- byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
- "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
- word32 nonceSz = sizeof(nonce);
- ExpectIntEQ(wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, testDevId),
- 0);
- ExpectIntEQ(wc_FreeRng(&rng), 0);
- #endif
- return EXPECT_RESULT();
- } /* End test_wc_InitRngNonce_ex */
- static int test_wolfSSL_X509_CRL(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
- X509_CRL *crl = NULL;
- char pem[][100] = {
- "./certs/crl/crl.pem",
- "./certs/crl/crl2.pem",
- "./certs/crl/caEccCrl.pem",
- "./certs/crl/eccCliCRL.pem",
- "./certs/crl/eccSrvCRL.pem",
- ""
- };
- #ifndef NO_BIO
- BIO *bio = NULL;
- #endif
- #ifdef HAVE_TEST_d2i_X509_CRL_fp
- char der[][100] = {
- "./certs/crl/crl.der",
- "./certs/crl/crl2.der",
- ""};
- #endif
- XFILE fp = XBADFILE;
- int i;
- for (i = 0; pem[i][0] != '\0'; i++)
- {
- ExpectTrue((fp = XFOPEN(pem[i], "rb")) != XBADFILE);
- ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
- NULL, NULL));
- ExpectNotNull(crl);
- X509_CRL_free(crl);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectTrue((fp = XFOPEN(pem[i], "rb")) != XBADFILE);
- ExpectNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL,
- NULL));
- if (EXPECT_FAIL()) {
- crl = NULL;
- }
- ExpectNotNull(crl);
- X509_CRL_free(crl);
- crl = NULL;
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- }
- #ifndef NO_BIO
- for (i = 0; pem[i][0] != '\0'; i++)
- {
- ExpectNotNull(bio = BIO_new_file(pem[i], "rb"));
- ExpectNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
- X509_CRL_free(crl);
- crl = NULL;
- BIO_free(bio);
- bio = NULL;
- }
- #endif
- #ifdef HAVE_TEST_d2i_X509_CRL_fp
- for (i = 0; der[i][0] != '\0'; i++) {
- ExpectTrue((fp = XFOPEN(der[i], "rb")) != XBADFILE);
- ExpectTrue((fp != XBADFILE));
- ExpectNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
- ExpectNotNull(crl);
- X509_CRL_free(crl);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- fp = XFOPEN(der[i], "rb");
- ExpectTrue((fp != XBADFILE));
- ExpectNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
- if (EXPECT_FAIL()) {
- crl = NULL;
- }
- ExpectNotNull(crl);
- X509_CRL_free(crl);
- crl = NULL;
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- }
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_load_crl_file(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
- !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
- int i;
- char pem[][100] = {
- "./certs/crl/crl.pem",
- "./certs/crl/crl2.pem",
- "./certs/crl/caEccCrl.pem",
- "./certs/crl/eccCliCRL.pem",
- "./certs/crl/eccSrvCRL.pem",
- #ifdef WC_RSA_PSS
- "./certs/crl/crl_rsapss.pem",
- #endif
- ""
- };
- char der[][100] = {
- "./certs/crl/crl.der",
- "./certs/crl/crl2.der",
- ""
- };
- WOLFSSL_X509_STORE* store = NULL;
- WOLFSSL_X509_LOOKUP* lookup = NULL;
- ExpectNotNull(store = wolfSSL_X509_STORE_new());
- ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
- ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
- X509_FILETYPE_PEM), 1);
- #ifdef WC_RSA_PSS
- ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem",
- X509_FILETYPE_PEM), 1);
- #endif
- ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
- X509_FILETYPE_PEM), 1);
- if (store) {
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
- WOLFSSL_FILETYPE_PEM), 1);
- /* since store hasn't yet known the revoked cert*/
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
- "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1);
- }
- for (i = 0; pem[i][0] != '\0'; i++) {
- ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM),
- 1);
- }
- if (store) {
- /* since store knows crl list */
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
- "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
- CRL_CERT_REVOKED);
- #ifdef WC_RSA_PSS
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
- "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM),
- CRL_CERT_REVOKED);
- #endif
- }
- /* once feeing store */
- X509_STORE_free(store);
- store = NULL;
- ExpectNotNull(store = wolfSSL_X509_STORE_new());
- ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
- ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
- X509_FILETYPE_PEM), 1);
- ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
- X509_FILETYPE_PEM), 1);
- if (store) {
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
- WOLFSSL_FILETYPE_PEM), 1);
- /* since store hasn't yet known the revoked cert*/
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
- "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1);
- }
- for (i = 0; der[i][0] != '\0'; i++) {
- ExpectIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1),
- 1);
- }
- if (store) {
- /* since store knows crl list */
- ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm,
- "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM),
- CRL_CERT_REVOKED);
- }
- /* test for incorrect parameter */
- ExpectIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0);
- ExpectIntEQ(X509_load_crl_file(lookup, NULL, 0), 0);
- ExpectIntEQ(X509_load_crl_file(NULL, NULL, 0), 0);
- X509_STORE_free(store);
- store = NULL;
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_i2d_X509(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
- const unsigned char* cert_buf = server_cert_der_2048;
- unsigned char* out = NULL;
- unsigned char* tmp = NULL;
- X509* cert = NULL;
- ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048));
- /* Pointer should be advanced */
- ExpectPtrGT(cert_buf, server_cert_der_2048);
- ExpectIntGT(i2d_X509(cert, &out), 0);
- ExpectNotNull(out);
- tmp = out;
- ExpectIntGT(i2d_X509(cert, &tmp), 0);
- ExpectPtrGT(tmp, out);
- if (out != NULL)
- XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL);
- X509_free(cert);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_d2i_X509_REQ(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \
- (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \
- !defined(WOLFSSL_SP_MATH)
- /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der
- * were generated by libest
- * ./certs/csr.attr.der contains sample attributes
- * ./certs/csr.ext.der contains sample extensions */
- const char* csrFile = "./certs/csr.signed.der";
- const char* csrPopFile = "./certs/csr.attr.der";
- const char* csrExtFile = "./certs/csr.ext.der";
- /* ./certs/csr.dsa.pem is generated using
- * openssl req -newkey dsa:certs/dsaparams.pem \
- * -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
- * -outform PEM
- * with the passphrase "wolfSSL"
- */
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
- const char* csrDsaFile = "./certs/csr.dsa.pem";
- XFILE f = XBADFILE;
- #endif
- BIO* bio = NULL;
- X509* req = NULL;
- EVP_PKEY *pub_key = NULL;
- {
- ExpectNotNull(bio = BIO_new_file(csrFile, "rb"));
- ExpectNotNull(d2i_X509_REQ_bio(bio, &req));
- /*
- * Extract the public key from the CSR
- */
- ExpectNotNull(pub_key = X509_REQ_get_pubkey(req));
- /*
- * Verify the signature in the CSR
- */
- ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
- X509_free(req);
- req = NULL;
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pub_key);
- pub_key = NULL;
- }
- {
- #ifdef OPENSSL_ALL
- X509_ATTRIBUTE* attr = NULL;
- ASN1_TYPE *at = NULL;
- #endif
- ExpectNotNull(bio = BIO_new_file(csrPopFile, "rb"));
- ExpectNotNull(d2i_X509_REQ_bio(bio, &req));
- /*
- * Extract the public key from the CSR
- */
- ExpectNotNull(pub_key = X509_REQ_get_pubkey(req));
- /*
- * Verify the signature in the CSR
- */
- ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
- #ifdef OPENSSL_ALL
- /*
- * Obtain the challenge password from the CSR
- */
- ExpectIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword,
- -1), 1);
- ExpectNotNull(attr = X509_REQ_get_attr(req, 1));
- ExpectNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
- ExpectNotNull(at->value.asn1_string);
- ExpectStrEQ((char*)ASN1_STRING_data(at->value.asn1_string),
- "2xIE+qqp/rhyTXP+");
- ExpectIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1);
- #endif
- X509_free(req);
- req = NULL;
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pub_key);
- pub_key = NULL;
- }
- {
- #ifdef OPENSSL_ALL
- X509_ATTRIBUTE* attr = NULL;
- ASN1_TYPE *at = NULL;
- STACK_OF(X509_EXTENSION) *exts = NULL;
- #endif
- ExpectNotNull(bio = BIO_new_file(csrExtFile, "rb"));
- /* This CSR contains an Extension Request attribute so
- * we test extension parsing in a CSR attribute here. */
- ExpectNotNull(d2i_X509_REQ_bio(bio, &req));
- /*
- * Extract the public key from the CSR
- */
- ExpectNotNull(pub_key = X509_REQ_get_pubkey(req));
- /*
- * Verify the signature in the CSR
- */
- ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
- #ifdef OPENSSL_ALL
- ExpectNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(
- req));
- ExpectIntEQ(sk_X509_EXTENSION_num(exts), 2);
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- /*
- * Obtain the challenge password from the CSR
- */
- ExpectIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword,
- -1), 0);
- ExpectNotNull(attr = X509_REQ_get_attr(req, 0));
- ExpectNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
- ExpectNotNull(at->value.asn1_string);
- ExpectStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
- ExpectIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0);
- ExpectIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0);
- #endif
- X509_free(req);
- req = NULL;
- BIO_free(bio);
- bio = NULL;
- EVP_PKEY_free(pub_key);
- pub_key = NULL;
- }
- #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
- {
- ExpectNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
- ExpectNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));
- /*
- * Extract the public key from the CSR
- */
- ExpectNotNull(pub_key = X509_REQ_get_pubkey(req));
- /*
- * Verify the signature in the CSR
- */
- ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
- X509_free(req);
- req = NULL;
- BIO_free(bio);
- /* Run the same test, but with a file pointer instead of a BIO.
- * (PEM_read_X509_REQ)*/
- ExpectTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
- ExpectNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
- ExpectIntEQ(X509_REQ_verify(req, pub_key), 1);
- X509_free(req);
- EVP_PKEY_free(pub_key);
- }
- #endif /* !NO_DSA && !HAVE_SELFTEST */
- #endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_read_X509(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA)
- X509 *x509 = NULL;
- XFILE fp = XBADFILE;
- ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE);
- ExpectNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL));
- X509_free(x509);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_read(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO)
- const char* filename = "./certs/server-keyEnc.pem";
- XFILE fp = XBADFILE;
- char* name = NULL;
- char* header = NULL;
- byte* data = NULL;
- long len;
- EVP_CIPHER_INFO cipher;
- WOLFSSL_BIO* bio = NULL;
- byte* fileData = NULL;
- size_t fileDataSz = 0;
- byte* out;
- ExpectTrue((fp = XFOPEN(filename, "rb")) != XBADFILE);
- /* Fail cases. */
- ExpectIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
- ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
- ExpectIntGT(XSTRLEN(header), 0);
- ExpectIntGT(len, 0);
- ExpectIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
- ExpectIntGT((fileDataSz = XFTELL(fp)), 0);
- ExpectIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
- ExpectNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- /* Fail cases. */
- ExpectIntEQ(PEM_write_bio(NULL, name, header, data, len), 0);
- ExpectIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0);
- ExpectIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0);
- ExpectIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0);
- ExpectIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
- ExpectIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
- ExpectIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
- /* Fail cases. */
- ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
- #ifndef NO_DES3
- ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
- #endif
- /* Fail cases. */
- ExpectIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
- (void*)"yassl123"), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
- (void*)"yassl123"), WOLFSSL_FAILURE);
- ExpectIntEQ(PEM_do_header(&cipher, data, &len, NULL,
- (void*)"yassl123"), WOLFSSL_FAILURE);
- #if !defined(NO_DES3) && !defined(NO_MD5)
- ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
- (void*)"yassl123"), WOLFSSL_SUCCESS);
- #endif
- BIO_free(bio);
- bio = NULL;
- XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- fileData = NULL;
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- name = NULL;
- header = NULL;
- data = NULL;
- ExpectTrue((fp = XFOPEN(svrKeyFile, "rb")) != XBADFILE);
- ExpectIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
- ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
- ExpectIntEQ(XSTRLEN(header), 0);
- ExpectIntGT(len, 0);
- ExpectIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
- ExpectIntGT((fileDataSz = XFTELL(fp)), 0);
- ExpectIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
- ExpectNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
- ExpectIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
- ExpectIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
- BIO_free(bio);
- XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
- !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- const byte iv[12] = { 0 };
- const byte key[16] = { 0 };
- const byte cleartext[16] = { 0 };
- const byte aad[] = {
- 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
- 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93,
- 0x4f
- };
- byte out1Part[16];
- byte outTag1Part[16];
- byte out2Part[16];
- byte outTag2Part[16];
- byte decryptBuf[16];
- int len = 0;
- int tlen;
- EVP_CIPHER_CTX* ctx = NULL;
- /* ENCRYPT */
- /* Send AAD and data in 1 part */
- ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
- tlen = 0;
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
- 1);
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext,
- sizeof(cleartext)), 1);
- tlen += len;
- ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1);
- tlen += len;
- ExpectIntEQ(tlen, sizeof(cleartext));
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
- outTag1Part), 1);
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- /* DECRYPT */
- /* Send AAD and data in 1 part */
- ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
- tlen = 0;
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
- 1);
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part,
- sizeof(cleartext)), 1);
- tlen += len;
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
- outTag1Part), 1);
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
- tlen += len;
- ExpectIntEQ(tlen, sizeof(cleartext));
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
- /* ENCRYPT */
- /* Send AAD and data in 2 parts */
- ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
- tlen = 0;
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
- 1);
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
- 1);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1);
- tlen += len;
- ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1,
- sizeof(cleartext) - 1), 1);
- tlen += len;
- ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1);
- tlen += len;
- ExpectIntEQ(tlen, sizeof(cleartext));
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
- outTag2Part), 1);
- ExpectIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
- ExpectIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- /* DECRYPT */
- /* Send AAD and data in 2 parts */
- ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
- tlen = 0;
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
- 1);
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
- 1);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1);
- tlen += len;
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1,
- sizeof(cleartext) - 1), 1);
- tlen += len;
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
- outTag1Part), 1);
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1);
- tlen += len;
- ExpectIntEQ(tlen, sizeof(cleartext));
- ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
- /* Test AAD reuse */
- EVP_CIPHER_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfssl_EVP_aes_gcm_zeroLen(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
- !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- /* Zero length plain text */
- byte key[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- }; /* align */
- byte iv[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- }; /* align */
- byte plaintxt[1];
- int ivSz = 12;
- int plaintxtSz = 0;
- unsigned char tag[16];
- unsigned char tag_kat[] = {
- 0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9,
- 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b
- };
- byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
- ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
- plaintxtSz));
- ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
- ciphertxtSz += len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag));
- ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
- ExpectIntEQ(0, ciphertxtSz);
- ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag)));
- EVP_CIPHER_CTX_init(de);
- ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
- decryptedtxtSz = len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag));
- ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
- decryptedtxtSz += len;
- ExpectIntEQ(0, decryptedtxtSz);
- EVP_CIPHER_CTX_free(en);
- EVP_CIPHER_CTX_free(de);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfssl_EVP_aes_gcm(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
- !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- /* A 256 bit key, AES_128 will use the first 128 bit*/
- byte *key = (byte*)"01234567890123456789012345678901";
- /* A 128 bit IV */
- byte *iv = (byte*)"0123456789012345";
- int ivSz = AES_BLOCK_SIZE;
- /* Message to be encrypted */
- byte *plaintxt = (byte*)"for things to change you have to change";
- /* Additional non-confidential data */
- byte *aad = (byte*)"Don't spend major time on minor things.";
- unsigned char tag[AES_BLOCK_SIZE] = {0};
- int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
- int aadSz = (int)XSTRLEN((char*)aad);
- byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- int i = 0;
- EVP_CIPHER_CTX en[2];
- EVP_CIPHER_CTX de[2];
- for (i = 0; i < 2; i++) {
- EVP_CIPHER_CTX_init(&en[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL,
- key, iv));
- #endif
- }
- else {
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL,
- NULL, NULL));
- #endif
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
- }
- ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt,
- plaintxtSz));
- ciphertxtSz = len;
- ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
- ciphertxtSz += len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG,
- AES_BLOCK_SIZE, tag));
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
- EVP_CIPHER_CTX_init(&de[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL,
- key, iv));
- #endif
- }
- else {
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL,
- NULL, NULL));
- #endif
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- }
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt,
- ciphertxtSz));
- decryptedtxtSz = len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG,
- AES_BLOCK_SIZE, tag));
- ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- decryptedtxtSz += len;
- ExpectIntEQ(ciphertxtSz, decryptedtxtSz);
- ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
- /* modify tag*/
- if (i == 0) {
- /* Default uses 96-bits IV length */
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL,
- key, iv));
- #endif
- }
- else {
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL,
- NULL, NULL));
- #endif
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- }
- tag[AES_BLOCK_SIZE-1]+=0xBB;
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG,
- AES_BLOCK_SIZE, tag));
- /* fail due to wrong tag */
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt,
- ciphertxtSz));
- ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- ExpectIntEQ(0, len);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
- }
- #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
- return EXPECT_RESULT();
- }
- static int test_wolfssl_EVP_aria_gcm(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ARIA) && \
- !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- /* A 256 bit key, AES_128 will use the first 128 bit*/
- byte *key = (byte*)"01234567890123456789012345678901";
- /* A 128 bit IV */
- byte *iv = (byte*)"0123456789012345";
- int ivSz = ARIA_BLOCK_SIZE;
- /* Message to be encrypted */
- const int plaintxtSz = 40;
- byte plaintxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)];
- XMEMCPY(plaintxt,"for things to change you have to change",plaintxtSz);
- /* Additional non-confidential data */
- byte *aad = (byte*)"Don't spend major time on minor things.";
- unsigned char tag[ARIA_BLOCK_SIZE] = {0};
- int aadSz = (int)XSTRLEN((char*)aad);
- byte ciphertxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)];
- byte decryptedtxt[plaintxtSz];
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- int i = 0;
- #define TEST_ARIA_GCM_COUNT 6
- EVP_CIPHER_CTX en[TEST_ARIA_GCM_COUNT];
- EVP_CIPHER_CTX de[TEST_ARIA_GCM_COUNT];
- for (i = 0; i < TEST_ARIA_GCM_COUNT; i++) {
- EVP_CIPHER_CTX_init(&en[i]);
- switch (i) {
- case 0:
- /* Default uses 96-bits IV length */
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, key, iv));
- break;
- case 1:
- /* Default uses 96-bits IV length */
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, key, iv));
- break;
- case 2:
- /* Default uses 96-bits IV length */
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, key, iv));
- break;
- case 3:
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, NULL, NULL));
- /* non-default must to set the IV length first */
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
- break;
- case 4:
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, NULL, NULL));
- /* non-default must to set the IV length first */
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
- break;
- case 5:
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, NULL, NULL));
- /* non-default must to set the IV length first */
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
- break;
- }
- XMEMSET(ciphertxt,0,sizeof(ciphertxt));
- AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
- AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
- ciphertxtSz = len;
- AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
- AssertIntNE(0, XMEMCMP(plaintxt, ciphertxt, plaintxtSz));
- ciphertxtSz += len;
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, ARIA_BLOCK_SIZE, tag));
- AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
- EVP_CIPHER_CTX_init(&de[i]);
- switch (i) {
- case 0:
- /* Default uses 96-bits IV length */
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, key, iv));
- break;
- case 1:
- /* Default uses 96-bits IV length */
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, key, iv));
- break;
- case 2:
- /* Default uses 96-bits IV length */
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, key, iv));
- break;
- case 3:
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, NULL, NULL));
- /* non-default must to set the IV length first */
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- break;
- case 4:
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, NULL, NULL));
- /* non-default must to set the IV length first */
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- break;
- case 5:
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, NULL, NULL));
- /* non-default must to set the IV length first */
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- break;
- }
- XMEMSET(decryptedtxt,0,sizeof(decryptedtxt));
- AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
- decryptedtxtSz = len;
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag));
- AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- decryptedtxtSz += len;
- AssertIntEQ(plaintxtSz, decryptedtxtSz);
- AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
- XMEMSET(decryptedtxt,0,sizeof(decryptedtxt));
- /* modify tag*/
- tag[AES_BLOCK_SIZE-1]+=0xBB;
- AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag));
- /* fail due to wrong tag */
- AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
- AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- AssertIntEQ(0, len);
- AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
- }
- res = TEST_RES_CHECK(1);
- #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
- return res;
- }
- static int test_wolfssl_EVP_aes_ccm_zeroLen(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \
- !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- /* Zero length plain text */
- byte key[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- }; /* align */
- byte iv[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- }; /* align */
- byte plaintxt[1];
- int ivSz = 12;
- int plaintxtSz = 0;
- unsigned char tag[16];
- byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
- ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_ccm(), NULL, key, iv));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
- ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
- plaintxtSz));
- ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
- ciphertxtSz += len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag));
- ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
- ExpectIntEQ(0, ciphertxtSz);
- EVP_CIPHER_CTX_init(de);
- ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_ccm(), NULL, key, iv));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
- decryptedtxtSz = len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag));
- ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
- decryptedtxtSz += len;
- ExpectIntEQ(0, decryptedtxtSz);
- EVP_CIPHER_CTX_free(en);
- EVP_CIPHER_CTX_free(de);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfssl_EVP_aes_ccm(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \
- !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- /* A 256 bit key, AES_128 will use the first 128 bit*/
- byte *key = (byte*)"01234567890123456789012345678901";
- /* A 128 bit IV */
- byte *iv = (byte*)"0123456789012";
- int ivSz = (int)XSTRLEN((char*)iv);
- /* Message to be encrypted */
- byte *plaintxt = (byte*)"for things to change you have to change";
- /* Additional non-confidential data */
- byte *aad = (byte*)"Don't spend major time on minor things.";
- unsigned char tag[AES_BLOCK_SIZE] = {0};
- int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
- int aadSz = (int)XSTRLEN((char*)aad);
- byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- int i = 0;
- int ret;
- EVP_CIPHER_CTX en[2];
- EVP_CIPHER_CTX de[2];
- for (i = 0; i < 2; i++) {
- EVP_CIPHER_CTX_init(&en[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL,
- key, iv));
- #endif
- }
- else {
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL,
- NULL, NULL));
- #endif
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
- }
- ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt,
- plaintxtSz));
- ciphertxtSz = len;
- ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
- ciphertxtSz += len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG,
- AES_BLOCK_SIZE, tag));
- ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]);
- ExpectIntEQ(ret, 1);
- EVP_CIPHER_CTX_init(&de[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL,
- key, iv));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL,
- key, iv));
- #endif
- }
- else {
- #ifdef WOLFSSL_AES_128
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_192)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL,
- NULL, NULL));
- #elif defined(WOLFSSL_AES_256)
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL,
- NULL, NULL));
- #endif
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- }
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt,
- ciphertxtSz));
- decryptedtxtSz = len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG,
- AES_BLOCK_SIZE, tag));
- ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- decryptedtxtSz += len;
- ExpectIntEQ(ciphertxtSz, decryptedtxtSz);
- ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
- /* modify tag*/
- tag[AES_BLOCK_SIZE-1]+=0xBB;
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG,
- AES_BLOCK_SIZE, tag));
- /* fail due to wrong tag */
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt,
- ciphertxtSz));
- ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- ExpectIntEQ(0, len);
- ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]);
- ExpectIntEQ(ret, 1);
- }
- #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESCCM */
- return EXPECT_RESULT();
- }
- static int test_wolfssl_EVP_chacha20_poly1305(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- byte key[CHACHA20_POLY1305_AEAD_KEYSIZE];
- byte iv [CHACHA20_POLY1305_AEAD_IV_SIZE];
- byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF};
- byte aad[] = {0xAA, 0XBB, 0xCC, 0xDD, 0xEE, 0xFF};
- byte cipherText[sizeof(plainText)];
- byte decryptedText[sizeof(plainText)];
- byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
- EVP_CIPHER_CTX* ctx = NULL;
- int outSz;
- /* Encrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
- NULL), WOLFSSL_SUCCESS);
- /* Invalid IV length. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
- CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WOLFSSL_FAILURE);
- /* Valid IV length. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
- CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
- /* Invalid tag length. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
- CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WOLFSSL_FAILURE);
- /* Valid tag length. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
- CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(aad));
- ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
- sizeof(plainText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(plainText));
- ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- /* Invalid tag length. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
- CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WOLFSSL_FAILURE);
- /* Valid tag length. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
- CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- /* Decrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
- NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
- CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
- CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(aad));
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(cipherText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- /* Test partial Inits. CipherInit() allow setting of key and iv
- * in separate calls. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20_poly1305(),
- key, NULL, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, NULL, &outSz,
- aad, sizeof(aad)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(aad));
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(cipherText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- EVP_CIPHER_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfssl_EVP_chacha20(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA)
- byte key[CHACHA_MAX_KEY_SZ];
- byte iv [WOLFSSL_EVP_CHACHA_IV_BYTES];
- byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF};
- byte cipherText[sizeof(plainText)];
- byte decryptedText[sizeof(plainText)];
- EVP_CIPHER_CTX* ctx = NULL;
- int outSz;
- XMEMSET(key, 0, sizeof(key));
- XMEMSET(iv, 0, sizeof(iv));
- /* Encrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL,
- NULL), WOLFSSL_SUCCESS);
- /* Any tag length must fail - not an AEAD cipher. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
- 16, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
- sizeof(plainText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(plainText));
- ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- /* Decrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20(), NULL, NULL,
- NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(cipherText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
- /* Test partial Inits. CipherInit() allow setting of key and iv
- * in separate calls. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20(),
- key, NULL, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(cipherText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- EVP_CIPHER_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfssl_EVP_sm4_ecb(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_ECB)
- EXPECT_DECLS;
- byte key[SM4_KEY_SIZE];
- byte plainText[SM4_BLOCK_SIZE] = {
- 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF
- };
- byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE];
- byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE];
- EVP_CIPHER_CTX* ctx;
- int outSz;
- XMEMSET(key, 0, sizeof(key));
- /* Encrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL),
- WOLFSSL_SUCCESS);
- /* Any tag length must fail - not an AEAD cipher. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
- sizeof(plainText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(plainText));
- ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, SM4_BLOCK_SIZE);
- ExpectBufNE(cipherText, plainText, sizeof(plainText));
- EVP_CIPHER_CTX_free(ctx);
- /* Decrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(plainText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- ExpectBufEQ(decryptedText, plainText, sizeof(plainText));
- EVP_CIPHER_CTX_free(ctx);
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- static int test_wolfssl_EVP_sm4_cbc(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CBC)
- EXPECT_DECLS;
- byte key[SM4_KEY_SIZE];
- byte iv[SM4_BLOCK_SIZE];
- byte plainText[SM4_BLOCK_SIZE] = {
- 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF,
- 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF
- };
- byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE];
- byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE];
- EVP_CIPHER_CTX* ctx;
- int outSz;
- XMEMSET(key, 0, sizeof(key));
- XMEMSET(iv, 0, sizeof(iv));
- /* Encrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL),
- WOLFSSL_SUCCESS);
- /* Any tag length must fail - not an AEAD cipher. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
- sizeof(plainText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(plainText));
- ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, SM4_BLOCK_SIZE);
- ExpectBufNE(cipherText, plainText, sizeof(plainText));
- EVP_CIPHER_CTX_free(ctx);
- /* Decrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(plainText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- ExpectBufEQ(decryptedText, plainText, sizeof(plainText));
- EVP_CIPHER_CTX_free(ctx);
- /* Test partial Inits. CipherInit() allow setting of key and iv
- * in separate calls. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_cbc(), key, NULL, 0),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(plainText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- ExpectBufEQ(decryptedText, plainText, sizeof(plainText));
- EVP_CIPHER_CTX_free(ctx);
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- static int test_wolfssl_EVP_sm4_ctr(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CTR)
- EXPECT_DECLS;
- byte key[SM4_KEY_SIZE];
- byte iv[SM4_BLOCK_SIZE];
- byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF};
- byte cipherText[sizeof(plainText)];
- byte decryptedText[sizeof(plainText)];
- EVP_CIPHER_CTX* ctx;
- int outSz;
- XMEMSET(key, 0, sizeof(key));
- XMEMSET(iv, 0, sizeof(iv));
- /* Encrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL),
- WOLFSSL_SUCCESS);
- /* Any tag length must fail - not an AEAD cipher. */
- ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL),
- WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
- sizeof(plainText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(plainText));
- ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- ExpectBufNE(cipherText, plainText, sizeof(plainText));
- EVP_CIPHER_CTX_free(ctx);
- /* Decrypt. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(cipherText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- ExpectBufEQ(decryptedText, plainText, sizeof(plainText));
- EVP_CIPHER_CTX_free(ctx);
- /* Test partial Inits. CipherInit() allow setting of key and iv
- * in separate calls. */
- ExpectNotNull((ctx = EVP_CIPHER_CTX_new()));
- ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_ctr(), key, NULL, 1),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
- sizeof(cipherText)), WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, sizeof(cipherText));
- ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(outSz, 0);
- ExpectBufEQ(decryptedText, plainText, sizeof(plainText));
- EVP_CIPHER_CTX_free(ctx);
- res = EXPECT_RESULT();
- #endif
- return res;
- }
- static int test_wolfssl_EVP_sm4_gcm_zeroLen(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM)
- /* Zero length plain text */
- EXPECT_DECLS;
- byte key[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- }; /* align */
- byte iv[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- }; /* align */
- byte plaintxt[1];
- int ivSz = 12;
- int plaintxtSz = 0;
- unsigned char tag[16];
- unsigned char tag_kat[16] = {
- 0x23,0x2f,0x0c,0xfe,0x30,0x8b,0x49,0xea,
- 0x6f,0xc8,0x82,0x29,0xb5,0xdc,0x85,0x8d
- };
- byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
- ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_gcm(), NULL, key, iv));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
- plaintxtSz));
- ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
- ciphertxtSz += len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag));
- ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
- ExpectIntEQ(0, ciphertxtSz);
- ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag)));
- EVP_CIPHER_CTX_init(de);
- ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_gcm(), NULL, key, iv));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
- decryptedtxtSz = len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag));
- ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
- decryptedtxtSz += len;
- ExpectIntEQ(0, decryptedtxtSz);
- EVP_CIPHER_CTX_free(en);
- EVP_CIPHER_CTX_free(de);
- res = EXPECT_RESULT();
- #endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */
- return res;
- }
- static int test_wolfssl_EVP_sm4_gcm(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM)
- EXPECT_DECLS;
- byte *key = (byte*)"0123456789012345";
- /* A 128 bit IV */
- byte *iv = (byte*)"0123456789012345";
- int ivSz = SM4_BLOCK_SIZE;
- /* Message to be encrypted */
- byte *plaintxt = (byte*)"for things to change you have to change";
- /* Additional non-confidential data */
- byte *aad = (byte*)"Don't spend major time on minor things.";
- unsigned char tag[SM4_BLOCK_SIZE] = {0};
- int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
- int aadSz = (int)XSTRLEN((char*)aad);
- byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- int i = 0;
- EVP_CIPHER_CTX en[2];
- EVP_CIPHER_CTX de[2];
- for (i = 0; i < 2; i++) {
- EVP_CIPHER_CTX_init(&en[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, key,
- iv));
- }
- else {
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, NULL,
- NULL));
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
- }
- ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt,
- plaintxtSz));
- ciphertxtSz = len;
- ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
- ciphertxtSz += len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG,
- SM4_BLOCK_SIZE, tag));
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
- EVP_CIPHER_CTX_init(&de[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, key,
- iv));
- }
- else {
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, NULL,
- NULL));
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- }
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt,
- ciphertxtSz));
- decryptedtxtSz = len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG,
- SM4_BLOCK_SIZE, tag));
- ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- decryptedtxtSz += len;
- ExpectIntEQ(ciphertxtSz, decryptedtxtSz);
- ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
- /* modify tag*/
- tag[SM4_BLOCK_SIZE-1]+=0xBB;
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG,
- SM4_BLOCK_SIZE, tag));
- /* fail due to wrong tag */
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt,
- ciphertxtSz));
- ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- ExpectIntEQ(0, len);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
- }
- res = EXPECT_RESULT();
- #endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */
- return res;
- }
- static int test_wolfssl_EVP_sm4_ccm_zeroLen(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM)
- /* Zero length plain text */
- EXPECT_DECLS;
- byte key[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- }; /* align */
- byte iv[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- }; /* align */
- byte plaintxt[1];
- int ivSz = 12;
- int plaintxtSz = 0;
- unsigned char tag[16];
- byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
- ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_ccm(), NULL, key, iv));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
- ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
- plaintxtSz));
- ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
- ciphertxtSz += len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag));
- ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
- ExpectIntEQ(0, ciphertxtSz);
- EVP_CIPHER_CTX_init(de);
- ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_ccm(), NULL, key, iv));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
- decryptedtxtSz = len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag));
- ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
- decryptedtxtSz += len;
- ExpectIntEQ(0, decryptedtxtSz);
- EVP_CIPHER_CTX_free(en);
- EVP_CIPHER_CTX_free(de);
- res = EXPECT_RESULT();
- #endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */
- return res;
- }
- static int test_wolfssl_EVP_sm4_ccm(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM)
- EXPECT_DECLS;
- byte *key = (byte*)"0123456789012345";
- byte *iv = (byte*)"0123456789012";
- int ivSz = (int)XSTRLEN((char*)iv);
- /* Message to be encrypted */
- byte *plaintxt = (byte*)"for things to change you have to change";
- /* Additional non-confidential data */
- byte *aad = (byte*)"Don't spend major time on minor things.";
- unsigned char tag[SM4_BLOCK_SIZE] = {0};
- int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
- int aadSz = (int)XSTRLEN((char*)aad);
- byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0};
- byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0};
- int ciphertxtSz = 0;
- int decryptedtxtSz = 0;
- int len = 0;
- int i = 0;
- EVP_CIPHER_CTX en[2];
- EVP_CIPHER_CTX de[2];
- for (i = 0; i < 2; i++) {
- EVP_CIPHER_CTX_init(&en[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, key,
- iv));
- }
- else {
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, NULL,
- NULL));
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
- }
- ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt,
- plaintxtSz));
- ciphertxtSz = len;
- ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
- ciphertxtSz += len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG,
- SM4_BLOCK_SIZE, tag));
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
- EVP_CIPHER_CTX_init(&de[i]);
- if (i == 0) {
- /* Default uses 96-bits IV length */
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, key,
- iv));
- }
- else {
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, NULL,
- NULL));
- /* non-default must to set the IV length first */
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN,
- ivSz, NULL));
- ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
- }
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt,
- ciphertxtSz));
- decryptedtxtSz = len;
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG,
- SM4_BLOCK_SIZE, tag));
- ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- decryptedtxtSz += len;
- ExpectIntEQ(ciphertxtSz, decryptedtxtSz);
- ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
- /* modify tag*/
- tag[SM4_BLOCK_SIZE-1]+=0xBB;
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
- ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG,
- SM4_BLOCK_SIZE, tag));
- /* fail due to wrong tag */
- ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt,
- ciphertxtSz));
- ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
- ExpectIntEQ(0, len);
- ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
- }
- res = EXPECT_RESULT();
- #endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */
- return res;
- }
- static int test_wolfSSL_EVP_PKEY_hkdf(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_HKDF)
- EVP_PKEY_CTX* ctx = NULL;
- byte salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
- byte key[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
- byte info[] = {0X01, 0x02, 0x03, 0x04, 0x05};
- byte info2[] = {0X06, 0x07, 0x08, 0x09, 0x0A};
- byte outKey[34];
- size_t outKeySz = sizeof(outKey);
- /* These expected outputs were gathered by running the same test below using
- * OpenSSL. */
- const byte extractAndExpand[] = {
- 0x8B, 0xEB, 0x90, 0xA9, 0x04, 0xFF, 0x05, 0x10, 0xE4, 0xB5, 0xB1, 0x10,
- 0x31, 0x34, 0xFF, 0x07, 0x5B, 0xE3, 0xC6, 0x93, 0xD4, 0xF8, 0xC7, 0xEE,
- 0x96, 0xDA, 0x78, 0x7A, 0xE2, 0x9A, 0x2D, 0x05, 0x4B, 0xF6
- };
- const byte extractOnly[] = {
- 0xE7, 0x6B, 0x9E, 0x0F, 0xE4, 0x02, 0x1D, 0x62, 0xEA, 0x97, 0x74, 0x5E,
- 0xF4, 0x3C, 0x65, 0x4D, 0xC1, 0x46, 0x98, 0xAA, 0x79, 0x9A, 0xCB, 0x9C,
- 0xCC, 0x3E, 0x7F, 0x2A, 0x2B, 0x41, 0xA1, 0x9E
- };
- const byte expandOnly[] = {
- 0xFF, 0x29, 0x29, 0x56, 0x9E, 0xA7, 0x66, 0x02, 0xDB, 0x4F, 0xDB, 0x53,
- 0x7D, 0x21, 0x67, 0x52, 0xC3, 0x0E, 0xF3, 0xFC, 0x71, 0xCE, 0x67, 0x2B,
- 0xEA, 0x3B, 0xE9, 0xFC, 0xDD, 0xC8, 0xCC, 0xB7, 0x42, 0x74
- };
- const byte extractAndExpandAddInfo[] = {
- 0x5A, 0x74, 0x79, 0x83, 0xA3, 0xA4, 0x2E, 0xB7, 0xD4, 0x08, 0xC2, 0x6A,
- 0x2F, 0xA5, 0xE3, 0x4E, 0xF1, 0xF4, 0x87, 0x3E, 0xA6, 0xC7, 0x88, 0x45,
- 0xD7, 0xE2, 0x15, 0xBC, 0xB8, 0x10, 0xEF, 0x6C, 0x4D, 0x7A
- };
- ExpectNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)));
- ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
- /* NULL ctx. */
- ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WOLFSSL_FAILURE);
- /* NULL md. */
- ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS);
- /* NULL ctx. */
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)),
- WOLFSSL_FAILURE);
- /* NULL salt is ok. */
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)),
- WOLFSSL_SUCCESS);
- /* Salt length <= 0. */
- /* Length 0 salt is ok. */
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)),
- WOLFSSL_SUCCESS);
- /* NULL ctx. */
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)),
- WOLFSSL_FAILURE);
- /* NULL key. */
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)),
- WOLFSSL_FAILURE);
- /* Key length <= 0 */
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)),
- WOLFSSL_SUCCESS);
- /* NULL ctx. */
- ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)),
- WOLFSSL_FAILURE);
- /* NULL info is ok. */
- ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)),
- WOLFSSL_SUCCESS);
- /* Info length <= 0 */
- /* Length 0 info is ok. */
- ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)),
- WOLFSSL_SUCCESS);
- /* NULL ctx. */
- ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
- WOLFSSL_FAILURE);
- /* Extract and expand (default). */
- ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
- ExpectIntEQ(outKeySz, sizeof(extractAndExpand));
- ExpectIntEQ(XMEMCMP(outKey, extractAndExpand, outKeySz), 0);
- /* Extract only. */
- ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
- ExpectIntEQ(outKeySz, sizeof(extractOnly));
- ExpectIntEQ(XMEMCMP(outKey, extractOnly, outKeySz), 0);
- outKeySz = sizeof(outKey);
- /* Expand only. */
- ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
- ExpectIntEQ(outKeySz, sizeof(expandOnly));
- ExpectIntEQ(XMEMCMP(outKey, expandOnly, outKeySz), 0);
- outKeySz = sizeof(outKey);
- /* Extract and expand with appended additional info. */
- ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info2, sizeof(info2)),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx,
- EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
- ExpectIntEQ(outKeySz, sizeof(extractAndExpandAddInfo));
- ExpectIntEQ(XMEMCMP(outKey, extractAndExpandAddInfo, outKeySz), 0);
- EVP_PKEY_CTX_free(ctx);
- #endif /* OPENSSL_EXTRA && HAVE_HKDF */
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_PEM_X509_INFO_read_bio(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- BIO* bio = NULL;
- X509_INFO* info = NULL;
- STACK_OF(X509_INFO)* sk = NULL;
- char* subject = NULL;
- char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/"
- "CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
- char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/"
- "CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
- ExpectNotNull(bio = BIO_new(BIO_s_file()));
- ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
- ExpectNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
- ExpectIntEQ(sk_X509_INFO_num(sk), 2);
- /* using dereference to maintain testing for Apache port*/
- ExpectNotNull(info = sk_X509_INFO_pop(sk));
- ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509),
- 0, 0));
- ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
- XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
- X509_INFO_free(info);
- info = NULL;
- ExpectNotNull(info = sk_X509_INFO_pop(sk));
- ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509),
- 0, 0));
- ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
- XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
- X509_INFO_free(info);
- ExpectNull(info = sk_X509_INFO_pop(sk));
- sk_X509_INFO_pop_free(sk, X509_INFO_free);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* !NO_BIO */
- static int test_wolfSSL_X509_NAME_ENTRY_get_object(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509 *x509 = NULL;
- X509_NAME* name = NULL;
- int idx = 0;
- X509_NAME_ENTRY *ne = NULL;
- ASN1_OBJECT *object = NULL;
- ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(name = X509_get_subject_name(x509));
- ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0);
- ExpectNotNull(ne = X509_NAME_get_entry(name, idx));
- ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne));
- X509_free(x509);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_STORE_get1_certs(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA)
- X509_STORE_CTX *storeCtx = NULL;
- X509_STORE *store = NULL;
- X509 *caX509 = NULL;
- X509 *svrX509 = NULL;
- X509_NAME *subject = NULL;
- WOLF_STACK_OF(WOLFSSL_X509) *certs = NULL;
- ExpectNotNull(caX509 = X509_load_certificate_file(caCertFile,
- SSL_FILETYPE_PEM));
- ExpectNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile,
- SSL_FILETYPE_PEM)));
- ExpectNotNull(storeCtx = X509_STORE_CTX_new());
- ExpectNotNull(store = X509_STORE_new());
- ExpectNotNull(subject = X509_get_subject_name(caX509));
- /* Errors */
- ExpectNull(X509_STORE_get1_certs(storeCtx, subject));
- ExpectNull(X509_STORE_get1_certs(NULL, subject));
- ExpectNull(X509_STORE_get1_certs(storeCtx, NULL));
- ExpectIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS);
- ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL),
- SSL_SUCCESS);
- /* Should find the cert */
- ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
- ExpectIntEQ(1, wolfSSL_sk_X509_num(certs));
- sk_X509_pop_free(certs, NULL);
- certs = NULL;
- /* Should not find the cert */
- ExpectNotNull(subject = X509_get_subject_name(svrX509));
- ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
- ExpectIntEQ(0, wolfSSL_sk_X509_num(certs));
- sk_X509_pop_free(certs, NULL);
- certs = NULL;
- X509_STORE_free(store);
- X509_STORE_CTX_free(storeCtx);
- X509_free(svrX509);
- X509_free(caX509);
- #endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_dup_CA_list(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_ALL)
- EXPECT_DECLS;
- STACK_OF(X509_NAME) *originalStack = NULL;
- STACK_OF(X509_NAME) *copyStack = NULL;
- int originalCount = 0;
- int copyCount = 0;
- X509_NAME *name = NULL;
- int i;
- originalStack = sk_X509_NAME_new_null();
- ExpectNotNull(originalStack);
- for (i = 0; i < 3; i++) {
- name = X509_NAME_new();
- ExpectNotNull(name);
- AssertIntEQ(sk_X509_NAME_push(originalStack, name), WOLFSSL_SUCCESS);
- }
- copyStack = SSL_dup_CA_list(originalStack);
- ExpectNotNull(copyStack);
- originalCount = sk_X509_NAME_num(originalStack);
- copyCount = sk_X509_NAME_num(copyStack);
- AssertIntEQ(originalCount, copyCount);
- sk_X509_NAME_pop_free(originalStack, X509_NAME_free);
- sk_X509_NAME_pop_free(copyStack, X509_NAME_free);
- originalStack = NULL;
- copyStack = NULL;
- res = EXPECT_RESULT();
- #endif /* OPENSSL_ALL */
- return res;
- }
- static int test_ForceZero(void)
- {
- EXPECT_DECLS;
- unsigned char data[32];
- unsigned int i, j, len;
- /* Test case with 0 length */
- ForceZero(data, 0);
- /* Test ForceZero */
- for (i = 0; i < sizeof(data); i++) {
- for (len = 1; len < sizeof(data) - i; len++) {
- for (j = 0; j < sizeof(data); j++)
- data[j] = j + 1;
- ForceZero(data + i, len);
- for (j = 0; j < sizeof(data); j++) {
- if (j < i || j >= i + len) {
- ExpectIntNE(data[j], 0x00);
- }
- else {
- ExpectIntEQ(data[j], 0x00);
- }
- }
- }
- }
- return EXPECT_RESULT();
- }
- #ifndef NO_BIO
- static int test_wolfSSL_X509_print(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_RSA) && defined(XSNPRINTF)
- X509 *x509 = NULL;
- BIO *bio = NULL;
- #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
- const X509_ALGOR *cert_sig_alg = NULL;
- #endif
- ExpectNotNull(x509 = X509_load_certificate_file(svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- /* print to memory */
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_print(bio, x509), SSL_SUCCESS);
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
- #if defined(WC_DISABLE_RADIX_ZERO_PAD)
- /* Will print IP address subject alt name. */
- ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3349);
- #elif defined(NO_ASN_TIME)
- /* Will print IP address subject alt name but not Validity. */
- ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3235);
- #else
- /* Will print IP address subject alt name. */
- ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3350);
- #endif
- #elif defined(NO_ASN_TIME)
- /* With NO_ASN_TIME defined, X509_print skips printing Validity. */
- ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3213);
- #else
- ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3328);
- #endif
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
- #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
- /* Print signature */
- ExpectNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
- ExpectIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
- #endif
- /* print to stderr */
- #if !defined(NO_WOLFSSL_DIR)
- ExpectIntEQ(X509_print(bio, x509), SSL_SUCCESS);
- #endif
- /* print again */
- ExpectIntEQ(X509_print_fp(stderr, x509), SSL_SUCCESS);
- X509_free(x509);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_X509_CRL_print(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL)\
- && !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
- X509_CRL* crl = NULL;
- BIO *bio = NULL;
- XFILE fp = XBADFILE;
- ExpectTrue((fp = XFOPEN("./certs/crl/crl.pem", "rb")) != XBADFILE);
- ExpectNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
- NULL, NULL));
- if (fp != XBADFILE)
- XFCLOSE(fp);
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(X509_CRL_print(bio, crl), SSL_SUCCESS);
- X509_CRL_free(crl);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_BIO_get_len(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- BIO *bio = NULL;
- const char txt[] = "Some example text to push to the BIO.";
- ExpectIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG);
- ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
- ExpectIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
- ExpectIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
- ExpectIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE);
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- #endif /* !NO_BIO */
- static int test_wolfSSL_RSA(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- RSA* rsa = NULL;
- const BIGNUM *n = NULL;
- const BIGNUM *e = NULL;
- const BIGNUM *d = NULL;
- const BIGNUM *p = NULL;
- const BIGNUM *q = NULL;
- const BIGNUM *dmp1 = NULL;
- const BIGNUM *dmq1 = NULL;
- const BIGNUM *iqmp = NULL;
- ExpectNotNull(rsa = RSA_new());
- ExpectIntEQ(RSA_size(NULL), 0);
- ExpectIntEQ(RSA_size(rsa), 0);
- ExpectIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 0);
- ExpectIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 0);
- ExpectIntEQ(RSA_set0_factors(rsa, NULL, NULL), 0);
- #ifdef WOLFSSL_RSA_KEY_CHECK
- ExpectIntEQ(RSA_check_key(rsa), 0);
- #endif
- RSA_free(rsa);
- rsa = NULL;
- ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- ExpectIntEQ(RSA_size(rsa), 256);
- #ifdef WOLFSSL_RSA_KEY_CHECK
- ExpectIntEQ(RSA_check_key(NULL), 0);
- ExpectIntEQ(RSA_check_key(rsa), 1);
- #endif
- /* sanity check */
- ExpectIntEQ(RSA_bits(NULL), 0);
- /* key */
- ExpectIntEQ(RSA_bits(rsa), 2048);
- RSA_get0_key(rsa, &n, &e, &d);
- ExpectPtrEq(rsa->n, n);
- ExpectPtrEq(rsa->e, e);
- ExpectPtrEq(rsa->d, d);
- n = NULL;
- e = NULL;
- d = NULL;
- ExpectNotNull(n = BN_new());
- ExpectNotNull(e = BN_new());
- ExpectNotNull(d = BN_new());
- ExpectIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
- if (EXPECT_FAIL()) {
- BN_free((BIGNUM*)n);
- BN_free((BIGNUM*)e);
- BN_free((BIGNUM*)d);
- }
- ExpectPtrEq(rsa->n, n);
- ExpectPtrEq(rsa->e, e);
- ExpectPtrEq(rsa->d, d);
- ExpectIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 1);
- ExpectIntEQ(RSA_set0_key(NULL, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 0);
- /* crt_params */
- RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
- ExpectPtrEq(rsa->dmp1, dmp1);
- ExpectPtrEq(rsa->dmq1, dmq1);
- ExpectPtrEq(rsa->iqmp, iqmp);
- dmp1 = NULL;
- dmq1 = NULL;
- iqmp = NULL;
- ExpectNotNull(dmp1 = BN_new());
- ExpectNotNull(dmq1 = BN_new());
- ExpectNotNull(iqmp = BN_new());
- ExpectIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1,
- (BIGNUM*)iqmp), 1);
- if (EXPECT_FAIL()) {
- BN_free((BIGNUM*)dmp1);
- BN_free((BIGNUM*)dmq1);
- BN_free((BIGNUM*)iqmp);
- }
- ExpectPtrEq(rsa->dmp1, dmp1);
- ExpectPtrEq(rsa->dmq1, dmq1);
- ExpectPtrEq(rsa->iqmp, iqmp);
- ExpectIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 1);
- ExpectIntEQ(RSA_set0_crt_params(NULL, (BIGNUM*)dmp1, (BIGNUM*)dmq1,
- (BIGNUM*)iqmp), 0);
- RSA_get0_crt_params(NULL, NULL, NULL, NULL);
- RSA_get0_crt_params(rsa, NULL, NULL, NULL);
- RSA_get0_crt_params(NULL, &dmp1, &dmq1, &iqmp);
- ExpectNull(dmp1);
- ExpectNull(dmq1);
- ExpectNull(iqmp);
- /* factors */
- RSA_get0_factors(rsa, NULL, NULL);
- RSA_get0_factors(rsa, &p, &q);
- ExpectPtrEq(rsa->p, p);
- ExpectPtrEq(rsa->q, q);
- p = NULL;
- q = NULL;
- ExpectNotNull(p = BN_new());
- ExpectNotNull(q = BN_new());
- ExpectIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1);
- if (EXPECT_FAIL()) {
- BN_free((BIGNUM*)p);
- BN_free((BIGNUM*)q);
- }
- ExpectPtrEq(rsa->p, p);
- ExpectPtrEq(rsa->q, q);
- ExpectIntEQ(RSA_set0_factors(rsa, NULL, NULL), 1);
- ExpectIntEQ(RSA_set0_factors(NULL, (BIGNUM*)p, (BIGNUM*)q), 0);
- RSA_get0_factors(NULL, NULL, NULL);
- RSA_get0_factors(NULL, &p, &q);
- ExpectNull(p);
- ExpectNull(q);
- ExpectIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
- ExpectIntEQ(RSA_bits(rsa), 21);
- RSA_free(rsa);
- rsa = NULL;
- #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
- ExpectNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
- ExpectIntEQ(RSA_size(rsa), 384);
- ExpectIntEQ(RSA_bits(rsa), 3072);
- RSA_free(rsa);
- rsa = NULL;
- #endif
- /* remove for now with odd key size until adjusting rsa key size check with
- wc_MakeRsaKey()
- ExpectNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
- RSA_free(rsa);
- rsa = NULL;
- */
- ExpectNull(RSA_generate_key(-1, 3, NULL, NULL));
- ExpectNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL));
- ExpectNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL));
- ExpectNull(RSA_generate_key(2048, 0, NULL, NULL));
- #if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
- {
- byte buff[FOURK_BUF];
- byte der[FOURK_BUF];
- const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
- XFILE f = XBADFILE;
- int bytes = 0;
- /* test loading encrypted RSA private pem w/o password */
- ExpectTrue((f = XFOPEN(PrivKeyPemFile, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- XMEMSET(der, 0, sizeof(der));
- /* test that error value is returned with no password */
- ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""),
- 0);
- }
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_DER(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && defined(OPENSSL_EXTRA)
- RSA *rsa = NULL;
- int i;
- const unsigned char *buff = NULL;
- unsigned char *newBuff = NULL;
- struct tbl_s
- {
- const unsigned char *der;
- int sz;
- } tbl[] = {
- #ifdef USE_CERT_BUFFERS_1024
- {client_key_der_1024, sizeof_client_key_der_1024},
- {server_key_der_1024, sizeof_server_key_der_1024},
- #endif
- #ifdef USE_CERT_BUFFERS_2048
- {client_key_der_2048, sizeof_client_key_der_2048},
- {server_key_der_2048, sizeof_server_key_der_2048},
- #endif
- {NULL, 0}
- };
- /* Public Key DER */
- struct tbl_s pub[] = {
- #ifdef USE_CERT_BUFFERS_1024
- {client_keypub_der_1024, sizeof_client_keypub_der_1024},
- #endif
- #ifdef USE_CERT_BUFFERS_2048
- {client_keypub_der_2048, sizeof_client_keypub_der_2048},
- #endif
- {NULL, 0}
- };
- ExpectNull(d2i_RSAPublicKey(&rsa, NULL, pub[0].sz));
- buff = pub[0].der;
- ExpectNull(d2i_RSAPublicKey(&rsa, &buff, 1));
- ExpectNull(d2i_RSAPrivateKey(&rsa, NULL, tbl[0].sz));
- buff = tbl[0].der;
- ExpectNull(d2i_RSAPrivateKey(&rsa, &buff, 1));
- ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), BAD_FUNC_ARG);
- rsa = RSA_new();
- ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), 0);
- RSA_free(rsa);
- rsa = NULL;
- for (i = 0; tbl[i].der != NULL; i++)
- {
- /* Passing in pointer results in pointer moving. */
- buff = tbl[i].der;
- ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, tbl[i].sz));
- ExpectNotNull(rsa);
- RSA_free(rsa);
- rsa = NULL;
- }
- for (i = 0; tbl[i].der != NULL; i++)
- {
- /* Passing in pointer results in pointer moving. */
- buff = tbl[i].der;
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &buff, tbl[i].sz));
- ExpectNotNull(rsa);
- RSA_free(rsa);
- rsa = NULL;
- }
- for (i = 0; pub[i].der != NULL; i++)
- {
- buff = pub[i].der;
- ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, pub[i].sz));
- ExpectNotNull(rsa);
- ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
- newBuff = NULL;
- ExpectIntEQ(i2d_RSAPublicKey(rsa, &newBuff), pub[i].sz);
- ExpectNotNull(newBuff);
- ExpectIntEQ(XMEMCMP((void *)newBuff, (void *)pub[i].der, pub[i].sz), 0);
- XFREE((void *)newBuff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- RSA_free(rsa);
- rsa = NULL;
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_print(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_STDIO_FILESYSTEM) && \
- !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- !defined(NO_BIO) && defined(XFPRINTF)
- BIO *bio = NULL;
- WOLFSSL_RSA* rsa = NULL;
- ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
- ExpectNotNull(rsa = RSA_new());
- ExpectIntEQ(RSA_print(NULL, rsa, 0), -1);
- ExpectIntEQ(RSA_print_fp(XBADFILE, rsa, 0), 0);
- ExpectIntEQ(RSA_print(bio, NULL, 0), -1);
- ExpectIntEQ(RSA_print_fp(stderr, NULL, 0), 0);
- /* Some very large number of indent spaces. */
- ExpectIntEQ(RSA_print(bio, rsa, 128), -1);
- /* RSA is empty. */
- ExpectIntEQ(RSA_print(bio, rsa, 0), 0);
- ExpectIntEQ(RSA_print_fp(stderr, rsa, 0), 0);
- RSA_free(rsa);
- rsa = NULL;
- ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- ExpectIntEQ(RSA_print(bio, rsa, 0), 1);
- ExpectIntEQ(RSA_print(bio, rsa, 4), 1);
- ExpectIntEQ(RSA_print(bio, rsa, -1), 1);
- ExpectIntEQ(RSA_print_fp(stderr, rsa, 0), 1);
- ExpectIntEQ(RSA_print_fp(stderr, rsa, 4), 1);
- ExpectIntEQ(RSA_print_fp(stderr, rsa, -1), 1);
- BIO_free(bio);
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
- {
- EXPECT_DECLS;
- #ifndef NO_RSA
- #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- RSA *rsa = NULL;
- const unsigned char *derBuf = client_key_der_2048;
- unsigned char em[256] = {0}; /* len = 2048/8 */
- /* Random data simulating a hash */
- const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
- 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
- 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
- 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
- };
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(NULL, em, mHash, EVP_sha256(),
- RSA_PSS_SALTLEN_DIGEST), 0);
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, NULL, mHash, EVP_sha256(),
- RSA_PSS_SALTLEN_DIGEST), 0);
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, NULL, EVP_sha256(),
- RSA_PSS_SALTLEN_DIGEST), 0);
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, NULL,
- RSA_PSS_SALTLEN_DIGEST), 0);
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -5), 0);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(NULL, mHash, EVP_sha256(), em,
- RSA_PSS_SALTLEN_MAX_SIGN), 0);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, NULL, EVP_sha256(), em,
- RSA_PSS_SALTLEN_MAX_SIGN), 0);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, NULL, em,
- RSA_PSS_SALTLEN_MAX_SIGN), 0);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), NULL,
- RSA_PSS_SALTLEN_MAX_SIGN), 0);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
- RSA_PSS_SALTLEN_MAX_SIGN), 0);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -5), 0);
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
- RSA_PSS_SALTLEN_DIGEST), 1);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
- RSA_PSS_SALTLEN_DIGEST), 1);
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
- RSA_PSS_SALTLEN_MAX_SIGN), 1);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
- RSA_PSS_SALTLEN_MAX_SIGN), 1);
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
- RSA_PSS_SALTLEN_MAX), 1);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
- RSA_PSS_SALTLEN_MAX), 1);
- ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), 10), 1);
- ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, 10), 1);
- RSA_free(rsa);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_sign_sha3(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
- #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
- RSA* rsa = NULL;
- const unsigned char *derBuf = client_key_der_2048;
- unsigned char sigRet[256] = {0};
- unsigned int sigLen = sizeof(sigRet);
- /* Random data simulating a hash */
- const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = {
- 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
- 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
- 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
- };
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
- ExpectIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet, &sigLen,
- rsa), 1);
- RSA_free(rsa);
- #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
- #endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_get0_key(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA *rsa = NULL;
- const BIGNUM* n = NULL;
- const BIGNUM* e = NULL;
- const BIGNUM* d = NULL;
- const unsigned char* der;
- int derSz;
- #ifdef USE_CERT_BUFFERS_1024
- der = client_key_der_1024;
- derSz = sizeof_client_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- der = client_key_der_2048;
- derSz = sizeof_client_key_der_2048;
- #else
- der = NULL;
- derSz = 0;
- #endif
- if (der != NULL) {
- RSA_get0_key(NULL, NULL, NULL, NULL);
- RSA_get0_key(rsa, NULL, NULL, NULL);
- RSA_get0_key(NULL, &n, &e, &d);
- ExpectNull(n);
- ExpectNull(e);
- ExpectNull(d);
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
- ExpectNotNull(rsa);
- RSA_get0_key(rsa, NULL, NULL, NULL);
- RSA_get0_key(rsa, &n, NULL, NULL);
- ExpectNotNull(n);
- RSA_get0_key(rsa, NULL, &e, NULL);
- ExpectNotNull(e);
- RSA_get0_key(rsa, NULL, NULL, &d);
- ExpectNotNull(d);
- RSA_get0_key(rsa, &n, &e, &d);
- ExpectNotNull(n);
- ExpectNotNull(e);
- ExpectNotNull(d);
- RSA_free(rsa);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_meth(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA *rsa = NULL;
- RSA_METHOD *rsa_meth = NULL;
- #ifdef WOLFSSL_KEY_GEN
- ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- RSA_free(rsa);
- rsa = NULL;
- #else
- ExpectNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
- #endif
- ExpectNotNull(RSA_get_default_method());
- wolfSSL_RSA_meth_free(NULL);
- ExpectNull(wolfSSL_RSA_meth_new(NULL, 0));
- ExpectNotNull(rsa_meth = RSA_meth_new("placeholder RSA method",
- RSA_METHOD_FLAG_NO_CHECK));
- #ifndef NO_WOLFSSL_STUB
- ExpectIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
- ExpectIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
- ExpectIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
- ExpectIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
- ExpectIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
- ExpectIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
- ExpectIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
- #endif
- ExpectIntEQ(RSA_flags(NULL), 0);
- RSA_set_flags(NULL, RSA_FLAG_CACHE_PUBLIC);
- RSA_clear_flags(NULL, RSA_FLAG_CACHE_PUBLIC);
- ExpectIntEQ(RSA_test_flags(NULL, RSA_FLAG_CACHE_PUBLIC), 0);
- ExpectNotNull(rsa = RSA_new());
- /* No method set. */
- ExpectIntEQ(RSA_flags(rsa), 0);
- RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
- RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
- ExpectIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
- ExpectIntEQ(RSA_set_method(NULL, rsa_meth), 1);
- ExpectIntEQ(RSA_set_method(rsa, rsa_meth), 1);
- if (EXPECT_FAIL()) {
- wolfSSL_RSA_meth_free(rsa_meth);
- }
- ExpectNull(RSA_get_method(NULL));
- ExpectPtrEq(RSA_get_method(rsa), rsa_meth);
- ExpectIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
- RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
- ExpectIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
- ExpectIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC |
- RSA_METHOD_FLAG_NO_CHECK);
- RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
- ExpectIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
- ExpectIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
- /* rsa_meth is freed here */
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_verify(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
- #ifndef NO_BIO
- XFILE fp = XBADFILE;
- RSA *pKey = NULL;
- RSA *pubKey = NULL;
- X509 *cert = NULL;
- const char *text = "Hello wolfSSL !";
- unsigned char hash[SHA256_DIGEST_LENGTH];
- unsigned char signature[2048/8];
- unsigned int signatureLength;
- byte *buf = NULL;
- BIO *bio = NULL;
- SHA256_CTX c;
- EVP_PKEY *evpPkey = NULL;
- EVP_PKEY *evpPubkey = NULL;
- size_t sz;
- /* generate hash */
- SHA256_Init(&c);
- SHA256_Update(&c, text, strlen(text));
- SHA256_Final(hash, &c);
- #ifdef WOLFSSL_SMALL_STACK_CACHE
- /* workaround for small stack cache case */
- wc_Sha256Free((wc_Sha256*)&c);
- #endif
- /* read privete key file */
- ExpectTrue((fp = XFOPEN(svrKeyFile, "rb")) != XBADFILE);
- ExpectIntEQ(XFSEEK(fp, 0, XSEEK_END), 0);
- ExpectTrue((sz = XFTELL(fp)) > 0);
- ExpectIntEQ(XFSEEK(fp, 0, XSEEK_SET), 0);
- ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
- ExpectIntEQ(XFREAD(buf, 1, sz, fp), sz);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- /* read private key and sign hash data */
- ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
- ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
- ExpectNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
- ExpectIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
- signature, &signatureLength, pKey), SSL_SUCCESS);
- /* read public key and verify signed data */
- ExpectTrue((fp = XFOPEN(svrCertFile,"rb")) != XBADFILE);
- ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
- if (fp != XBADFILE)
- XFCLOSE(fp);
- ExpectNotNull(evpPubkey = X509_get_pubkey(cert));
- ExpectNotNull(pubKey = EVP_PKEY_get1_RSA(evpPubkey));
- ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
- signatureLength, pubKey), SSL_SUCCESS);
- ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL,
- signatureLength, NULL), SSL_FAILURE);
- ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature,
- signatureLength, pubKey), SSL_FAILURE);
- ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL,
- signatureLength, pubKey), SSL_FAILURE);
- ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
- signatureLength, NULL), SSL_FAILURE);
- RSA_free(pKey);
- EVP_PKEY_free(evpPkey);
- RSA_free(pubKey);
- EVP_PKEY_free(evpPubkey);
- X509_free(cert);
- BIO_free(bio);
- XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_sign(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA *rsa;
- unsigned char hash[SHA256_DIGEST_LENGTH];
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- const unsigned char* pubDer = client_keypub_der_1024;
- size_t pubDerSz = sizeof_client_keypub_der_1024;
- unsigned char signature[1024/8];
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- const unsigned char* pubDer = client_keypub_der_2048;
- size_t pubDerSz = sizeof_client_keypub_der_2048;
- unsigned char signature[2048/8];
- #endif
- unsigned int signatureLen;
- const unsigned char* der;
- XMEMSET(hash, 0, sizeof(hash));
- der = privDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
- /* Invalid parameters. */
- ExpectIntEQ(RSA_sign(NID_rsaEncryption, NULL, 0, NULL, NULL, NULL), 0);
- ExpectIntEQ(RSA_sign(NID_rsaEncryption, hash, sizeof(hash), signature,
- &signatureLen, rsa), 0);
- ExpectIntEQ(RSA_sign(NID_sha256, NULL, sizeof(hash), signature,
- &signatureLen, rsa), 0);
- ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), NULL,
- &signatureLen, rsa), 0);
- ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
- NULL, rsa), 0);
- ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
- &signatureLen, NULL), 0);
- ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
- &signatureLen, rsa), 1);
- RSA_free(rsa);
- der = pubDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
- ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
- signatureLen, rsa), 1);
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_sign_ex(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA *rsa = NULL;
- unsigned char hash[SHA256_DIGEST_LENGTH];
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- const unsigned char* pubDer = client_keypub_der_1024;
- size_t pubDerSz = sizeof_client_keypub_der_1024;
- unsigned char signature[1024/8];
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- const unsigned char* pubDer = client_keypub_der_2048;
- size_t pubDerSz = sizeof_client_keypub_der_2048;
- unsigned char signature[2048/8];
- #endif
- unsigned int signatureLen;
- const unsigned char* der;
- unsigned char encodedHash[51];
- unsigned int encodedHashLen;
- const unsigned char expEncHash[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20,
- /* Hash data */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- };
- XMEMSET(hash, 0, sizeof(hash));
- ExpectNotNull(rsa = wolfSSL_RSA_new());
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
- &signatureLen, rsa, 1), 0);
- wolfSSL_RSA_free(rsa);
- der = privDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption,NULL, 0, NULL, NULL, NULL,
- -1), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption, hash, sizeof(hash),
- signature, &signatureLen, rsa, 1), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature,
- &signatureLen, rsa, 1), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL,
- &signatureLen, rsa, 1), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
- NULL, rsa, 1), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
- &signatureLen, NULL, 1), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
- &signatureLen, rsa, -1), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature,
- &signatureLen, rsa, 0), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL,
- &signatureLen, rsa, 0), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
- NULL, rsa, 0), 0);
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
- &signatureLen, rsa, 1), 1);
- /* Test returning encoded hash. */
- ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), encodedHash,
- &encodedHashLen, rsa, 0), 1);
- ExpectIntEQ(encodedHashLen, sizeof(expEncHash));
- ExpectIntEQ(XMEMCMP(encodedHash, expEncHash, sizeof(expEncHash)), 0);
- RSA_free(rsa);
- der = pubDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
- ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
- signatureLen, rsa), 1);
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_public_decrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA *rsa;
- unsigned char msg[SHA256_DIGEST_LENGTH];
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* pubDer = client_keypub_der_1024;
- size_t pubDerSz = sizeof_client_keypub_der_1024;
- unsigned char decMsg[1024/8];
- const unsigned char encMsg[] = {
- 0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36,
- 0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54,
- 0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa,
- 0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a,
- 0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7,
- 0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81,
- 0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7,
- 0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde,
- 0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d,
- 0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f,
- 0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a,
- 0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8,
- 0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1,
- 0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8,
- 0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39,
- 0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43
- };
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
- defined(WC_RSA_NO_PADDING)
- const unsigned char encMsgNoPad[] = {
- 0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6,
- 0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc,
- 0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62,
- 0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee,
- 0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43,
- 0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06,
- 0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1,
- 0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4,
- 0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89,
- 0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54,
- 0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7,
- 0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d,
- 0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba,
- 0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f,
- 0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2,
- 0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31
- };
- #endif
- #else
- const unsigned char* pubDer = client_keypub_der_2048;
- size_t pubDerSz = sizeof_client_keypub_der_2048;
- unsigned char decMsg[2048/8];
- const unsigned char encMsg[] = {
- 0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34,
- 0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5,
- 0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31,
- 0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e,
- 0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24,
- 0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce,
- 0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb,
- 0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3,
- 0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac,
- 0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0,
- 0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44,
- 0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f,
- 0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32,
- 0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4,
- 0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b,
- 0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70,
- 0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b,
- 0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9,
- 0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96,
- 0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0,
- 0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb,
- 0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d,
- 0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61,
- 0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b,
- 0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81,
- 0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80,
- 0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5,
- 0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7,
- 0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0,
- 0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79,
- 0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34,
- 0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8
- };
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
- defined(WC_RSA_NO_PADDING)
- const unsigned char encMsgNoPad[] = {
- 0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91,
- 0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c,
- 0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1,
- 0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea,
- 0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde,
- 0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00,
- 0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca,
- 0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50,
- 0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50,
- 0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce,
- 0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b,
- 0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e,
- 0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5,
- 0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b,
- 0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93,
- 0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd,
- 0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89,
- 0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f,
- 0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13,
- 0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c,
- 0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17,
- 0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f,
- 0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70,
- 0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed,
- 0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e,
- 0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12,
- 0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc,
- 0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f,
- 0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a,
- 0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03,
- 0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5,
- 0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1
- };
- #endif
- #endif
- const unsigned char* der;
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
- defined(WC_RSA_NO_PADDING)
- int i;
- #endif
- XMEMSET(msg, 0, sizeof(msg));
- der = pubDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
- ExpectIntEQ(RSA_public_decrypt(0, NULL, NULL, NULL, 0), -1);
- ExpectIntEQ(RSA_public_decrypt(-1, encMsg, decMsg, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), NULL, decMsg, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, NULL, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, NULL,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa,
- RSA_PKCS1_PSS_PADDING), -1);
- ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa,
- RSA_PKCS1_PADDING), 32);
- ExpectIntEQ(XMEMCMP(decMsg, msg, sizeof(msg)), 0);
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
- defined(WC_RSA_NO_PADDING)
- ExpectIntEQ(RSA_public_decrypt(sizeof(encMsgNoPad), encMsgNoPad, decMsg,
- rsa, RSA_NO_PADDING), sizeof(decMsg));
- /* Zeros before actual data. */
- for (i = 0; i < (int)(sizeof(decMsg) - sizeof(msg)); i += sizeof(msg)) {
- ExpectIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0);
- }
- /* Check actual data. */
- XMEMSET(msg, 0x01, sizeof(msg));
- ExpectIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0);
- #endif
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_private_encrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA *rsa;
- unsigned char msg[SHA256_DIGEST_LENGTH];
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- unsigned char encMsg[1024/8];
- const unsigned char expEncMsg[] = {
- 0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36,
- 0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54,
- 0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa,
- 0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a,
- 0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7,
- 0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81,
- 0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7,
- 0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde,
- 0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d,
- 0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f,
- 0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a,
- 0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8,
- 0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1,
- 0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8,
- 0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39,
- 0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43
- };
- #ifdef WC_RSA_NO_PADDING
- const unsigned char expEncMsgNoPad[] = {
- 0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6,
- 0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc,
- 0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62,
- 0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee,
- 0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43,
- 0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06,
- 0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1,
- 0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4,
- 0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89,
- 0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54,
- 0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7,
- 0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d,
- 0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba,
- 0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f,
- 0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2,
- 0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31
- };
- #endif
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- unsigned char encMsg[2048/8];
- const unsigned char expEncMsg[] = {
- 0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34,
- 0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5,
- 0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31,
- 0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e,
- 0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24,
- 0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce,
- 0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb,
- 0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3,
- 0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac,
- 0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0,
- 0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44,
- 0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f,
- 0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32,
- 0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4,
- 0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b,
- 0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70,
- 0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b,
- 0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9,
- 0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96,
- 0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0,
- 0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb,
- 0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d,
- 0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61,
- 0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b,
- 0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81,
- 0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80,
- 0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5,
- 0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7,
- 0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0,
- 0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79,
- 0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34,
- 0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8
- };
- #ifdef WC_RSA_NO_PADDING
- const unsigned char expEncMsgNoPad[] = {
- 0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91,
- 0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c,
- 0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1,
- 0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea,
- 0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde,
- 0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00,
- 0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca,
- 0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50,
- 0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50,
- 0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce,
- 0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b,
- 0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e,
- 0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5,
- 0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b,
- 0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93,
- 0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd,
- 0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89,
- 0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f,
- 0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13,
- 0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c,
- 0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17,
- 0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f,
- 0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70,
- 0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed,
- 0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e,
- 0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12,
- 0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc,
- 0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f,
- 0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a,
- 0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03,
- 0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5,
- 0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1
- };
- #endif
- #endif
- const unsigned char* der;
- XMEMSET(msg, 0x00, sizeof(msg));
- der = privDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
- ExpectIntEQ(RSA_private_encrypt(0, NULL, NULL, NULL, 0), -1);
- ExpectIntEQ(RSA_private_encrypt(0, msg, encMsg, rsa, RSA_PKCS1_PADDING),
- -1);
- ExpectIntEQ(RSA_private_encrypt(sizeof(msg), NULL, encMsg, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, NULL, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, NULL,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
- RSA_PKCS1_PSS_PADDING), -1);
- ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
- RSA_PKCS1_PADDING), sizeof(encMsg));
- ExpectIntEQ(XMEMCMP(encMsg, expEncMsg, sizeof(expEncMsg)), 0);
- #ifdef WC_RSA_NO_PADDING
- /* Non-zero message. */
- XMEMSET(msg, 0x01, sizeof(msg));
- ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
- RSA_NO_PADDING), sizeof(encMsg));
- ExpectIntEQ(XMEMCMP(encMsg, expEncMsgNoPad, sizeof(expEncMsgNoPad)), 0);
- #endif
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_public_encrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA* rsa = NULL;
- const unsigned char msg[2048/8] = { 0 };
- unsigned char encMsg[2048/8];
- ExpectNotNull(rsa = RSA_new());
- ExpectIntEQ(RSA_public_encrypt(-1, msg, encMsg, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_public_encrypt(sizeof(msg), NULL, encMsg, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, NULL, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, NULL,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa,
- RSA_PKCS1_PSS_PADDING), -1);
- /* Empty RSA key. */
- ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa,
- RSA_PKCS1_PADDING), -1);
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_private_decrypt(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA* rsa = NULL;
- unsigned char msg[2048/8];
- const unsigned char encMsg[2048/8] = { 0 };
- ExpectNotNull(rsa = RSA_new());
- ExpectIntEQ(RSA_private_decrypt(-1, encMsg, msg, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), NULL, msg, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, NULL, rsa,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, NULL,
- RSA_PKCS1_PADDING), -1);
- ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa,
- RSA_PKCS1_PSS_PADDING), -1);
- /* Empty RSA key. */
- ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa,
- RSA_PKCS1_PADDING), -1);
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_GenAdd(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA *rsa;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- const unsigned char* pubDer = client_keypub_der_1024;
- size_t pubDerSz = sizeof_client_keypub_der_1024;
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- const unsigned char* pubDer = client_keypub_der_2048;
- size_t pubDerSz = sizeof_client_keypub_der_2048;
- #endif
- const unsigned char* der;
- der = privDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
- ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1);
- #ifndef RSA_LOW_MEM
- ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1);
- #else
- /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */
- ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
- #endif
- RSA_free(rsa);
- der = pubDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
- /* Need private values. */
- ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_blinding_on(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_STUB)
- RSA *rsa;
- WOLFSSL_BN_CTX *bnCtx = NULL;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- #endif
- const unsigned char* der;
- der = privDer;
- rsa = NULL;
- ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
- ExpectNotNull(bnCtx = wolfSSL_BN_CTX_new());
- /* Does nothing so all parameters are valid. */
- ExpectIntEQ(wolfSSL_RSA_blinding_on(NULL, NULL), 1);
- ExpectIntEQ(wolfSSL_RSA_blinding_on(rsa, NULL), 1);
- ExpectIntEQ(wolfSSL_RSA_blinding_on(NULL, bnCtx), 1);
- ExpectIntEQ(wolfSSL_RSA_blinding_on(rsa, bnCtx), 1);
- wolfSSL_BN_CTX_free(bnCtx);
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_ex_data(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(OPENSSL_EXTRA)
- RSA* rsa = NULL;
- unsigned char data[1];
- ExpectNotNull(rsa = RSA_new());
- ExpectNull(wolfSSL_RSA_get_ex_data(NULL, 0));
- ExpectNull(wolfSSL_RSA_get_ex_data(rsa, 0));
- #ifdef MAX_EX_DATA
- ExpectNull(wolfSSL_RSA_get_ex_data(rsa, MAX_EX_DATA));
- ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, MAX_EX_DATA, data), 0);
- #endif
- ExpectIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, NULL), 0);
- ExpectIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, data), 0);
- #ifdef HAVE_EX_DATA
- ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 1);
- ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 1);
- ExpectPtrEq(wolfSSL_RSA_get_ex_data(rsa, 0), data);
- #else
- ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 0);
- ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 0);
- ExpectNull(wolfSSL_RSA_get_ex_data(rsa, 0));
- #endif
- RSA_free(rsa);
- #endif /* !NO_RSA && OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_RSA_LoadDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- RSA *rsa = NULL;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- #endif
- ExpectNotNull(rsa = RSA_new());
- ExpectIntEQ(wolfSSL_RSA_LoadDer(NULL, privDer, (int)privDerSz), -1);
- ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, NULL, (int)privDerSz), -1);
- ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, 0), -1);
- ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, (int)privDerSz), 1);
- RSA_free(rsa);
- #endif /* !NO_RSA && OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- /* Local API. */
- static int test_wolfSSL_RSA_To_Der(void)
- {
- EXPECT_DECLS;
- #ifdef WOLFSSL_TEST_STATIC_BUILD
- #if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA) && !defined(NO_RSA)
- RSA* rsa;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- const unsigned char* pubDer = client_keypub_der_1024;
- size_t pubDerSz = sizeof_client_keypub_der_1024;
- unsigned char out[sizeof(client_key_der_1024)];
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- const unsigned char* pubDer = client_keypub_der_2048;
- size_t pubDerSz = sizeof_client_keypub_der_2048;
- unsigned char out[sizeof(client_key_der_2048)];
- #endif
- const unsigned char* der;
- unsigned char* outDer = NULL;
- der = privDer;
- rsa = NULL;
- ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
- ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz);
- outDer = out;
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz);
- ExpectIntEQ(XMEMCMP(out, privDer, privDerSz), 0);
- outDer = NULL;
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz);
- ExpectNotNull(outDer);
- ExpectIntEQ(XMEMCMP(outDer, privDer, privDerSz), 0);
- XFREE(outDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 1, HEAP_HINT), pubDerSz);
- outDer = out;
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), pubDerSz);
- ExpectIntEQ(XMEMCMP(out, pubDer, pubDerSz), 0);
- RSA_free(rsa);
- ExpectNotNull(rsa = RSA_new());
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), BAD_FUNC_ARG);
- RSA_free(rsa);
- der = pubDer;
- rsa = NULL;
- ExpectNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz));
- ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG);
- RSA_free(rsa);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- /* wolfSSL_PEM_read_RSAPublicKey is a stub function. */
- static int test_wolfSSL_PEM_read_RSAPublicKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
- XFILE file = XBADFILE;
- const char* fname = "./certs/server-keyPub.pem";
- RSA *rsa = NULL;
- ExpectNull(wolfSSL_PEM_read_RSAPublicKey(XBADFILE, NULL, NULL, NULL));
- ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
- ExpectNotNull(rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL));
- ExpectIntEQ(RSA_size(rsa), 256);
- RSA_free(rsa);
- if (file != XBADFILE)
- XFCLOSE(file);
- #endif
- return EXPECT_RESULT();
- }
- /* wolfSSL_PEM_read_RSAPublicKey is a stub function. */
- static int test_wolfSSL_PEM_write_RSA_PUBKEY(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
- defined(WOLFSSL_KEY_GEN)
- RSA* rsa = NULL;
- ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0);
- ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, NULL), 0);
- /* Valid but stub so returns 0. */
- ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, rsa), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_write_RSAPrivateKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
- (defined(WOLFSSL_PEM_TO_DER) || \
- defined(WOLFSSL_DER_TO_PEM)) && !defined(NO_FILESYSTEM)
- RSA* rsa = NULL;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- #endif
- const unsigned char* der;
- #ifndef NO_AES
- unsigned char passwd[] = "password";
- #endif
- ExpectNotNull(rsa = RSA_new());
- ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0,
- NULL, NULL), 0);
- RSA_free(rsa);
- der = privDer;
- rsa = NULL;
- ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
- ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0,
- NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0,
- NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0,
- NULL, NULL), 1);
- #ifndef NO_AES
- ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(),
- NULL, 0, NULL, NULL), 1);
- ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(),
- passwd, sizeof(passwd) - 1, NULL, NULL), 1);
- #endif
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
- (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
- RSA* rsa = NULL;
- #ifdef USE_CERT_BUFFERS_1024
- const unsigned char* privDer = client_key_der_1024;
- size_t privDerSz = sizeof_client_key_der_1024;
- #else
- const unsigned char* privDer = client_key_der_2048;
- size_t privDerSz = sizeof_client_key_der_2048;
- #endif
- const unsigned char* der;
- #ifndef NO_AES
- unsigned char passwd[] = "password";
- #endif
- unsigned char* pem = NULL;
- int plen;
- ExpectNotNull(rsa = RSA_new());
- ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
- &plen), 0);
- RSA_free(rsa);
- der = privDer;
- rsa = NULL;
- ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
- ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(NULL, NULL, NULL, 0, &pem,
- &plen), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, NULL,
- &plen), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
- NULL), 0);
- ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
- &plen), 1);
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- pem = NULL;
- #ifndef NO_AES
- ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(),
- NULL, 0, &pem, &plen), 1);
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- pem = NULL;
- ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(),
- passwd, sizeof(passwd) - 1, &pem, &plen), 1);
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- #endif
- RSA_free(rsa);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DH(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
- DH *dh = NULL;
- BIGNUM* p;
- BIGNUM* q;
- BIGNUM* g;
- BIGNUM* pub = NULL;
- BIGNUM* priv = NULL;
- #if defined(OPENSSL_ALL)
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- FILE* f = NULL;
- unsigned char buf[268];
- const unsigned char* pt = buf;
- long len = 0;
- dh = NULL;
- XMEMSET(buf, 0, sizeof(buf));
- /* Test 2048 bit parameters */
- ExpectTrue((f = XFOPEN("./certs/dh2048.der", "rb")) != XBADFILE);
- ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNotNull(dh = d2i_DHparams(NULL, &pt, len));
- ExpectNotNull(dh->p);
- ExpectNotNull(dh->g);
- ExpectTrue(pt == buf);
- ExpectIntEQ(DH_generate_key(dh), 1);
- ExpectIntEQ(DH_generate_key(dh), 1);
- ExpectIntEQ(DH_compute_key(NULL, NULL, NULL), -1);
- ExpectNotNull(pub = BN_new());
- ExpectIntEQ(BN_set_word(pub, 1), 1);
- ExpectIntEQ(DH_compute_key(buf, NULL, NULL), -1);
- ExpectIntEQ(DH_compute_key(NULL, pub, NULL), -1);
- ExpectIntEQ(DH_compute_key(NULL, NULL, dh), -1);
- ExpectIntEQ(DH_compute_key(buf, pub, NULL), -1);
- ExpectIntEQ(DH_compute_key(buf, NULL, dh), -1);
- ExpectIntEQ(DH_compute_key(NULL, pub, dh), -1);
- ExpectIntEQ(DH_compute_key(buf, pub, dh), -1);
- BN_free(pub);
- pub = NULL;
- DH_get0_pqg(dh, (const BIGNUM**)&p,
- (const BIGNUM**)&q,
- (const BIGNUM**)&g);
- ExpectPtrEq(p, dh->p);
- ExpectPtrEq(q, dh->q);
- ExpectPtrEq(g, dh->g);
- DH_get0_key(NULL, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
- DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
- ExpectPtrEq(pub, dh->pub_key);
- ExpectPtrEq(priv, dh->priv_key);
- DH_get0_key(dh, (const BIGNUM**)&pub, NULL);
- ExpectPtrEq(pub, dh->pub_key);
- DH_get0_key(dh, NULL, (const BIGNUM**)&priv);
- ExpectPtrEq(priv, dh->priv_key);
- pub = NULL;
- priv = NULL;
- ExpectNotNull(pub = BN_new());
- ExpectNotNull(priv = BN_new());
- ExpectIntEQ(DH_set0_key(NULL, pub, priv), 0);
- ExpectIntEQ(DH_set0_key(dh, pub, priv), 1);
- if (EXPECT_FAIL()) {
- BN_free(pub);
- BN_free(priv);
- }
- pub = NULL;
- priv = NULL;
- ExpectNotNull(pub = BN_new());
- ExpectIntEQ(DH_set0_key(dh, pub, NULL), 1);
- if (EXPECT_FAIL()) {
- BN_free(pub);
- }
- ExpectNotNull(priv = BN_new());
- ExpectIntEQ(DH_set0_key(dh, NULL, priv), 1);
- if (EXPECT_FAIL()) {
- BN_free(priv);
- }
- ExpectPtrEq(pub, dh->pub_key);
- ExpectPtrEq(priv, dh->priv_key);
- pub = NULL;
- priv = NULL;
- DH_free(dh);
- dh = NULL;
- ExpectNotNull(dh = DH_new());
- p = NULL;
- ExpectNotNull(p = BN_new());
- ExpectIntEQ(BN_set_word(p, 1), 1);
- ExpectIntEQ(DH_compute_key(buf, p, dh), -1);
- ExpectNotNull(pub = BN_new());
- ExpectNotNull(priv = BN_new());
- ExpectIntEQ(DH_set0_key(dh, pub, priv), 1);
- if (EXPECT_FAIL()) {
- BN_free(pub);
- BN_free(priv);
- }
- pub = NULL;
- priv = NULL;
- ExpectIntEQ(DH_compute_key(buf, p, dh), -1);
- BN_free(p);
- p = NULL;
- DH_free(dh);
- dh = NULL;
- #ifdef WOLFSSL_KEY_GEN
- ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
- ExpectIntEQ(wolfSSL_DH_generate_parameters_ex(NULL, 2048, 2, NULL), 0);
- DH_free(dh);
- dh = NULL;
- #endif
- #endif /* !HAVE_FIPS || (HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2) */
- #endif /* OPENSSL_ALL */
- (void)dh;
- (void)p;
- (void)q;
- (void)g;
- (void)pub;
- (void)priv;
- ExpectNotNull(dh = wolfSSL_DH_new());
- /* invalid parameters test */
- DH_get0_pqg(NULL, (const BIGNUM**)&p,
- (const BIGNUM**)&q,
- (const BIGNUM**)&g);
- DH_get0_pqg(dh, NULL,
- (const BIGNUM**)&q,
- (const BIGNUM**)&g);
- DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g);
- DH_get0_pqg(dh, NULL, NULL, NULL);
- DH_get0_pqg(dh, (const BIGNUM**)&p,
- (const BIGNUM**)&q,
- (const BIGNUM**)&g);
- ExpectPtrEq(p, NULL);
- ExpectPtrEq(q, NULL);
- ExpectPtrEq(g, NULL);
- DH_free(dh);
- dh = NULL;
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \
- || (defined(HAVE_FIPS_VERSION) && FIPS_VERSION_GT(2,0))
- #if defined(OPENSSL_ALL) || \
- defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
- dh = wolfSSL_DH_new();
- ExpectNotNull(dh);
- p = wolfSSL_BN_new();
- ExpectNotNull(p);
- ExpectIntEQ(BN_set_word(p, 11), 1);
- g = wolfSSL_BN_new();
- ExpectNotNull(g);
- ExpectIntEQ(BN_set_word(g, 2), 1);
- q = wolfSSL_BN_new();
- ExpectNotNull(q);
- ExpectIntEQ(BN_set_word(q, 5), 1);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, p, NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, q, NULL), 0);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, g), 0);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, p, q, g), 0);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, g), 0);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, NULL), 0);
- /* Don't need q. */
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
- if (EXPECT_FAIL()) {
- BN_free(p);
- BN_free(g);
- }
- p = NULL;
- g = NULL;
- /* Setting again will free the p and g. */
- wolfSSL_BN_free(q);
- q = NULL;
- DH_free(dh);
- dh = NULL;
- dh = wolfSSL_DH_new();
- ExpectNotNull(dh);
- p = wolfSSL_BN_new();
- ExpectNotNull(p);
- ExpectIntEQ(BN_set_word(p, 11), 1);
- g = wolfSSL_BN_new();
- ExpectNotNull(g);
- ExpectIntEQ(BN_set_word(g, 2), 1);
- q = wolfSSL_BN_new();
- ExpectNotNull(q);
- ExpectIntEQ(BN_set_word(q, 5), 1);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, g), 1);
- /* p, q and g are now owned by dh - don't free. */
- if (EXPECT_FAIL()) {
- BN_free(p);
- BN_free(q);
- BN_free(g);
- }
- p = NULL;
- q = NULL;
- g = NULL;
- p = wolfSSL_BN_new();
- ExpectNotNull(p);
- ExpectIntEQ(BN_set_word(p, 11), 1);
- g = wolfSSL_BN_new();
- ExpectNotNull(g);
- ExpectIntEQ(BN_set_word(g, 2), 1);
- q = wolfSSL_BN_new();
- ExpectNotNull(q);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, NULL), 1);
- if (EXPECT_FAIL()) {
- BN_free(p);
- }
- p = NULL;
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, NULL), 1);
- if (EXPECT_FAIL()) {
- BN_free(q);
- }
- q = NULL;
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, g), 1);
- if (EXPECT_FAIL()) {
- BN_free(g);
- }
- g = NULL;
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 1);
- /* p, q and g are now owned by dh - don't free. */
- DH_free(dh);
- dh = NULL;
- ExpectIntEQ(DH_generate_key(NULL), 0);
- ExpectNotNull(dh = DH_new());
- ExpectIntEQ(DH_generate_key(dh), 0);
- p = wolfSSL_BN_new();
- ExpectNotNull(p);
- ExpectIntEQ(BN_set_word(p, 0), 1);
- g = wolfSSL_BN_new();
- ExpectNotNull(g);
- ExpectIntEQ(BN_set_word(g, 2), 1);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
- if (EXPECT_FAIL()) {
- BN_free(p);
- BN_free(g);
- }
- p = NULL;
- g = NULL;
- ExpectIntEQ(DH_generate_key(dh), 0);
- DH_free(dh);
- dh = NULL;
- #endif
- #endif
- /* Test DH_up_ref() */
- dh = wolfSSL_DH_new();
- ExpectNotNull(dh);
- ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS);
- DH_free(dh); /* decrease ref count */
- DH_free(dh); /* free WOLFSSL_DH */
- dh = NULL;
- q = NULL;
- ExpectNull((dh = DH_new_by_nid(NID_sha1)));
- #if (defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && \
- FIPS_VERSION_EQ(2,0))) || (!defined(HAVE_PUBLIC_FFDHE) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)))
- #ifdef HAVE_FFDHE_2048
- ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe2048)));
- DH_free(dh);
- dh = NULL;
- q = NULL;
- #endif
- #ifdef HAVE_FFDHE_3072
- ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe3072)));
- DH_free(dh);
- dh = NULL;
- q = NULL;
- #endif
- #ifdef HAVE_FFDHE_4096
- ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe4096)));
- DH_free(dh);
- dh = NULL;
- q = NULL;
- #endif
- #else
- ExpectNull((dh = DH_new_by_nid(NID_ffdhe2048)));
- #endif /* (HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2)) ||
- * (!HAVE_PUBLIC_FFDHE && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2))*/
- ExpectIntEQ(wolfSSL_DH_size(NULL), -1);
- #endif /* OPENSSL_EXTRA && !NO_DH */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DH_dup(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
- #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
- defined(OPENSSL_EXTRA)
- DH *dh = NULL;
- DH *dhDup = NULL;
- ExpectNotNull(dh = wolfSSL_DH_new());
- ExpectNull(dhDup = wolfSSL_DH_dup(NULL));
- ExpectNull(dhDup = wolfSSL_DH_dup(dh));
- #if defined(OPENSSL_ALL) || \
- defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
- {
- WOLFSSL_BIGNUM* p = NULL;
- WOLFSSL_BIGNUM* g = NULL;
- ExpectNotNull(p = wolfSSL_BN_new());
- ExpectNotNull(g = wolfSSL_BN_new());
- ExpectIntEQ(wolfSSL_BN_set_word(p, 11), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_BN_set_word(g, 2), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
- if (EXPECT_FAIL()) {
- wolfSSL_BN_free(p);
- wolfSSL_BN_free(g);
- }
- ExpectNotNull(dhDup = wolfSSL_DH_dup(dh));
- wolfSSL_DH_free(dhDup);
- }
- #endif
- wolfSSL_DH_free(dh);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DH_check(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_ALL
- #ifndef NO_DH
- #ifndef NO_BIO
- #ifndef NO_DSA
- byte buf[6000];
- char file[] = "./certs/dsaparams.pem";
- XFILE f = XBADFILE;
- int bytes;
- BIO* bio = NULL;
- DSA* dsa = NULL;
- #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
- static const byte dh2048[] = {
- 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13,
- 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5,
- 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a,
- 0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53,
- 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
- 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1,
- 0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91,
- 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66,
- 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9,
- 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e,
- 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d,
- 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d,
- 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75,
- 0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa,
- 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93,
- 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c,
- 0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35,
- 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
- 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76,
- 0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62,
- 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0,
- 0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40,
- 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a,
- 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4,
- 0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4,
- 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90,
- 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58,
- 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f,
- 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6,
- 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67,
- 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
- 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f,
- 0x93, 0x02, 0x01, 0x02
- };
- const byte* params;
- #endif
- DH* dh = NULL;
- WOLFSSL_BIGNUM* p = NULL;
- WOLFSSL_BIGNUM* g = NULL;
- WOLFSSL_BIGNUM* pTmp = NULL;
- WOLFSSL_BIGNUM* gTmp = NULL;
- int codes = -1;
- #ifndef NO_DSA
- /* Initialize DH */
- ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
- ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
- if (f != XBADFILE)
- XFCLOSE(f);
- ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
- ExpectNotNull(dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL));
- ExpectNotNull(dh = wolfSSL_DSA_dup_DH(dsa));
- ExpectNotNull(dh);
- BIO_free(bio);
- DSA_free(dsa);
- #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
- params = dh2048;
- ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, ¶ms,
- (long)sizeof(dh2048)));
- #else
- ExpectNotNull(dh = wolfSSL_DH_new_by_nid(NID_ffdhe2048));
- #endif
- /* Test assumed to be valid dh.
- * Should return WOLFSSL_SUCCESS
- * codes should be 0
- * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
- */
- ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
- ExpectIntEQ(codes, 0);
- /* Test NULL dh: expected BAD_FUNC_ARG */
- ExpectIntEQ(wolfSSL_DH_check(NULL, &codes), 0);
- /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
- if (dh != NULL) {
- pTmp = dh->p;
- dh->p = NULL;
- }
- ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
- ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
- ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME);
- /* set dh->p back to normal so it won't fail on next tests */
- if (dh != NULL) {
- dh->p = pTmp;
- pTmp = NULL;
- }
- /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
- if (dh != NULL) {
- gTmp = dh->g;
- dh->g = NULL;
- }
- ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
- ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
- ExpectIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
- if (dh != NULL) {
- dh->g = gTmp;
- gTmp = NULL;
- }
- /* Cleanup */
- DH_free(dh);
- dh = NULL;
- dh = DH_new();
- ExpectNotNull(dh);
- /* Check empty DH. */
- ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
- ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
- ExpectIntEQ(codes, DH_NOT_SUITABLE_GENERATOR | DH_CHECK_P_NOT_PRIME);
- /* Check non-prime valued p. */
- ExpectNotNull(p = BN_new());
- ExpectIntEQ(BN_set_word(p, 4), 1);
- ExpectNotNull(g = BN_new());
- ExpectIntEQ(BN_set_word(g, 2), 1);
- ExpectIntEQ(DH_set0_pqg(dh, p, NULL, g), 1);
- if (EXPECT_FAIL()) {
- wolfSSL_BN_free(p);
- wolfSSL_BN_free(g);
- }
- ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
- ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
- ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME);
- DH_free(dh);
- dh = NULL;
- #endif
- #endif /* !NO_DH && !NO_DSA */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DH_prime(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
- WOLFSSL_BIGNUM* bn = NULL;
- #if WOLFSSL_MAX_BN_BITS >= 768
- WOLFSSL_BIGNUM* bn2 = NULL;
- #endif
- bn = wolfSSL_DH_768_prime(NULL);
- #if WOLFSSL_MAX_BN_BITS >= 768
- ExpectNotNull(bn);
- bn2 = wolfSSL_DH_768_prime(bn);
- ExpectNotNull(bn2);
- ExpectTrue(bn == bn2);
- wolfSSL_BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(bn);
- #endif
- bn = wolfSSL_DH_1024_prime(NULL);
- #if WOLFSSL_MAX_BN_BITS >= 1024
- ExpectNotNull(bn);
- wolfSSL_BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(bn);
- #endif
- bn = wolfSSL_DH_2048_prime(NULL);
- #if WOLFSSL_MAX_BN_BITS >= 2048
- ExpectNotNull(bn);
- wolfSSL_BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(bn);
- #endif
- bn = wolfSSL_DH_3072_prime(NULL);
- #if WOLFSSL_MAX_BN_BITS >= 3072
- ExpectNotNull(bn);
- wolfSSL_BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(bn);
- #endif
- bn = wolfSSL_DH_4096_prime(NULL);
- #if WOLFSSL_MAX_BN_BITS >= 4096
- ExpectNotNull(bn);
- wolfSSL_BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(bn);
- #endif
- bn = wolfSSL_DH_6144_prime(NULL);
- #if WOLFSSL_MAX_BN_BITS >= 6144
- ExpectNotNull(bn);
- wolfSSL_BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(bn);
- #endif
- bn = wolfSSL_DH_8192_prime(NULL);
- #if WOLFSSL_MAX_BN_BITS >= 8192
- ExpectNotNull(bn);
- wolfSSL_BN_free(bn);
- bn = NULL;
- #else
- ExpectNull(bn);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DH_1536_prime(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
- BIGNUM* bn = NULL;
- unsigned char bits[200];
- int sz = 192; /* known binary size */
- const byte expected[] = {
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
- 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
- 0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
- 0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
- 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
- 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
- 0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
- 0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
- 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
- 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
- 0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
- 0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
- 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
- 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- ExpectNotNull(bn = get_rfc3526_prime_1536(NULL));
- ExpectIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
- ExpectIntEQ(0, XMEMCMP(expected, bits, sz));
- BN_free(bn);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DH_get_2048_256(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
- WOLFSSL_DH* dh = NULL;
- const WOLFSSL_BIGNUM* pBn;
- const WOLFSSL_BIGNUM* gBn;
- const WOLFSSL_BIGNUM* qBn;
- const byte pExpected[] = {
- 0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C,
- 0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
- 0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1,
- 0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
- 0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D,
- 0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
- 0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72,
- 0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
- 0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E,
- 0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
- 0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1,
- 0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
- 0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77,
- 0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
- 0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83,
- 0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
- 0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A,
- 0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
- 0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30,
- 0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
- 0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9,
- 0x1E, 0x1A, 0x15, 0x97
- };
- const byte gExpected[] = {
- 0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66,
- 0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
- 0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50,
- 0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
- 0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF,
- 0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
- 0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31,
- 0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
- 0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2,
- 0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
- 0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2,
- 0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
- 0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85,
- 0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
- 0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2,
- 0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
- 0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37,
- 0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
- 0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84,
- 0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
- 0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F,
- 0x6C, 0xC4, 0x16, 0x59
- };
- const byte qExpected[] = {
- 0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97, 0xB4, 0x47, 0x99, 0x76,
- 0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
- 0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
- };
- int pSz = 0;
- int qSz = 0;
- int gSz = 0;
- byte* pReturned = NULL;
- byte* qReturned = NULL;
- byte* gReturned = NULL;
- ExpectNotNull((dh = wolfSSL_DH_get_2048_256()));
- wolfSSL_DH_get0_pqg(dh, &pBn, &qBn, &gBn);
- ExpectIntGT((pSz = wolfSSL_BN_num_bytes(pBn)), 0);
- ExpectNotNull(pReturned = (byte*)XMALLOC(pSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntGT((pSz = wolfSSL_BN_bn2bin(pBn, pReturned)), 0);
- ExpectIntEQ(pSz, sizeof(pExpected));
- ExpectIntEQ(XMEMCMP(pExpected, pReturned, pSz), 0);
- ExpectIntGT((qSz = wolfSSL_BN_num_bytes(qBn)), 0);
- ExpectNotNull(qReturned = (byte*)XMALLOC(qSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntGT((qSz = wolfSSL_BN_bn2bin(qBn, qReturned)), 0);
- ExpectIntEQ(qSz, sizeof(qExpected));
- ExpectIntEQ(XMEMCMP(qExpected, qReturned, qSz), 0);
- ExpectIntGT((gSz = wolfSSL_BN_num_bytes(gBn)), 0);
- ExpectNotNull(gReturned = (byte*)XMALLOC(gSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntGT((gSz = wolfSSL_BN_bn2bin(gBn, gReturned)), 0);
- ExpectIntEQ(gSz, sizeof(gExpected));
- ExpectIntEQ(XMEMCMP(gExpected, gReturned, gSz), 0);
- wolfSSL_DH_free(dh);
- XFREE(pReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(gReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(qReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_write_DHparams(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
- !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
- DH* dh = NULL;
- BIO* bio = NULL;
- XFILE fp = XBADFILE;
- byte pem[2048];
- int pemSz = 0;
- const char expected[] =
- "-----BEGIN DH PARAMETERS-----\n"
- "MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n"
- "v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n"
- "nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n"
- "joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n"
- "wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n"
- "tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n"
- "-----END DH PARAMETERS-----\n";
- const char badPem[] =
- "-----BEGIN DH PARAMETERS-----\n"
- "-----END DH PARAMETERS-----\n";
- const char emptySeqPem[] =
- "-----BEGIN DH PARAMETERS-----\n"
- "MAA=\n"
- "-----END DH PARAMETERS-----\n";
- ExpectTrue((fp = XFOPEN(dhParamFile, "rb")) != XBADFILE);
- ExpectIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- ExpectNull(PEM_read_bio_DHparams(NULL, NULL, NULL, NULL));
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
- ExpectIntEQ(BIO_write(bio, badPem, (int)sizeof(badPem)),
- (int)sizeof(badPem));
- ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
- ExpectIntEQ(BIO_write(bio, emptySeqPem, (int)sizeof(emptySeqPem)),
- (int)sizeof(emptySeqPem));
- ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(bio = BIO_new(BIO_s_mem()));
- ExpectIntEQ(BIO_write(bio, pem, pemSz), pemSz);
- ExpectNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- ExpectNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
- ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
- ExpectIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
- DH_free(dh);
- dh = NULL;
- dh = wolfSSL_DH_new();
- ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_FAILURE);
- if (fp != XBADFILE) {
- XFCLOSE(fp);
- fp = XBADFILE;
- }
- wolfSSL_DH_free(dh);
- dh = NULL;
- /* check results */
- XMEMSET(pem, 0, sizeof(pem));
- ExpectTrue((fp = XFOPEN("./test-write-dhparams.pem", "rb")) != XBADFILE);
- ExpectIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
- ExpectIntEQ(XMEMCMP(pem, expected, pemSz), 0);
- if (fp != XBADFILE)
- XFCLOSE(fp);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_d2i_DHparams(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_ALL
- #if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- XFILE f = XBADFILE;
- unsigned char buf[4096];
- const unsigned char* pt = buf;
- #ifdef HAVE_FFDHE_2048
- const char* params1 = "./certs/dh2048.der";
- #endif
- #ifdef HAVE_FFDHE_3072
- const char* params2 = "./certs/dh3072.der";
- #endif
- long len = 0;
- WOLFSSL_DH* dh = NULL;
- XMEMSET(buf, 0, sizeof(buf));
- /* Test 2048 bit parameters */
- #ifdef HAVE_FFDHE_2048
- ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE);
- ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- /* Valid case */
- ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- ExpectNotNull(dh->p);
- ExpectNotNull(dh->g);
- ExpectTrue(pt == buf);
- ExpectIntEQ(DH_set_length(NULL, BN_num_bits(dh->p)), 0);
- ExpectIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), 1);
- ExpectIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
- /* Invalid cases */
- ExpectNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
- ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
- ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));
- DH_free(dh);
- dh = NULL;
- *buf = 0;
- pt = buf;
- #endif /* HAVE_FFDHE_2048 */
- /* Test 3072 bit parameters */
- #ifdef HAVE_FFDHE_3072
- ExpectTrue((f = XFOPEN(params2, "rb")) != XBADFILE);
- ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- /* Valid case */
- ExpectNotNull(dh = wolfSSL_d2i_DHparams(&dh, &pt, len));
- ExpectNotNull(dh->p);
- ExpectNotNull(dh->g);
- ExpectTrue(pt != buf);
- ExpectIntEQ(DH_generate_key(dh), 1);
- /* Invalid cases */
- ExpectNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
- ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
- DH_free(dh);
- dh = NULL;
- #endif /* HAVE_FFDHE_3072 */
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* !NO_DH */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_DH_LoadDer(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) && \
- defined(OPENSSL_EXTRA)
- static const byte dh2048[] = {
- 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13,
- 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5,
- 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a,
- 0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53,
- 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
- 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1,
- 0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91,
- 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66,
- 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9,
- 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e,
- 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d,
- 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d,
- 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75,
- 0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa,
- 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93,
- 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c,
- 0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35,
- 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
- 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76,
- 0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62,
- 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0,
- 0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40,
- 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a,
- 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4,
- 0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4,
- 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90,
- 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58,
- 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f,
- 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6,
- 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67,
- 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
- 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f,
- 0x93, 0x02, 0x01, 0x02
- };
- WOLFSSL_DH* dh = NULL;
- ExpectNotNull(dh = wolfSSL_DH_new());
- ExpectIntEQ(wolfSSL_DH_LoadDer(NULL, NULL, 0), -1);
- ExpectIntEQ(wolfSSL_DH_LoadDer(dh, NULL, 0), -1);
- ExpectIntEQ(wolfSSL_DH_LoadDer(NULL, dh2048, sizeof(dh2048)), -1);
- ExpectIntEQ(wolfSSL_DH_LoadDer(dh, dh2048, sizeof(dh2048)), 1);
- wolfSSL_DH_free(dh);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_i2d_DHparams(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_ALL
- #if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- XFILE f = XBADFILE;
- unsigned char buf[4096];
- const unsigned char* pt;
- unsigned char* pt2;
- #ifdef HAVE_FFDHE_2048
- const char* params1 = "./certs/dh2048.der";
- #endif
- #ifdef HAVE_FFDHE_3072
- const char* params2 = "./certs/dh3072.der";
- #endif
- long len = 0;
- WOLFSSL_DH* dh = NULL;
- /* Test 2048 bit parameters */
- #ifdef HAVE_FFDHE_2048
- pt = buf;
- pt2 = buf;
- ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE);
- ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- /* Valid case */
- ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- ExpectTrue(pt == buf);
- ExpectIntEQ(DH_generate_key(dh), 1);
- ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);
- /* Invalid case */
- ExpectIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
- /* Return length only */
- ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);
- DH_free(dh);
- dh = NULL;
- *buf = 0;
- #endif
- /* Test 3072 bit parameters */
- #ifdef HAVE_FFDHE_3072
- pt = buf;
- pt2 = buf;
- ExpectTrue((f = XFOPEN(params2, "rb")) != XBADFILE);
- ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
- if (f != XBADFILE) {
- XFCLOSE(f);
- f = XBADFILE;
- }
- /* Valid case */
- ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
- ExpectTrue(pt == buf);
- ExpectIntEQ(DH_generate_key(dh), 1);
- ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);
- /* Invalid case */
- ExpectIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
- /* Return length only */
- ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);
- DH_free(dh);
- dh = NULL;
- #endif
- dh = DH_new();
- ExpectNotNull(dh);
- pt2 = buf;
- ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 0);
- DH_free(dh);
- dh = NULL;
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* !NO_DH && (HAVE_FFDHE_2048 || HAVE_FFDHE_3072) */
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
- /*----------------------------------------------------------------------------*
- | EC
- *----------------------------------------------------------------------------*/
- static int test_wolfSSL_EC_GROUP(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- EC_GROUP *group = NULL;
- EC_GROUP *group2 = NULL;
- EC_GROUP *group3 = NULL;
- #ifndef HAVE_ECC_BRAINPOOL
- EC_GROUP *group4 = NULL;
- #endif
- WOLFSSL_BIGNUM* order = NULL;
- int group_bits;
- int i;
- static const int knownEccNids[] = {
- NID_X9_62_prime192v1,
- NID_X9_62_prime192v2,
- NID_X9_62_prime192v3,
- NID_X9_62_prime239v1,
- NID_X9_62_prime239v2,
- NID_X9_62_prime239v3,
- NID_X9_62_prime256v1,
- NID_secp112r1,
- NID_secp112r2,
- NID_secp128r1,
- NID_secp128r2,
- NID_secp160r1,
- NID_secp160r2,
- NID_secp224r1,
- NID_secp384r1,
- NID_secp521r1,
- NID_secp160k1,
- NID_secp192k1,
- NID_secp224k1,
- NID_secp256k1,
- NID_brainpoolP160r1,
- NID_brainpoolP192r1,
- NID_brainpoolP224r1,
- NID_brainpoolP256r1,
- NID_brainpoolP320r1,
- NID_brainpoolP384r1,
- NID_brainpoolP512r1,
- };
- int knowEccNidsLen = (int)(sizeof(knownEccNids) / sizeof(*knownEccNids));
- static const int knownEccEnums[] = {
- ECC_SECP192R1,
- ECC_PRIME192V2,
- ECC_PRIME192V3,
- ECC_PRIME239V1,
- ECC_PRIME239V2,
- ECC_PRIME239V3,
- ECC_SECP256R1,
- ECC_SECP112R1,
- ECC_SECP112R2,
- ECC_SECP128R1,
- ECC_SECP128R2,
- ECC_SECP160R1,
- ECC_SECP160R2,
- ECC_SECP224R1,
- ECC_SECP384R1,
- ECC_SECP521R1,
- ECC_SECP160K1,
- ECC_SECP192K1,
- ECC_SECP224K1,
- ECC_SECP256K1,
- ECC_BRAINPOOLP160R1,
- ECC_BRAINPOOLP192R1,
- ECC_BRAINPOOLP224R1,
- ECC_BRAINPOOLP256R1,
- ECC_BRAINPOOLP320R1,
- ECC_BRAINPOOLP384R1,
- ECC_BRAINPOOLP512R1,
- };
- int knowEccEnumsLen = (int)(sizeof(knownEccEnums) / sizeof(*knownEccEnums));
- ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectNotNull(group2 = EC_GROUP_dup(group));
- ExpectNotNull(group3 = wolfSSL_EC_GROUP_new_by_curve_name(NID_secp384r1));
- #ifndef HAVE_ECC_BRAINPOOL
- ExpectNotNull(group4 = wolfSSL_EC_GROUP_new_by_curve_name(
- NID_brainpoolP256r1));
- #endif
- ExpectNull(EC_GROUP_dup(NULL));
- ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(NULL), 0);
- ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
- ExpectIntEQ((group_bits = EC_GROUP_order_bits(NULL)), 0);
- ExpectIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
- #ifndef HAVE_ECC_BRAINPOOL
- ExpectIntEQ((group_bits = EC_GROUP_order_bits(group4)), 0);
- #endif
- ExpectIntEQ(wolfSSL_EC_GROUP_get_degree(NULL), 0);
- ExpectIntEQ(wolfSSL_EC_GROUP_get_degree(group), 256);
- ExpectNotNull(order = BN_new());
- ExpectIntEQ(wolfSSL_EC_GROUP_get_order(NULL, NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_EC_GROUP_get_order(group, NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_EC_GROUP_get_order(NULL, order, NULL), 0);
- ExpectIntEQ(wolfSSL_EC_GROUP_get_order(group, order, NULL), 1);
- wolfSSL_BN_free(order);
- ExpectNotNull(EC_GROUP_method_of(group));
- ExpectIntEQ(EC_METHOD_get_field_type(NULL), 0);
- ExpectIntEQ(EC_METHOD_get_field_type(EC_GROUP_method_of(group)),
- NID_X9_62_prime_field);
- ExpectIntEQ(wolfSSL_EC_GROUP_cmp(NULL, NULL, NULL), -1);
- ExpectIntEQ(wolfSSL_EC_GROUP_cmp(group, NULL, NULL), -1);
- ExpectIntEQ(wolfSSL_EC_GROUP_cmp(NULL, group, NULL), -1);
- ExpectIntEQ(wolfSSL_EC_GROUP_cmp(group, group3, NULL), 1);
- #ifndef NO_WOLFSSL_STUB
- wolfSSL_EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
- #endif
- #ifndef HAVE_ECC_BRAINPOOL
- EC_GROUP_free(group4);
- #endif
- EC_GROUP_free(group3);
- EC_GROUP_free(group2);
- EC_GROUP_free(group);
- for (i = 0; i < knowEccNidsLen; i++) {
- group = NULL;
- ExpectNotNull(group = EC_GROUP_new_by_curve_name(knownEccNids[i]));
- ExpectIntGT(wolfSSL_EC_GROUP_get_degree(group), 0);
- EC_GROUP_free(group);
- }
- for (i = 0; i < knowEccEnumsLen; i++) {
- group = NULL;
- ExpectNotNull(group = EC_GROUP_new_by_curve_name(knownEccEnums[i]));
- ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), knownEccNids[i]);
- EC_GROUP_free(group);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_PEM_read_bio_ECPKParameters(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- EC_GROUP *group = NULL;
- BIO* bio = NULL;
- #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
- ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP)
- EC_GROUP *ret = NULL;
- static char ec_nc_p384[] = "-----BEGIN EC PARAMETERS-----\n"
- "BgUrgQQAIg==\n"
- "-----END EC PARAMETERS-----";
- #endif
- static char ec_nc_bad_1[] = "-----BEGIN EC PARAMETERS-----\n"
- "MAA=\n"
- "-----END EC PARAMETERS-----";
- static char ec_nc_bad_2[] = "-----BEGIN EC PARAMETERS-----\n"
- "BgA=\n"
- "-----END EC PARAMETERS-----";
- static char ec_nc_bad_3[] = "-----BEGIN EC PARAMETERS-----\n"
- "BgE=\n"
- "-----END EC PARAMETERS-----";
- static char ec_nc_bad_4[] = "-----BEGIN EC PARAMETERS-----\n"
- "BgE*\n"
- "-----END EC PARAMETERS-----";
- /* Test that first parameter, bio, being NULL fails. */
- ExpectNull(PEM_read_bio_ECPKParameters(NULL, NULL, NULL, NULL));
- /* Test that reading named parameters works. */
- ExpectNotNull(bio = BIO_new(BIO_s_file()));
- ExpectIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
- ExpectNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
- ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
- BIO_free(bio);
- bio = NULL;
- EC_GROUP_free(group);
- group = NULL;
- #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
- ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP)
- /* Test that reusing group works. */
- ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384,
- sizeof(ec_nc_p384)));
- ExpectNotNull(group = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL));
- ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1);
- BIO_free(bio);
- bio = NULL;
- EC_GROUP_free(group);
- group = NULL;
- /* Test that returning through group works. */
- ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384,
- sizeof(ec_nc_p384)));
- ExpectNotNull(ret = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL));
- ExpectIntEQ(group == ret, 1);
- ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1);
- BIO_free(bio);
- bio = NULL;
- EC_GROUP_free(group);
- group = NULL;
- #endif
- /* Test 0x30, 0x00 (not and object id) fails. */
- ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_1,
- sizeof(ec_nc_bad_1)));
- ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- /* Test 0x06, 0x00 (empty object id) fails. */
- ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_2,
- sizeof(ec_nc_bad_2)));
- ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- /* Test 0x06, 0x01 (badly formed object id) fails. */
- ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_3,
- sizeof(ec_nc_bad_3)));
- ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
- BIO_free(bio);
- bio = NULL;
- /* Test invalid PEM encoding - invalid character. */
- ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_4,
- sizeof(ec_nc_bad_4)));
- ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
- BIO_free(bio);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_POINT(void)
- {
- EXPECT_DECLS;
- #if !defined(WOLFSSL_SP_MATH) && \
- (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
- #ifdef OPENSSL_EXTRA
- BN_CTX* ctx = NULL;
- EC_GROUP* group = NULL;
- #ifndef HAVE_ECC_BRAINPOOL
- EC_GROUP* group2 = NULL;
- #endif
- EC_POINT* Gxy = NULL;
- EC_POINT* new_point = NULL;
- EC_POINT* set_point = NULL;
- EC_POINT* infinity = NULL;
- BIGNUM* k = NULL;
- BIGNUM* Gx = NULL;
- BIGNUM* Gy = NULL;
- BIGNUM* Gz = NULL;
- BIGNUM* X = NULL;
- BIGNUM* Y = NULL;
- BIGNUM* set_point_bn = NULL;
- char* hexStr = NULL;
- const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD"
- "17AF381913FF7A96314EA47055EA0FD0";
- /* NISTP256R1 Gx/Gy */
- const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F2"
- "77037D812DEB33A0F4A13945D898C296";
- const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
- "2BCE33576B315ECECBB6406837BF51F5";
- #ifndef HAVE_SELFTEST
- EC_POINT *tmp = NULL;
- size_t bin_len;
- unsigned int blen = 0;
- unsigned char* buf = NULL;
- unsigned char bufInf[1] = { 0x00 };
- const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F2"
- "77037D812DEB33A0F4A13945D898C296"
- "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
- "2BCE33576B315ECECBB6406837BF51F5";
- const unsigned char binUncompG[] = {
- 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
- 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
- 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
- 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
- 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
- 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
- };
- const unsigned char binUncompGBad[] = {
- 0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
- 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
- 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
- 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
- 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
- 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
- };
- const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F2"
- "77037D812DEB33A0F4A13945D898C296";
- #ifdef HAVE_COMP_KEY
- const unsigned char binCompG[] = {
- 0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
- 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
- 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
- };
- #endif
- #endif
- ExpectNotNull(ctx = BN_CTX_new());
- ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
- #ifndef HAVE_ECC_BRAINPOOL
- /* Used to make groups curve_idx == -1. */
- ExpectNotNull(group2 = EC_GROUP_new_by_curve_name(NID_brainpoolP256r1));
- #endif
- ExpectNull(EC_POINT_new(NULL));
- ExpectNotNull(Gxy = EC_POINT_new(group));
- ExpectNotNull(new_point = EC_POINT_new(group));
- ExpectNotNull(set_point = EC_POINT_new(group));
- ExpectNotNull(X = BN_new());
- ExpectNotNull(Y = BN_new());
- ExpectNotNull(set_point_bn = BN_new());
- ExpectNotNull(infinity = EC_POINT_new(group));
- /* load test values */
- ExpectIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS);
- ExpectIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS);
- ExpectIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS);
- ExpectIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS);
- /* populate coordinates for input point */
- if (Gxy != NULL) {
- Gxy->X = Gx;
- Gxy->Y = Gy;
- Gxy->Z = Gz;
- }
- /* Test handling of NULL point. */
- EC_POINT_clear_free(NULL);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
- NULL, NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL,
- NULL, NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy,
- NULL, NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
- X, NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
- NULL, Y, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy,
- X, Y, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL,
- X, Y, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy,
- NULL, Y, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy,
- X, NULL, ctx), 0);
- /* Getting point at infinity returns an error. */
- ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, infinity,
- X, Y, ctx), 0);
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, NULL, ctx), 0);
- ExpectIntEQ(EC_POINT_add(group, NULL, NULL, NULL, ctx), 0);
- ExpectIntEQ(EC_POINT_add(NULL, new_point, NULL, NULL, ctx), 0);
- ExpectIntEQ(EC_POINT_add(NULL, NULL, new_point, NULL, ctx), 0);
- ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, Gxy, ctx), 0);
- ExpectIntEQ(EC_POINT_add(NULL, new_point, new_point, Gxy, ctx), 0);
- ExpectIntEQ(EC_POINT_add(group, NULL, new_point, Gxy, ctx), 0);
- ExpectIntEQ(EC_POINT_add(group, new_point, NULL, Gxy, ctx), 0);
- ExpectIntEQ(EC_POINT_add(group, new_point, new_point, NULL, ctx), 0);
- ExpectIntEQ(EC_POINT_mul(NULL, NULL, Gx, Gxy, k, ctx), 0);
- ExpectIntEQ(EC_POINT_mul(NULL, new_point, Gx, Gxy, k, ctx), 0);
- ExpectIntEQ(EC_POINT_mul(group, NULL, Gx, Gxy, k, ctx), 0);
- ExpectIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), 1);
- /* perform point multiplication */
- ExpectIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), 1);
- ExpectIntEQ(BN_is_zero(new_point->X), 0);
- ExpectIntEQ(BN_is_zero(new_point->Y), 0);
- ExpectIntEQ(BN_is_zero(new_point->Z), 0);
- ExpectIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), 1);
- ExpectIntEQ(BN_is_zero(new_point->X), 0);
- ExpectIntEQ(BN_is_zero(new_point->Y), 0);
- ExpectIntEQ(BN_is_zero(new_point->Z), 0);
- ExpectIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), 1);
- ExpectIntEQ(BN_is_zero(new_point->X), 0);
- ExpectIntEQ(BN_is_zero(new_point->Y), 0);
- ExpectIntEQ(BN_is_zero(new_point->Z), 0);
- ExpectIntEQ(EC_POINT_mul(group, new_point, NULL, NULL, NULL, ctx), 1);
- ExpectIntEQ(BN_is_zero(new_point->X), 1);
- ExpectIntEQ(BN_is_zero(new_point->Y), 1);
- ExpectIntEQ(BN_is_zero(new_point->Z), 1);
- /* Set point to something. */
- ExpectIntEQ(EC_POINT_add(group, new_point, Gxy, Gxy, ctx), 1);
- #else
- ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy,
- ctx), 1);
- ExpectIntEQ(BN_is_zero(new_point->X), 0);
- ExpectIntEQ(BN_is_zero(new_point->Y), 0);
- ExpectIntEQ(BN_is_zero(new_point->Z), 0);
- #endif
- /* check if point X coordinate is zero */
- ExpectIntEQ(BN_is_zero(new_point->X), 0);
- #if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- ExpectIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
- #endif
- /* extract the coordinates from point */
- ExpectIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y,
- ctx), WOLFSSL_SUCCESS);
- /* check if point X coordinate is zero */
- ExpectIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
- /* set the same X and Y points in another object */
- ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y,
- ctx), WOLFSSL_SUCCESS);
- /* compare points as they should be the same */
- ExpectIntEQ(EC_POINT_cmp(NULL, NULL, NULL, ctx), -1);
- ExpectIntEQ(EC_POINT_cmp(group, NULL, NULL, ctx), -1);
- ExpectIntEQ(EC_POINT_cmp(NULL, new_point, NULL, ctx), -1);
- ExpectIntEQ(EC_POINT_cmp(NULL, NULL, set_point, ctx), -1);
- ExpectIntEQ(EC_POINT_cmp(NULL, new_point, set_point, ctx), -1);
- ExpectIntEQ(EC_POINT_cmp(group, NULL, set_point, ctx), -1);
- ExpectIntEQ(EC_POINT_cmp(group, new_point, NULL, ctx), -1);
- ExpectIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
- /* Test copying */
- ExpectIntEQ(EC_POINT_copy(NULL, NULL), 0);
- ExpectIntEQ(EC_POINT_copy(NULL, set_point), 0);
- ExpectIntEQ(EC_POINT_copy(new_point, NULL), 0);
- ExpectIntEQ(EC_POINT_copy(new_point, set_point), 1);
- /* Test inverting */
- ExpectIntEQ(EC_POINT_invert(NULL, NULL, ctx), 0);
- ExpectIntEQ(EC_POINT_invert(NULL, new_point, ctx), 0);
- ExpectIntEQ(EC_POINT_invert(group, NULL, ctx), 0);
- ExpectIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- {
- EC_POINT* orig_point = NULL;
- ExpectNotNull(orig_point = EC_POINT_new(group));
- ExpectIntEQ(EC_POINT_add(group, orig_point, set_point, set_point, NULL),
- 1);
- /* new_point should be set_point inverted so adding it will revert
- * the point back to set_point */
- ExpectIntEQ(EC_POINT_add(group, orig_point, orig_point, new_point,
- NULL), 1);
- ExpectIntEQ(EC_POINT_cmp(group, orig_point, set_point, NULL), 0);
- EC_POINT_free(orig_point);
- }
- #endif
- /* Test getting affine converts from projective. */
- ExpectIntEQ(EC_POINT_copy(set_point, new_point), 1);
- /* Force non-affine coordinates */
- ExpectIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
- (WOLFSSL_BIGNUM*)BN_value_one()), 1);
- if (new_point != NULL) {
- new_point->inSet = 0;
- }
- /* extract the coordinates from point */
- ExpectIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y,
- ctx), WOLFSSL_SUCCESS);
- /* check if point ordinates have changed. */
- ExpectIntNE(BN_cmp(X, set_point->X), 0);
- ExpectIntNE(BN_cmp(Y, set_point->Y), 0);
- /* Test check for infinity */
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- ExpectIntEQ(EC_POINT_is_at_infinity(NULL, NULL), 0);
- ExpectIntEQ(EC_POINT_is_at_infinity(NULL, infinity), 0);
- ExpectIntEQ(EC_POINT_is_at_infinity(group, NULL), 0);
- ExpectIntEQ(EC_POINT_is_at_infinity(group, infinity), 1);
- ExpectIntEQ(EC_POINT_is_at_infinity(group, Gxy), 0);
- #else
- ExpectIntEQ(EC_POINT_is_at_infinity(group, infinity), 0);
- #endif
- ExpectPtrEq(EC_POINT_point2bn(group, set_point,
- POINT_CONVERSION_UNCOMPRESSED, set_point_bn, ctx), set_point_bn);
- /* check bn2hex */
- hexStr = BN_bn2hex(k);
- ExpectStrEQ(hexStr, kTest);
- #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
- defined(XFPRINTF)
- BN_print_fp(stderr, k);
- fprintf(stderr, "\n");
- #endif
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- hexStr = BN_bn2hex(Gx);
- ExpectStrEQ(hexStr, kGx);
- #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
- defined(XFPRINTF)
- BN_print_fp(stderr, Gx);
- fprintf(stderr, "\n");
- #endif
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- hexStr = BN_bn2hex(Gy);
- ExpectStrEQ(hexStr, kGy);
- #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
- defined(XFPRINTF)
- BN_print_fp(stderr, Gy);
- fprintf(stderr, "\n");
- #endif
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- #ifndef HAVE_SELFTEST
- /* Test point to hex */
- ExpectNull(EC_POINT_point2hex(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED,
- ctx));
- ExpectNull(EC_POINT_point2hex(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED,
- ctx));
- ExpectNull(EC_POINT_point2hex(group, NULL, POINT_CONVERSION_UNCOMPRESSED,
- ctx));
- #ifndef HAVE_ECC_BRAINPOOL
- /* Group not supported in wolfCrypt. */
- ExpectNull(EC_POINT_point2hex(group2, Gxy, POINT_CONVERSION_UNCOMPRESSED,
- ctx));
- #endif
- hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
- ExpectNotNull(hexStr);
- ExpectStrEQ(hexStr, uncompG);
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
- ExpectNotNull(hexStr);
- ExpectStrEQ(hexStr, compG);
- XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
- /* Test point to oct */
- ExpectIntEQ(EC_POINT_point2oct(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, ctx), 0);
- ExpectIntEQ(EC_POINT_point2oct(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, ctx), 0);
- ExpectIntEQ(EC_POINT_point2oct(group, NULL, POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, ctx), 0);
- bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, ctx);
- ExpectIntEQ(bin_len, sizeof(binUncompG));
- ExpectNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL,
- DYNAMIC_TYPE_ECC));
- ExpectIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED,
- buf, bin_len, ctx), bin_len);
- ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
- XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
- /* Infinity (x=0, y=0) encodes as '0x00'. */
- ExpectIntEQ(EC_POINT_point2oct(group, infinity,
- POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 1);
- ExpectIntEQ(EC_POINT_point2oct(group, infinity,
- POINT_CONVERSION_UNCOMPRESSED, bufInf, 0, ctx), 0);
- ExpectIntEQ(EC_POINT_point2oct(group, infinity,
- POINT_CONVERSION_UNCOMPRESSED, bufInf, 1, ctx), 1);
- ExpectIntEQ(bufInf[0], 0);
- wolfSSL_EC_POINT_dump(NULL, NULL);
- /* Test point i2d */
- ExpectIntEQ(ECPoint_i2d(NULL, NULL, NULL, &blen), 0);
- ExpectIntEQ(ECPoint_i2d(NULL, Gxy, NULL, &blen), 0);
- ExpectIntEQ(ECPoint_i2d(group, NULL, NULL, &blen), 0);
- ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, NULL), 0);
- ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, &blen), 1);
- ExpectIntEQ(blen, sizeof(binUncompG));
- ExpectNotNull(buf = (unsigned char*)XMALLOC(blen, NULL, DYNAMIC_TYPE_ECC));
- blen -= 1;
- ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 0);
- blen += 1;
- ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 1);
- ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
- XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
- #ifdef HAVE_COMP_KEY
- /* Test point to oct compressed */
- bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL,
- 0, ctx);
- ExpectIntEQ(bin_len, sizeof(binCompG));
- ExpectNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL,
- DYNAMIC_TYPE_ECC));
- ExpectIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
- bin_len, ctx), bin_len);
- ExpectIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
- XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
- #endif
- /* Test point BN */
- ExpectNull(wolfSSL_EC_POINT_point2bn(NULL, NULL,
- POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
- ExpectNull(wolfSSL_EC_POINT_point2bn(NULL, Gxy,
- POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
- ExpectNull(wolfSSL_EC_POINT_point2bn(group, NULL,
- POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
- ExpectNull(wolfSSL_EC_POINT_point2bn(group, Gxy, 0, NULL, ctx));
- /* Test oct to point */
- ExpectNotNull(tmp = EC_POINT_new(group));
- ExpectIntEQ(EC_POINT_oct2point(NULL, NULL, binUncompG, sizeof(binUncompG),
- ctx), 0);
- ExpectIntEQ(EC_POINT_oct2point(NULL, tmp, binUncompG, sizeof(binUncompG),
- ctx), 0);
- ExpectIntEQ(EC_POINT_oct2point(group, NULL, binUncompG, sizeof(binUncompG),
- ctx), 0);
- ExpectIntEQ(EC_POINT_oct2point(group, tmp, binUncompGBad,
- sizeof(binUncompGBad), ctx), 0);
- ExpectIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG),
- ctx), 1);
- ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
- EC_POINT_free(tmp);
- tmp = NULL;
- /* Test setting BN ordinates. */
- ExpectNotNull(tmp = EC_POINT_new(group));
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL,
- NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, NULL,
- NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, NULL,
- NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, Gx,
- NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL,
- Gy, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, Gx, Gy,
- ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, Gx, Gy,
- ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, NULL,
- Gy, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx,
- NULL, ctx), 0);
- ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx, Gy,
- ctx), 1);
- EC_POINT_free(tmp);
- tmp = NULL;
- /* Test point d2i */
- ExpectNotNull(tmp = EC_POINT_new(group));
- ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, NULL), 0);
- ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, NULL), 0);
- ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, NULL), 0);
- ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, tmp), 0);
- ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, tmp), 0);
- ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, tmp), 0);
- ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, NULL), 0);
- ExpectIntEQ(ECPoint_d2i(binUncompGBad, sizeof(binUncompG), group, tmp), 0);
- ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, tmp), 1);
- ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
- EC_POINT_free(tmp);
- tmp = NULL;
- #ifdef HAVE_COMP_KEY
- /* Test oct compressed to point */
- ExpectNotNull(tmp = EC_POINT_new(group));
- ExpectIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx),
- 1);
- ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
- EC_POINT_free(tmp);
- tmp = NULL;
- /* Test point d2i - compressed */
- ExpectNotNull(tmp = EC_POINT_new(group));
- ExpectIntEQ(ECPoint_d2i(binCompG, sizeof(binCompG), group, tmp), 1);
- ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
- EC_POINT_free(tmp);
- tmp = NULL;
- #endif
- #endif
- /* test BN_mod_add */
- ExpectIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
- (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one(), NULL),
- 1);
- ExpectIntEQ(BN_is_zero(new_point->Z), 1);
- /* cleanup */
- BN_free(X);
- BN_free(Y);
- BN_free(k);
- BN_free(set_point_bn);
- EC_POINT_free(infinity);
- EC_POINT_free(new_point);
- EC_POINT_free(set_point);
- EC_POINT_clear_free(Gxy);
- #ifndef HAVE_ECC_BRAINPOOL
- EC_GROUP_free(group2);
- #endif
- EC_GROUP_free(group);
- BN_CTX_free(ctx);
- #endif
- #endif /* !WOLFSSL_SP_MATH && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SPAKE(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) \
- && !defined(WOLFSSL_ATECC608A) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- BIGNUM* x = NULL; /* kdc priv */
- BIGNUM* y = NULL; /* client priv */
- BIGNUM* w = NULL; /* shared value */
- byte M_bytes[] = {
- /* uncompressed */
- 0x04,
- /* x */
- 0x88, 0x6e, 0x2f, 0x97, 0xac, 0xe4, 0x6e, 0x55, 0xba, 0x9d, 0xd7, 0x24,
- 0x25, 0x79, 0xf2, 0x99, 0x3b, 0x64, 0xe1, 0x6e, 0xf3, 0xdc, 0xab, 0x95,
- 0xaf, 0xd4, 0x97, 0x33, 0x3d, 0x8f, 0xa1, 0x2f,
- /* y */
- 0x5f, 0xf3, 0x55, 0x16, 0x3e, 0x43, 0xce, 0x22, 0x4e, 0x0b, 0x0e, 0x65,
- 0xff, 0x02, 0xac, 0x8e, 0x5c, 0x7b, 0xe0, 0x94, 0x19, 0xc7, 0x85, 0xe0,
- 0xca, 0x54, 0x7d, 0x55, 0xa1, 0x2e, 0x2d, 0x20
- };
- EC_POINT* M = NULL; /* shared value */
- byte N_bytes[] = {
- /* uncompressed */
- 0x04,
- /* x */
- 0xd8, 0xbb, 0xd6, 0xc6, 0x39, 0xc6, 0x29, 0x37, 0xb0, 0x4d, 0x99, 0x7f,
- 0x38, 0xc3, 0x77, 0x07, 0x19, 0xc6, 0x29, 0xd7, 0x01, 0x4d, 0x49, 0xa2,
- 0x4b, 0x4f, 0x98, 0xba, 0xa1, 0x29, 0x2b, 0x49,
- /* y */
- 0x07, 0xd6, 0x0a, 0xa6, 0xbf, 0xad, 0xe4, 0x50, 0x08, 0xa6, 0x36, 0x33,
- 0x7f, 0x51, 0x68, 0xc6, 0x4d, 0x9b, 0xd3, 0x60, 0x34, 0x80, 0x8c, 0xd5,
- 0x64, 0x49, 0x0b, 0x1e, 0x65, 0x6e, 0xdb, 0xe7
- };
- EC_POINT* N = NULL; /* shared value */
- EC_POINT* T = NULL; /* kdc pub */
- EC_POINT* tmp1 = NULL; /* kdc pub */
- EC_POINT* tmp2 = NULL; /* kdc pub */
- EC_POINT* S = NULL; /* client pub */
- EC_POINT* client_secret = NULL;
- EC_POINT* kdc_secret = NULL;
- EC_GROUP* group = NULL;
- BN_CTX* bn_ctx = NULL;
- /* Values taken from a test run of Kerberos 5 */
- ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectNotNull(bn_ctx = BN_CTX_new());
- ExpectNotNull(M = EC_POINT_new(group));
- ExpectNotNull(N = EC_POINT_new(group));
- ExpectNotNull(T = EC_POINT_new(group));
- ExpectNotNull(tmp1 = EC_POINT_new(group));
- ExpectNotNull(tmp2 = EC_POINT_new(group));
- ExpectNotNull(S = EC_POINT_new(group));
- ExpectNotNull(client_secret = EC_POINT_new(group));
- ExpectNotNull(kdc_secret = EC_POINT_new(group));
- ExpectIntEQ(BN_hex2bn(&x, "DAC3027CD692B4BDF0EDFE9B7D0E4E7"
- "E5D8768A725EAEEA6FC68EC239A17C0"), 1);
- ExpectIntEQ(BN_hex2bn(&y, "6F6A1D394E26B1655A54B26DCE30D49"
- "90CC47EBE08F809EF3FF7F6AEAABBB5"), 1);
- ExpectIntEQ(BN_hex2bn(&w, "1D992AB8BA851B9BA05353453D81EE9"
- "506AB395478F0AAB647752CF117B36250"), 1);
- ExpectIntEQ(EC_POINT_oct2point(group, M, M_bytes, sizeof(M_bytes), bn_ctx),
- 1);
- ExpectIntEQ(EC_POINT_oct2point(group, N, N_bytes, sizeof(N_bytes), bn_ctx),
- 1);
- /* Function pattern similar to ossl_keygen and ossl_result in krb5 */
- /* kdc */
- /* T=x*P+w*M */
- /* All in one function call */
- ExpectIntEQ(EC_POINT_mul(group, T, x, M, w, bn_ctx), 1);
- /* Spread into separate calls */
- ExpectIntEQ(EC_POINT_mul(group, tmp1, x, NULL, NULL, bn_ctx), 1);
- ExpectIntEQ(EC_POINT_mul(group, tmp2, NULL, M, w, bn_ctx), 1);
- ExpectIntEQ(EC_POINT_add(group, tmp1, tmp1, tmp2, bn_ctx),
- 1);
- ExpectIntEQ(EC_POINT_cmp(group, T, tmp1, bn_ctx), 0);
- /* client */
- /* S=y*P+w*N */
- /* All in one function call */
- ExpectIntEQ(EC_POINT_mul(group, S, y, N, w, bn_ctx), 1);
- /* Spread into separate calls */
- ExpectIntEQ(EC_POINT_mul(group, tmp1, y, NULL, NULL, bn_ctx), 1);
- ExpectIntEQ(EC_POINT_mul(group, tmp2, NULL, N, w, bn_ctx), 1);
- ExpectIntEQ(EC_POINT_add(group, tmp1, tmp1, tmp2, bn_ctx),
- 1);
- ExpectIntEQ(EC_POINT_cmp(group, S, tmp1, bn_ctx), 0);
- /* K=y*(T-w*M) */
- ExpectIntEQ(EC_POINT_mul(group, client_secret, NULL, M, w, bn_ctx), 1);
- ExpectIntEQ(EC_POINT_invert(group, client_secret, bn_ctx), 1);
- ExpectIntEQ(EC_POINT_add(group, client_secret, T, client_secret, bn_ctx),
- 1);
- ExpectIntEQ(EC_POINT_mul(group, client_secret, NULL, client_secret, y,
- bn_ctx), 1);
- /* kdc */
- /* K=x*(S-w*N) */
- ExpectIntEQ(EC_POINT_mul(group, kdc_secret, NULL, N, w, bn_ctx), 1);
- ExpectIntEQ(EC_POINT_invert(group, kdc_secret, bn_ctx), 1);
- ExpectIntEQ(EC_POINT_add(group, kdc_secret, S, kdc_secret, bn_ctx),
- 1);
- ExpectIntEQ(EC_POINT_mul(group, kdc_secret, NULL, kdc_secret, x, bn_ctx),
- 1);
- /* kdc_secret == client_secret */
- ExpectIntEQ(EC_POINT_cmp(group, client_secret, kdc_secret, bn_ctx), 0);
- BN_free(x);
- BN_free(y);
- BN_free(w);
- EC_POINT_free(M);
- EC_POINT_free(N);
- EC_POINT_free(T);
- EC_POINT_free(tmp1);
- EC_POINT_free(tmp2);
- EC_POINT_free(S);
- EC_POINT_free(client_secret);
- EC_POINT_free(kdc_secret);
- EC_GROUP_free(group);
- BN_CTX_free(bn_ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_KEY_generate(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- WOLFSSL_EC_KEY* key = NULL;
- #ifndef HAVE_ECC_BRAINPOOL
- WOLFSSL_EC_GROUP* group = NULL;
- #endif
- ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(NULL), 0);
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 1);
- wolfSSL_EC_KEY_free(key);
- key = NULL;
- #ifndef HAVE_ECC_BRAINPOOL
- ExpectNotNull(group = wolfSSL_EC_GROUP_new_by_curve_name(
- NID_brainpoolP256r1));
- ExpectNotNull(key = wolfSSL_EC_KEY_new());
- ExpectIntEQ(wolfSSL_EC_KEY_set_group(key, group), 1);
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 0);
- wolfSSL_EC_KEY_free(key);
- wolfSSL_EC_GROUP_free(group);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_EC_i2d(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_FIPS)
- EC_KEY *key = NULL;
- EC_KEY *copy = NULL;
- int len = 0;
- unsigned char *buf = NULL;
- unsigned char *p = NULL;
- const unsigned char *tmp = NULL;
- const unsigned char octBad[] = {
- 0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
- 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
- 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
- 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
- 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
- 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
- };
- ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectIntEQ(EC_KEY_generate_key(key), 1);
- ExpectIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
- ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- p = buf;
- ExpectIntEQ(i2d_EC_PUBKEY(key, &p), len);
- ExpectNull(o2i_ECPublicKey(NULL, NULL, -1));
- ExpectNull(o2i_ECPublicKey(©, NULL, -1));
- ExpectNull(o2i_ECPublicKey(&key, NULL, -1));
- ExpectNull(o2i_ECPublicKey(NULL, &tmp, -1));
- ExpectNull(o2i_ECPublicKey(NULL, NULL, 0));
- ExpectNull(o2i_ECPublicKey(&key, NULL, 0));
- ExpectNull(o2i_ECPublicKey(&key, &tmp, 0));
- tmp = buf;
- ExpectNull(o2i_ECPublicKey(NULL, &tmp, 0));
- ExpectNull(o2i_ECPublicKey(©, &tmp, 0));
- ExpectNull(o2i_ECPublicKey(NULL, &tmp, -1));
- ExpectNull(o2i_ECPublicKey(&key, &tmp, -1));
- ExpectIntEQ(i2o_ECPublicKey(NULL, NULL), 0);
- ExpectIntEQ(i2o_ECPublicKey(NULL, &buf), 0);
- tmp = buf;
- ExpectNull(d2i_ECPrivateKey(NULL, &tmp, 0));
- ExpectNull(d2i_ECPrivateKey(NULL, &tmp, 1));
- ExpectNull(d2i_ECPrivateKey(©, &tmp, 0));
- ExpectNull(d2i_ECPrivateKey(©, &tmp, 1));
- ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0));
- ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0);
- ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer(NULL, NULL, -1), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1, 0), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, -1, 0), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, -1, 0), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, 0, 0), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1,
- WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, len,
- WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, len,
- WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, -1,
- WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len, 0), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len,
- WOLFSSL_EC_KEY_LOAD_PRIVATE), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad),
- WOLFSSL_EC_KEY_LOAD_PRIVATE), -1);
- ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad),
- WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- buf = NULL;
- buf = NULL;
- ExpectIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
- ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- p = buf;
- ExpectIntEQ(i2d_ECPrivateKey(key, &p), len);
- p = NULL;
- ExpectIntEQ(i2d_ECPrivateKey(key, &p), len);
- XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- p = NULL;
- /* Bad point is also an invalid private key. */
- tmp = octBad;
- ExpectNull(d2i_ECPrivateKey(©, &tmp, sizeof(octBad)));
- tmp = buf;
- ExpectNotNull(d2i_ECPrivateKey(©, &tmp, len));
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- buf = NULL;
- buf = NULL;
- ExpectIntGT((len = i2o_ECPublicKey(key, NULL)), 0);
- ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
- DYNAMIC_TYPE_TMP_BUFFER));
- p = buf;
- ExpectIntGT((len = i2o_ECPublicKey(key, &p)), 0);
- p = NULL;
- ExpectIntGT((len = i2o_ECPublicKey(key, &p)), 0);
- tmp = buf;
- ExpectNotNull(o2i_ECPublicKey(©, &tmp, len));
- tmp = octBad;
- ExpectNull(o2i_ECPublicKey(&key, &tmp, sizeof(octBad)));
- ExpectIntEQ(EC_KEY_check_key(NULL), 0);
- ExpectIntEQ(EC_KEY_check_key(key), 1);
- XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
- XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
- EC_KEY_free(key);
- EC_KEY_free(copy);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_curve(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- int nid = NID_secp160k1;
- const char* nid_name = NULL;
- ExpectNull(EC_curve_nid2nist(NID_sha256));
- ExpectNotNull(nid_name = EC_curve_nid2nist(nid));
- ExpectIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0);
- ExpectIntEQ(EC_curve_nist2nid("INVALID"), 0);
- ExpectIntEQ(EC_curve_nist2nid(nid_name), nid);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_KEY_dup(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
- WOLFSSL_EC_KEY* ecKey = NULL;
- WOLFSSL_EC_KEY* dupKey = NULL;
- ecc_key* srcKey = NULL;
- ecc_key* destKey = NULL;
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- /* Valid cases */
- ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- ExpectIntEQ(EC_KEY_check_key(dupKey), 1);
- /* Compare pubkey */
- if (ecKey != NULL) {
- srcKey = (ecc_key*)ecKey->internal;
- }
- if (dupKey != NULL) {
- destKey = (ecc_key*)dupKey->internal;
- }
- ExpectIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);
- /* compare EC_GROUP */
- ExpectIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);
- /* compare EC_POINT */
- ExpectIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
- dupKey->pub_key, NULL), MP_EQ);
- /* compare BIGNUM */
- ExpectIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
- wolfSSL_EC_KEY_free(dupKey);
- dupKey = NULL;
- /* Invalid cases */
- /* NULL key */
- ExpectNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
- /* NULL ecc_key */
- if (ecKey != NULL) {
- wc_ecc_free((ecc_key*)ecKey->internal);
- XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
- ecKey->internal = NULL; /* Set ecc_key to NULL */
- }
- ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_KEY_free(ecKey);
- ecKey = NULL;
- wolfSSL_EC_KEY_free(dupKey);
- dupKey = NULL;
- /* NULL Group */
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- if (ecKey != NULL) {
- wolfSSL_EC_GROUP_free(ecKey->group);
- ecKey->group = NULL; /* Set group to NULL */
- }
- ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_KEY_free(ecKey);
- ecKey = NULL;
- wolfSSL_EC_KEY_free(dupKey);
- dupKey = NULL;
- /* NULL public key */
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- if (ecKey != NULL) {
- wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
- ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
- }
- ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- if (ecKey != NULL) {
- wolfSSL_EC_POINT_free(ecKey->pub_key);
- ecKey->pub_key = NULL; /* Set pub_key to NULL */
- }
- ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_KEY_free(ecKey);
- ecKey = NULL;
- wolfSSL_EC_KEY_free(dupKey);
- dupKey = NULL;
- /* NULL private key */
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
- if (ecKey != NULL) {
- wolfSSL_BN_free(ecKey->priv_key);
- ecKey->priv_key = NULL; /* Set priv_key to NULL */
- }
- ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- wolfSSL_EC_KEY_free(ecKey);
- ecKey = NULL;
- wolfSSL_EC_KEY_free(dupKey);
- dupKey = NULL;
- /* Test EC_KEY_up_ref */
- ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS);
- /* reference count doesn't follow duplicate */
- ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
- ExpectIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +1 */
- ExpectIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +2 */
- wolfSSL_EC_KEY_free(dupKey); /* 3 */
- wolfSSL_EC_KEY_free(dupKey); /* 2 */
- wolfSSL_EC_KEY_free(dupKey); /* 1, free */
- wolfSSL_EC_KEY_free(ecKey); /* 2 */
- wolfSSL_EC_KEY_free(ecKey); /* 1, free */
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_KEY_set_group(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
- defined(OPENSSL_EXTRA)
- EC_KEY *key = NULL;
- EC_GROUP *group = NULL;
- const EC_GROUP *group2 = NULL;
- ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectNotNull(key = EC_KEY_new());
- ExpectNull(EC_KEY_get0_group(NULL));
- ExpectIntEQ(EC_KEY_set_group(NULL, NULL), 0);
- ExpectIntEQ(EC_KEY_set_group(key, NULL), 0);
- ExpectIntEQ(EC_KEY_set_group(NULL, group), 0);
- ExpectIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS);
- ExpectNotNull(group2 = EC_KEY_get0_group(key));
- ExpectIntEQ(EC_GROUP_cmp(group2, group, NULL), 0);
- EC_GROUP_free(group);
- EC_KEY_free(key);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_KEY_set_conv_form(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- BIO* bio = NULL;
- EC_KEY* key = NULL;
- /* Error condition: NULL key. */
- ExpectIntLT(EC_KEY_get_conv_form(NULL), 0);
- ExpectNotNull(bio = BIO_new_file("./certs/ecc-keyPub.pem", "rb"));
- ExpectNotNull(key = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL));
- /* Conversion form defaults to uncompressed. */
- ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
- #ifdef HAVE_COMP_KEY
- /* Explicitly set to compressed. */
- EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
- ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_COMPRESSED);
- #else
- /* Will still work just won't change anything. */
- EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
- ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
- EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED);
- ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
- #endif
- EC_KEY_set_conv_form(NULL, POINT_CONVERSION_UNCOMPRESSED);
- BIO_free(bio);
- EC_KEY_free(key);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_KEY_private_key(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- WOLFSSL_EC_KEY* key = NULL;
- WOLFSSL_BIGNUM* priv = NULL;
- WOLFSSL_BIGNUM* priv2 = NULL;
- WOLFSSL_BIGNUM* bn;
- ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectNotNull(priv = wolfSSL_BN_new());
- ExpectNotNull(priv2 = wolfSSL_BN_new());
- ExpectIntNE(BN_set_word(priv, 2), 0);
- ExpectIntNE(BN_set_word(priv2, 2), 0);
- ExpectNull(wolfSSL_EC_KEY_get0_private_key(NULL));
- /* No private key set. */
- ExpectNull(wolfSSL_EC_KEY_get0_private_key(key));
- ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, NULL), 0);
- ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, priv), 0);
- ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv), 1);
- ExpectNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key));
- ExpectPtrNE(bn, priv);
- ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv2), 1);
- ExpectNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key));
- ExpectPtrNE(bn, priv2);
- wolfSSL_BN_free(priv2);
- wolfSSL_BN_free(priv);
- wolfSSL_EC_KEY_free(key);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_KEY_public_key(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
- WOLFSSL_EC_KEY* key = NULL;
- WOLFSSL_EC_POINT* pub = NULL;
- WOLFSSL_EC_POINT* point = NULL;
- ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectNull(wolfSSL_EC_KEY_get0_public_key(NULL));
- ExpectNotNull(wolfSSL_EC_KEY_get0_public_key(key));
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 1);
- ExpectNotNull(pub = wolfSSL_EC_KEY_get0_public_key(key));
- ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(key, NULL), 0);
- ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, pub), 0);
- ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(key, pub), 1);
- ExpectNotNull(point = wolfSSL_EC_KEY_get0_public_key(key));
- ExpectPtrEq(point, pub);
- wolfSSL_EC_KEY_free(key);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_KEY_print_fp(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && ((defined(HAVE_ECC224) && defined(HAVE_ECC256)) || \
- defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 && \
- defined(OPENSSL_EXTRA) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
- !defined(NO_STDIO_FILESYSTEM)
- EC_KEY* key = NULL;
- /* Bad file pointer. */
- ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WOLFSSL_FAILURE);
- /* NULL key. */
- ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WOLFSSL_FAILURE);
- ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1)));
- /* Negative indent. */
- ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
- wolfSSL_EC_KEY_free(key);
- ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(
- NID_X9_62_prime256v1)));
- ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
- wolfSSL_EC_KEY_free(key);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EC_get_builtin_curves(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
- EC_builtin_curve* curves = NULL;
- size_t crv_len = 0;
- size_t i = 0;
- ExpectIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
- ExpectNotNull(curves = (EC_builtin_curve*)XMALLOC(
- sizeof(EC_builtin_curve) * crv_len, NULL, DYNAMIC_TYPE_TMP_BUFFER));
- ExpectIntEQ((EC_get_builtin_curves(curves, 0)), crv_len);
- ExpectIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
- for (i = 0; EXPECT_SUCCESS() && (i < crv_len); i++) {
- if (curves[i].comment != NULL) {
- ExpectStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
- }
- }
- if (crv_len > 1) {
- ExpectIntEQ(EC_get_builtin_curves(curves, crv_len - 1), crv_len - 1);
- }
- XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
- #endif /* OPENSSL_EXTRA || OPENSSL_ALL */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ECDSA_SIG(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_EXTRA
- WOLFSSL_ECDSA_SIG* sig = NULL;
- WOLFSSL_ECDSA_SIG* sig2 = NULL;
- WOLFSSL_BIGNUM* r = NULL;
- WOLFSSL_BIGNUM* s = NULL;
- const WOLFSSL_BIGNUM* r2 = NULL;
- const WOLFSSL_BIGNUM* s2 = NULL;
- const unsigned char* cp = NULL;
- unsigned char* p = NULL;
- unsigned char outSig[8];
- unsigned char sigData[8] =
- { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
- unsigned char sigDataBad[8] =
- { 0x30, 0x07, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
- wolfSSL_ECDSA_SIG_free(NULL);
- ExpectNotNull(sig = wolfSSL_ECDSA_SIG_new());
- ExpectNotNull(r = wolfSSL_BN_new());
- ExpectNotNull(s = wolfSSL_BN_new());
- ExpectIntEQ(wolfSSL_BN_set_word(r, 1), 1);
- ExpectIntEQ(wolfSSL_BN_set_word(s, 1), 1);
- wolfSSL_ECDSA_SIG_get0(NULL, NULL, NULL);
- wolfSSL_ECDSA_SIG_get0(NULL, &r2, NULL);
- wolfSSL_ECDSA_SIG_get0(NULL, NULL, &s2);
- wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2);
- ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, NULL), 0);
- ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, s), 0);
- ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, s), 0);
- ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, s), 0);
- ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, NULL), 0);
- r2 = NULL;
- s2 = NULL;
- wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2);
- ExpectNull(r2);
- ExpectNull(s2);
- ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, s), 1);
- if (EXPECT_FAIL()) {
- wolfSSL_BN_free(r);
- wolfSSL_BN_free(s);
- }
- wolfSSL_ECDSA_SIG_get0(sig, &r2, &s2);
- ExpectPtrEq(r2, r);
- ExpectPtrEq(s2, s);
- r2 = NULL;
- wolfSSL_ECDSA_SIG_get0(sig, &r2, NULL);
- ExpectPtrEq(r2, r);
- s2 = NULL;
- wolfSSL_ECDSA_SIG_get0(sig, NULL, &s2);
- ExpectPtrEq(s2, s);
- /* r and s are freed when sig is freed. */
- wolfSSL_ECDSA_SIG_free(sig);
- sig = NULL;
- ExpectNull(wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData)));
- cp = sigDataBad;
- ExpectNull(wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigDataBad)));
- cp = sigData;
- ExpectNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
- ExpectIntEQ((cp == sigData + 8), 1);
- cp = sigData;
- ExpectNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
- ExpectNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
- ExpectIntEQ((sig == sig2), 1);
- cp = outSig;
- p = outSig;
- ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
- ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
- ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
- ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
- ExpectIntEQ((p == outSig + 8), 1);
- ExpectIntEQ(XMEMCMP(sigData, outSig, 8), 0);
- wolfSSL_ECDSA_SIG_free(sig);
- #endif
- return EXPECT_RESULT();
- }
- static int test_ECDSA_size_sign(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
- EC_KEY* key = NULL;
- ECDSA_SIG* ecdsaSig = NULL;
- int id;
- byte hash[WC_MAX_DIGEST_SIZE];
- byte hash2[WC_MAX_DIGEST_SIZE];
- byte sig[ECC_MAX_SIG_SIZE];
- unsigned int sigSz = sizeof(sig);
- XMEMSET(hash, 123, sizeof(hash));
- XMEMSET(hash2, 234, sizeof(hash2));
- id = wc_ecc_get_curve_id_from_name("SECP256R1");
- ExpectIntEQ(id, ECC_SECP256R1);
- ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectIntEQ(EC_KEY_generate_key(key), 1);
- ExpectIntGE(ECDSA_size(NULL), 0);
- ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, NULL), 0);
- ExpectIntEQ(ECDSA_sign(0, NULL, sizeof(hash), sig, &sigSz, key), 0);
- ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), NULL, &sigSz, key), 0);
- ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, NULL), 0);
- ExpectIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, sigSz, key), 0);
- ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, sigSz, key), 0);
- ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
- ExpectIntGE(ECDSA_size(key), sigSz);
- ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1);
- ExpectIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, sigSz, key), 0);
- ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), NULL));
- ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), key));
- ExpectNull(ECDSA_do_sign(hash, sizeof(hash), NULL));
- ExpectNotNull(ecdsaSig = ECDSA_do_sign(hash, sizeof(hash), key));
- ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, NULL), -1);
- ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, NULL), -1);
- ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, NULL), -1);
- ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, key), -1);
- ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, key), -1);
- ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, key), -1);
- ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, NULL), -1);
- ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, key), 1);
- ExpectIntEQ(ECDSA_do_verify(hash2, sizeof(hash2), ecdsaSig, key), 0);
- ECDSA_SIG_free(ecdsaSig);
- EC_KEY_free(key);
- #endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP */
- return EXPECT_RESULT();
- }
- static int test_ECDH_compute_key(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- EC_KEY* key1 = NULL;
- EC_KEY* key2 = NULL;
- EC_POINT* pub1 = NULL;
- EC_POINT* pub2 = NULL;
- byte secret1[32];
- byte secret2[32];
- int i;
- ExpectNotNull(key1 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectIntEQ(EC_KEY_generate_key(key1), 1);
- ExpectNotNull(pub1 = wolfSSL_EC_KEY_get0_public_key(key1));
- ExpectNotNull(key2 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- ExpectIntEQ(EC_KEY_generate_key(key2), 1);
- ExpectNotNull(pub2 = wolfSSL_EC_KEY_get0_public_key(key2));
- ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, NULL, NULL), 0);
- ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, NULL, NULL),
- 0);
- ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, NULL, NULL), 0);
- ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, key1, NULL), 0);
- ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, key1, NULL), 0);
- ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, key1, NULL),
- 0);
- ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, NULL, NULL),
- 0);
- ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1) - 16, pub2, key1,
- NULL), 0);
- ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, key1, NULL),
- sizeof(secret1));
- ExpectIntEQ(ECDH_compute_key(secret2, sizeof(secret2), pub1, key2, NULL),
- sizeof(secret2));
- for (i = 0; i < (int)sizeof(secret1); i++) {
- ExpectIntEQ(secret1[i], secret2[i]);
- }
- EC_KEY_free(key2);
- EC_KEY_free(key1);
- #endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP &&
- * !WOLF_CRYPTO_CB_ONLY_ECC */
- return EXPECT_RESULT();
- }
- #endif /* HAVE_ECC && !OPENSSL_NO_PK */
- #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
- defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
- !defined(NO_ASN_TIME)
- static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey,
- int expectedDerSz)
- {
- EXPECT_DECLS;
- X509* x509 = NULL;
- BIGNUM* serial_number = NULL;
- X509_NAME* name = NULL;
- time_t epoch_off = 0;
- ASN1_INTEGER* asn1_serial_number;
- long not_before, not_after;
- int derSz;
- ExpectNotNull(x509 = X509_new());
- ExpectIntNE(X509_set_pubkey(x509, pkey), 0);
- ExpectNotNull(serial_number = BN_new());
- ExpectIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0);
- ExpectNotNull(asn1_serial_number = X509_get_serialNumber(x509));
- ExpectNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number));
- /* version 3 */
- ExpectIntNE(X509_set_version(x509, 2L), 0);
- ExpectNotNull(name = X509_NAME_new());
- ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
- (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);
- ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_pkcs9_contentType,
- MBSTRING_UTF8,(unsigned char*)"Server", -1, -1, 0), 0);
- ExpectIntNE(X509_set_subject_name(x509, name), 0);
- ExpectIntNE(X509_set_issuer_name(x509, name), 0);
- not_before = (long)wc_Time(NULL);
- not_after = not_before + (365 * 24 * 60 * 60);
- ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before,
- &epoch_off));
- ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after,
- &epoch_off));
- ExpectIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);
- ExpectNotNull(wolfSSL_X509_get_der(x509, &derSz));
- ExpectIntGE(derSz, expectedDerSz);
- BN_free(serial_number);
- X509_NAME_free(name);
- X509_free(x509);
- return EXPECT_RESULT();
- }
- #endif
- static int test_openssl_generate_key_and_cert(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- int expectedDerSz;
- EVP_PKEY* pkey = NULL;
- #ifdef HAVE_ECC
- EC_KEY* ec_key = NULL;
- #endif
- #if !defined(NO_RSA)
- int key_length = 2048;
- BIGNUM* exponent = NULL;
- RSA* rsa = NULL;
- ExpectNotNull(pkey = EVP_PKEY_new());
- ExpectNotNull(exponent = BN_new());
- ExpectNotNull(rsa = RSA_new());
- ExpectIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0);
- #ifndef WOLFSSL_KEY_GEN
- ExpectIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
- #if defined(USE_CERT_BUFFERS_1024)
- ExpectIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024,
- sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0);
- key_length = 1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- ExpectIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048,
- sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0);
- #else
- RSA_free(rsa);
- rsa = NULL;
- #endif
- #else
- ExpectIntEQ(RSA_generate_key_ex(NULL, key_length, exponent, NULL), 0);
- ExpectIntEQ(RSA_generate_key_ex(rsa, 0, exponent, NULL), 0);
- ExpectIntEQ(RSA_generate_key_ex(rsa, key_length, NULL, NULL), 0);
- ExpectIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
- #endif
- if (rsa) {
- ExpectIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0);
- if (EXPECT_FAIL()) {
- RSA_free(rsa);
- }
- #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
- expectedDerSz = 743;
- ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey,
- expectedDerSz), TEST_SUCCESS);
- #endif
- }
- EVP_PKEY_free(pkey);
- pkey = NULL;
- BN_free(exponent);
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- ExpectNotNull(pkey = EVP_PKEY_new());
- ExpectNotNull(ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- #ifndef NO_WOLFSSL_STUB
- EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
- #endif
- ExpectIntNE(EC_KEY_generate_key(ec_key), 0);
- ExpectIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0);
- if (EXPECT_FAIL()) {
- EC_KEY_free(ec_key);
- }
- #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
- defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
- expectedDerSz = 344;
- ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey, expectedDerSz),
- TEST_SUCCESS);
- #endif
- EVP_PKEY_free(pkey);
- #endif /* HAVE_ECC */
- (void)pkey;
- (void)expectedDerSz;
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_stubs_are_stubs(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL_CTX* ctxN = NULL;
- #ifndef NO_WOLFSSL_CLIENT
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #elif !defined(NO_WOLFSSL_SERVER)
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- #define CHECKZERO_RET(x, y, z) ExpectIntEQ((int) x(y), 0); \
- ExpectIntEQ((int) x(z), 0)
- /* test logic, all stubs return same result regardless of ctx being NULL
- * as there are no sanity checks, it's just a stub! If at some
- * point a stub is not a stub it should begin to return BAD_FUNC_ARG
- * if invalid inputs are supplied. Test calling both
- * with and without valid inputs, if a stub functionality remains unchanged.
- */
- CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
- CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB && (!NO_WOLFSSL_CLIENT ||
- * !NO_WOLFSSL_SERVER) */
- return EXPECT_RESULT();
- }
- static int test_CONF_modules_xxx(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA)
- CONF_modules_free();
- CONF_modules_unload(0);
- CONF_modules_unload(1);
- CONF_modules_unload(-1);
- res = TEST_SUCCESS;
- #endif /* OPENSSL_EXTRA */
- return res;
- }
- static int test_CRYPTO_set_dynlock_xxx(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA)
- CRYPTO_set_dynlock_create_callback(
- (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL);
- CRYPTO_set_dynlock_create_callback(
- (struct CRYPTO_dynlock_value *(*)(const char*, int))1);
- CRYPTO_set_dynlock_destroy_callback(
- (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL);
- CRYPTO_set_dynlock_destroy_callback(
- (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1);
- CRYPTO_set_dynlock_lock_callback(
- (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL);
- CRYPTO_set_dynlock_lock_callback(
- (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1);
- res = TEST_SUCCESS;
- #endif /* OPENSSL_EXTRA */
- return res;
- }
- static int test_CRYPTO_THREADID_xxx(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL);
- CRYPTO_THREADID_current((CRYPTO_THREADID*)1);
- ExpectIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_ENGINE_cleanup(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA)
- ENGINE_cleanup();
- res = TEST_SUCCESS;
- #endif /* OPENSSL_EXTRA */
- return res;
- }
- static int test_wolfSSL_CTX_LoadCRL(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
- (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- const char* badPath = "dummypath";
- const char* validPath = "./certs/crl";
- const char* validFilePath = "./certs/crl/cliCrl.pem";
- const char* issuerCert = "./certs/client-cert.pem";
- int derType = WOLFSSL_FILETYPE_ASN1;
- int pemType = WOLFSSL_FILETYPE_PEM;
- #ifdef HAVE_CRL_MONITOR
- int monitor = WOLFSSL_CRL_MONITOR;
- #else
- int monitor = 0;
- #endif
- WOLFSSL_CERT_MANAGER* cm = NULL;
- #define FAIL_T1(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
- BAD_FUNC_ARG)
- #define FAIL_T2(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
- NOT_COMPILED_IN)
- #define SUCC_T(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
- WOLFSSL_SUCCESS)
- #ifndef NO_WOLFSSL_CLIENT
- #define NEW_CTX(ctx) ExpectNotNull( \
- (ctx) = wolfSSL_CTX_new(wolfSSLv23_client_method()))
- #elif !defined(NO_WOLFSSL_SERVER)
- #define NEW_CTX(ctx) ExpectNotNull( \
- (ctx) = wolfSSL_CTX_new(wolfSSLv23_server_method()))
- #else
- #define NEW_CTX(ctx) return
- #endif
- FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
- NEW_CTX(ctx);
- #ifndef HAVE_CRL_MONITOR
- FAIL_T2(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, WOLFSSL_CRL_MONITOR);
- wolfSSL_CTX_free(ctx);
- NEW_CTX(ctx);
- #endif
- SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
- SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
- SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- NEW_CTX(ctx);
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType), WOLFSSL_SUCCESS);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- NEW_CTX(ctx);
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL),
- WOLFSSL_SUCCESS);
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType), WOLFSSL_SUCCESS);
- wolfSSL_free(ssl);
- ssl = NULL;
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, validFilePath, pemType),
- WOLFSSL_SUCCESS);
- wolfSSL_CertManagerFree(cm);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL)
- static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, "./certs/crl/crl.pem",
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- #endif
- static int test_multiple_crls_same_issuer(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL)
- test_ssl_cbf client_cbs, server_cbs;
- struct {
- const char* server_cert;
- const char* server_key;
- } test_params[] = {
- { "./certs/server-cert.pem", "./certs/server-key.pem" },
- { "./certs/server-revoked-cert.pem", "./certs/server-revoked-key.pem" }
- };
- size_t i;
- for (i = 0; i < (sizeof(test_params)/sizeof(*test_params)); i++) {
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- server_cbs.certPemFile = test_params[i].server_cert;
- server_cbs.keyPemFile = test_params[i].server_key;
- client_cbs.crlPemFile = "./certs/crl/extra-crls/general-server-crl.pem";
- client_cbs.ctx_ready = test_multiple_crls_same_issuer_ctx_ready;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), TEST_FAIL);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_SetTmpEC_DHE_Sz(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
- WOLFSSL_CTX *ctx = NULL;
- WOLFSSL *ssl = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32));
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32));
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_get0_privatekey(void)
- {
- EXPECT_DECLS;
- #ifdef OPENSSL_ALL
- WOLFSSL_CTX* ctx = NULL;
- (void)ctx;
- #ifndef NO_RSA
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
- ExpectNull(SSL_CTX_get0_privatekey(ctx));
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNull(SSL_CTX_get0_privatekey(ctx));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(SSL_CTX_get0_privatekey(ctx));
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #endif
- #ifdef HAVE_ECC
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
- ExpectNull(SSL_CTX_get0_privatekey(ctx));
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNull(SSL_CTX_get0_privatekey(ctx));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectNotNull(SSL_CTX_get0_privatekey(ctx));
- wolfSSL_CTX_free(ctx);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_dtls_set_mtu(void)
- {
- EXPECT_DECLS;
- #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
- !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS) && \
- !defined(WOLFSSL_NO_TLS12)
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- const char* testCertFile;
- const char* testKeyFile;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #endif
- if (testCertFile != NULL && testKeyFile != NULL) {
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- WOLFSSL_FILETYPE_PEM));
- }
- ExpectNotNull(ssl = wolfSSL_new(ctx));
- ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
- defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
- static WC_INLINE void generateDTLSMsg(byte* out, int outSz, word32 seq,
- enum HandShakeType hsType, word16 length)
- {
- size_t idx = 0;
- byte* l;
- /* record layer */
- /* handshake type */
- out[idx++] = handshake;
- /* protocol version */
- out[idx++] = 0xfe;
- out[idx++] = 0xfd; /* DTLS 1.2 */
- /* epoch 0 */
- XMEMSET(out + idx, 0, 2);
- idx += 2;
- /* sequence number */
- XMEMSET(out + idx, 0, 6);
- c32toa(seq, out + idx + 2);
- idx += 6;
- /* length in BE */
- if (length)
- c16toa(length, out + idx);
- else
- c16toa(outSz - idx - 2, out + idx);
- idx += 2;
- /* handshake layer */
- /* handshake type */
- out[idx++] = (byte)hsType;
- /* length */
- l = out + idx;
- idx += 3;
- /* message seq */
- c16toa(0, out + idx);
- idx += 2;
- /* frag offset */
- c32to24(0, out + idx);
- idx += 3;
- /* frag length */
- c32to24((word32)outSz - (word32)idx - 3, l);
- c32to24((word32)outSz - (word32)idx - 3, out + idx);
- idx += 3;
- XMEMSET(out + idx, 0, outSz - idx);
- }
- static void test_wolfSSL_dtls_plaintext_server(WOLFSSL* ssl)
- {
- byte msg[] = "This is a msg for the client";
- byte reply[40];
- AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)),0);
- reply[sizeof(reply) - 1] = '\0';
- fprintf(stderr, "Client message: %s\n", reply);
- AssertIntEQ(wolfSSL_write(ssl, msg, sizeof(msg)), sizeof(msg));
- }
- static void test_wolfSSL_dtls_plaintext_client(WOLFSSL* ssl)
- {
- byte ch[50];
- int fd = wolfSSL_get_fd(ssl);
- byte msg[] = "This is a msg for the server";
- byte reply[40];
- generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 0);
- /* Server should ignore this datagram */
- AssertIntEQ(send(fd, ch, sizeof(ch), 0), sizeof(ch));
- generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 10000);
- /* Server should ignore this datagram */
- AssertIntEQ(send(fd, ch, sizeof(ch), 0), sizeof(ch));
- AssertIntEQ(wolfSSL_write(ssl, msg, sizeof(msg)), sizeof(msg));
- AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)),0);
- reply[sizeof(reply) - 1] = '\0';
- fprintf(stderr, "Server response: %s\n", reply);
- }
- static int test_wolfSSL_dtls_plaintext(void)
- {
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- size_t i;
- struct test_params {
- method_provider client_meth;
- method_provider server_meth;
- ssl_callback on_result_server;
- ssl_callback on_result_client;
- } params[] = {
- {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
- test_wolfSSL_dtls_plaintext_server,
- test_wolfSSL_dtls_plaintext_client},
- };
- for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- func_cb_client.doUdp = func_cb_server.doUdp = 1;
- func_cb_server.method = params[i].server_meth;
- func_cb_client.method = params[i].client_meth;
- func_cb_client.on_result = params[i].on_result_client;
- func_cb_server.on_result = params[i].on_result_server;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- if (!func_cb_client.return_code)
- return TEST_FAIL;
- if (!func_cb_server.return_code)
- return TEST_FAIL;
- }
- return TEST_RES_CHECK(1);
- }
- #else
- static int test_wolfSSL_dtls_plaintext(void) {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
- defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
- static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl)
- {
- byte b[1100]; /* buffer for the messages to send */
- size_t idx = 0;
- size_t seq_offset = 0;
- size_t msg_offset = 0;
- int i;
- int fd = wolfSSL_get_fd(ssl);
- int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */
- word32 seq_number = 100; /* start high so server definitely reads this */
- word16 msg_number = 50; /* start high so server has to buffer this */
- AssertIntEQ(ret, 1);
- /* Now let's start spamming the peer with fragments it needs to store */
- XMEMSET(b, -1, sizeof(b));
- /* record layer */
- /* handshake type */
- b[idx++] = 22;
- /* protocol version */
- b[idx++] = 0xfe;
- b[idx++] = 0xfd; /* DTLS 1.2 */
- /* epoch 0 */
- XMEMSET(b + idx, 0, 2);
- idx += 2;
- /* sequence number */
- XMEMSET(b + idx, 0, 6);
- seq_offset = idx + 2; /* increment only the low 32 bits */
- idx += 6;
- /* static length in BE */
- c16toa(42, b + idx);
- idx += 2;
- /* handshake layer */
- /* cert type */
- b[idx++] = 11;
- /* length */
- c32to24(1000, b + idx);
- idx += 3;
- /* message seq */
- c16toa(0, b + idx);
- msg_offset = idx;
- idx += 2;
- /* frag offset */
- c32to24(500, b + idx);
- idx += 3;
- /* frag length */
- c32to24(30, b + idx);
- idx += 3;
- (void)idx; /* inhibit clang-analyzer-deadcode.DeadStores */
- for (i = 0; i < DTLS_POOL_SZ * 2 && ret > 0;
- seq_number++, msg_number++, i++) {
- struct timespec delay;
- XMEMSET(&delay, 0, sizeof(delay));
- delay.tv_nsec = 10000000; /* wait 0.01 seconds */
- c32toa(seq_number, b + seq_offset);
- c16toa(msg_number, b + msg_offset);
- ret = (int)send(fd, b, 55, 0);
- nanosleep(&delay, NULL);
- }
- }
- #ifdef WOLFSSL_DTLS13
- static void test_wolfSSL_dtls13_fragments_spammer(WOLFSSL* ssl)
- {
- const word16 sendCountMax = 100;
- byte b[150]; /* buffer for the messages to send */
- size_t idx = 0;
- size_t msg_offset = 0;
- int fd = wolfSSL_get_fd(ssl);
- word16 msg_number = 10; /* start high so server has to buffer this */
- int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */
- AssertIntEQ(ret, 1);
- /* Now let's start spamming the peer with fragments it needs to store */
- XMEMSET(b, -1, sizeof(b));
- /* handshake type */
- b[idx++] = 11;
- /* length */
- c32to24(10000, b + idx);
- idx += 3;
- /* message_seq */
- msg_offset = idx;
- idx += 2;
- /* fragment_offset */
- c32to24(5000, b + idx);
- idx += 3;
- /* fragment_length */
- c32to24(100, b + idx);
- idx += 3;
- /* fragment contents */
- idx += 100;
- for (; ret > 0 && msg_number < sendCountMax; msg_number++) {
- byte sendBuf[150];
- int sendSz = sizeof(sendBuf);
- struct timespec delay;
- XMEMSET(&delay, 0, sizeof(delay));
- delay.tv_nsec = 10000000; /* wait 0.01 seconds */
- c16toa(msg_number, b + msg_offset);
- sendSz = BuildTls13Message(ssl, sendBuf, sendSz, b,
- (int)idx, handshake, 0, 0, 0);
- ret = (int)send(fd, sendBuf, (size_t)sendSz, 0);
- nanosleep(&delay, NULL);
- }
- }
- #endif
- static int test_wolfSSL_dtls_fragments(void)
- {
- EXPECT_DECLS;
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- size_t i;
- struct test_params {
- method_provider client_meth;
- method_provider server_meth;
- ssl_callback spammer;
- } params[] = {
- #if !defined(WOLFSSL_NO_TLS12)
- {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
- test_wolfSSL_dtls12_fragments_spammer},
- #endif
- #ifdef WOLFSSL_DTLS13
- {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
- test_wolfSSL_dtls13_fragments_spammer},
- #endif
- };
- for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- func_cb_client.doUdp = func_cb_server.doUdp = 1;
- func_cb_server.method = params[i].server_meth;
- func_cb_client.method = params[i].client_meth;
- func_cb_client.ssl_ready = params[i].spammer;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectFalse(func_cb_client.return_code);
- ExpectFalse(func_cb_server.return_code);
- /* The socket should be closed by the server resulting in a
- * socket error, fatal error or reading a close notify alert */
- if (func_cb_client.last_err != SOCKET_ERROR_E &&
- func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
- func_cb_client.last_err != FATAL_ERROR) {
- ExpectIntEQ(func_cb_client.last_err, SOCKET_ERROR_E);
- }
- /* Check the server returned an error indicating the msg buffer
- * was full */
- ExpectIntEQ(func_cb_server.last_err, DTLS_TOO_MANY_FRAGMENTS_E);
- if (EXPECT_FAIL())
- break;
- }
- return EXPECT_RESULT();
- }
- static void test_wolfSSL_dtls_send_alert(WOLFSSL* ssl)
- {
- int fd, ret;
- byte alert_msg[] = {
- 0x15, /* alert type */
- 0xfe, 0xfd, /* version */
- 0x00, 0x00, /* epoch */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, /* seq number */
- 0x00, 0x02, /* length */
- 0x02, /* level: fatal */
- 0x46 /* protocol version */
- };
- fd = wolfSSL_get_fd(ssl);
- ret = (int)send(fd, alert_msg, sizeof(alert_msg), 0);
- AssertIntGT(ret, 0);
- }
- static int _test_wolfSSL_ignore_alert_before_cookie(byte version12)
- {
- callback_functions client_cbs, server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- client_cbs.doUdp = server_cbs.doUdp = 1;
- if (version12) {
- #if !defined(WOLFSSL_NO_TLS12)
- client_cbs.method = wolfDTLSv1_2_client_method;
- server_cbs.method = wolfDTLSv1_2_server_method;
- #else
- return TEST_SKIPPED;
- #endif
- }
- else
- {
- #ifdef WOLFSSL_DTLS13
- client_cbs.method = wolfDTLSv1_3_client_method;
- server_cbs.method = wolfDTLSv1_3_server_method;
- #else
- return TEST_SKIPPED;
- #endif /* WOLFSSL_DTLS13 */
- }
- client_cbs.ssl_ready = test_wolfSSL_dtls_send_alert;
- test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
- if (!client_cbs.return_code)
- return TEST_FAIL;
- if (!server_cbs.return_code)
- return TEST_FAIL;
- return TEST_SUCCESS;
- }
- static int test_wolfSSL_ignore_alert_before_cookie(void)
- {
- int ret;
- ret =_test_wolfSSL_ignore_alert_before_cookie(0);
- if (ret != 0)
- return ret;
- ret =_test_wolfSSL_ignore_alert_before_cookie(1);
- if (ret != 0)
- return ret;
- return 0;
- }
- static void test_wolfSSL_send_bad_record(WOLFSSL* ssl)
- {
- int ret;
- int fd;
- byte bad_msg[] = {
- 0x17, /* app data */
- 0xaa, 0xfd, /* bad version */
- 0x00, 0x01, /* epoch 1 */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, /* not seen seq number */
- 0x00, 0x26, /* length: 38 bytes */
- 0xae, 0x30, 0x31, 0xb1, 0xf1, 0xb9, 0x6f, 0xda, 0x17, 0x19, 0xd9, 0x57,
- 0xa9, 0x9d, 0x5c, 0x51, 0x9b, 0x53, 0x63, 0xa5, 0x24, 0x70, 0xa1,
- 0xae, 0xdf, 0x1c, 0xb9, 0xfc, 0xe3, 0xd7, 0x77, 0x6d, 0xb6, 0x89, 0x0f,
- 0x03, 0x18, 0x72
- };
- fd = wolfSSL_get_fd(ssl);
- AssertIntGE(fd, 0);
- ret = (int)send(fd, bad_msg, sizeof(bad_msg), 0);
- AssertIntEQ(ret, sizeof(bad_msg));
- ret = wolfSSL_write(ssl, "badrecordtest", sizeof("badrecordtest"));
- AssertIntEQ(ret, sizeof("badrecordtest"));
- }
- static void test_wolfSSL_read_string(WOLFSSL* ssl)
- {
- byte buf[100];
- int ret;
- ret = wolfSSL_read(ssl, buf, sizeof(buf));
- AssertIntGT(ret, 0);
- AssertIntEQ(strcmp((char*)buf, "badrecordtest"), 0);
- }
- static int _test_wolfSSL_dtls_bad_record(
- method_provider client_method, method_provider server_method)
- {
- callback_functions client_cbs, server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- client_cbs.doUdp = server_cbs.doUdp = 1;
- client_cbs.method = client_method;
- server_cbs.method = server_method;
- client_cbs.on_result = test_wolfSSL_send_bad_record;
- server_cbs.on_result = test_wolfSSL_read_string;
- test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
- if (!client_cbs.return_code)
- return TEST_FAIL;
- if (!server_cbs.return_code)
- return TEST_FAIL;
- return TEST_SUCCESS;
- }
- static int test_wolfSSL_dtls_bad_record(void)
- {
- int ret = TEST_SUCCESS;
- #if !defined(WOLFSSL_NO_TLS12)
- ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_2_client_method,
- wolfDTLSv1_2_server_method);
- #endif
- #ifdef WOLFSSL_DTLS13
- if (ret == TEST_SUCCESS) {
- ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_3_client_method,
- wolfDTLSv1_3_server_method);
- }
- #endif /* WOLFSSL_DTLS13 */
- return ret;
- }
- #else
- static int test_wolfSSL_dtls_fragments(void) {
- return TEST_SKIPPED;
- }
- static int test_wolfSSL_ignore_alert_before_cookie(void) {
- return TEST_SKIPPED;
- }
- static int test_wolfSSL_dtls_bad_record(void) {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- static byte test_AEAD_fail_decryption = 0;
- static byte test_AEAD_seq_num = 0;
- static byte test_AEAD_done = 0;
- static int test_AEAD_cbiorecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
- {
- int ret = (int)recv(wolfSSL_get_fd(ssl), buf, sz, 0);
- if (ret > 0) {
- if (test_AEAD_fail_decryption) {
- /* Modify the packet to trigger a decryption failure */
- buf[ret/2] ^= 0xFF;
- if (test_AEAD_fail_decryption == 1)
- test_AEAD_fail_decryption = 0;
- }
- }
- (void)ctx;
- return ret;
- }
- static void test_AEAD_get_limits(WOLFSSL* ssl, w64wrapper* hardLimit,
- w64wrapper* keyUpdateLimit, w64wrapper* sendLimit)
- {
- if (sendLimit)
- w64Zero(sendLimit);
- switch (ssl->specs.bulk_cipher_algorithm) {
- case wolfssl_aes_gcm:
- if (sendLimit)
- *sendLimit = AEAD_AES_LIMIT;
- FALL_THROUGH;
- case wolfssl_chacha:
- if (hardLimit)
- *hardLimit = DTLS_AEAD_AES_GCM_CHACHA_FAIL_LIMIT;
- if (keyUpdateLimit)
- *keyUpdateLimit = DTLS_AEAD_AES_GCM_CHACHA_FAIL_KU_LIMIT;
- break;
- case wolfssl_aes_ccm:
- if (sendLimit)
- *sendLimit = DTLS_AEAD_AES_CCM_LIMIT;
- if (ssl->specs.aead_mac_size == AES_CCM_8_AUTH_SZ) {
- if (hardLimit)
- *hardLimit = DTLS_AEAD_AES_CCM_8_FAIL_LIMIT;
- if (keyUpdateLimit)
- *keyUpdateLimit = DTLS_AEAD_AES_CCM_8_FAIL_KU_LIMIT;
- }
- else {
- if (hardLimit)
- *hardLimit = DTLS_AEAD_AES_CCM_FAIL_LIMIT;
- if (keyUpdateLimit)
- *keyUpdateLimit = DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT;
- }
- break;
- default:
- fprintf(stderr, "Unrecognized bulk cipher");
- AssertFalse(1);
- break;
- }
- }
- static void test_AEAD_limit_client(WOLFSSL* ssl)
- {
- int ret;
- int i;
- int didReKey = 0;
- char msgBuf[20];
- w64wrapper hardLimit;
- w64wrapper keyUpdateLimit;
- w64wrapper counter;
- w64wrapper sendLimit;
- test_AEAD_get_limits(ssl, &hardLimit, &keyUpdateLimit, &sendLimit);
- w64Zero(&counter);
- AssertTrue(w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->dropCount, counter));
- wolfSSL_SSLSetIORecv(ssl, test_AEAD_cbiorecv);
- for (i = 0; i < 10; i++) {
- /* Test some failed decryptions */
- test_AEAD_fail_decryption = 1;
- w64Increment(&counter);
- ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
- /* Should succeed since decryption failures are dropped */
- AssertIntGT(ret, 0);
- AssertTrue(w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount, counter));
- }
- test_AEAD_fail_decryption = 1;
- Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount = keyUpdateLimit;
- w64Increment(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount);
- /* 100 read calls should be enough to complete the key update */
- w64Zero(&counter);
- for (i = 0; i < 100; i++) {
- /* Key update should be sent and negotiated */
- ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
- AssertIntGT(ret, 0);
- /* Epoch after one key update is 4 */
- if (w64Equal(ssl->dtls13PeerEpoch, w64From32(0, 4)) &&
- w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount, counter)) {
- didReKey = 1;
- break;
- }
- }
- AssertTrue(didReKey);
- if (!w64IsZero(sendLimit)) {
- /* Test the sending limit for AEAD ciphers */
- Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit;
- test_AEAD_seq_num = 1;
- ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
- AssertIntGT(ret, 0);
- didReKey = 0;
- w64Zero(&counter);
- /* 100 read calls should be enough to complete the key update */
- for (i = 0; i < 100; i++) {
- /* Key update should be sent and negotiated */
- ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
- AssertIntGT(ret, 0);
- /* Epoch after another key update is 5 */
- if (w64Equal(ssl->dtls13Epoch, w64From32(0, 5)) &&
- w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->dropCount, counter)) {
- didReKey = 1;
- break;
- }
- }
- AssertTrue(didReKey);
- }
- test_AEAD_fail_decryption = 2;
- Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount = hardLimit;
- w64Decrement(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount);
- /* Connection should fail with a DECRYPT_ERROR */
- ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
- AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
- AssertIntEQ(wolfSSL_get_error(ssl, ret), DECRYPT_ERROR);
- test_AEAD_done = 1;
- }
- int counter = 0;
- static void test_AEAD_limit_server(WOLFSSL* ssl)
- {
- char msgBuf[] = "Sending data";
- int ret = WOLFSSL_SUCCESS;
- w64wrapper sendLimit;
- SOCKET_T fd = wolfSSL_get_fd(ssl);
- struct timespec delay;
- XMEMSET(&delay, 0, sizeof(delay));
- delay.tv_nsec = 100000000; /* wait 0.1 seconds */
- tcp_set_nonblocking(&fd); /* So that read doesn't block */
- wolfSSL_dtls_set_using_nonblock(ssl, 1);
- test_AEAD_get_limits(ssl, NULL, NULL, &sendLimit);
- while (!test_AEAD_done && ret > 0) {
- counter++;
- if (test_AEAD_seq_num) {
- /* We need to update the seq number so that we can understand the
- * peer. Otherwise we will incorrectly interpret the seq number. */
- Dtls13Epoch* e = Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch);
- AssertNotNull(e);
- e->nextPeerSeqNumber = sendLimit;
- test_AEAD_seq_num = 0;
- }
- (void)wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
- ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf));
- nanosleep(&delay, NULL);
- }
- }
- static int test_wolfSSL_dtls_AEAD_limit(void)
- {
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- func_cb_client.doUdp = func_cb_server.doUdp = 1;
- func_cb_server.method = wolfDTLSv1_3_server_method;
- func_cb_client.method = wolfDTLSv1_3_client_method;
- func_cb_server.on_result = test_AEAD_limit_server;
- func_cb_client.on_result = test_AEAD_limit_client;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- if (!func_cb_client.return_code)
- return TEST_FAIL;
- if (!func_cb_server.return_code)
- return TEST_FAIL;
- return TEST_SUCCESS;
- }
- #else
- static int test_wolfSSL_dtls_AEAD_limit(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_DTLS) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
- static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl)
- {
- int fd, ret;
- byte ch_msg[] = {
- 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0xfa, 0x01, 0x00, 0x01, 0xee, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0xee, 0xfe, 0xfd, 0xc0, 0xca, 0xb5, 0x6f, 0x3d, 0x23, 0xcc, 0x53, 0x9a,
- 0x67, 0x17, 0x70, 0xd3, 0xfb, 0x23, 0x16, 0x9e, 0x4e, 0xd6, 0x7e, 0x29,
- 0xab, 0xfa, 0x4c, 0xa5, 0x84, 0x95, 0xc3, 0xdb, 0x21, 0x9a, 0x52, 0x00,
- 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0,
- 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc,
- 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
- 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00,
- 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x01,
- 0x8e, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20,
- 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06,
- 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01,
- 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x0c,
- 0x00, 0x0a, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00,
- 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17,
- 0x00, 0x41, 0x04, 0x96, 0xcb, 0x2e, 0x4e, 0xd9, 0x88, 0x71, 0xc7, 0xf3,
- 0x1a, 0x16, 0xdd, 0x7a, 0x7c, 0xf7, 0x67, 0x8a, 0x5d, 0x9a, 0x55, 0xa6,
- 0x4a, 0x90, 0xd9, 0xfb, 0xc7, 0xfb, 0xbe, 0x09, 0xa9, 0x8a, 0xb5, 0x7a,
- 0xd1, 0xde, 0x83, 0x74, 0x27, 0x31, 0x1c, 0xaa, 0xae, 0xef, 0x58, 0x43,
- 0x13, 0x7d, 0x15, 0x4d, 0x7f, 0x68, 0xf6, 0x8a, 0x38, 0xef, 0x0e, 0xb3,
- 0xcf, 0xb8, 0x4a, 0xa9, 0xb4, 0xd7, 0xcb, 0x01, 0x00, 0x01, 0x00, 0x1d,
- 0x0a, 0x22, 0x8a, 0xd1, 0x78, 0x85, 0x1e, 0x5a, 0xe1, 0x1d, 0x1e, 0xb7,
- 0x2d, 0xbc, 0x5f, 0x52, 0xbc, 0x97, 0x5d, 0x8b, 0x6a, 0x8b, 0x9d, 0x1e,
- 0xb1, 0xfc, 0x8a, 0xb2, 0x56, 0xcd, 0xed, 0x4b, 0xfb, 0x66, 0x3f, 0x59,
- 0x3f, 0x15, 0x5d, 0x09, 0x9e, 0x2f, 0x60, 0x5b, 0x31, 0x81, 0x27, 0xf0,
- 0x1c, 0xda, 0xcd, 0x48, 0x66, 0xc6, 0xbb, 0x25, 0xf0, 0x5f, 0xda, 0x4c,
- 0xcf, 0x1d, 0x88, 0xc8, 0xda, 0x1b, 0x53, 0xea, 0xbd, 0xce, 0x6d, 0xf6,
- 0x4a, 0x76, 0xdb, 0x75, 0x99, 0xaf, 0xcf, 0x76, 0x4a, 0xfb, 0xe3, 0xef,
- 0xb2, 0xcb, 0xae, 0x4a, 0xc0, 0xe8, 0x63, 0x1f, 0xd6, 0xe8, 0xe6, 0x45,
- 0xf9, 0xea, 0x0d, 0x06, 0x19, 0xfc, 0xb1, 0xfd, 0x5d, 0x92, 0x89, 0x7b,
- 0xc7, 0x9f, 0x1a, 0xb3, 0x2b, 0xc7, 0xad, 0x0e, 0xfb, 0x13, 0x41, 0x83,
- 0x84, 0x58, 0x3a, 0x25, 0xb9, 0x49, 0x35, 0x1c, 0x23, 0xcb, 0xd6, 0xe7,
- 0xc2, 0x8c, 0x4b, 0x2a, 0x73, 0xa1, 0xdf, 0x4f, 0x73, 0x9b, 0xb3, 0xd2,
- 0xb2, 0x95, 0x00, 0x3c, 0x26, 0x09, 0x89, 0x71, 0x05, 0x39, 0xc8, 0x98,
- 0x8f, 0xed, 0x32, 0x15, 0x78, 0xcd, 0xd3, 0x7e, 0xfb, 0x5a, 0x78, 0x2a,
- 0xdc, 0xca, 0x20, 0x09, 0xb5, 0x14, 0xf9, 0xd4, 0x58, 0xf6, 0x69, 0xf8,
- 0x65, 0x9f, 0xb7, 0xe4, 0x93, 0xf1, 0xa3, 0x84, 0x7e, 0x1b, 0x23, 0x5d,
- 0xea, 0x59, 0x3e, 0x4d, 0xca, 0xfd, 0xa5, 0x55, 0xdd, 0x99, 0xb5, 0x02,
- 0xf8, 0x0d, 0xe5, 0xf4, 0x06, 0xb0, 0x43, 0x9e, 0x2e, 0xbf, 0x05, 0x33,
- 0x65, 0x7b, 0x13, 0x8c, 0xf9, 0x16, 0x4d, 0xc5, 0x15, 0x0b, 0x40, 0x2f,
- 0x66, 0x94, 0xf2, 0x43, 0x95, 0xe7, 0xa9, 0xb6, 0x39, 0x99, 0x73, 0xb3,
- 0xb0, 0x06, 0xfe, 0x52, 0x9e, 0x57, 0xba, 0x75, 0xfd, 0x76, 0x7b, 0x20,
- 0x31, 0x68, 0x4c
- };
- fd = wolfSSL_get_fd(ssl);
- ret = (int)send(fd, ch_msg, sizeof(ch_msg), 0);
- AssertIntGT(ret, 0);
- /* consume the HRR otherwise handshake will fail */
- ret = (int)recv(fd, ch_msg, sizeof(ch_msg), 0);
- AssertIntGT(ret, 0);
- }
- #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
- static void test_wolfSSL_dtls_send_ch_with_invalid_cookie(WOLFSSL* ssl)
- {
- int fd, ret;
- byte ch_msh_invalid_cookie[] = {
- 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02,
- 0x4e, 0x01, 0x00, 0x02, 0x42, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02,
- 0x42, 0xfe, 0xfd, 0x69, 0xca, 0x77, 0x60, 0x6f, 0xfc, 0xd1, 0x5b, 0x60,
- 0x5d, 0xf1, 0xa6, 0x5c, 0x44, 0x71, 0xae, 0xca, 0x62, 0x19, 0x0c, 0xb6,
- 0xf7, 0x2c, 0xa6, 0xd5, 0xd2, 0x99, 0x9d, 0x18, 0xae, 0xac, 0x11, 0x00,
- 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0,
- 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc,
- 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
- 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00,
- 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x01,
- 0xe2, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20,
- 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06,
- 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01,
- 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x2c, 0x00, 0x45,
- 0x00, 0x43, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x2d, 0x00,
- 0x03, 0x02, 0x00, 0x01, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x19,
- 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00, 0x00, 0x16, 0x00, 0x00,
- 0x00, 0x33, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04, 0x7c,
- 0x5a, 0xc2, 0x5a, 0xfd, 0xcd, 0x2b, 0x08, 0xb2, 0xeb, 0x8e, 0xc0, 0x02,
- 0x03, 0x9d, 0xb1, 0xc1, 0x0d, 0x7b, 0x7f, 0x46, 0x43, 0xdf, 0xf3, 0xee,
- 0x2b, 0x78, 0x0e, 0x29, 0x8c, 0x42, 0x11, 0x2c, 0xde, 0xd7, 0x41, 0x0f,
- 0x28, 0x94, 0x80, 0x41, 0x70, 0xc4, 0x17, 0xfd, 0x6d, 0xfa, 0xee, 0x9a,
- 0xf2, 0xc4, 0x15, 0x4c, 0x5f, 0x54, 0xb6, 0x78, 0x6e, 0xf9, 0x63, 0x27,
- 0x33, 0xb8, 0x7b, 0x01, 0x00, 0x01, 0x00, 0xd4, 0x46, 0x62, 0x9c, 0xbf,
- 0x8f, 0x1b, 0x65, 0x9b, 0xf0, 0x29, 0x64, 0xd8, 0x50, 0x0e, 0x74, 0xf1,
- 0x58, 0x10, 0xc9, 0xd9, 0x82, 0x5b, 0xd9, 0xbe, 0x14, 0xdf, 0xde, 0x86,
- 0xb4, 0x2e, 0x15, 0xee, 0x4f, 0xf6, 0x74, 0x9e, 0x59, 0x11, 0x36, 0x2d,
- 0xb9, 0x67, 0xaa, 0x5a, 0x09, 0x9b, 0x45, 0xf1, 0x01, 0x4c, 0x4e, 0xf6,
- 0xda, 0x6a, 0xae, 0xa7, 0x73, 0x7b, 0x2e, 0xb6, 0x24, 0x89, 0x99, 0xb7,
- 0x52, 0x16, 0x62, 0x0a, 0xab, 0x58, 0xf8, 0x3f, 0x10, 0x5b, 0x83, 0xfd,
- 0x7b, 0x81, 0x77, 0x81, 0x8d, 0xef, 0x24, 0x56, 0x6d, 0xba, 0x49, 0xd4,
- 0x8b, 0xb5, 0xa0, 0xb1, 0xc9, 0x8c, 0x32, 0x95, 0x1c, 0x5e, 0x0a, 0x4b,
- 0xf6, 0x00, 0x50, 0x0a, 0x87, 0x99, 0x59, 0xcf, 0x6f, 0x9d, 0x02, 0xd0,
- 0x1b, 0xa1, 0x96, 0x45, 0x28, 0x76, 0x40, 0x33, 0x28, 0xc9, 0xa1, 0xfd,
- 0x46, 0xab, 0x2c, 0x9e, 0x5e, 0xc6, 0x74, 0x19, 0x9a, 0xf5, 0x9b, 0x51,
- 0x11, 0x4f, 0xc8, 0xb9, 0x99, 0x6b, 0x4e, 0x3e, 0x31, 0x64, 0xb4, 0x92,
- 0xf4, 0x0d, 0x41, 0x4b, 0x2c, 0x65, 0x23, 0xf7, 0x47, 0xe3, 0xa5, 0x2e,
- 0xe4, 0x9c, 0x2b, 0xc9, 0x41, 0x22, 0x83, 0x8a, 0x23, 0xef, 0x29, 0x7e,
- 0x4f, 0x3f, 0xa3, 0xbf, 0x73, 0x2b, 0xd7, 0xcc, 0xc8, 0xc6, 0xe9, 0xbc,
- 0x01, 0xb7, 0x32, 0x63, 0xd4, 0x7e, 0x7f, 0x9a, 0xaf, 0x5f, 0x05, 0x31,
- 0x53, 0xd6, 0x1f, 0xa2, 0xd0, 0xdf, 0x67, 0x56, 0xf1, 0x9c, 0x4a, 0x9d,
- 0x83, 0xb4, 0xef, 0xb3, 0xf2, 0xcc, 0xf1, 0x91, 0x6c, 0x47, 0xc3, 0x8b,
- 0xd0, 0x92, 0x79, 0x3d, 0xa0, 0xc0, 0x3a, 0x57, 0x26, 0x6d, 0x0a, 0xad,
- 0x5f, 0xad, 0xb4, 0x74, 0x48, 0x4a, 0x51, 0xe1, 0xb5, 0x82, 0x0a, 0x4c,
- 0x4f, 0x9d, 0xaf, 0xee, 0x5a, 0xa2, 0x4d, 0x4d, 0x5f, 0xe0, 0x17, 0x00,
- 0x23, 0x00, 0x00
- };
- byte alert_reply[50];
- byte expected_alert_reply[] = {
- 0x15, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
- 0x02, 0x02, 0x2f
- };
- fd = wolfSSL_get_fd(ssl);
- ret = (int)send(fd, ch_msh_invalid_cookie, sizeof(ch_msh_invalid_cookie), 0);
- AssertIntGT(ret, 0);
- /* should reply with an illegal_parameter reply */
- ret = (int)recv(fd, alert_reply, sizeof(alert_reply), 0);
- AssertIntEQ(ret, sizeof(expected_alert_reply));
- AssertIntEQ(XMEMCMP(alert_reply, expected_alert_reply, sizeof(expected_alert_reply)), 0);
- }
- #endif
- static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(const WOLFSSL* ssl)
- {
- #ifndef NO_MD5
- enum wc_HashType hashType = WC_HASH_TYPE_MD5;
- #elif !defined(NO_SHA)
- enum wc_HashType hashType = WC_HASH_TYPE_SHA;
- #elif !defined(NO_SHA256)
- enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
- #else
- #error "We need a digest to hash the WOLFSSL object"
- #endif
- byte hashBuf[WC_MAX_DIGEST_SIZE];
- wc_HashAlg hash;
- const TLSX* exts = ssl->extensions;
- WOLFSSL sslCopy; /* Use a copy to omit certain fields */
- HS_Hashes* hsHashes = ssl->hsHashes; /* Is re-allocated in
- * InitHandshakeHashes */
- XMEMCPY(&sslCopy, ssl, sizeof(*ssl));
- XMEMSET(hashBuf, 0, sizeof(hashBuf));
- /* Following fields are not important to compare */
- XMEMSET(sslCopy.buffers.inputBuffer.staticBuffer, 0, STATIC_BUFFER_LEN);
- sslCopy.buffers.inputBuffer.buffer = NULL;
- sslCopy.buffers.inputBuffer.bufferSize = 0;
- sslCopy.buffers.inputBuffer.dynamicFlag = 0;
- sslCopy.buffers.inputBuffer.offset = 0;
- XMEMSET(sslCopy.buffers.outputBuffer.staticBuffer, 0, STATIC_BUFFER_LEN);
- sslCopy.buffers.outputBuffer.buffer = NULL;
- sslCopy.buffers.outputBuffer.bufferSize = 0;
- sslCopy.buffers.outputBuffer.dynamicFlag = 0;
- sslCopy.buffers.outputBuffer.offset = 0;
- sslCopy.error = 0;
- sslCopy.curSize = 0;
- sslCopy.curStartIdx = 0;
- sslCopy.keys.curSeq_lo = 0;
- XMEMSET(&sslCopy.curRL, 0, sizeof(sslCopy.curRL));
- #ifdef WOLFSSL_DTLS13
- XMEMSET(&sslCopy.keys.curSeq, 0, sizeof(sslCopy.keys.curSeq));
- sslCopy.dtls13FastTimeout = 0;
- #endif
- sslCopy.keys.dtls_peer_handshake_number = 0;
- XMEMSET(&sslCopy.alert_history, 0, sizeof(sslCopy.alert_history));
- sslCopy.hsHashes = NULL;
- #ifdef WOLFSSL_ASYNC_IO
- #ifdef WOLFSSL_ASYNC_CRYPT
- sslCopy.asyncDev = NULL;
- #endif
- sslCopy.async = NULL;
- #endif
- AssertIntEQ(wc_HashInit(&hash, hashType), 0);
- AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)&sslCopy, sizeof(sslCopy)), 0);
- /* hash extension list */
- while (exts != NULL) {
- AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)exts, sizeof(*exts)), 0);
- exts = exts->next;
- }
- /* Hash suites */
- if (sslCopy.suites != NULL) {
- AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)sslCopy.suites,
- sizeof(struct Suites)), 0);
- }
- /* Hash hsHashes */
- AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)hsHashes,
- sizeof(*hsHashes)), 0);
- AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
- AssertIntEQ(wc_HashFree(&hash, hashType), 0);
- return MakeWordFromHash(hashBuf);
- }
- static CallbackIORecv test_wolfSSL_dtls_compare_stateless_cb;
- static int test_wolfSSL_dtls_compare_stateless_cb_call_once;
- static int test_wolfSSL_dtls_compare_stateless_read_cb_once(WOLFSSL *ssl,
- char *buf, int sz, void *ctx)
- {
- if (test_wolfSSL_dtls_compare_stateless_cb_call_once) {
- test_wolfSSL_dtls_compare_stateless_cb_call_once = 0;
- return test_wolfSSL_dtls_compare_stateless_cb(ssl, buf, sz, ctx);
- }
- else {
- return WOLFSSL_CBIO_ERR_WANT_READ;
- }
- }
- static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl)
- {
- /* Compare the ssl object before and after one ClientHello msg */
- SOCKET_T fd = wolfSSL_get_fd(ssl);
- int res;
- int err;
- word32 initHash;
- test_wolfSSL_dtls_compare_stateless_cb = ssl->CBIORecv;
- test_wolfSSL_dtls_compare_stateless_cb_call_once = 1;
- wolfSSL_dtls_set_using_nonblock(ssl, 1);
- ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_read_cb_once;
- initHash = test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl);
- (void)initHash;
- res = tcp_select(fd, 5);
- /* We are expecting a msg. A timeout indicates failure. */
- AssertIntEQ(res, TEST_RECV_READY);
- res = wolfSSL_accept(ssl);
- err = wolfSSL_get_error(ssl, res);
- AssertIntEQ(res, WOLFSSL_FATAL_ERROR);
- AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ);
- AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl));
- wolfSSL_dtls_set_using_nonblock(ssl, 0);
- ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_cb;
- }
- #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
- static void test_wolfSSL_dtls_enable_hrrcookie(WOLFSSL* ssl)
- {
- int ret;
- ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0);
- AssertIntEQ(ret, WOLFSSL_SUCCESS);
- test_wolfSSL_dtls_compare_stateless(ssl);
- }
- #endif
- static int test_wolfSSL_dtls_stateless(void)
- {
- callback_functions client_cbs, server_cbs;
- size_t i;
- struct {
- method_provider client_meth;
- method_provider server_meth;
- ssl_callback client_ssl_ready;
- ssl_callback server_ssl_ready;
- } test_params[] = {
- #if !defined(WOLFSSL_NO_TLS12)
- {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
- test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_compare_stateless},
- #endif
- #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
- {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
- test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_enable_hrrcookie},
- {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
- test_wolfSSL_dtls_send_ch_with_invalid_cookie, test_wolfSSL_dtls_enable_hrrcookie},
- #endif
- };
- if (0 == sizeof(test_params)){
- return TEST_SKIPPED;
- }
- for (i = 0; i < sizeof(test_params)/sizeof(*test_params); i++) {
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- client_cbs.doUdp = server_cbs.doUdp = 1;
- client_cbs.method = test_params[i].client_meth;
- server_cbs.method = test_params[i].server_meth;
- client_cbs.ssl_ready = test_params[i].client_ssl_ready;
- server_cbs.ssl_ready = test_params[i].server_ssl_ready;
- test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
- if (!client_cbs.return_code)
- return TEST_FAIL;
- if (!server_cbs.return_code)
- return TEST_FAIL;
- }
- return TEST_SUCCESS;
- }
- #else
- static int test_wolfSSL_dtls_stateless(void)
- {
- return TEST_SKIPPED;
- }
- #endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE &&
- * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */
- #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
- !defined(WOLFSSL_NO_CLIENT_AUTH))
- static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
- {
- int ret;
- if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
- fprintf(stderr, "loading cert %s failed\n", certA);
- fprintf(stderr, "Error: (%d): %s\n", ret,
- wolfSSL_ERR_reason_error_string(ret));
- return -1;
- }
- return 0;
- }
- static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
- {
- int ret;
- if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM))
- != WOLFSSL_SUCCESS) {
- fprintf(stderr, "could not verify the cert: %s\n", certA);
- fprintf(stderr, "Error: (%d): %s\n", ret,
- wolfSSL_ERR_reason_error_string(ret));
- return -1;
- }
- else {
- fprintf(stderr, "successfully verified: %s\n", certA);
- }
- return 0;
- }
- #define LOAD_ONE_CA(a, b, c, d) \
- do { \
- (a) = load_ca_into_cm(c, d); \
- if ((a) != 0) \
- return (b); \
- else \
- (b)--; \
- } while(0)
- #define VERIFY_ONE_CERT(a, b, c, d) \
- do { \
- (a) = verify_cert_with_cm(c, d);\
- if ((a) != 0) \
- return (b); \
- else \
- (b)--; \
- } while(0)
- static int test_chainG(WOLFSSL_CERT_MANAGER* cm)
- {
- int ret;
- int i = -1;
- /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */
- char chainGArr[9][50] = {"certs/ca-cert.pem",
- "certs/test-pathlen/chainG-ICA7-pathlen100.pem",
- "certs/test-pathlen/chainG-ICA6-pathlen10.pem",
- "certs/test-pathlen/chainG-ICA5-pathlen20.pem",
- "certs/test-pathlen/chainG-ICA4-pathlen5.pem",
- "certs/test-pathlen/chainG-ICA3-pathlen99.pem",
- "certs/test-pathlen/chainG-ICA2-pathlen1.pem",
- "certs/test-pathlen/chainG-ICA1-pathlen0.pem",
- "certs/test-pathlen/chainG-entity.pem"};
- LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */
- LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */
- /* test validating the entity twice, should have no effect on pathLen since
- * entity/leaf cert */
- VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */
- return ret;
- }
- static int test_chainH(WOLFSSL_CERT_MANAGER* cm)
- {
- int ret;
- int i = -1;
- /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9:
- * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2)
- * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1)
- * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0)
- * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR)
- * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
- */
- char chainHArr[6][50] = {"certs/ca-cert.pem",
- "certs/test-pathlen/chainH-ICA4-pathlen2.pem",
- "certs/test-pathlen/chainH-ICA3-pathlen2.pem",
- "certs/test-pathlen/chainH-ICA2-pathlen2.pem",
- "certs/test-pathlen/chainH-ICA1-pathlen0.pem",
- "certs/test-pathlen/chainH-entity.pem"};
- LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */
- LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */
- LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */
- LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */
- LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */
- VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */
- return ret;
- }
- static int test_chainI(WOLFSSL_CERT_MANAGER* cm)
- {
- int ret;
- int i = -1;
- /* Chain I is a valid chain per RFC5280 section 4.2.1.9:
- * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2)
- * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1)
- * ICA1-no_pathlen signing entity (reduce maxPathLen to 0)
- * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
- */
- char chainIArr[5][50] = {"certs/ca-cert.pem",
- "certs/test-pathlen/chainI-ICA3-pathlen2.pem",
- "certs/test-pathlen/chainI-ICA2-no_pathlen.pem",
- "certs/test-pathlen/chainI-ICA1-no_pathlen.pem",
- "certs/test-pathlen/chainI-entity.pem"};
- LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */
- LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */
- LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */
- LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */
- VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */
- VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */
- VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */
- VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */
- return ret;
- }
- static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
- {
- int ret;
- int i = -1;
- /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9:
- * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2)
- * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1)
- * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0)
- * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert)
- */
- char chainJArr[6][50] = {"certs/ca-cert.pem",
- "certs/test-pathlen/chainJ-ICA4-pathlen2.pem",
- "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem",
- "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem",
- "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem",
- "certs/test-pathlen/chainJ-entity.pem"};
- LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */
- LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */
- LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */
- LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */
- LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */
- VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */
- return ret;
- }
- static int test_various_pathlen_chains(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CERT_MANAGER* cm = NULL;
- /* Test chain G (large chain with varying pathLens) */
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(test_chainG(cm), -1);
- #else
- ExpectIntEQ(test_chainG(cm), 0);
- #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- wolfSSL_CertManagerFree(cm);
- /* end test chain G */
- /* Test chain H (5 chain with same pathLens) */
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntLT(test_chainH(cm), 0);
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- wolfSSL_CertManagerFree(cm);
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- wolfSSL_CertManagerFree(cm);
- /* end test chain H */
- /* Test chain I (only first ICA has pathLen set and it's set to 2,
- * followed by 2 ICA's, should pass) */
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
- ExpectIntEQ(test_chainI(cm), -1);
- #else
- ExpectIntEQ(test_chainI(cm), 0);
- #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- wolfSSL_CertManagerFree(cm);
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- wolfSSL_CertManagerFree(cm);
- /* Test chain J (Again only first ICA has pathLen set and it's set to 2,
- * this time followed by 3 ICA's, should fail */
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntLT(test_chainJ(cm), 0);
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- wolfSSL_CertManagerFree(cm);
- ExpectNotNull(cm = wolfSSL_CertManagerNew());
- ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
- wolfSSL_CertManagerFree(cm);
- return EXPECT_RESULT();
- }
- #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
- #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
- {
- EXPECT_DECLS;
- byte ekm[100] = {0};
- (void)ctx;
- /* Success Cases */
- ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
- "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1);
- ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
- "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1);
- /* Use some random context */
- ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
- "Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1);
- /* Failure cases */
- ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
- "client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0);
- ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
- "server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0);
- ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
- "master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0);
- ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
- "extended master secret", XSTR_SIZEOF("extended master secret"),
- NULL, 0, 0), 0);
- ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
- "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0);
- return EXPECT_RESULT();
- }
- static int test_export_keying_material_ssl_cb(WOLFSSL* ssl)
- {
- wolfSSL_KeepArrays(ssl);
- return TEST_SUCCESS;
- }
- static int test_export_keying_material(void)
- {
- EXPECT_DECLS;
- test_ssl_cbf serverCb;
- test_ssl_cbf clientCb;
- XMEMSET(&serverCb, 0, sizeof(serverCb));
- XMEMSET(&clientCb, 0, sizeof(clientCb));
- clientCb.ssl_ready = test_export_keying_material_ssl_cb;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&clientCb,
- &serverCb, test_export_keying_material_cb), TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #endif /* HAVE_KEYING_MATERIAL */
- static int test_wolfSSL_THREADID_hash(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- CRYPTO_THREADID id;
- CRYPTO_THREADID_current(NULL);
- /* Hash result is unsigned long. */
- ExpectTrue(CRYPTO_THREADID_hash(NULL) == 0UL);
- XMEMSET(&id, 0, sizeof(id));
- ExpectTrue(CRYPTO_THREADID_hash(&id) == 0UL);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_set_ecdh_auto(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- WOLFSSL_CTX* ctx = NULL;
- ExpectIntEQ(SSL_CTX_set_ecdh_auto(NULL,0), 1);
- ExpectIntEQ(SSL_CTX_set_ecdh_auto(NULL,1), 1);
- ExpectIntEQ(SSL_CTX_set_ecdh_auto(ctx,0), 1);
- ExpectIntEQ(SSL_CTX_set_ecdh_auto(ctx,1), 1);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
- static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
- {
- EXPECT_DECLS;
- callback_functions* callbacks = NULL;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- SOCKET_T sfd = 0;
- SOCKET_T cfd = 0;
- word16 port;
- char msg[] = "I hear you fa shizzle!";
- int len = (int) XSTRLEN(msg);
- char input[1024];
- int ret = 0;
- int err = 0;
- if (!args)
- WOLFSSL_RETURN_FROM_THREAD(0);
- ((func_args*)args)->return_code = TEST_FAIL;
- callbacks = ((func_args*)args)->callbacks;
- ctx = wolfSSL_CTX_new(callbacks->method());
- #if defined(USE_WINDOWS_API)
- port = ((func_args*)args)->signal->port;
- #else
- /* Let tcp_listen assign port */
- port = 0;
- #endif
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx,
- caCertFile, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx,
- svrCertFile, WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx,
- svrKeyFile, WOLFSSL_FILETYPE_PEM));
- #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
- ExpectIntEQ(wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- #elif !defined(NO_DH)
- SetDHCtx(ctx); /* will repick suites with DHE, higher priority than PSK */
- #endif
- if (callbacks->ctx_ready)
- callbacks->ctx_ready(ctx);
- ssl = wolfSSL_new(ctx);
- ExpectNotNull(ssl);
- /* listen and accept */
- tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
- CloseSocket(sfd);
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
- if (callbacks->ssl_ready)
- callbacks->ssl_ready(ssl);
- if (EXPECT_SUCCESS()) {
- do {
- err = 0; /* Reset error */
- ret = wolfSSL_accept(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- }
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- /* read and write data */
- XMEMSET(input, 0, sizeof(input));
- while (EXPECT_SUCCESS()) {
- ret = wolfSSL_read(ssl, input, sizeof(input));
- if (ret > 0) {
- break;
- }
- else {
- err = wolfSSL_get_error(ssl,ret);
- if (err == WOLFSSL_ERROR_WANT_READ) {
- continue;
- }
- break;
- }
- }
- if (EXPECT_SUCCESS() && (err == WOLFSSL_ERROR_ZERO_RETURN)) {
- do {
- ret = wolfSSL_write(ssl, msg, len);
- if (ret > 0) {
- break;
- }
- } while (ret < 0);
- }
- /* bidirectional shutdown */
- while (EXPECT_SUCCESS()) {
- ret = wolfSSL_shutdown(ssl);
- ExpectIntNE(ret, WOLFSSL_FATAL_ERROR);
- if (ret == WOLFSSL_SUCCESS) {
- break;
- }
- }
- if (EXPECT_SUCCESS()) {
- /* wait for the peer to disconnect the tcp connection */
- do {
- ret = wolfSSL_read(ssl, input, sizeof(input));
- err = wolfSSL_get_error(ssl, ret);
- } while (ret > 0 || err != WOLFSSL_ERROR_ZERO_RETURN);
- }
- /* detect TCP disconnect */
- ExpectIntLE(ret,WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN);
- ((func_args*)args)->return_code = EXPECT_RESULT();
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(cfd);
- #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
- {
- EXPECT_DECLS;
- callback_functions* callbacks = NULL;
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- SOCKET_T sfd = 0;
- char msg[] = "hello wolfssl server!";
- int len = (int) XSTRLEN(msg);
- char input[1024];
- int idx;
- int ret, err;
- if (!args)
- WOLFSSL_RETURN_FROM_THREAD(0);
- ((func_args*)args)->return_code = TEST_FAIL;
- callbacks = ((func_args*)args)->callbacks;
- ctx = wolfSSL_CTX_new(callbacks->method());
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx,
- caCertFile, 0));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx,
- cliCertFile, WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx,
- cliKeyFile, WOLFSSL_FILETYPE_PEM));
- ExpectNotNull((ssl = wolfSSL_new(ctx)));
- tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl);
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
- if (EXPECT_SUCCESS()) {
- do {
- err = 0; /* Reset error */
- ret = wolfSSL_connect(ssl);
- if (ret != WOLFSSL_SUCCESS) {
- err = wolfSSL_get_error(ssl, 0);
- }
- } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
- }
- ExpectIntGE(wolfSSL_write(ssl, msg, len), 0);
- if (EXPECT_SUCCESS()) {
- if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
- input[idx] = 0;
- }
- }
- if (EXPECT_SUCCESS()) {
- ret = wolfSSL_shutdown(ssl);
- if (ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
- ret = wolfSSL_shutdown(ssl);
- }
- }
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- ((func_args*)args)->return_code = EXPECT_RESULT();
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- CloseSocket(sfd);
- #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- WOLFSSL_RETURN_FROM_THREAD(0);
- }
- #endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL &&
- HAVE_IO_TESTS_DEPENDENCIES && !WOLFSSL_NO_TLS12 */
- /* This test is to check wolfSSL_read behaves as same as
- * openSSL when it is called after SSL_shutdown completes.
- */
- static int test_wolfSSL_read_detect_TCP_disconnect(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
- tcp_ready ready;
- func_args client_args;
- func_args server_args;
- THREAD_TYPE serverThread;
- THREAD_TYPE clientThread;
- callback_functions server_cbf;
- callback_functions client_cbf;
- #ifdef WOLFSSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- StartTCP();
- InitTcpReady(&ready);
- #if defined(USE_WINDOWS_API)
- /* use RNG to get random port if using windows */
- ready.port = GetRandomPort();
- #endif
- XMEMSET(&client_args, 0, sizeof(func_args));
- XMEMSET(&server_args, 0, sizeof(func_args));
- XMEMSET(&server_cbf, 0, sizeof(callback_functions));
- XMEMSET(&client_cbf, 0, sizeof(callback_functions));
- server_cbf.method = wolfTLSv1_2_server_method;
- client_cbf.method = wolfTLSv1_2_client_method;
- server_args.callbacks = &server_cbf;
- client_args.callbacks = &client_cbf;
- server_args.signal = &ready;
- client_args.signal = &ready;
- start_thread(SSL_read_test_server_thread, &server_args, &serverThread);
- wait_tcp_ready(&server_args);
- start_thread(SSL_read_test_client_thread, &client_args, &clientThread);
- join_thread(clientThread);
- join_thread(serverThread);
- ExpectTrue(client_args.return_code);
- ExpectTrue(server_args.return_code);
- FreeTcpReady(&ready);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_get_min_proto_version(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
- WOLFSSL_CTX *ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION),
- WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ALLOW_SSLV3
- ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
- #else
- ExpectIntGT(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
- #endif
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #ifdef WOLFSSL_ALLOW_TLSV10
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
- #endif
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION),
- WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_ALLOW_TLSV10
- ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
- #else
- ExpectIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
- #endif
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION),
- WOLFSSL_SUCCESS);
- #ifndef NO_OLD_TLS
- ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
- #else
- ExpectIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
- #endif
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #ifndef WOLFSSL_NO_TLS12
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()));
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #endif
- #ifdef WOLFSSL_TLS13
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_method()));
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- #endif
- #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
- (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
- defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
- defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
- static int test_wolfSSL_set_SSL_CTX(void)
- {
- EXPECT_DECLS;
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) \
- && !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13) && \
- !defined(NO_RSA)
- WOLFSSL_CTX *ctx1 = NULL;
- WOLFSSL_CTX *ctx2 = NULL;
- WOLFSSL *ssl = NULL;
- const byte *session_id1 = (const byte *)"CTX1";
- const byte *session_id2 = (const byte *)"CTX2";
- ExpectNotNull(ctx1 = wolfSSL_CTX_new(wolfTLS_server_method()));
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx1, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx1, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx1, TLS1_2_VERSION),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx1), TLS1_2_VERSION);
- ExpectIntEQ(wolfSSL_CTX_get_max_proto_version(ctx1), TLS1_3_VERSION);
- ExpectIntEQ(wolfSSL_CTX_set_session_id_context(ctx1, session_id1, 4),
- WOLFSSL_SUCCESS);
- ExpectNotNull(ctx2 = wolfSSL_CTX_new(wolfTLS_server_method()));
- ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx2, svrCertFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx2, svrKeyFile,
- WOLFSSL_FILETYPE_PEM));
- ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx2, TLS1_2_VERSION),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx2, TLS1_2_VERSION),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx2), TLS1_2_VERSION);
- ExpectIntEQ(wolfSSL_CTX_get_max_proto_version(ctx2), TLS1_2_VERSION);
- ExpectIntEQ(wolfSSL_CTX_set_session_id_context(ctx2, session_id2, 4),
- WOLFSSL_SUCCESS);
- #ifdef HAVE_SESSION_TICKET
- ExpectIntEQ((wolfSSL_CTX_get_options(ctx1) & SSL_OP_NO_TICKET), 0);
- wolfSSL_CTX_set_options(ctx2, SSL_OP_NO_TICKET);
- ExpectIntNE((wolfSSL_CTX_get_options(ctx2) & SSL_OP_NO_TICKET), 0);
- #endif
- ExpectNotNull(ssl = wolfSSL_new(ctx2));
- ExpectIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0);
- #ifdef WOLFSSL_INT_H
- #ifdef WOLFSSL_SESSION_ID_CTX
- ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id2, 4), 0);
- #endif
- ExpectTrue(ssl->buffers.certificate == ctx2->certificate);
- ExpectTrue(ssl->buffers.certChain == ctx2->certChain);
- #endif
- #ifdef HAVE_SESSION_TICKET
- ExpectIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0);
- #endif
- /* Set the ctx1 that has TLSv1.3 as max proto version */
- ExpectNotNull(wolfSSL_set_SSL_CTX(ssl, ctx1));
- /* MUST not change proto versions of ssl */
- ExpectIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0);
- #ifdef HAVE_SESSION_TICKET
- /* MUST not change */
- ExpectIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0);
- #endif
- /* MUST change */
- #ifdef WOLFSSL_INT_H
- ExpectTrue(ssl->buffers.certificate == ctx1->certificate);
- ExpectTrue(ssl->buffers.certChain == ctx1->certChain);
- #ifdef WOLFSSL_SESSION_ID_CTX
- ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id1, 4), 0);
- #endif
- #endif
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx1);
- wolfSSL_CTX_free(ctx2);
- #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
- return EXPECT_RESULT();
- }
- #endif /* defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
- (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
- defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
- defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) */
- static int test_wolfSSL_security_level(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- SSL_CTX *ctx = NULL;
- #ifdef WOLFSSL_TLS13
- #ifdef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- #endif
- SSL_CTX_set_security_level(NULL, 1);
- SSL_CTX_set_security_level(ctx, 1);
- ExpectIntEQ(SSL_CTX_get_security_level(NULL), 0);
- /* Stub so nothing happens. */
- ExpectIntEQ(SSL_CTX_get_security_level(ctx), 0);
- SSL_CTX_free(ctx);
- #else
- (void)ctx;
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_SSL_in_init(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_BIO)
- SSL_CTX* ctx = NULL;
- SSL* ssl = NULL;
- const char* testCertFile;
- const char* testKeyFile;
- #ifdef WOLFSSL_TLS13
- #ifdef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- #endif
- #else
- #ifdef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- #endif
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #else
- testCertFile = NULL;
- testKeyFile = NULL;
- #endif
- if ((testCertFile != NULL) && (testKeyFile != NULL)) {
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- SSL_FILETYPE_PEM));
- }
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_in_init(ssl), 1);
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_set_timeout(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE)
- int timeout;
- WOLFSSL_CTX* ctx = NULL;
- (void)timeout;
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
- /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
- * wolfSSL_CTX_set_timeout returns previous timeout value on success.
- */
- ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
- /* giving 0 as timeout value sets default timeout */
- timeout = wolfSSL_CTX_set_timeout(ctx, 0);
- ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
- ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
- #else
- ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
- ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
- #endif
- wolfSSL_CTX_free(ctx);
- #endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_OpenSSL_version(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA)
- const char* ver;
- #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
- ExpectNotNull(ver = OpenSSL_version(0));
- #else
- ExpectNotNull(ver = OpenSSL_version());
- #endif
- ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING,
- XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_CONF_CTX_CMDLINE(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL)
- SSL_CTX* ctx = NULL;
- SSL_CONF_CTX* cctx = NULL;
- ExpectNotNull(cctx = SSL_CONF_CTX_new());
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
- /* set flags */
- ExpectIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE),
- WOLFSSL_CONF_FLAG_CMDLINE);
- ExpectIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
- WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE);
- /* cmd invalid command */
- ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
- ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
- ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
- /* cmd Certificate and Private Key*/
- {
- #if !defined(NO_CERTS) && !defined(NO_RSA)
- const char* ourCert = svrCertFile;
- const char* ourKey = svrKeyFile;
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert), WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
- #endif
- }
- /* cmd curves */
- {
- #if defined(HAVE_ECC)
- const char* curve = "secp256r1";
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
- #endif
- }
- /* cmd CipherString */
- {
- char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
- }
- /* cmd DH parameter */
- {
- #if !defined(NO_DH) && !defined(NO_BIO)
- const char* ourdhcert = "./certs/dh2048.pem";
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert), WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
- #endif
- }
- SSL_CTX_free(ctx);
- SSL_CONF_CTX_free(cctx);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_CONF_CTX_FILE(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL)
- SSL_CTX* ctx = NULL;
- SSL_CONF_CTX* cctx = NULL;
- ExpectNotNull(cctx = SSL_CONF_CTX_new());
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
- /* set flags */
- ExpectIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE),
- WOLFSSL_CONF_FLAG_FILE);
- ExpectIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
- WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE);
- /* sanity check */
- ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
- ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
- ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
- /* cmd Certificate and Private Key*/
- {
- #if !defined(NO_CERTS) && !defined(NO_RSA)
- const char* ourCert = svrCertFile;
- const char* ourKey = svrKeyFile;
- ExpectIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
- #endif
- }
- /* cmd curves */
- {
- #if defined(HAVE_ECC)
- const char* curve = "secp256r1";
- ExpectIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
- #endif
- }
- /* cmd CipherString */
- {
- char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
- }
- /* cmd DH parameter */
- {
- #if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072)
- const char* ourdhcert = "./certs/dh3072.pem";
- ExpectIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3);
- ExpectIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
- #endif
- }
- SSL_CTX_free(ctx);
- SSL_CONF_CTX_free(cctx);
- #endif /* OPENSSL_EXTRA */
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CRYPTO_get_ex_new_index(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_EX_DATA
- int idx1, idx2;
- /* test for unsupported class index */
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509_STORE,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(
- WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DH,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DSA,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_EC_KEY,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_RSA,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_ENGINE,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_UI,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_BIO,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_APP,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_UI_METHOD,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DRBG,
- 0,NULL, NULL, NULL, NULL ), -1);
- ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(20,
- 0,NULL, NULL, NULL, NULL ), -1);
- /* test for supported class index */
- idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL,
- 0,NULL, NULL, NULL, NULL );
- idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL,
- 0,NULL, NULL, NULL, NULL );
- ExpectIntNE(idx1, -1);
- ExpectIntNE(idx2, -1);
- ExpectIntNE(idx1, idx2);
- idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX,
- 0,NULL, NULL, NULL, NULL );
- idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX,
- 0,NULL, NULL, NULL, NULL );
- ExpectIntNE(idx1, -1);
- ExpectIntNE(idx2, -1);
- ExpectIntNE(idx1, idx2);
- idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509,
- 0,NULL, NULL, NULL, NULL );
- idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509,
- 0,NULL, NULL, NULL, NULL );
- ExpectIntNE(idx1, -1);
- ExpectIntNE(idx2, -1);
- ExpectIntNE(idx1, idx2);
- idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION,
- 0,NULL, NULL, NULL, NULL );
- idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION,
- 0,NULL, NULL, NULL, NULL );
- ExpectIntNE(idx1, -1);
- ExpectIntNE(idx2, -1);
- ExpectIntNE(idx1, idx2);
- #endif /* HAVE_EX_DATA */
- return EXPECT_RESULT();
- }
- #if defined(HAVE_EX_DATA) && defined(HAVE_EXT_CACHE) && \
- (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
- (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
- defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
- defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))))
- #define SESSION_NEW_IDX_LONG 0xDEADBEEF
- #define SESSION_NEW_IDX_VAL ((void*)0xAEADAEAD)
- #define SESSION_DUP_IDX_VAL ((void*)0xDEDEDEDE)
- #define SESSION_NEW_IDX_PTR "Testing"
- static void test_wolfSSL_SESSION_get_ex_new_index_new_cb(void* p, void* ptr,
- CRYPTO_EX_DATA* a, int idx, long argValue, void* arg)
- {
- AssertNotNull(p);
- AssertNull(ptr);
- AssertIntEQ(CRYPTO_set_ex_data(a, idx, SESSION_NEW_IDX_VAL), SSL_SUCCESS);
- AssertIntEQ(argValue, SESSION_NEW_IDX_LONG);
- AssertStrEQ(arg, SESSION_NEW_IDX_PTR);
- }
- static int test_wolfSSL_SESSION_get_ex_new_index_dup_cb(CRYPTO_EX_DATA* out,
- const CRYPTO_EX_DATA* in, void* inPtr, int idx, long argV,
- void* arg)
- {
- EXPECT_DECLS;
- ExpectNotNull(out);
- ExpectNotNull(in);
- ExpectPtrEq(*(void**)inPtr, SESSION_NEW_IDX_VAL);
- ExpectPtrEq(CRYPTO_get_ex_data(in, idx), SESSION_NEW_IDX_VAL);
- ExpectPtrEq(CRYPTO_get_ex_data(out, idx), SESSION_NEW_IDX_VAL);
- ExpectIntEQ(argV, SESSION_NEW_IDX_LONG);
- ExpectStrEQ(arg, SESSION_NEW_IDX_PTR);
- *(void**)inPtr = SESSION_DUP_IDX_VAL;
- if (EXPECT_SUCCESS()) {
- return SSL_SUCCESS;
- }
- else {
- return SSL_FAILURE;
- }
- }
- static int test_wolfSSL_SESSION_get_ex_new_index_free_cb_called = 0;
- static void test_wolfSSL_SESSION_get_ex_new_index_free_cb(void* p, void* ptr,
- CRYPTO_EX_DATA* a, int idx, long argValue, void* arg)
- {
- EXPECT_DECLS;
- ExpectNotNull(p);
- ExpectNull(ptr);
- ExpectPtrNE(CRYPTO_get_ex_data(a, idx), 0);
- ExpectIntEQ(argValue, SESSION_NEW_IDX_LONG);
- ExpectStrEQ(arg, SESSION_NEW_IDX_PTR);
- if (EXPECT_SUCCESS()) {
- test_wolfSSL_SESSION_get_ex_new_index_free_cb_called++;
- }
- }
- static int test_wolfSSL_SESSION_get_ex_new_index(void)
- {
- EXPECT_DECLS;
- int idx = SSL_SESSION_get_ex_new_index(SESSION_NEW_IDX_LONG,
- (void*)SESSION_NEW_IDX_PTR,
- test_wolfSSL_SESSION_get_ex_new_index_new_cb,
- test_wolfSSL_SESSION_get_ex_new_index_dup_cb,
- test_wolfSSL_SESSION_get_ex_new_index_free_cb);
- SSL_SESSION* s = SSL_SESSION_new();
- SSL_SESSION* d = NULL;
- ExpectNotNull(s);
- ExpectPtrEq(SSL_SESSION_get_ex_data(s, idx), SESSION_NEW_IDX_VAL);
- ExpectNotNull(d = SSL_SESSION_dup(s));
- ExpectPtrEq(SSL_SESSION_get_ex_data(d, idx), SESSION_DUP_IDX_VAL);
- SSL_SESSION_free(s);
- ExpectIntEQ(test_wolfSSL_SESSION_get_ex_new_index_free_cb_called, 1);
- SSL_SESSION_free(d);
- ExpectIntEQ(test_wolfSSL_SESSION_get_ex_new_index_free_cb_called, 2);
- crypto_ex_cb_free(crypto_ex_cb_ctx_session);
- crypto_ex_cb_ctx_session = NULL;
- return EXPECT_RESULT();
- }
- #else
- static int test_wolfSSL_SESSION_get_ex_new_index(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- static int test_wolfSSL_set_psk_use_session_callback(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(NO_PSK)
- SSL_CTX* ctx = NULL;
- SSL* ssl = NULL;
- const char* testCertFile;
- const char* testKeyFile;
- #ifdef WOLFSSL_TLS13
- #ifdef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
- #endif
- #else
- #ifdef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- #endif
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #else
- testCertFile = NULL;
- testKeyFile = NULL;
- #endif
- if ((testCertFile != NULL) && (testKeyFile != NULL)) {
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- SSL_FILETYPE_PEM));
- }
- ExpectNotNull(ssl = SSL_new(ctx));
- SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_ERR_strings(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_ERROR_STRINGS)
- const char* err1 = "unsupported cipher suite";
- const char* err2 = "wolfSSL PEM routines";
- const char* err = NULL;
- (void)err;
- (void)err1;
- (void)err2;
- #if defined(OPENSSL_EXTRA)
- ExpectNotNull(err = ERR_reason_error_string(UNSUPPORTED_SUITE));
- ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
- ExpectNotNull(err = ERR_func_error_string(UNSUPPORTED_SUITE));
- ExpectIntEQ((*err == '\0'), 1);
- ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD));
- ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
- #else
- ExpectNotNull(err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE));
- ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
- ExpectNotNull(err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE));
- ExpectIntEQ((*err == '\0'), 1);
- /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
- ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2));
- ExpectIntEQ((*err == '\0'), 1);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_shake128(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
- defined(WOLFSSL_SHAKE128)
- const EVP_MD* md = NULL;
- ExpectNotNull(md = EVP_shake128());
- ExpectIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0);
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_EVP_shake256(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
- defined(WOLFSSL_SHAKE256)
- const EVP_MD* md = NULL;
- ExpectNotNull(md = EVP_shake256());
- ExpectIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0);
- #endif
- return EXPECT_RESULT();
- }
- /*
- * Testing EVP digest API with SM3
- */
- static int test_wolfSSL_EVP_sm3(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM3)
- EXPECT_DECLS;
- const EVP_MD* md = NULL;
- EVP_MD_CTX* mdCtx = NULL;
- byte data[WC_SM3_BLOCK_SIZE * 4];
- byte hash[WC_SM3_DIGEST_SIZE];
- byte calcHash[WC_SM3_DIGEST_SIZE];
- byte expHash[WC_SM3_DIGEST_SIZE] = {
- 0x38, 0x48, 0x15, 0xa7, 0x0e, 0xae, 0x0b, 0x27,
- 0x5c, 0xde, 0x9d, 0xa5, 0xd1, 0xa4, 0x30, 0xa1,
- 0xca, 0xd4, 0x54, 0x58, 0x44, 0xa2, 0x96, 0x1b,
- 0xd7, 0x14, 0x80, 0x3f, 0x80, 0x1a, 0x07, 0xb6
- };
- word32 chunk;
- word32 i;
- unsigned int sz;
- int ret;
- XMEMSET(data, 0, sizeof(data));
- md = EVP_sm3();
- ExpectTrue(md != NULL);
- ExpectIntEQ(XSTRNCMP(md, "SM3", XSTRLEN("SM3")), 0);
- mdCtx = EVP_MD_CTX_new();
- ExpectTrue(mdCtx != NULL);
- /* Invalid Parameters */
- ExpectIntEQ(EVP_DigestInit(NULL, md), BAD_FUNC_ARG);
- /* Valid Parameters */
- ExpectIntEQ(EVP_DigestInit(mdCtx, md), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WOLFSSL_FAILURE);
- /* Valid Parameters */
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE - 2),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE * 2),
- WOLFSSL_SUCCESS);
- /* Ensure too many bytes for lengths. */
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_PAD_SIZE),
- WOLFSSL_SUCCESS);
- /* Invalid Parameters */
- ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WOLFSSL_FAILURE);
- ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WOLFSSL_FAILURE);
- /* Valid Parameters */
- ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS);
- ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE);
- /* Chunk tests. */
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, sizeof(data)), WOLFSSL_SUCCESS);
- ExpectIntEQ(EVP_DigestFinal(mdCtx, calcHash, &sz), WOLFSSL_SUCCESS);
- ExpectIntEQ(sz, WC_SM3_DIGEST_SIZE);
- for (chunk = 1; chunk <= WC_SM3_BLOCK_SIZE + 1; chunk++) {
- for (i = 0; i + chunk <= (word32)sizeof(data); i += chunk) {
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data + i, chunk),
- WOLFSSL_SUCCESS);
- }
- if (i < (word32)sizeof(data)) {
- ExpectIntEQ(EVP_DigestUpdate(mdCtx, data + i,
- (word32)sizeof(data) - i), WOLFSSL_SUCCESS);
- }
- ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS);
- ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE);
- }
- /* Not testing when the low 32-bit length overflows. */
- ret = EVP_MD_CTX_cleanup(mdCtx);
- ExpectIntEQ(ret, WOLFSSL_SUCCESS);
- wolfSSL_EVP_MD_CTX_free(mdCtx);
- res = EXPECT_RESULT();
- #endif
- return res;
- } /* END test_EVP_sm3 */
- static int test_EVP_blake2(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S))
- const EVP_MD* md = NULL;
- (void)md;
- #if defined(HAVE_BLAKE2)
- ExpectNotNull(md = EVP_blake2b512());
- ExpectIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0);
- #endif
- #if defined(HAVE_BLAKE2S)
- ExpectNotNull(md = EVP_blake2s256());
- ExpectIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- #if defined(OPENSSL_EXTRA)
- static void list_md_fn(const EVP_MD* m, const char* from,
- const char* to, void* arg)
- {
- const char* mn;
- BIO *bio;
- (void) from;
- (void) to;
- (void) arg;
- (void) mn;
- (void) bio;
- if (!m) {
- /* alias */
- AssertNull(m);
- AssertNotNull(to);
- }
- else {
- AssertNotNull(m);
- AssertNull(to);
- }
- AssertNotNull(from);
- #if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
- mn = EVP_get_digestbyname(from);
- /* print to stderr */
- AssertNotNull(arg);
- bio = BIO_new(BIO_s_file());
- BIO_set_fp(bio, arg, BIO_NOCLOSE);
- BIO_printf(bio, "Use %s message digest algorithm\n", mn);
- BIO_free(bio);
- #endif
- }
- #endif
- static int test_EVP_MD_do_all(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA)
- EVP_MD_do_all(NULL, stderr);
- EVP_MD_do_all(list_md_fn, stderr);
- res = TEST_SUCCESS;
- #endif
- return res;
- }
- #if defined(OPENSSL_EXTRA)
- static void obj_name_t(const OBJ_NAME* nm, void* arg)
- {
- (void)arg;
- (void)nm;
- AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF);
- #if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
- /* print to stderr */
- AssertNotNull(arg);
- BIO *bio = BIO_new(BIO_s_file());
- BIO_set_fp(bio, arg, BIO_NOCLOSE);
- BIO_printf(bio, "%s\n", nm);
- BIO_free(bio);
- #endif
- }
- #endif
- static int test_OBJ_NAME_do_all(void)
- {
- int res = TEST_SKIPPED;
- #if defined(OPENSSL_EXTRA)
- OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stderr);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stderr);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stderr);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stderr);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stderr);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stderr);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stderr);
- OBJ_NAME_do_all(-1, obj_name_t, stderr);
- res = TEST_SUCCESS;
- #endif
- return res;
- }
- static int test_SSL_CIPHER_get_xxx(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM)
- const SSL_CIPHER* cipher = NULL;
- STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
- int i, numCiphers = 0;
- SSL_CTX* ctx = NULL;
- SSL* ssl = NULL;
- const char* testCertFile;
- const char* testKeyFile;
- char buf[256] = {0};
- const char* cipher_id = NULL;
- int expect_nid1 = NID_undef;
- int expect_nid2 = NID_undef;
- int expect_nid3 = NID_undef;
- int expect_nid4 = NID_undef;
- int expect_nid5 = 0;
- const char* cipher_id2 = NULL;
- int expect_nid21 = NID_undef;
- int expect_nid22 = NID_undef;
- int expect_nid23 = NID_undef;
- int expect_nid24 = NID_undef;
- int expect_nid25 = 0;
- (void)cipher;
- (void)supportedCiphers;
- (void)i;
- (void)numCiphers;
- (void)ctx;
- (void)ssl;
- (void)testCertFile;
- (void)testKeyFile;
- #if defined(WOLFSSL_TLS13)
- cipher_id = "TLS13-AES128-GCM-SHA256";
- expect_nid1 = NID_auth_rsa;
- expect_nid2 = NID_aes_128_gcm;
- expect_nid3 = NID_sha256;
- expect_nid4 = NID_kx_any;
- expect_nid5 = 1;
- #if !defined(WOLFSSL_NO_TLS12)
- cipher_id2 = "ECDHE-RSA-AES256-GCM-SHA384";
- expect_nid21 = NID_auth_rsa;
- expect_nid22 = NID_aes_256_gcm;
- expect_nid23 = NID_sha384;
- expect_nid24 = NID_kx_ecdhe;
- expect_nid25 = 1;
- #endif
- #endif
- #ifdef NO_WOLFSSL_SERVER
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
- #else
- ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
- #endif
- if (cipher_id) {
- #ifndef NO_RSA
- testCertFile = svrCertFile;
- testKeyFile = svrKeyFile;
- #elif defined(HAVE_ECC)
- testCertFile = eccCertFile;
- testKeyFile = eccKeyFile;
- #else
- testCertFile = NULL;
- testKeyFile = NULL;
- #endif
- if (testCertFile != NULL && testKeyFile != NULL) {
- ExpectTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
- SSL_FILETYPE_PEM));
- ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
- SSL_FILETYPE_PEM));
- }
- ExpectNotNull(ssl = SSL_new(ctx));
- ExpectIntEQ(SSL_in_init(ssl), 1);
- supportedCiphers = SSL_get_ciphers(ssl);
- numCiphers = sk_num(supportedCiphers);
- for (i = 0; i < numCiphers; ++i) {
- if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
- SSL_CIPHER_description(cipher, buf, sizeof(buf));
- }
- if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
- break;
- }
- }
- /* test case for */
- if (i != numCiphers) {
- ExpectIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1);
- ExpectIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2);
- ExpectIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3);
- ExpectIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4);
- ExpectIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5);
- }
- if (cipher_id2) {
- for (i = 0; i < numCiphers; ++i) {
- if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
- SSL_CIPHER_description(cipher, buf, sizeof(buf));
- }
- if (XMEMCMP(cipher_id2, buf, XSTRLEN(cipher_id2)) == 0) {
- break;
- }
- }
- /* test case for */
- if (i != numCiphers) {
- ExpectIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21);
- ExpectIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22);
- ExpectIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23);
- ExpectIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24);
- ExpectIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25);
- }
- }
- }
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES)
- static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer,
- int* keyFormat)
- {
- int ret;
- byte* key_buf = NULL;
- size_t key_sz = 0;
- EncryptedInfo encInfo;
- XMEMSET(&encInfo, 0, sizeof(encInfo));
- ret = load_file(privKeyFile, &key_buf, &key_sz);
- if (ret == 0) {
- ret = wc_PemToDer(key_buf, key_sz, PRIVATEKEY_TYPE, pDer,
- NULL, &encInfo, keyFormat);
- }
- if (key_buf != NULL) {
- free(key_buf); key_buf = NULL;
- }
- (void)encInfo; /* not used in this test */
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "%s (%d): Loading PEM %s (len %d) to DER (len %d)\n",
- (ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz,
- (*pDer)->length);
- #endif
- return ret;
- }
- static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
- {
- int ret = CRYPTOCB_UNAVAILABLE;
- const char* privKeyFile = (const char*)ctx;
- DerBuffer* pDer = NULL;
- int keyFormat = 0;
- if (info->algo_type == WC_ALGO_TYPE_PK) {
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "test_CryptoCb_Func: Pk Type %d\n", info->pk.type);
- #endif
- #ifndef NO_RSA
- if (info->pk.type == WC_PK_TYPE_RSA) {
- switch (info->pk.rsa.type) {
- case RSA_PUBLIC_ENCRYPT:
- case RSA_PUBLIC_DECRYPT:
- /* perform software based RSA public op */
- ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
- break;
- case RSA_PRIVATE_ENCRYPT:
- case RSA_PRIVATE_DECRYPT:
- {
- RsaKey key;
- /* perform software based RSA private op */
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "test_CryptoCb_Func: RSA Priv\n");
- #endif
- ret = load_pem_key_file_as_der(privKeyFile, &pDer,
- &keyFormat);
- if (ret != 0) {
- return ret;
- }
- ret = wc_InitRsaKey(&key, HEAP_HINT);
- if (ret == 0) {
- word32 keyIdx = 0;
- /* load RSA private key and perform private transform */
- ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
- &key, pDer->length);
- if (ret == 0) {
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, &key, info->pk.rsa.rng);
- }
- else {
- /* if decode fails, then fall-back to software based crypto */
- fprintf(stderr, "test_CryptoCb_Func: RSA private "
- "key decode failed %d, falling back to "
- "software\n", ret);
- ret = CRYPTOCB_UNAVAILABLE;
- }
- wc_FreeRsaKey(&key);
- }
- wc_FreeDer(&pDer); pDer = NULL;
- break;
- }
- }
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "test_CryptoCb_Func: RSA Type %d, Ret %d, Out %d\n",
- info->pk.rsa.type, ret, *info->pk.rsa.outLen);
- #endif
- }
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
- /* mark this key as ephemeral */
- if (info->pk.eckg.key != NULL) {
- XSTRNCPY(info->pk.eckg.key->label, "ephemeral",
- sizeof(info->pk.eckg.key->label));
- info->pk.eckg.key->labelLen = (int)XSTRLEN(info->pk.eckg.key->label);
- }
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
- ecc_key key;
- /* perform software based ECC sign */
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "test_CryptoCb_Func: ECC Sign\n");
- #endif
- if (info->pk.eccsign.key != NULL &&
- XSTRCMP(info->pk.eccsign.key->label, "ephemeral") == 0) {
- /* this is an empheral key */
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "test_CryptoCb_Func: skipping signing op on "
- "ephemeral key\n");
- #endif
- return CRYPTOCB_UNAVAILABLE;
- }
- ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ecc_init(&key);
- if (ret == 0) {
- word32 keyIdx = 0;
- /* load ECC private key and perform private transform */
- ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx,
- &key, pDer->length);
- if (ret == 0) {
- ret = wc_ecc_sign_hash(
- info->pk.eccsign.in, info->pk.eccsign.inlen,
- info->pk.eccsign.out, info->pk.eccsign.outlen,
- info->pk.eccsign.rng, &key);
- }
- else {
- /* if decode fails, then fall-back to software based crypto */
- fprintf(stderr, "test_CryptoCb_Func: ECC private key "
- "decode failed %d, falling back to software\n", ret);
- ret = CRYPTOCB_UNAVAILABLE;
- }
- wc_ecc_free(&key);
- }
- wc_FreeDer(&pDer); pDer = NULL;
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "test_CryptoCb_Func: ECC Ret %d, Out %d\n",
- ret, *info->pk.eccsign.outlen);
- #endif
- }
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
- ed25519_key key;
- /* perform software based ED25519 sign */
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "test_CryptoCb_Func: ED25519 Sign\n");
- #endif
- ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ed25519_init(&key);
- if (ret == 0) {
- word32 keyIdx = 0;
- /* load ED25519 private key and perform private transform */
- ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx,
- &key, pDer->length);
- if (ret == 0) {
- /* calculate public key */
- ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE);
- if (ret == 0) {
- key.pubKeySet = 1;
- ret = wc_ed25519_sign_msg_ex(
- info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
- info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
- &key, info->pk.ed25519sign.type,
- info->pk.ed25519sign.context,
- info->pk.ed25519sign.contextLen);
- }
- }
- else {
- /* if decode fails, then fall-back to software based crypto */
- fprintf(stderr, "test_CryptoCb_Func: ED25519 private key "
- "decode failed %d, falling back to software\n", ret);
- ret = CRYPTOCB_UNAVAILABLE;
- }
- wc_ed25519_free(&key);
- }
- wc_FreeDer(&pDer); pDer = NULL;
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "test_CryptoCb_Func: ED25519 Ret %d, Out %d\n",
- ret, *info->pk.ed25519sign.outLen);
- #endif
- }
- #endif /* HAVE_ED25519 */
- }
- (void)thisDevId;
- (void)keyFormat;
- return ret;
- }
- /* tlsVer: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
- static int test_wc_CryptoCb_TLS(int tlsVer,
- const char* cliCaPemFile, const char* cliCertPemFile,
- const char* cliPrivKeyPemFile, const char* cliPubKeyPemFile,
- const char* svrCaPemFile, const char* svrCertPemFile,
- const char* svrPrivKeyPemFile, const char* svrPubKeyPemFile)
- {
- EXPECT_DECLS;
- callback_functions client_cbf;
- callback_functions server_cbf;
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- if (tlsVer == WOLFSSL_TLSV1_3) {
- #ifdef WOLFSSL_TLS13
- server_cbf.method = wolfTLSv1_3_server_method;
- client_cbf.method = wolfTLSv1_3_client_method;
- #endif
- }
- else if (tlsVer == WOLFSSL_TLSV1_2) {
- #ifndef WOLFSSL_NO_TLS12
- server_cbf.method = wolfTLSv1_2_server_method;
- client_cbf.method = wolfTLSv1_2_client_method;
- #endif
- }
- else if (tlsVer == WOLFSSL_TLSV1_1) {
- #ifndef NO_OLD_TLS
- server_cbf.method = wolfTLSv1_1_server_method;
- client_cbf.method = wolfTLSv1_1_client_method;
- #endif
- }
- else if (tlsVer == WOLFSSL_TLSV1) {
- #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
- server_cbf.method = wolfTLSv1_server_method;
- client_cbf.method = wolfTLSv1_client_method;
- #endif
- }
- else if (tlsVer == WOLFSSL_SSLV3) {
- #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
- defined(WOLFSSL_STATIC_RSA)
- server_cbf.method = wolfSSLv3_server_method;
- client_cbf.method = wolfSSLv3_client_method;
- #endif
- }
- else if (tlsVer == WOLFSSL_DTLSV1_2) {
- #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
- server_cbf.method = wolfDTLSv1_2_server_method;
- client_cbf.method = wolfDTLSv1_2_client_method;
- #endif
- }
- else if (tlsVer == WOLFSSL_DTLSV1) {
- #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
- server_cbf.method = wolfDTLSv1_server_method;
- client_cbf.method = wolfDTLSv1_client_method;
- #endif
- }
- if (server_cbf.method == NULL) {
- /* not enabled */
- return TEST_SUCCESS;
- }
- /* Setup the keys for the TLS test */
- client_cbf.certPemFile = cliCertPemFile;
- client_cbf.keyPemFile = cliPubKeyPemFile;
- client_cbf.caPemFile = cliCaPemFile;
- server_cbf.certPemFile = svrCertPemFile;
- server_cbf.keyPemFile = svrPubKeyPemFile;
- server_cbf.caPemFile = svrCaPemFile;
- /* Setup a crypto callback with pointer to private key file for testing */
- client_cbf.devId = 1;
- wc_CryptoCb_RegisterDevice(client_cbf.devId, test_CryptoCb_Func,
- (void*)cliPrivKeyPemFile);
- server_cbf.devId = 2;
- wc_CryptoCb_RegisterDevice(server_cbf.devId, test_CryptoCb_Func,
- (void*)svrPrivKeyPemFile);
- /* Perform TLS server and client test */
- /* First test is at WOLFSSL_CTX level */
- test_wolfSSL_client_server(&client_cbf, &server_cbf);
- /* Check for success */
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- if (EXPECT_SUCCESS()) {
- /* Second test is a WOLFSSL object level */
- client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
- test_wolfSSL_client_server(&client_cbf, &server_cbf);
- }
- /* Check for success */
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- /* Un register the devId's */
- wc_CryptoCb_UnRegisterDevice(client_cbf.devId);
- client_cbf.devId = INVALID_DEVID;
- wc_CryptoCb_UnRegisterDevice(server_cbf.devId);
- server_cbf.devId = INVALID_DEVID;
- return EXPECT_RESULT();
- }
- #endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */
- static int test_wc_CryptoCb(void)
- {
- EXPECT_DECLS;
- #ifdef WOLF_CRYPTO_CB
- /* TODO: Add crypto callback API tests */
- #ifdef HAVE_IO_TESTS_DEPENDENCIES
- #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
- int tlsVer;
- #endif
- #ifndef NO_RSA
- for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
- ExpectIntEQ(test_wc_CryptoCb_TLS(tlsVer,
- svrCertFile, cliCertFile, cliKeyFile, cliKeyPubFile,
- cliCertFile, svrCertFile, svrKeyFile, svrKeyPubFile),
- TEST_SUCCESS);
- }
- #endif
- #ifdef HAVE_ECC
- for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
- ExpectIntEQ(test_wc_CryptoCb_TLS(tlsVer,
- caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccKeyPubFile,
- cliEccCertFile, eccCertFile, eccKeyFile, eccKeyPubFile),
- TEST_SUCCESS);
- }
- #endif
- #ifdef HAVE_ED25519
- for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
- if (tlsVer == WOLFSSL_DTLSV1) continue;
- ExpectIntEQ(test_wc_CryptoCb_TLS(tlsVer,
- caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdKeyPubFile,
- cliEdCertFile, edCertFile, edKeyFile, edKeyPubFile),
- TEST_SUCCESS);
- }
- #endif
- #endif /* HAVE_IO_TESTS_DEPENDENCIES */
- #endif /* WOLF_CRYPTO_CB */
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_STATIC_MEMORY) && defined(HAVE_IO_TESTS_DEPENDENCIES)
- /* tlsVer: Example: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
- static int test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer,
- const char* cliCaPemFile, const char* cliCertPemFile,
- const char* cliPrivKeyPemFile,
- const char* svrCaPemFile, const char* svrCertPemFile,
- const char* svrPrivKeyPemFile,
- byte* cliMem, word32 cliMemSz, byte* svrMem, word32 svrMemSz)
- {
- EXPECT_DECLS;
- callback_functions client_cbf;
- callback_functions server_cbf;
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- if (tlsVer == WOLFSSL_TLSV1_3) {
- #ifdef WOLFSSL_TLS13
- server_cbf.method_ex = wolfTLSv1_3_server_method_ex;
- client_cbf.method_ex = wolfTLSv1_3_client_method_ex;
- #endif
- }
- else if (tlsVer == WOLFSSL_TLSV1_2) {
- #ifndef WOLFSSL_NO_TLS12
- server_cbf.method_ex = wolfTLSv1_2_server_method_ex;
- client_cbf.method_ex = wolfTLSv1_2_client_method_ex;
- #endif
- }
- else if (tlsVer == WOLFSSL_TLSV1_1) {
- #ifndef NO_OLD_TLS
- server_cbf.method_ex = wolfTLSv1_1_server_method_ex;
- client_cbf.method_ex = wolfTLSv1_1_client_method_ex;
- #endif
- }
- else if (tlsVer == WOLFSSL_TLSV1) {
- #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
- server_cbf.method_ex = wolfTLSv1_server_method_ex;
- client_cbf.method_ex = wolfTLSv1_client_method_ex;
- #endif
- }
- else if (tlsVer == WOLFSSL_SSLV3) {
- #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
- defined(WOLFSSL_STATIC_RSA)
- server_cbf.method_ex = wolfSSLv3_server_method_ex;
- client_cbf.method_ex = wolfSSLv3_client_method_ex;
- #endif
- }
- else if (tlsVer == WOLFSSL_DTLSV1_2) {
- #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
- server_cbf.method_ex = wolfDTLSv1_2_server_method_ex;
- client_cbf.method_ex = wolfDTLSv1_2_client_method_ex;
- #endif
- }
- else if (tlsVer == WOLFSSL_DTLSV1) {
- #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
- server_cbf.method_ex = wolfDTLSv1_server_method_ex;
- client_cbf.method_ex = wolfDTLSv1_client_method_ex;
- #endif
- }
- if (server_cbf.method_ex == NULL) {
- /* not enabled */
- return TEST_SUCCESS;
- }
- /* Setup the keys for the TLS test */
- client_cbf.certPemFile = cliCertPemFile;
- client_cbf.keyPemFile = cliPrivKeyPemFile;
- client_cbf.caPemFile = cliCaPemFile;
- server_cbf.certPemFile = svrCertPemFile;
- server_cbf.keyPemFile = svrPrivKeyPemFile;
- server_cbf.caPemFile = svrCaPemFile;
- client_cbf.mem = cliMem;
- client_cbf.memSz = cliMemSz;
- server_cbf.mem = svrMem;
- server_cbf.memSz = svrMemSz;
- client_cbf.devId = INVALID_DEVID;
- server_cbf.devId = INVALID_DEVID;
- /* Perform TLS server and client test */
- /* First test is at WOLFSSL_CTX level */
- test_wolfSSL_client_server(&client_cbf, &server_cbf);
- /* Check for success */
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- if (EXPECT_SUCCESS()) {
- /* Second test is a WOLFSSL object level */
- client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
- test_wolfSSL_client_server(&client_cbf, &server_cbf);
- }
- /* Check for success */
- ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
- ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */
- #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
- static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- WOLFSSL *ssl1 = NULL, *ssl2 = NULL, *ssl3 = NULL;
- WOLFSSL_MEM_STATS mem_stats;
- WOLFSSL_MEM_CONN_STATS ssl_stats;
- #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
- ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- #endif
- ExpectNotNull((ssl1 = wolfSSL_new(ctx)));
- ExpectNotNull((ssl2 = wolfSSL_new(ctx)));
- /* this should fail because kMaxCtxClients == 2 */
- ExpectNull((ssl3 = wolfSSL_new(ctx)));
- if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) {
- #ifdef DEBUG_WOLFSSL
- wolfSSL_PrintStatsConn(&ssl_stats);
- #endif
- (void)ssl_stats;
- }
- /* display collected statistics */
- if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) {
- #ifdef DEBUG_WOLFSSL
- wolfSSL_PrintStats(&mem_stats);
- #endif
- (void)mem_stats;
- }
- wolfSSL_free(ssl1);
- wolfSSL_free(ssl2);
- return EXPECT_RESULT();
- }
- #endif /* WOLFSSL_STATIC_MEMORY && !WOLFCRYPT_ONLY */
- static int test_wolfSSL_CTX_StaticMemory(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
- wolfSSL_method_func method_func;
- WOLFSSL_CTX* ctx;
- const int kMaxCtxClients = 2;
- #ifdef HAVE_IO_TESTS_DEPENDENCIES
- #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
- int tlsVer;
- byte cliMem[TEST_TLS_STATIC_MEMSZ];
- #endif
- #endif
- byte svrMem[TEST_TLS_STATIC_MEMSZ];
- #ifndef NO_WOLFSSL_SERVER
- #ifndef WOLFSSL_NO_TLS12
- method_func = wolfTLSv1_2_server_method_ex;
- #else
- method_func = wolfTLSv1_3_server_method_ex;
- #endif
- #else
- #ifndef WOLFSSL_NO_TLS12
- method_func = wolfTLSv1_2_client_method_ex;
- #else
- method_func = wolfTLSv1_3_client_method_ex;
- #endif
- #endif
- /* Test creating CTX directly from static memory pool */
- ctx = NULL;
- ExpectIntEQ(wolfSSL_CTX_load_static_memory(&ctx, method_func, svrMem,
- sizeof(svrMem), 0, kMaxCtxClients), WOLFSSL_SUCCESS);
- ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_SSL(ctx), TEST_SUCCESS);
- wolfSSL_CTX_free(ctx);
- ctx = NULL;
- /* Test for heap allocated CTX, then assigning static pool to it */
- ExpectNotNull(ctx = wolfSSL_CTX_new(method_func(NULL)));
- ExpectIntEQ(wolfSSL_CTX_load_static_memory(&ctx, NULL, svrMem,
- sizeof(svrMem), 0, kMaxCtxClients), WOLFSSL_SUCCESS);
- ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_SSL(ctx), TEST_SUCCESS);
- wolfSSL_CTX_free(ctx);
- /* TLS Level Tests using static memory */
- #ifdef HAVE_IO_TESTS_DEPENDENCIES
- #ifndef NO_RSA
- for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
- ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
- svrCertFile, cliCertFile, cliKeyFile,
- cliCertFile, svrCertFile, svrKeyFile,
- cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)),
- TEST_SUCCESS);
- }
- #endif
- #ifdef HAVE_ECC
- for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
- ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
- caEccCertFile, cliEccCertFile, cliEccKeyFile,
- cliEccCertFile, eccCertFile, eccKeyFile,
- cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)),
- TEST_SUCCESS);
- }
- #endif
- #ifdef HAVE_ED25519
- for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
- if (tlsVer == WOLFSSL_DTLSV1) continue;
- ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
- caEdCertFile, cliEdCertFile, cliEdKeyFile,
- cliEdCertFile, edCertFile, edKeyFile,
- cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)),
- TEST_SUCCESS);
- }
- #endif
- #endif /* HAVE_IO_TESTS_DEPENDENCIES */
- #endif /* WOLFSSL_STATIC_MEMORY && !WOLFCRYPT_ONLY */
- return EXPECT_RESULT();
- }
- static int test_openssl_FIPS_drbg(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
- DRBG_CTX* dctx = NULL;
- byte data1[32], data2[32], zeroData[32];
- byte testSeed[16];
- size_t dlen = sizeof(data1);
- int i;
- XMEMSET(data1, 0, dlen);
- XMEMSET(data2, 0, dlen);
- XMEMSET(zeroData, 0, sizeof(zeroData));
- for (i = 0; i < (int)sizeof(testSeed); i++) {
- testSeed[i] = (byte)i;
- }
- ExpectNotNull(dctx = FIPS_get_default_drbg());
- ExpectIntEQ(FIPS_drbg_init(dctx, 0, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(FIPS_drbg_set_callbacks(dctx, NULL, NULL, 20, NULL, NULL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(FIPS_drbg_instantiate(dctx, NULL, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(FIPS_drbg_generate(dctx, data1, dlen, 0, NULL, 0),
- WOLFSSL_SUCCESS);
- ExpectIntNE(XMEMCMP(data1, zeroData, dlen), 0);
- ExpectIntEQ(FIPS_drbg_reseed(dctx, testSeed, sizeof(testSeed)),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(FIPS_drbg_generate(dctx, data2, dlen, 0, NULL, 0),
- WOLFSSL_SUCCESS);
- ExpectIntNE(XMEMCMP(data1, zeroData, dlen), 0);
- ExpectIntNE(XMEMCMP(data1, data2, dlen), 0);
- ExpectIntEQ(FIPS_drbg_uninstantiate(dctx), WOLFSSL_SUCCESS);
- #ifndef HAVE_GLOBAL_RNG
- /* gets freed by wolfSSL_Cleanup() when HAVE_GLOBAL_RNG defined */
- wolfSSL_FIPS_drbg_free(dctx);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_FIPS_mode(void)
- {
- EXPECT_DECLS;
- #if defined(OPENSSL_ALL)
- #ifdef HAVE_FIPS
- ExpectIntEQ(wolfSSL_FIPS_mode(), 1);
- ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_FAILURE);
- ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS);
- #else
- ExpectIntEQ(wolfSSL_FIPS_mode(), 0);
- ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_FAILURE);
- #endif
- #endif
- return EXPECT_RESULT();
- }
- #ifdef WOLFSSL_DTLS
- /* Prints out the current window */
- static void DUW_TEST_print_window_binary(word32 h, word32 l, word32* w) {
- #ifdef WOLFSSL_DEBUG_DTLS_WINDOW
- int i;
- for (i = WOLFSSL_DTLS_WINDOW_WORDS - 1; i >= 0; i--) {
- word32 b = w[i];
- int j;
- /* Prints out a 32 bit binary number in big endian order */
- for (j = 0; j < 32; j++, b <<= 1) {
- if (b & (((word32)1) << 31))
- fprintf(stderr, "1");
- else
- fprintf(stderr, "0");
- }
- fprintf(stderr, " ");
- }
- fprintf(stderr, "cur_hi %u cur_lo %u\n", h, l);
- #else
- (void)h;
- (void)l;
- (void)w;
- #endif
- }
- /* a - cur_hi
- * b - cur_lo
- * c - next_hi
- * d - next_lo
- * e - window
- * f - expected next_hi
- * g - expected next_lo
- * h - expected window[1]
- * i - expected window[0]
- */
- #define DUW_TEST(a,b,c,d,e,f,g,h,i) do { \
- ExpectIntEQ(wolfSSL_DtlsUpdateWindow((a), (b), &(c), &(d), (e)), 1); \
- DUW_TEST_print_window_binary((a), (b), (e)); \
- ExpectIntEQ((c), (f)); \
- ExpectIntEQ((d), (g)); \
- ExpectIntEQ((e)[1], (h)); \
- ExpectIntEQ((e)[0], (i)); \
- } while (0)
- static int test_wolfSSL_DtlsUpdateWindow(void)
- {
- EXPECT_DECLS;
- word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
- word32 next_lo = 0;
- word16 next_hi = 0;
- #ifdef WOLFSSL_DEBUG_DTLS_WINDOW
- fprintf(stderr, "\n");
- #endif
- XMEMSET(window, 0, sizeof window);
- DUW_TEST(0, 0, next_hi, next_lo, window, 0, 1, 0, 0x01);
- DUW_TEST(0, 1, next_hi, next_lo, window, 0, 2, 0, 0x03);
- DUW_TEST(0, 5, next_hi, next_lo, window, 0, 6, 0, 0x31);
- DUW_TEST(0, 4, next_hi, next_lo, window, 0, 6, 0, 0x33);
- DUW_TEST(0, 100, next_hi, next_lo, window, 0, 101, 0, 0x01);
- DUW_TEST(0, 101, next_hi, next_lo, window, 0, 102, 0, 0x03);
- DUW_TEST(0, 133, next_hi, next_lo, window, 0, 134, 0x03, 0x01);
- DUW_TEST(0, 200, next_hi, next_lo, window, 0, 201, 0, 0x01);
- DUW_TEST(0, 264, next_hi, next_lo, window, 0, 265, 0, 0x01);
- DUW_TEST(0, 0xFFFFFFFF, next_hi, next_lo, window, 1, 0, 0, 0x01);
- DUW_TEST(0, 0xFFFFFFFD, next_hi, next_lo, window, 1, 0, 0, 0x05);
- DUW_TEST(0, 0xFFFFFFFE, next_hi, next_lo, window, 1, 0, 0, 0x07);
- DUW_TEST(1, 3, next_hi, next_lo, window, 1, 4, 0, 0x71);
- DUW_TEST(1, 0, next_hi, next_lo, window, 1, 4, 0, 0x79);
- DUW_TEST(1, 0xFFFFFFFF, next_hi, next_lo, window, 2, 0, 0, 0x01);
- DUW_TEST(2, 3, next_hi, next_lo, window, 2, 4, 0, 0x11);
- DUW_TEST(2, 0, next_hi, next_lo, window, 2, 4, 0, 0x19);
- DUW_TEST(2, 25, next_hi, next_lo, window, 2, 26, 0, 0x6400001);
- DUW_TEST(2, 27, next_hi, next_lo, window, 2, 28, 0, 0x19000005);
- DUW_TEST(2, 29, next_hi, next_lo, window, 2, 30, 0, 0x64000015);
- DUW_TEST(2, 33, next_hi, next_lo, window, 2, 34, 6, 0x40000151);
- DUW_TEST(2, 60, next_hi, next_lo, window, 2, 61, 0x3200000A, 0x88000001);
- DUW_TEST(1, 0xFFFFFFF0, next_hi, next_lo, window, 2, 61, 0x3200000A, 0x88000001);
- DUW_TEST(2, 0xFFFFFFFD, next_hi, next_lo, window, 2, 0xFFFFFFFE, 0, 0x01);
- DUW_TEST(3, 1, next_hi, next_lo, window, 3, 2, 0, 0x11);
- DUW_TEST(99, 66, next_hi, next_lo, window, 99, 67, 0, 0x01);
- DUW_TEST(50, 66, next_hi, next_lo, window, 99, 67, 0, 0x01);
- DUW_TEST(100, 68, next_hi, next_lo, window, 100, 69, 0, 0x01);
- DUW_TEST(99, 50, next_hi, next_lo, window, 100, 69, 0, 0x01);
- DUW_TEST(99, 0xFFFFFFFF, next_hi, next_lo, window, 100, 69, 0, 0x01);
- DUW_TEST(150, 0xFFFFFFFF, next_hi, next_lo, window, 151, 0, 0, 0x01);
- DUW_TEST(152, 0xFFFFFFFF, next_hi, next_lo, window, 153, 0, 0, 0x01);
- return EXPECT_RESULT();
- }
- #endif /* WOLFSSL_DTLS */
- #ifdef WOLFSSL_DTLS
- static int DFB_TEST(WOLFSSL* ssl, word32 seq, word32 len, word32 f_offset,
- word32 f_len, word32 f_count, byte ready, word32 bytesReceived)
- {
- DtlsMsg* cur;
- static byte msg[100];
- static byte msgInit = 0;
- if (!msgInit) {
- int i;
- for (i = 0; i < 100; i++)
- msg[i] = i + 1;
- msgInit = 1;
- }
- /* Sanitize test parameters */
- if (len > sizeof(msg))
- return -1;
- if (f_offset + f_len > sizeof(msg))
- return -1;
- DtlsMsgStore(ssl, 0, seq, msg + f_offset, len, certificate, f_offset, f_len, NULL);
- if (ssl->dtls_rx_msg_list == NULL)
- return -100;
- if ((cur = DtlsMsgFind(ssl->dtls_rx_msg_list, 0, seq)) == NULL)
- return -200;
- if (cur->fragBucketListCount != f_count)
- return -300;
- if (cur->ready != ready)
- return -400;
- if (cur->bytesReceived != bytesReceived)
- return -500;
- if (ready) {
- if (cur->fragBucketList != NULL)
- return -600;
- if (XMEMCMP(cur->fullMsg, msg, cur->sz) != 0)
- return -700;
- }
- else {
- DtlsFragBucket* fb;
- if (cur->fragBucketList == NULL)
- return -800;
- for (fb = cur->fragBucketList; fb != NULL; fb = fb->m.m.next) {
- if (XMEMCMP(fb->buf, msg + fb->m.m.offset, fb->m.m.sz) != 0)
- return -900;
- }
- }
- return 0;
- }
- static int test_wolfSSL_DTLS_fragment_buckets(void)
- {
- EXPECT_DECLS;
- WOLFSSL ssl[1];
- XMEMSET(ssl, 0, sizeof(*ssl));
- ExpectIntEQ(DFB_TEST(ssl, 0, 100, 0, 100, 0, 1, 100), 0); /* 0-100 */
- ExpectIntEQ(DFB_TEST(ssl, 1, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */
- ExpectIntEQ(DFB_TEST(ssl, 1, 100, 20, 20, 1, 0, 40), 0); /* 20-40 */
- ExpectIntEQ(DFB_TEST(ssl, 1, 100, 40, 20, 1, 0, 60), 0); /* 40-60 */
- ExpectIntEQ(DFB_TEST(ssl, 1, 100, 60, 20, 1, 0, 80), 0); /* 60-80 */
- ExpectIntEQ(DFB_TEST(ssl, 1, 100, 80, 20, 0, 1, 100), 0); /* 80-100 */
- /* Test all permutations of 3 regions */
- /* 1 2 3 */
- ExpectIntEQ(DFB_TEST(ssl, 2, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */
- ExpectIntEQ(DFB_TEST(ssl, 2, 100, 30, 30, 1, 0, 60), 0); /* 30-60 */
- ExpectIntEQ(DFB_TEST(ssl, 2, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */
- /* 1 3 2 */
- ExpectIntEQ(DFB_TEST(ssl, 3, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */
- ExpectIntEQ(DFB_TEST(ssl, 3, 100, 60, 40, 2, 0, 70), 0); /* 60-100 */
- ExpectIntEQ(DFB_TEST(ssl, 3, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */
- /* 2 1 3 */
- ExpectIntEQ(DFB_TEST(ssl, 4, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */
- ExpectIntEQ(DFB_TEST(ssl, 4, 100, 0, 30, 1, 0, 60), 0); /* 0-30 */
- ExpectIntEQ(DFB_TEST(ssl, 4, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */
- /* 2 3 1 */
- ExpectIntEQ(DFB_TEST(ssl, 5, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */
- ExpectIntEQ(DFB_TEST(ssl, 5, 100, 60, 40, 1, 0, 70), 0); /* 60-100 */
- ExpectIntEQ(DFB_TEST(ssl, 5, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */
- /* 3 1 2 */
- ExpectIntEQ(DFB_TEST(ssl, 6, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */
- ExpectIntEQ(DFB_TEST(ssl, 6, 100, 0, 30, 2, 0, 70), 0); /* 0-30 */
- ExpectIntEQ(DFB_TEST(ssl, 6, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */
- /* 3 2 1 */
- ExpectIntEQ(DFB_TEST(ssl, 7, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */
- ExpectIntEQ(DFB_TEST(ssl, 7, 100, 30, 30, 1, 0, 70), 0); /* 30-60 */
- ExpectIntEQ(DFB_TEST(ssl, 7, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */
- /* Test overlapping regions */
- ExpectIntEQ(DFB_TEST(ssl, 8, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */
- ExpectIntEQ(DFB_TEST(ssl, 8, 100, 20, 10, 1, 0, 30), 0); /* 20-30 */
- ExpectIntEQ(DFB_TEST(ssl, 8, 100, 70, 10, 2, 0, 40), 0); /* 70-80 */
- ExpectIntEQ(DFB_TEST(ssl, 8, 100, 20, 30, 2, 0, 60), 0); /* 20-50 */
- ExpectIntEQ(DFB_TEST(ssl, 8, 100, 40, 60, 0, 1, 100), 0); /* 40-100 */
- /* Test overlapping multiple regions */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 30, 5, 2, 0, 25), 0); /* 30-35 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 40, 5, 3, 0, 30), 0); /* 40-45 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 50, 5, 4, 0, 35), 0); /* 50-55 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 60, 5, 5, 0, 40), 0); /* 60-65 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 70, 5, 6, 0, 45), 0); /* 70-75 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 30, 25, 4, 0, 55), 0); /* 30-55 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 55, 15, 2, 0, 65), 0); /* 55-70 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 75, 25, 2, 0, 90), 0); /* 75-100 */
- ExpectIntEQ(DFB_TEST(ssl, 9, 100, 10, 25, 0, 1, 100), 0); /* 10-35 */
- ExpectIntEQ(DFB_TEST(ssl, 10, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */
- ExpectIntEQ(DFB_TEST(ssl, 10, 100, 30, 20, 2, 0, 40), 0); /* 30-50 */
- ExpectIntEQ(DFB_TEST(ssl, 10, 100, 0, 40, 1, 0, 50), 0); /* 0-40 */
- ExpectIntEQ(DFB_TEST(ssl, 10, 100, 50, 50, 0, 1, 100), 0); /* 10-35 */
- DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
- ssl->dtls_rx_msg_list = NULL;
- ssl->dtls_rx_msg_list_sz = 0;
- return EXPECT_RESULT();
- }
- #endif
- #if !defined(NO_FILESYSTEM) && \
- defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
- static int test_wolfSSL_dtls_stateless2(void)
- {
- EXPECT_DECLS;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_c2 = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
- ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c));
- wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
- wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
- /* send CH */
- ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
- (ssl_c2->error == WANT_READ));
- ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
- (ssl_s->error == WANT_READ));
- ExpectIntNE(test_ctx.c_len, 0);
- /* consume HRR */
- test_ctx.c_len = 0;
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c2);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #ifdef HAVE_MAX_FRAGMENT
- static int test_wolfSSL_dtls_stateless_maxfrag(void)
- {
- EXPECT_DECLS;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_c2 = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- word16 max_fragment = 0;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
- ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c));
- ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8),
- WOLFSSL_SUCCESS);
- wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
- wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
- if (ssl_s != NULL) {
- max_fragment = ssl_s->max_fragment;
- }
- /* send CH */
- ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
- (ssl_c2->error == WANT_READ));
- ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
- (ssl_s->error == WANT_READ));
- /* CH without cookie shouldn't change state */
- ExpectIntEQ(ssl_s->max_fragment, max_fragment);
- ExpectIntNE(test_ctx.c_len, 0);
- /* consume HRR from buffer */
- test_ctx.c_len = 0;
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c2);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #endif /* HAVE_MAX_FRAGMENT */
- #if defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME)
- #define ROUNDS_WITH_HVR 4
- #define ROUNDS_WITHOUT_HVR 2
- #define HANDSHAKE_TYPE_OFFSET DTLS_RECORD_HEADER_SZ
- static int buf_is_hvr(const byte *data, int len)
- {
- if (len < DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ)
- return 0;
- return data[HANDSHAKE_TYPE_OFFSET] == hello_verify_request;
- }
- static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad)
- {
- EXPECT_DECLS;
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- WOLFSSL_SESSION *sess = NULL;
- int round_trips;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
- &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
- #ifdef HAVE_SESSION_TICKET
- if (useticket) {
- ExpectIntEQ(wolfSSL_UseSessionTicket(ssl_c), WOLFSSL_SUCCESS);
- }
- #endif
- round_trips = ROUNDS_WITH_HVR;
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, round_trips,
- &round_trips), 0);
- ExpectIntEQ(round_trips, ROUNDS_WITH_HVR);
- ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
- wolfSSL_shutdown(ssl_c);
- wolfSSL_shutdown(ssl_s);
- wolfSSL_free(ssl_c);
- ssl_c = NULL;
- wolfSSL_free(ssl_s);
- ssl_s = NULL;
- test_ctx.c_len = test_ctx.s_len = 0;
- /* make resumption invalid */
- if (bad && (sess != NULL)) {
- if (useticket) {
- #ifdef HAVE_SESSION_TICKET
- if (sess->ticket != NULL) {
- sess->ticket[0] = !sess->ticket[0];
- }
- #endif /* HAVE_SESSION_TICKET */
- }
- else {
- sess->sessionID[0] = !sess->sessionID[0];
- }
- }
- ExpectNotNull(ssl_c = wolfSSL_new(ctx_c));
- ExpectNotNull(ssl_s = wolfSSL_new(ctx_s));
- wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx);
- wolfSSL_SetIOReadCtx(ssl_c, &test_ctx);
- wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx);
- wolfSSL_SetIOReadCtx(ssl_s, &test_ctx);
- ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
- ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
- (ssl_c->error == WANT_READ));
- ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
- (ssl_s->error == WANT_READ));
- ExpectFalse(bad && !buf_is_hvr(test_ctx.c_buff, test_ctx.c_len));
- ExpectFalse(!bad && buf_is_hvr(test_ctx.c_buff, test_ctx.c_len));
- if (!useticket) {
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, &round_trips), 0);
- ExpectFalse(bad && round_trips != ROUNDS_WITH_HVR - 1);
- ExpectFalse(!bad && round_trips != ROUNDS_WITHOUT_HVR - 1);
- }
- wolfSSL_SESSION_free(sess);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_dtls_stateless_resume(void)
- {
- EXPECT_DECLS;
- #ifdef HAVE_SESSION_TICKET
- ExpectIntEQ(_test_wolfSSL_dtls_stateless_resume(1, 0), TEST_SUCCESS);
- ExpectIntEQ(_test_wolfSSL_dtls_stateless_resume(1, 1), TEST_SUCCESS);
- #endif /* HAVE_SESION_TICKET */
- ExpectIntEQ(_test_wolfSSL_dtls_stateless_resume(0, 0), TEST_SUCCESS);
- ExpectIntEQ(_test_wolfSSL_dtls_stateless_resume(0, 1), TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */
- #if !defined(NO_OLD_TLS)
- static int test_wolfSSL_dtls_stateless_downgrade(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_c2 = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_c2 = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
- ExpectIntEQ(wolfSSL_CTX_SetMinVersion(ctx_s, WOLFSSL_DTLSV1),
- WOLFSSL_SUCCESS);
- ExpectNotNull(ctx_c2 = wolfSSL_CTX_new(wolfDTLSv1_client_method()));
- wolfSSL_SetIORecv(ctx_c2, test_memio_read_cb);
- wolfSSL_SetIOSend(ctx_c2, test_memio_write_cb);
- ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c2));
- wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx);
- wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx);
- /* send CH */
- ExpectTrue((wolfSSL_connect(ssl_c2) == WOLFSSL_FATAL_ERROR) &&
- (ssl_c2->error == WANT_READ));
- ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
- (ssl_s->error == WANT_READ));
- ExpectIntNE(test_ctx.c_len, 0);
- /* consume HRR */
- test_ctx.c_len = 0;
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c2);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_c2);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #endif /* !defined(NO_OLD_TLS) */
- #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)*/
- #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- !defined(NO_OLD_TLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
- static int test_WOLFSSL_dtls_version_alert(void)
- {
- EXPECT_DECLS;
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_2_client_method, wolfDTLSv1_server_method), 0);
- /* client hello */
- ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
- (ssl_c->error == WANT_READ));
- /* hrr */
- ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
- (ssl_s->error == WANT_READ));
- /* client hello 1 */
- ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
- (ssl_c->error == WANT_READ));
- /* server hello */
- ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
- (ssl_s->error == WANT_READ));
- /* should fail */
- ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_FATAL_ERROR) &&
- (ssl_c->error == VERSION_ERROR));
- /* shuould fail */
- ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_FATAL_ERROR) &&
- (ssl_s->error == VERSION_ERROR || ssl_s->error == FATAL_ERROR));
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #else
- static int test_WOLFSSL_dtls_version_alert(void)
- {
- return TEST_SKIPPED;
- }
- #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) &&
- * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) &&
- * !defined(NO_OLD_TLS) && !defined(NO_RSA)
- */
- #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \
- && defined(WOLFSSL_TLS13) && \
- (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\
- && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
- static int send_new_session_ticket(WOLFSSL *ssl, byte nonceLength, byte filler)
- {
- struct test_memio_ctx *test_ctx;
- byte buf[2048];
- int idx, sz;
- word32 tmp;
- int ret;
- idx = 5; /* space for record header */
- buf[idx] = session_ticket; /* type */
- idx++;
- tmp = OPAQUE32_LEN +
- OPAQUE32_LEN +
- OPAQUE8_LEN + nonceLength +
- OPAQUE16_LEN + OPAQUE8_LEN + OPAQUE16_LEN;
- c32to24(tmp, buf + idx);
- idx += OPAQUE24_LEN;
- c32toa((word32)12345, buf+idx); /* lifetime */
- idx += OPAQUE32_LEN;
- c32toa((word32)12345, buf+idx); /* add */
- idx += OPAQUE32_LEN;
- buf[idx] = nonceLength; /* nonce length */
- idx++;
- XMEMSET(&buf[idx], filler, nonceLength); /* nonce */
- idx += nonceLength;
- tmp = 1; /* ticket len */
- c16toa((word16)tmp, buf+idx);
- idx += 2;
- buf[idx] = 0xFF; /* ticket */
- idx++;
- tmp = 0; /* ext len */
- c16toa((word16)tmp, buf+idx);
- idx += 2;
- sz = BuildTls13Message(ssl, buf, 2048, buf+5, idx - 5,
- handshake, 0, 0, 0);
- test_ctx = (struct test_memio_ctx*)wolfSSL_GetIOWriteCtx(ssl);
- ret = test_memio_write_cb(ssl, (char*)buf, sz, test_ctx);
- return !(ret == sz);
- }
- static int test_ticket_nonce_check(WOLFSSL_SESSION *sess, byte len)
- {
- int ret = 0;
- if ((sess == NULL) || (sess->ticketNonce.len != len)) {
- ret = -1;
- }
- else {
- int i;
- for (i = 0; i < len; i++) {
- if (sess->ticketNonce.data[i] != len) {
- ret = -1;
- break;
- }
- }
- }
- return ret;
- }
- static int test_ticket_nonce_malloc_do(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
- {
- EXPECT_DECLS;
- char *buf[1024];
- ExpectIntEQ(send_new_session_ticket(ssl_s, len, len), 0);
- ExpectTrue((wolfSSL_recv(ssl_c, buf, 1024, 0) == WOLFSSL_FATAL_ERROR) &&
- (ssl_c->error == WANT_READ));
- ExpectIntEQ(test_ticket_nonce_check(ssl_c->session, len), 0);
- return EXPECT_RESULT();
- }
- static int test_ticket_nonce_cache(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len)
- {
- EXPECT_DECLS;
- WOLFSSL_SESSION *sess = NULL;
- WOLFSSL_SESSION *cached = NULL;
- WOLFSSL_CTX *ctx = ssl_c->ctx;
- ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, len), TEST_SUCCESS);
- ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
- ExpectIntEQ(AddSessionToCache(ctx, sess, sess->sessionID, sess->sessionIDSz,
- NULL, ssl_c->options.side, 1,NULL), 0);
- ExpectNotNull(cached = wolfSSL_SESSION_new());
- ExpectIntEQ(wolfSSL_GetSessionFromCache(ssl_c, cached), WOLFSSL_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_check(cached, len), 0);
- wolfSSL_SESSION_free(cached);
- wolfSSL_SESSION_free(sess);
- return EXPECT_RESULT();
- }
- static int test_ticket_nonce_malloc(void)
- {
- EXPECT_DECLS;
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- byte small;
- byte medium;
- byte big;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
- /* will send ticket manually */
- ExpectIntEQ(wolfSSL_no_ticket_TLSv13(ssl_s), 0);
- wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0);
- wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0);
- while (EXPECT_SUCCESS() && (ssl_c->options.handShakeDone == 0) &&
- (ssl_s->options.handShakeDone == 0)) {
- ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_SUCCESS) ||
- (ssl_c->error == WANT_READ));
- ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_SUCCESS) ||
- (ssl_s->error == WANT_READ));
- }
- small = TLS13_TICKET_NONCE_STATIC_SZ;
- medium = small + 20 <= 255 ? small + 20 : 255;
- big = medium + 20 <= 255 ? small + 20 : 255;
- ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, small), TEST_SUCCESS);
- ExpectPtrEq(ssl_c->session->ticketNonce.data,
- ssl_c->session->ticketNonce.dataStatic);
- ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, medium),
- TEST_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, big), TEST_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, medium),
- TEST_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, small), TEST_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, small), TEST_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, medium), TEST_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, big), TEST_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, medium), TEST_SUCCESS);
- ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, small), TEST_SUCCESS);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #endif /* WOLFSSL_TICKET_NONCE_MALLOC */
- #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TLS12) && \
- !defined(WOLFSSL_TICKET_DECRYPT_NO_CREATE) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_RSA) && \
- defined(HAVE_ECC) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
- static int test_ticket_ret_create(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- byte ticket[SESSION_TICKET_LEN];
- struct test_memio_ctx test_ctx;
- WOLFSSL_SESSION *sess = NULL;
- word16 ticketLen = 0;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
- wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0);
- wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0);
- ExpectIntEQ(wolfSSL_CTX_UseSessionTicket(ctx_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
- ExpectIntLE(sess->ticketLen, SESSION_TICKET_LEN);
- if (sess != NULL) {
- ticketLen = sess->ticketLen;
- XMEMCPY(ticket, sess->ticket, sess->ticketLen);
- }
- wolfSSL_free(ssl_c);
- ssl_c = NULL;
- wolfSSL_free(ssl_s);
- ssl_s = NULL;
- ExpectNotNull(ssl_s = wolfSSL_new(ctx_s));
- wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx);
- wolfSSL_SetIOReadCtx(ssl_s, &test_ctx);
- ExpectNotNull(ssl_c = wolfSSL_new(ctx_c));
- wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx);
- wolfSSL_SetIOReadCtx(ssl_c, &test_ctx);
- ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- ExpectIntLE(ssl_c->session->ticketLen, SESSION_TICKET_LEN);
- ExpectIntEQ(ssl_c->session->ticketLen, ticketLen);
- ExpectTrue(XMEMCMP(ssl_c->session->ticket, ticket, ticketLen) != 0);
- wolfSSL_SESSION_free(sess);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #else
- static int test_ticket_ret_create(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_TLS13) && !defined(NO_PSK) && \
- defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
- defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- static void test_ticket_and_psk_mixing_on_result(WOLFSSL* ssl)
- {
- int ret;
- WOLFSSL_SESSION* session = NULL;
- AssertIntEQ(wolfSSL_get_current_cipher_suite(ssl), 0x1301);
- if (!wolfSSL_is_server(ssl)) {
- session = wolfSSL_SESSION_dup(wolfSSL_get_session(ssl));
- AssertNotNull(session);
- }
- do {
- ret = wolfSSL_shutdown(ssl);
- } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE);
- AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS);
- wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384");
- #ifndef OPENSSL_COMPATIBLE_DEFAULTS
- /* OpenSSL considers PSK to be verified. We error out with NO_PEER_CERT. */
- wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_NONE, NULL);
- #endif
- if (!wolfSSL_is_server(ssl)) {
- /* client */
- AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:"
- "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS);
- wolfSSL_set_session(ssl, session);
- wolfSSL_SESSION_free(session);
- wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb);
- AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
- }
- else {
- /* server */
- /* Different ciphersuite so that the ticket will be invalidated based on
- * the ciphersuite */
- AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384"),
- WOLFSSL_SUCCESS);
- wolfSSL_set_psk_server_tls13_callback(ssl, my_psk_server_tls13_cb);
- AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
- }
- }
- static void test_ticket_and_psk_mixing_ssl_ready(WOLFSSL* ssl)
- {
- AssertIntEQ(wolfSSL_UseSessionTicket(ssl), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"),
- WOLFSSL_SUCCESS);
- }
- static int test_ticket_and_psk_mixing(void)
- {
- EXPECT_DECLS;
- /* Test mixing tickets and regular PSK */
- callback_functions client_cbs, server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- client_cbs.method = wolfTLSv1_3_client_method;
- server_cbs.method = wolfTLSv1_3_server_method;
- client_cbs.ssl_ready = test_ticket_and_psk_mixing_ssl_ready;
- client_cbs.on_result = test_ticket_and_psk_mixing_on_result;
- server_cbs.on_result = test_ticket_and_psk_mixing_on_result;
- test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
- ExpectIntEQ(client_cbs.return_code, TEST_SUCCESS);
- ExpectIntEQ(server_cbs.return_code, TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- static int test_ticket_and_psk_mixing(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_TLS13) && !defined(NO_PSK) && defined(HAVE_SESSION_TICKET) \
- && defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
- defined(HAVE_AESGCM) && !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
- defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- static int test_prioritize_psk_cb_called = FALSE;
- static unsigned int test_prioritize_psk_cb(WOLFSSL* ssl,
- const char* identity, unsigned char* key, unsigned int key_max_len,
- const char** ciphersuite)
- {
- test_prioritize_psk_cb_called = TRUE;
- return my_psk_server_tls13_cb(ssl, identity, key, key_max_len, ciphersuite);
- }
- static void test_prioritize_psk_on_result(WOLFSSL* ssl)
- {
- int ret;
- WOLFSSL_SESSION* session = NULL;
- AssertIntEQ(wolfSSL_get_current_cipher_suite(ssl), 0x1301);
- if (!wolfSSL_is_server(ssl)) {
- session = wolfSSL_SESSION_dup(wolfSSL_get_session(ssl));
- AssertNotNull(session);
- }
- do {
- ret = wolfSSL_shutdown(ssl);
- } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE);
- AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS);
- wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384");
- /* Previous connection was made with TLS13-AES128-GCM-SHA256. Order is
- * important. */
- AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:"
- "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS);
- #ifndef OPENSSL_COMPATIBLE_DEFAULTS
- /* OpenSSL considers PSK to be verified. We error out with NO_PEER_CERT. */
- wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_NONE, NULL);
- #endif
- if (!wolfSSL_is_server(ssl)) {
- /* client */
- wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb);
- wolfSSL_set_session(ssl, session);
- wolfSSL_SESSION_free(session);
- AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
- }
- else {
- /* server */
- wolfSSL_set_psk_server_tls13_callback(ssl, test_prioritize_psk_cb);
- AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_PRIORITIZE_PSK
- /* The ticket should be first tried with all ciphersuites and chosen */
- AssertFalse(test_prioritize_psk_cb_called);
- #else
- /* Ciphersuites should be tried with each PSK. This triggers the PSK
- * callback that sets this var. */
- AssertTrue(test_prioritize_psk_cb_called);
- #endif
- }
- }
- static void test_prioritize_psk_ssl_ready(WOLFSSL* ssl)
- {
- if (!wolfSSL_is_server(ssl))
- AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"),
- WOLFSSL_SUCCESS);
- else
- AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:"
- "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS);
- }
- static int test_prioritize_psk(void)
- {
- EXPECT_DECLS;
- /* We always send the ticket first. With WOLFSSL_PRIORITIZE_PSK the order
- * of the PSK's will be followed instead of the ciphersuite. */
- callback_functions client_cbs, server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- client_cbs.method = wolfTLSv1_3_client_method;
- server_cbs.method = wolfTLSv1_3_server_method;
- client_cbs.ssl_ready = test_prioritize_psk_ssl_ready;
- server_cbs.ssl_ready = test_prioritize_psk_ssl_ready;
- client_cbs.on_result = test_prioritize_psk_on_result;
- server_cbs.on_result = test_prioritize_psk_on_result;
- test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
- ExpectIntEQ(client_cbs.return_code, TEST_SUCCESS);
- ExpectIntEQ(server_cbs.return_code, TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- static int test_prioritize_psk(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
- !defined(WOLFSSL_NO_TLS12)
- static int test_wolfSSL_CTX_set_ciphersuites_ctx_ready_server(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectTrue(SSL_CTX_set_cipher_list(ctx, "DEFAULT"));
- /* Set TLS 1.3 specific suite */
- ExpectTrue(SSL_CTX_set_ciphersuites(ctx, "TLS13-AES128-GCM-SHA256"));
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CTX_set_ciphersuites(void)
- {
- EXPECT_DECLS;
- /* Test using SSL_CTX_set_cipher_list and SSL_CTX_set_ciphersuites and then
- * do a 1.2 connection. */
- test_ssl_cbf client_cbs, server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- client_cbs.method = wolfTLSv1_2_client_method;
- server_cbs.method = wolfTLS_server_method; /* Allow downgrade */
- server_cbs.ctx_ready = test_wolfSSL_CTX_set_ciphersuites_ctx_ready_server;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- static int test_wolfSSL_CTX_set_ciphersuites(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(HAVE_CRL) && defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \
- defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_wolfSSL_CRL_CERT_REVOKED_alert_ctx_ready(WOLFSSL_CTX* ctx)
- {
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- return TEST_SUCCESS;
- }
- static int test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- WOLFSSL_ALERT_HISTORY h;
- ExpectIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS);
- ExpectIntEQ(h.last_rx.level, alert_fatal);
- ExpectIntEQ(h.last_rx.code, certificate_revoked);
- return EXPECT_RESULT();
- }
- static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
- {
- EXPECT_DECLS;
- test_ssl_cbf client_cbs, server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- server_cbs.certPemFile = "./certs/server-revoked-cert.pem";
- server_cbs.keyPemFile = "./certs/server-revoked-key.pem";
- client_cbs.crlPemFile = "./certs/crl/crl.revoked";
- client_cbs.ctx_ready = test_wolfSSL_CRL_CERT_REVOKED_alert_ctx_ready;
- server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), TEST_FAIL);
- return EXPECT_RESULT();
- }
- #else
- static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) \
- && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
- defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
- !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
- static WOLFSSL_CTX* test_TLS_13_ticket_different_ciphers_ctx = NULL;
- static WOLFSSL_SESSION* test_TLS_13_ticket_different_ciphers_session = NULL;
- static int test_TLS_13_ticket_different_ciphers_run = 0;
- static int test_TLS_13_ticket_different_ciphers_ssl_ready(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- switch (test_TLS_13_ticket_different_ciphers_run) {
- case 0:
- /* First run */
- ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"),
- WOLFSSL_SUCCESS);
- if (wolfSSL_is_server(ssl)) {
- ExpectNotNull(test_TLS_13_ticket_different_ciphers_ctx =
- wolfSSL_get_SSL_CTX(ssl));
- ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_up_ref(
- test_TLS_13_ticket_different_ciphers_ctx));
- }
- break;
- case 1:
- /* Second run */
- ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:"
- "TLS13-AES128-GCM-SHA256"),
- WOLFSSL_SUCCESS);
- if (!wolfSSL_is_server(ssl)) {
- ExpectIntEQ(wolfSSL_set_session(ssl,
- test_TLS_13_ticket_different_ciphers_session),
- WOLFSSL_SUCCESS);
- }
- break;
- default:
- /* Bad state? */
- Fail(("Should not enter here"), ("Should not enter here"));
- }
- return EXPECT_RESULT();
- }
- static int test_TLS_13_ticket_different_ciphers_on_result(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- switch (test_TLS_13_ticket_different_ciphers_run) {
- case 0:
- /* First run */
- ExpectNotNull(test_TLS_13_ticket_different_ciphers_session =
- wolfSSL_get1_session(ssl));
- break;
- case 1:
- /* Second run */
- ExpectTrue(wolfSSL_session_reused(ssl));
- break;
- default:
- /* Bad state? */
- Fail(("Should not enter here"), ("Should not enter here"));
- }
- return EXPECT_RESULT();
- }
- static int test_TLS_13_ticket_different_ciphers(void)
- {
- EXPECT_DECLS;
- /* Check that we handle the connection when the ticket doesn't match
- * the first ciphersuite. */
- test_ssl_cbf client_cbs, server_cbs;
- struct test_params {
- method_provider client_meth;
- method_provider server_meth;
- int doUdp;
- } params[] = {
- #ifdef WOLFSSL_DTLS13
- /* Test that the stateless code handles sessions correctly */
- {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1},
- #endif
- {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0},
- };
- size_t i;
- for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- test_TLS_13_ticket_different_ciphers_run = 0;
- client_cbs.doUdp = server_cbs.doUdp = params[i].doUdp;
- client_cbs.method = params[i].client_meth;
- server_cbs.method = params[i].server_meth;
- client_cbs.ssl_ready = test_TLS_13_ticket_different_ciphers_ssl_ready;
- server_cbs.ssl_ready = test_TLS_13_ticket_different_ciphers_ssl_ready;
- client_cbs.on_result = test_TLS_13_ticket_different_ciphers_on_result;
- server_cbs.ticNoInit = 1;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), TEST_SUCCESS);
- test_TLS_13_ticket_different_ciphers_run++;
- server_cbs.ctx = test_TLS_13_ticket_different_ciphers_ctx;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), TEST_SUCCESS);
- wolfSSL_SESSION_free(test_TLS_13_ticket_different_ciphers_session);
- test_TLS_13_ticket_different_ciphers_session = NULL;
- wolfSSL_CTX_free(test_TLS_13_ticket_different_ciphers_ctx);
- test_TLS_13_ticket_different_ciphers_ctx = NULL;
- }
- return EXPECT_RESULT();
- }
- #else
- static int test_TLS_13_ticket_different_ciphers(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_EXTRA_ALERTS) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
- #define TEST_WRONG_CS_CLIENT "DHE-RSA-AES128-SHA"
- /* AKA TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
- byte test_extra_alerts_wrong_cs_sh[] = {
- 0x16, 0x03, 0x03, 0x00, 0x56, 0x02, 0x00, 0x00, 0x52, 0x03, 0x03, 0xef,
- 0x0c, 0x30, 0x98, 0xa2, 0xac, 0xfa, 0x68, 0xe9, 0x3e, 0xaa, 0x5c, 0xcf,
- 0xa7, 0x42, 0x72, 0xaf, 0xa0, 0xe8, 0x39, 0x2b, 0x3e, 0x81, 0xa7, 0x7a,
- 0xa5, 0x62, 0x8a, 0x0e, 0x41, 0xba, 0xda, 0x20, 0x18, 0x9f, 0xe1, 0x8c,
- 0x1d, 0xc0, 0x37, 0x9c, 0xf4, 0x90, 0x5d, 0x8d, 0xa0, 0x79, 0xa7, 0x4b,
- 0xa8, 0x79, 0xdf, 0xcd, 0x8d, 0xf5, 0xb5, 0x50, 0x5f, 0xf1, 0xdb, 0x4d,
- 0xbb, 0x07, 0x54, 0x1c,
- 0x00, 0x02, /* TLS_RSA_WITH_NULL_SHA */
- 0x00, 0x00, 0x0a, 0x00, 0x0b, 0x00,
- 0x02, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00
- };
- static int test_extra_alerts_wrong_cs(void)
- {
- EXPECT_DECLS;
- #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_ALERT_HISTORY h;
- WOLFSSL *ssl_c = NULL;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL,
- wolfTLSv1_2_client_method, NULL), 0);
- ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, TEST_WRONG_CS_CLIENT),
- WOLFSSL_SUCCESS);
- /* CH */
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- /* consume CH */
- test_ctx.s_len = 0;
- /* inject SH */
- XMEMCPY(test_ctx.c_buff, test_extra_alerts_wrong_cs_sh,
- sizeof(test_extra_alerts_wrong_cs_sh));
- test_ctx.c_len = sizeof(test_extra_alerts_wrong_cs_sh);
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
- ExpectIntEQ(h.last_tx.code, illegal_parameter);
- ExpectIntEQ(h.last_tx.level, alert_fatal);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- #endif
- return EXPECT_RESULT();
- }
- #else
- static int test_extra_alerts_wrong_cs(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_EXTRA_ALERTS) && \
- defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_SP_MATH)
- static void test_remove_msg(byte *msg, int tail_len, int *len, int msg_length)
- {
- tail_len -= msg_length;
- XMEMMOVE(msg, msg + msg_length, tail_len);
- *len = *len - msg_length;
- }
- static int test_remove_hs_msg_from_buffer(byte *buf, int *len, byte type,
- byte *found)
- {
- const unsigned int _HANDSHAKE_HEADER_SZ = 4;
- const unsigned int _RECORD_HEADER_SZ = 5;
- const int _change_cipher_hs = 55;
- const int _change_cipher = 20;
- const int _handshake = 22;
- unsigned int tail_len;
- byte *idx, *curr;
- word8 currType;
- word16 rLength;
- word32 hLength;
- idx = buf;
- tail_len = *len;
- *found = 0;
- while (tail_len > _RECORD_HEADER_SZ) {
- curr = idx;
- currType = *idx;
- ato16(idx + 3, &rLength);
- idx += _RECORD_HEADER_SZ;
- tail_len -= _RECORD_HEADER_SZ;
- if (tail_len < rLength)
- return -1;
- if (type == _change_cipher_hs && currType == _change_cipher) {
- if (rLength != 1)
- return -1;
- /* match */
- test_remove_msg(curr, *len - (int)(curr - buf),
- len, _RECORD_HEADER_SZ + 1);
- *found = 1;
- return 0;
- }
- if (currType != _handshake) {
- idx += rLength;
- tail_len -= rLength;
- continue;
- }
- if (rLength < _HANDSHAKE_HEADER_SZ)
- return -1;
- currType = *idx;
- ato24(idx+1, &hLength);
- hLength += _HANDSHAKE_HEADER_SZ;
- if (tail_len < hLength)
- return -1;
- if (currType != type) {
- idx += hLength;
- tail_len -= hLength;
- continue;
- }
- /* match */
- test_remove_msg(curr, *len - (int)(curr - buf), len,
- hLength + _RECORD_HEADER_SZ);
- *found = 1;
- return 0;
- }
- /* not found */
- return 0;
- }
- static int test_remove_hs_message(byte hs_message_type,
- int extra_round, byte alert_type)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- WOLFSSL_ALERT_HISTORY h;
- byte found = 0;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- if (extra_round) {
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- /* this will complete handshake from server side */
- ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
- }
- ExpectIntEQ(test_remove_hs_msg_from_buffer(test_ctx.c_buff,
- &test_ctx.c_len, hs_message_type, &found), 0);
- if (!found) {
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- return TEST_SKIPPED;
- }
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
- ExpectTrue(alert_type == 0xff || h.last_tx.code == alert_type);
- ExpectIntEQ(h.last_tx.level, alert_fatal);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- static int test_extra_alerts_skip_hs(void)
- {
- EXPECT_DECLS;
- const byte _server_key_exchange = 12;
- const byte _server_hello = 2;
- const byte _certificate = 11;
- /* server_hello */
- ExpectIntNE(test_remove_hs_message(_server_hello, 0,
- unexpected_message), TEST_FAIL);
- ExpectIntNE(test_remove_hs_message(_certificate, 0,
- 0xff), TEST_FAIL);
- ExpectIntNE(test_remove_hs_message(_server_key_exchange, 0,
- unexpected_message), TEST_FAIL);
- return EXPECT_RESULT();
- }
- #else
- static int test_extra_alerts_skip_hs(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if !defined(WOLFSSL_NO_TLS12) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
- && defined(WOLFSSL_EXTRA_ALERTS) && !defined(NO_PSK) && !defined(NO_DH)
- static unsigned int test_server_psk_cb(WOLFSSL* ssl, const char* id,
- unsigned char* key, unsigned int key_max_len)
- {
- (void)ssl;
- (void)id;
- (void)key_max_len;
- /* zero means error */
- key[0] = 0x10;
- return 1;
- }
- static int test_extra_alerts_bad_psk(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- WOLFSSL_ALERT_HISTORY h;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
- ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, "DHE-PSK-AES128-GCM-SHA256"),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, "DHE-PSK-AES128-GCM-SHA256"),
- WOLFSSL_SUCCESS);
- wolfSSL_set_psk_server_callback(ssl_s, test_server_psk_cb);
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
- ExpectIntEQ( wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntNE(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
- ExpectIntEQ(h.last_tx.code, handshake_failure);
- ExpectIntEQ(h.last_tx.level, alert_fatal);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #else
- static int test_extra_alerts_bad_psk(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
- && !defined(NO_PSK)
- static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl,
- const char* hint, char* identity, unsigned int id_max_len,
- unsigned char* key, unsigned int key_max_len)
- {
- (void)ssl;
- (void)hint;
- (void)key_max_len;
- /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
- XSTRNCPY(identity, "Client_identity", id_max_len);
- key[0] = 0x20;
- return 1;
- }
- static unsigned int test_tls13_bad_psk_binder_server_cb(WOLFSSL* ssl,
- const char* id, unsigned char* key, unsigned int key_max_len)
- {
- (void)ssl;
- (void)id;
- (void)key_max_len;
- /* zero means error */
- key[0] = 0x10;
- return 1;
- }
- #endif
- static int test_tls13_bad_psk_binder(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
- && !defined(NO_PSK)
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- WOLFSSL_ALERT_HISTORY h;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
- wolfSSL_set_psk_client_callback(ssl_c, test_tls13_bad_psk_binder_client_cb);
- wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb);
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
- ExpectIntEQ( wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
- BAD_BINDER);
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
- ExpectIntEQ(h.last_rx.code, illegal_parameter);
- ExpectIntEQ(h.last_rx.level, alert_fatal);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- static int test_harden_no_secure_renegotiation_io_cb(WOLFSSL *ssl, char *buf,
- int sz, void *ctx)
- {
- static int sentServerHello = FALSE;
- if (!sentServerHello) {
- byte renegExt[] = { 0xFF, 0x01, 0x00, 0x01, 0x00 };
- size_t i;
- if (sz < (int)sizeof(renegExt))
- return WOLFSSL_CBIO_ERR_GENERAL;
- /* Remove SCR from ServerHello */
- for (i = 0; i < sz - sizeof(renegExt); i++) {
- if (XMEMCMP(buf + i, renegExt, sizeof(renegExt)) == 0) {
- /* Found the extension. Change it to something unrecognized. */
- buf[i+1] = 0x11;
- break;
- }
- }
- sentServerHello = TRUE;
- }
- return EmbedSend(ssl, buf, sz, ctx);
- }
- static void test_harden_no_secure_renegotiation_ssl_ready(WOLFSSL* ssl)
- {
- wolfSSL_SSLSetIOSend(ssl, test_harden_no_secure_renegotiation_io_cb);
- }
- static void test_harden_no_secure_renegotiation_on_cleanup(WOLFSSL* ssl)
- {
- WOLFSSL_ALERT_HISTORY h;
- AssertIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS);
- AssertIntEQ(h.last_rx.code, handshake_failure);
- AssertIntEQ(h.last_rx.level, alert_fatal);
- }
- static int test_harden_no_secure_renegotiation(void)
- {
- EXPECT_DECLS;
- callback_functions client_cbs, server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- client_cbs.method = wolfTLSv1_2_client_method;
- server_cbs.method = wolfTLSv1_2_server_method;
- server_cbs.ssl_ready = test_harden_no_secure_renegotiation_ssl_ready;
- server_cbs.on_cleanup = test_harden_no_secure_renegotiation_on_cleanup;
- test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs);
- ExpectIntEQ(client_cbs.return_code, TEST_FAIL);
- ExpectIntEQ(client_cbs.last_err, SECURE_RENEGOTIATION_E);
- ExpectIntEQ(server_cbs.return_code, TEST_FAIL);
- ExpectTrue(server_cbs.last_err == SOCKET_ERROR_E ||
- server_cbs.last_err == FATAL_ERROR);
- return EXPECT_RESULT();
- }
- #else
- static int test_harden_no_secure_renegotiation(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_override_alt_cert_chain_cert_cb(int preverify,
- WOLFSSL_X509_STORE_CTX* store)
- {
- fprintf(stderr, "preverify: %d\n", preverify);
- fprintf(stderr, "store->error: %d\n", store->error);
- fprintf(stderr, "error reason: %s\n", wolfSSL_ERR_reason_error_string(store->error));
- if (store->error == OCSP_INVALID_STATUS) {
- fprintf(stderr, "Overriding OCSP error\n");
- return 1;
- }
- #ifndef WOLFSSL_ALT_CERT_CHAINS
- else if ((store->error == ASN_NO_SIGNER_E ||
- store->error == ASN_SELF_SIGNED_E
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
- defined(HAVE_WEBSERVER)
- || store->error == WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
- #endif
- ) && store->error_depth == store->totalCerts - 1) {
- fprintf(stderr, "Overriding no signer error only for root cert\n");
- return 1;
- }
- #endif
- else
- return preverify;
- }
- static int test_override_alt_cert_chain_ocsp_cb(void* ioCtx, const char* url,
- int urlSz, unsigned char* request, int requestSz,
- unsigned char** response)
- {
- (void)ioCtx;
- (void)url;
- (void)urlSz;
- (void)request;
- (void)requestSz;
- (void)response;
- return -1;
- }
- static int test_override_alt_cert_chain_client_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER,
- test_override_alt_cert_chain_cert_cb);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL |
- WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx,
- test_override_alt_cert_chain_ocsp_cb, NULL, NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "not a url"),
- WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int test_override_alt_cert_chain_client_ctx_ready2(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
- ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL |
- WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx,
- test_override_alt_cert_chain_ocsp_cb, NULL, NULL), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "not a url"),
- WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int test_override_alt_cert_chain_server_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx,
- "./certs/intermediate/server-chain-alt.pem"), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int test_override_alt_cert_chain(void)
- {
- EXPECT_DECLS;
- size_t i;
- struct test_params {
- ctx_cb client_ctx_cb;
- ctx_cb server_ctx_cb;
- int result;
- } params[] = {
- {test_override_alt_cert_chain_client_ctx_ready,
- test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS},
- {test_override_alt_cert_chain_client_ctx_ready2,
- test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL},
- };
- for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
- test_ssl_cbf client_cbs, server_cbs;
- XMEMSET(&client_cbs, 0, sizeof(client_cbs));
- XMEMSET(&server_cbs, 0, sizeof(server_cbs));
- fprintf(stderr, "test config: %d\n", (int)i);
- client_cbs.ctx_ready = params[i].client_ctx_cb;
- server_cbs.ctx_ready = params[i].server_ctx_cb;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
- &server_cbs, NULL), params[i].result);
- ExpectIntEQ(client_cbs.return_code, params[i].result);
- ExpectIntEQ(server_cbs.return_code, params[i].result);
- }
- return EXPECT_RESULT();
- }
- #else
- static int test_override_alt_cert_chain(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(HAVE_RPK)
- #define svrRpkCertFile "./certs/rpk/server-cert-rpk.der"
- #define clntRpkCertFile "./certs/rpk/client-cert-rpk.der"
- #if defined(WOLFSSL_ALWAYS_VERIFY_CB)
- static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx)
- {
- int ret = WOLFSSL_SUCCESS;
- (void)mode;
- (void)strctx;
- WOLFSSL_ENTER("MyRpkVerifyCb");
- return ret;
- }
- #endif /* WOLFSSL_ALWAYS_VERIFY_CB */
- static WC_INLINE int test_rpk_memio_setup(
- struct test_memio_ctx *ctx,
- WOLFSSL_CTX **ctx_c,
- WOLFSSL_CTX **ctx_s,
- WOLFSSL **ssl_c,
- WOLFSSL **ssl_s,
- method_provider method_c,
- method_provider method_s,
- const char* certfile_c, int fmt_cc, /* client cert file path and format */
- const char* certfile_s, int fmt_cs, /* server cert file path and format */
- const char* pkey_c, int fmt_kc, /* client private key and format */
- const char* pkey_s, int fmt_ks /* server private key and format */
- )
- {
- int ret;
- if (ctx_c != NULL && *ctx_c == NULL) {
- *ctx_c = wolfSSL_CTX_new(method_c());
- if (*ctx_c == NULL) {
- return -1;
- }
- wolfSSL_CTX_set_verify(*ctx_c, WOLFSSL_VERIFY_PEER, NULL);
- ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
- if (ret != WOLFSSL_SUCCESS) {
- return -1;
- }
- wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
- wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
- ret = wolfSSL_CTX_use_certificate_file(*ctx_c, certfile_c, fmt_cc);
- if (ret != WOLFSSL_SUCCESS) {
- return -1;
- }
- ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_c, pkey_c, fmt_kc);
- if (ret != WOLFSSL_SUCCESS) {
- return -1;
- }
- }
- if (ctx_s != NULL && *ctx_s == NULL) {
- *ctx_s = wolfSSL_CTX_new(method_s());
- if (*ctx_s == NULL) {
- return -1;
- }
- wolfSSL_CTX_set_verify(*ctx_s, WOLFSSL_VERIFY_PEER, NULL);
- ret = wolfSSL_CTX_load_verify_locations(*ctx_s, cliCertFile, 0);
- if (ret != WOLFSSL_SUCCESS) {
- return -1;
- }
- ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, pkey_s, fmt_ks);
- if (ret != WOLFSSL_SUCCESS) {
- return -1;
- }
- ret = wolfSSL_CTX_use_certificate_file(*ctx_s, certfile_s, fmt_cs);
- if (ret != WOLFSSL_SUCCESS) {
- return -1;
- }
- wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
- wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
- if (ctx->s_ciphers != NULL) {
- ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
- if (ret != WOLFSSL_SUCCESS) {
- return -1;
- }
- }
- }
- if (ctx_c != NULL && ssl_c != NULL) {
- *ssl_c = wolfSSL_new(*ctx_c);
- if (*ssl_c == NULL) {
- return -1;
- }
- wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
- wolfSSL_SetIOReadCtx(*ssl_c, ctx);
- }
- if (ctx_s != NULL && ssl_s != NULL) {
- *ssl_s = wolfSSL_new(*ctx_s);
- if (*ssl_s == NULL) {
- return -1;
- }
- wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
- wolfSSL_SetIOReadCtx(*ssl_s, ctx);
- #if !defined(NO_DH)
- SetDH(*ssl_s);
- #endif
- }
- return 0;
- }
- #endif /* HAVE_RPK */
- static int test_rpk_set_xxx_cert_type(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_RPK)
- char ctype[MAX_CLIENT_CERT_TYPE_CNT + 1]; /* prepare bigger buffer */
- WOLFSSL_CTX* ctx = NULL;
- WOLFSSL* ssl = NULL;
- int tp;
- ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
- ExpectNotNull(ctx);
- ssl = wolfSSL_new(ctx);
- ExpectNotNull(ssl);
- /*--------------------------------------------*/
- /* tests for wolfSSL_CTX_set_client_cert_type */
- /*--------------------------------------------*/
- /* illegal parameter test caces */
- ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(NULL, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
- sizeof(ctype)),
- BAD_FUNC_ARG);
- ctype[0] = WOLFSSL_CERT_TYPE_RPK; /* set an identical cert type */
- ctype[1] = WOLFSSL_CERT_TYPE_RPK;
- ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- ctype[0] = WOLFSSL_CERT_TYPE_X509;
- ctype[1] = 10; /* set unknown cert type */
- ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- /* pass larger type count */
- ctype[0] = WOLFSSL_CERT_TYPE_RPK;
- ctype[1] = WOLFSSL_CERT_TYPE_X509;
- ctype[2] = 1; /* pass unacceptable type count */
- ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
- MAX_CLIENT_CERT_TYPE_CNT + 1),
- BAD_FUNC_ARG);
- /* should accept NULL for type buffer */
- ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, NULL,
- MAX_CLIENT_CERT_TYPE_CNT),
- WOLFSSL_SUCCESS);
- /* should accept zero for type count */
- ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
- 0),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- WOLFSSL_SUCCESS);
- /*--------------------------------------------*/
- /* tests for wolfSSL_CTX_set_server_cert_type */
- /*--------------------------------------------*/
- ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(NULL, ctype,
- MAX_SERVER_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
- sizeof(ctype)),
- BAD_FUNC_ARG);
- ctype[0] = WOLFSSL_CERT_TYPE_RPK; /* set an identical cert type */
- ctype[1] = WOLFSSL_CERT_TYPE_RPK;
- ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
- MAX_SERVER_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- ctype[0] = WOLFSSL_CERT_TYPE_X509;
- ctype[1] = 10; /* set unknown cert type */
- ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
- MAX_SERVER_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- /* pass larger type count */
- ctype[0] = WOLFSSL_CERT_TYPE_RPK;
- ctype[1] = WOLFSSL_CERT_TYPE_X509;
- ctype[2] = 1; /* pass unacceptable type count */
- ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
- MAX_SERVER_CERT_TYPE_CNT + 1),
- BAD_FUNC_ARG);
- /* should accept NULL for type buffer */
- ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, NULL,
- MAX_SERVER_CERT_TYPE_CNT),
- WOLFSSL_SUCCESS);
- /* should accept zero for type count */
- ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
- 0),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- WOLFSSL_SUCCESS);
- /*--------------------------------------------*/
- /* tests for wolfSSL_set_client_cert_type */
- /*--------------------------------------------*/
- ExpectIntEQ(wolfSSL_set_client_cert_type(NULL, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
- sizeof(ctype)),
- BAD_FUNC_ARG);
- ctype[0] = WOLFSSL_CERT_TYPE_RPK; /* set an identical cert type */
- ctype[1] = WOLFSSL_CERT_TYPE_RPK;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- ctype[0] = WOLFSSL_CERT_TYPE_X509;
- ctype[1] = 10; /* set unknown cert type */
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- /* pass larger type count */
- ctype[0] = WOLFSSL_CERT_TYPE_RPK;
- ctype[1] = WOLFSSL_CERT_TYPE_X509;
- ctype[2] = 1; /* pass unacceptable type count */
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
- MAX_CLIENT_CERT_TYPE_CNT + 1),
- BAD_FUNC_ARG);
- /* should accept NULL for type buffer */
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, NULL,
- MAX_CLIENT_CERT_TYPE_CNT),
- WOLFSSL_SUCCESS);
- /* should accept zero for type count */
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
- 0),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype,
- MAX_CLIENT_CERT_TYPE_CNT),
- WOLFSSL_SUCCESS);
- /*--------------------------------------------*/
- /* tests for wolfSSL_CTX_set_server_cert_type */
- /*--------------------------------------------*/
- ExpectIntEQ(wolfSSL_set_server_cert_type(NULL, ctype,
- MAX_SERVER_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
- sizeof(ctype)),
- BAD_FUNC_ARG);
- ctype[0] = WOLFSSL_CERT_TYPE_RPK; /* set an identical cert type */
- ctype[1] = WOLFSSL_CERT_TYPE_RPK;
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
- MAX_SERVER_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- ctype[0] = WOLFSSL_CERT_TYPE_X509;
- ctype[1] = 10; /* set unknown cert type */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
- MAX_SERVER_CERT_TYPE_CNT),
- BAD_FUNC_ARG);
- /* pass larger type count */
- ctype[0] = WOLFSSL_CERT_TYPE_RPK;
- ctype[1] = WOLFSSL_CERT_TYPE_X509;
- ctype[2] = 1; /* pass unacceptable type count */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
- MAX_SERVER_CERT_TYPE_CNT + 1),
- BAD_FUNC_ARG);
- /* should accept NULL for type buffer */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, NULL,
- MAX_SERVER_CERT_TYPE_CNT),
- WOLFSSL_SUCCESS);
- /* should accept zero for type count */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
- 0),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype,
- MAX_SERVER_CERT_TYPE_CNT),
- WOLFSSL_SUCCESS);
- /*------------------------------------------------*/
- /* tests for wolfSSL_get_negotiated_xxx_cert_type */
- /*------------------------------------------------*/
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(NULL, &tp),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl, NULL),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(NULL, &tp),
- BAD_FUNC_ARG);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl, NULL),
- BAD_FUNC_ARG);
- /* clean up */
- wolfSSL_free(ssl);
- wolfSSL_CTX_free(ctx);
- #endif
- return EXPECT_RESULT();
- }
- static int test_tls13_rpk_handshake(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_RPK)
- int ret = 0;
- WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- int err;
- char certType_c[MAX_CLIENT_CERT_TYPE_CNT];
- char certType_s[MAX_CLIENT_CERT_TYPE_CNT];
- int typeCnt_c;
- int typeCnt_s;
- int tp;
- (void)err;
- (void)typeCnt_c;
- (void)typeCnt_s;
- (void)certType_c;
- (void)certType_s;
- /* TLS1.2
- * Both client and server load x509 cert and start handshaking.
- * Check no negotiation occurred.
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
- cliCertFile, WOLFSSL_FILETYPE_PEM,
- svrCertFile, WOLFSSL_FILETYPE_PEM,
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM)
- , 0);
- /* set client certificate type in client end */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_c = 2;
- certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_s[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_s = 2;
- /* both clien and server do not call client/server_cert_type APIs,
- * expecting default settings works and no negotiation performed.
- */
- if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
- return TEST_FAIL;
- /* confirm no negotiation occurred */
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- /* Both client and server load x509 cert and start handshaking.
- * Check no negotiation occurred.
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- cliCertFile, WOLFSSL_FILETYPE_PEM,
- svrCertFile, WOLFSSL_FILETYPE_PEM,
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM )
- , 0);
- /* set client certificate type in client end */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_c = 2;
- certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_s[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_s = 2;
- /* both clien and server do not call client/server_cert_type APIs,
- * expecting default settings works and no negotiation performed.
- */
- if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
- return TEST_FAIL;
- /* confirm no negotiation occurred */
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- /* Both client and server load RPK cert and start handshaking.
- * Confirm negotiated cert types match as expected.
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- svrRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM )
- , 0);
- /* set client certificate type in client end */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_c = 2;
- certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_s[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_s = 2;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* set server certificate type in client end */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* set client certificate type in server end */
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* set server certificate type in server end */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
- return TEST_FAIL;
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- /* TLS1.2
- * Both client and server load RPK cert and start handshaking.
- * Confirm negotiated cert types match as expected.
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
- clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- svrRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM )
- , 0);
- /* set client certificate type in client end */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_c = 2;
- certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_s[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_s = 2;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* set server certificate type in client end */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* set client certificate type in server end */
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* set server certificate type in server end */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
- return TEST_FAIL;
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- /* Both client and server load x509 cert.
- * Have client call set_client_cert_type with both RPK and x509.
- * This doesn't makes client add client cert type extension to ClientHello,
- * since it does not load RPK cert actually.
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- cliCertFile, WOLFSSL_FILETYPE_PEM,
- svrCertFile, WOLFSSL_FILETYPE_PEM,
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM )
- , 0);
- /* set client certificate type in client end */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_c = 2;
- /* client indicates both RPK and x509 certs are available but loaded RPK
- * cert only. It does not have client add client-cert-type extension in CH.
- */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_c = 2;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* client indicates both RPK and x509 certs are acceptable */
- certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_s[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_s = 2;
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* server indicates both RPK and x509 certs are acceptable */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_c = 2;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* server should indicate only RPK cert is available */
- certType_s[0] = WOLFSSL_CERT_TYPE_X509;
- certType_s[1] = -1;
- typeCnt_s = 1;
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
- return TEST_FAIL;
- /* Negotiation for client-cert-type should NOT happen. Therefore -1 should
- * be returned as cert type.
- */
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- /* Have client load RPK cert and have server load x509 cert.
- * Check the negotiation result from both ends.
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- svrCertFile, WOLFSSL_FILETYPE_PEM,
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM )
- , 0);
- /* have client tell to use RPK cert */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = -1;
- typeCnt_c = 1;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* have client tell to accept both RPK and x509 cert */
- certType_s[0] = WOLFSSL_CERT_TYPE_X509;
- certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
- typeCnt_s = 2;
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* have server accept to both RPK and x509 cert */
- certType_c[0] = WOLFSSL_CERT_TYPE_X509;
- certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
- typeCnt_c = 2;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* does not call wolfSSL_set_server_cert_type intentionally in sesrver
- * end, expecting the default setting works.
- */
- if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
- return TEST_FAIL;
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- /* Have both client and server load RPK cert, however, have server
- * indicate its cert type x509.
- * Client is expected to detect the cert type mismatch then to send alert
- * with "unsupported_certificate".
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, /* server sends RPK cert */
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM )
- , 0);
- /* have client tell to use RPK cert */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = -1;
- typeCnt_c = 1;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* have client tell to accept both RPK and x509 cert */
- certType_s[0] = WOLFSSL_CERT_TYPE_X509;
- certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
- typeCnt_s = 2;
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* have server accept to both RPK and x509 cert */
- certType_c[0] = WOLFSSL_CERT_TYPE_X509;
- certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
- typeCnt_c = 2;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* have server tell to use x509 cert intentionally. This will bring
- * certificate type mismatch in client side.
- */
- certType_s[0] = WOLFSSL_CERT_TYPE_X509;
- certType_s[1] = -1;
- typeCnt_s = 1;
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* expect client detect cert type mismatch then send Alert */
- ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
- if (ret != -1)
- return TEST_FAIL;
- ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), UNSUPPORTED_CERTIFICATE);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- /* Have client load x509 cert and server load RPK cert,
- * however, have client indicate its cert type RPK.
- * Server is expected to detect the cert type mismatch then to send alert
- * with "unsupported_certificate".
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- cliCertFile, WOLFSSL_FILETYPE_PEM,
- svrRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM )
- , 0);
- /* have client tell to use RPK cert intentionally */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = -1;
- typeCnt_c = 1;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* have client tell to accept both RPK and x509 cert */
- certType_s[0] = WOLFSSL_CERT_TYPE_X509;
- certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
- typeCnt_s = 2;
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* have server accept to both RPK and x509 cert */
- certType_c[0] = WOLFSSL_CERT_TYPE_X509;
- certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
- typeCnt_c = 2;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* have server tell to use x509 cert intentionally. This will bring
- * certificate type mismatch in client side.
- */
- certType_s[0] = WOLFSSL_CERT_TYPE_X509;
- certType_s[1] = -1;
- typeCnt_s = 1;
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
- /* expect server detect cert type mismatch then send Alert */
- ExpectIntNE(ret, 0);
- err = wolfSSL_get_error(ssl_c, ret);
- ExpectIntEQ(err, UNSUPPORTED_CERTIFICATE);
- /* client did not load RPK cert actually, so negotiation did not happen */
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
- /* client did not load RPK cert actually, so negotiation did not happen */
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- #if defined(WOLFSSL_ALWAYS_VERIFY_CB)
- /* Both client and server load RPK cert and set certificate verify
- * callbacks then start handshaking.
- * Confirm both side can refer the peer's cert.
- */
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(
- test_rpk_memio_setup(
- &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- svrRpkCertFile, WOLFSSL_FILETYPE_ASN1,
- cliKeyFile, WOLFSSL_FILETYPE_PEM,
- svrKeyFile, WOLFSSL_FILETYPE_PEM )
- , 0);
- /* set client certificate type in client end */
- certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_c[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_c = 2;
- certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
- certType_s[1] = WOLFSSL_CERT_TYPE_X509;
- typeCnt_s = 2;
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* set server certificate type in client end */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* set client certificate type in server end */
- ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
- WOLFSSL_SUCCESS);
- /* set server certificate type in server end */
- ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
- WOLFSSL_SUCCESS);
- /* set certificate verify callback to both client and server */
- int isServer = 0;
- wolfSSL_SetCertCbCtx(ssl_c, &isServer);
- wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb);
- isServer = 1;
- wolfSSL_SetCertCbCtx(ssl_c, &isServer);
- wolfSSL_set_verify(ssl_s, SSL_VERIFY_PEER, MyRpkVerifyCb);
- ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
- if (ret != 0)
- return TEST_FAIL;
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- #endif /* WOLFSSL_ALWAYS_VERIFY_CB */
- #endif /* HAVE_RPK */
- return EXPECT_RESULT();
- }
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
- static int test_dtls13_bad_epoch_ch(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- const int EPOCH_OFF = 3;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
- /* disable hrr cookie so we can later check msgsReceived.got_client_hello
- * with just one message */
- ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntGE(test_ctx.s_len, EPOCH_OFF + 2);
- /* first CH should use epoch 0x0 */
- ExpectTrue((test_ctx.s_buff[EPOCH_OFF] == 0x0) &&
- (test_ctx.s_buff[EPOCH_OFF + 1] == 0x0));
- /* change epoch to 2 */
- test_ctx.s_buff[EPOCH_OFF + 1] = 0x2;
- ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntNE(ssl_s->msgsReceived.got_client_hello, 1);
- /* resend the CH */
- ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #else
- static int test_dtls13_bad_epoch_ch(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
- static int test_short_session_id_ssl_ready(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- WOLFSSL_SESSION *sess = NULL;
- /* Setup the session to avoid errors */
- ssl->session->timeout = -1;
- ssl->session->side = WOLFSSL_CLIENT_END;
- #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
- defined(HAVE_SESSION_TICKET))
- ssl->session->version = ssl->version;
- #endif
- /* Force a short session ID to be sent */
- ssl->session->sessionIDSz = 4;
- #ifndef NO_SESSION_CACHE_REF
- /* Allow the client cache to be used */
- ssl->session->idLen = 4;
- #endif
- ssl->session->isSetup = 1;
- ExpectNotNull(sess = wolfSSL_get_session(ssl));
- ExpectIntEQ(wolfSSL_set_session(ssl, sess), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int test_short_session_id(void)
- {
- EXPECT_DECLS;
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- size_t i;
- struct {
- method_provider client_meth;
- method_provider server_meth;
- const char* tls_version;
- } params[] = {
- #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
- defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) && \
- !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
- /* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */
- { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" },
- #ifdef WOLFSSL_DTLS13
- { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" },
- #endif
- #endif
- #ifndef WOLFSSL_NO_TLS12
- { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" },
- #ifdef WOLFSSL_DTLS
- { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" },
- #endif
- #endif
- #if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
- !defined(NO_DES3))
- { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" },
- #ifdef WOLFSSL_DTLS
- { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" },
- #endif
- #endif
- };
- fprintf(stderr, "\n");
- for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- fprintf(stderr, "\tTesting short ID with %s\n", params[i].tls_version);
- client_cbf.ssl_ready = test_short_session_id_ssl_ready;
- client_cbf.method = params[i].client_meth;
- server_cbf.method = params[i].server_meth;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- }
- return EXPECT_RESULT();
- }
- #else
- static int test_short_session_id(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(HAVE_NULL_CIPHER) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) \
- && defined(WOLFSSL_DTLS13)
- static byte* test_find_string(const char *string,
- byte *buf, int buf_size)
- {
- int string_size, i;
- string_size = (int)XSTRLEN(string);
- for (i = 0; i < buf_size - string_size - 1; i++) {
- if (XSTRCMP((char*)&buf[i], string) == 0)
- return &buf[i];
- }
- return NULL;
- }
- static int test_wolfSSL_dtls13_null_cipher(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- const char *test_str = "test";
- int test_str_size;
- byte buf[255], *ptr = NULL;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- test_ctx.c_ciphers = test_ctx.s_ciphers = "TLS13-SHA256-SHA256";
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- test_str_size = XSTRLEN("test") + 1;
- ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
- ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size);
- ExpectIntEQ(XSTRCMP((char*)buf, test_str), 0);
- ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
- /* check that the packet was sent cleartext */
- ExpectNotNull(ptr = test_find_string(test_str, test_ctx.s_buff,
- test_ctx.s_len));
- if (ptr != NULL) {
- /* modify the message */
- *ptr = 'H';
- /* bad messages should be ignored in DTLS */
- ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), -1);
- ExpectIntEQ(ssl_s->error, WANT_READ);
- }
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- return TEST_SUCCESS;
- }
- #else
- static int test_wolfSSL_dtls13_null_cipher(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- !defined(SINGLE_THREADED) && !defined(NO_RSA)
- static int test_dtls_msg_get_connected_port(int fd, word16 *port)
- {
- SOCKADDR_S peer;
- XSOCKLENT len;
- int ret;
- XMEMSET((byte*)&peer, 0, sizeof(peer));
- len = sizeof(peer);
- ret = getpeername(fd, (SOCKADDR*)&peer, &len);
- if (ret != 0 || len > (XSOCKLENT)sizeof(peer))
- return -1;
- switch (peer.ss_family) {
- #ifdef WOLFSSL_IPV6
- case WOLFSSL_IP6: {
- *port = ntohs(((SOCKADDR_IN6*)&peer)->sin6_port);
- break;
- }
- #endif /* WOLFSSL_IPV6 */
- case WOLFSSL_IP4:
- *port = ntohs(((SOCKADDR_IN*)&peer)->sin_port);
- break;
- default:
- return -1;
- }
- return 0;
- }
- static int test_dtls_msg_from_other_peer_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
- {
- char buf[1] = {'t'};
- SOCKADDR_IN_T addr;
- int sock_fd;
- word16 port;
- int err;
- (void)ssl;
- (void)ctx;
- if (ssl == NULL)
- return -1;
- err = test_dtls_msg_get_connected_port(wolfSSL_get_fd(ssl), &port);
- if (err != 0)
- return -1;
- sock_fd = socket(AF_INET_V, SOCK_DGRAM, 0);
- if (sock_fd == -1)
- return -1;
- build_addr(&addr, wolfSSLIP, port, 1, 0);
- /* send a packet to the server. Being another socket, the kernel will ensure
- * the source port will be different. */
- err = (int)sendto(sock_fd, buf, sizeof(buf), 0, (SOCKADDR*)&addr,
- sizeof(addr));
- close(sock_fd);
- if (err == -1)
- return -1;
- return 0;
- }
- /* setup a SSL session but just after the handshake send a packet to the server
- * with a source address different than the one of the connected client. The I/O
- * callback EmbedRecvFrom should just ignore the packet. Sending of the packet
- * is done in test_dtls_msg_from_other_peer_cb */
- static int test_dtls_msg_from_other_peer(void)
- {
- EXPECT_DECLS;
- callback_functions client_cbs;
- callback_functions server_cbs;
- XMEMSET((byte*)&client_cbs, 0, sizeof(client_cbs));
- XMEMSET((byte*)&server_cbs, 0, sizeof(server_cbs));
- client_cbs.method = wolfDTLSv1_2_client_method;
- server_cbs.method = wolfDTLSv1_2_server_method;
- client_cbs.doUdp = 1;
- server_cbs.doUdp = 1;
- test_wolfSSL_client_server_nofail_ex(&client_cbs, &server_cbs,
- test_dtls_msg_from_other_peer_cb);
- ExpectIntEQ(client_cbs.return_code, WOLFSSL_SUCCESS);
- ExpectIntEQ(server_cbs.return_code, WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- static int test_dtls_msg_from_other_peer(void)
- {
- return TEST_SKIPPED;
- }
- #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- * !defined(SINGLE_THREADED) && !defined(NO_RSA) */
- #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_IPV6) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
- static int test_dtls_ipv6_check(void)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- SOCKADDR_IN fake_addr6;
- int sockfd = -1;
- ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
- ExpectNotNull(ssl_c = wolfSSL_new(ctx_c));
- ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
- ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile,
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectNotNull(ssl_s = wolfSSL_new(ctx_s));
- XMEMSET((byte*)&fake_addr6, 0, sizeof(fake_addr6));
- /* mimic a sockaddr_in6 struct, this way we can't test without
- * WOLFSSL_IPV6 */
- fake_addr6.sin_family = WOLFSSL_IP6;
- ExpectIntNE(sockfd = socket(AF_INET, SOCK_DGRAM, 0), -1);
- ExpectIntEQ(wolfSSL_set_fd(ssl_c, sockfd), WOLFSSL_SUCCESS);
- /* can't return error here, as the peer is opaque for wolfssl library at
- * this point */
- ExpectIntEQ(wolfSSL_dtls_set_peer(ssl_c, &fake_addr6, sizeof(fake_addr6)),
- WOLFSSL_SUCCESS);
- ExpectIntNE(fcntl(sockfd, F_SETFL, O_NONBLOCK), -1);
- wolfSSL_dtls_set_using_nonblock(ssl_c, 1);
- ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectIntEQ(ssl_c->error, SOCKET_ERROR_E);
- ExpectIntEQ(wolfSSL_dtls_set_peer(ssl_s, &fake_addr6, sizeof(fake_addr6)),
- WOLFSSL_SUCCESS);
- /* reuse the socket */
- ExpectIntEQ(wolfSSL_set_fd(ssl_c, sockfd), WOLFSSL_SUCCESS);
- wolfSSL_dtls_set_using_nonblock(ssl_s, 1);
- ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
- ExpectIntEQ(ssl_s->error, SOCKET_ERROR_E);
- if (sockfd != -1)
- close(sockfd);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- return EXPECT_RESULT();
- }
- #else
- static int test_dtls_ipv6_check(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_SECURE_RENEGOTIATION)
- static WOLFSSL_SESSION* test_wolfSSL_SCR_after_resumption_session = NULL;
- static void test_wolfSSL_SCR_after_resumption_ctx_ready(WOLFSSL_CTX* ctx)
- {
- AssertIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx), WOLFSSL_SUCCESS);
- }
- static void test_wolfSSL_SCR_after_resumption_on_result(WOLFSSL* ssl)
- {
- if (test_wolfSSL_SCR_after_resumption_session == NULL) {
- test_wolfSSL_SCR_after_resumption_session = wolfSSL_get1_session(ssl);
- AssertNotNull(test_wolfSSL_SCR_after_resumption_session);
- }
- else {
- char testMsg[] = "Message after SCR";
- char msgBuf[sizeof(testMsg)];
- int ret;
- if (!wolfSSL_is_server(ssl)) {
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_set_session(ssl,
- test_wolfSSL_SCR_after_resumption_session));
- }
- AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
- sizeof(testMsg));
- ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
- if (ret != sizeof(msgBuf)) /* Possibly APP_DATA_READY error. Retry. */
- ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf));
- AssertIntEQ(ret, sizeof(msgBuf));
- }
- }
- static void test_wolfSSL_SCR_after_resumption_ssl_ready(WOLFSSL* ssl)
- {
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_set_session(ssl, test_wolfSSL_SCR_after_resumption_session));
- }
- static int test_wolfSSL_SCR_after_resumption(void)
- {
- EXPECT_DECLS;
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- func_cb_client.method = wolfTLSv1_2_client_method;
- func_cb_client.ctx_ready = test_wolfSSL_SCR_after_resumption_ctx_ready;
- func_cb_client.on_result = test_wolfSSL_SCR_after_resumption_on_result;
- func_cb_server.method = wolfTLSv1_2_server_method;
- func_cb_server.ctx_ready = test_wolfSSL_SCR_after_resumption_ctx_ready;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
- ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
- func_cb_client.ssl_ready = test_wolfSSL_SCR_after_resumption_ssl_ready;
- func_cb_server.on_result = test_wolfSSL_SCR_after_resumption_on_result;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
- ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
- wolfSSL_SESSION_free(test_wolfSSL_SCR_after_resumption_session);
- return EXPECT_RESULT();
- }
- #else
- static int test_wolfSSL_SCR_after_resumption(void)
- {
- return TEST_SKIPPED;
- }
- #endif
- static int test_wolfSSL_configure_args(void)
- {
- EXPECT_DECLS;
- #if defined(LIBWOLFSSL_CONFIGURE_ARGS) && defined(HAVE_WC_INTROSPECTION)
- ExpectNotNull(wolfSSL_configure_args());
- #endif
- return EXPECT_RESULT();
- }
- static int test_dtls_no_extensions(void)
- {
- EXPECT_DECLS;
- #if defined(WOLFSSL_DTLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
- !defined(WOLFSSL_NO_TLS12)
- WOLFSSL *ssl_s = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- struct test_memio_ctx test_ctx;
- const byte chNoExtensions[] = {
- /* Handshake type */
- 0x16,
- /* Version */
- 0xfe, 0xff,
- /* Epoch */
- 0x00, 0x00,
- /* Seq number */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- /* Length */
- 0x00, 0x40,
- /* CH type */
- 0x01,
- /* Length */
- 0x00, 0x00, 0x34,
- /* Msg Seq */
- 0x00, 0x00,
- /* Frag offset */
- 0x00, 0x00, 0x00,
- /* Frag length */
- 0x00, 0x00, 0x34,
- /* Version */
- 0xfe, 0xff,
- /* Random */
- 0x62, 0xfe, 0xbc, 0xfe, 0x2b, 0xfe, 0x3f, 0xeb, 0x03, 0xc4, 0xea, 0x37,
- 0xe7, 0x47, 0x7e, 0x8a, 0xd9, 0xbf, 0x77, 0x0f, 0x6c, 0xb6, 0x77, 0x0b,
- 0x03, 0x3f, 0x82, 0x2b, 0x21, 0x64, 0x57, 0x1d,
- /* Session Length */
- 0x00,
- /* Cookie Length */
- 0x00,
- /* CS Length */
- 0x00, 0x0c,
- /* CS */
- 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x39, 0x00, 0x33,
- /* Comp Meths Length */
- 0x01,
- /* Comp Meths */
- 0x00
- /* And finally... no extensions */
- };
- int i;
- #ifdef OPENSSL_EXTRA
- int repeats = 2;
- #else
- int repeats = 1;
- #endif
- for (i = 0; i < repeats; i++) {
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ssl_s = NULL;
- ctx_s = NULL;
- ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s,
- NULL, wolfDTLS_server_method), 0);
- XMEMCPY(test_ctx.s_buff, chNoExtensions, sizeof(chNoExtensions));
- test_ctx.s_len = sizeof(chNoExtensions);
- #ifdef OPENSSL_EXTRA
- if (i > 0) {
- ExpectIntEQ(wolfSSL_set_max_proto_version(ssl_s, DTLS1_2_VERSION),
- WOLFSSL_SUCCESS);
- }
- #endif
- ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* Expecting a handshake msg. Either HVR or SH. */
- ExpectIntGT(test_ctx.c_len, 0);
- ExpectIntEQ(test_ctx.c_buff[0], 0x16);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_TLSX_CA_NAMES_bad_extension(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
- !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) && \
- defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA384) && \
- defined(HAVE_NULL_CIPHER)
- /* This test should only fail (with BUFFER_ERROR) when we actually try to
- * parse the CA Names extension. Otherwise it will return other non-related
- * errors. If CA Names will be parsed in more configurations, that should
- * be reflected in the macro guard above. */
- WOLFSSL *ssl_c = NULL;
- WOLFSSL_CTX *ctx_c = NULL;
- struct test_memio_ctx test_ctx;
- /* HRR + SH using TLS_DHE_PSK_WITH_NULL_SHA384 */
- const byte shBadCaNamesExt[] = {
- 0x16, 0x03, 0x04, 0x00, 0x3f, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0xcf,
- 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e,
- 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07,
- 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c, 0x00, 0x13, 0x03, 0x00, 0x00,
- 0x13, 0x94, 0x7e, 0x00, 0x03, 0x0b, 0xf7, 0x03, 0x00, 0x2b, 0x00, 0x02,
- 0x03, 0x04, 0x00, 0x33, 0x00, 0x02, 0x00, 0x19, 0x16, 0x03, 0x03, 0x00,
- 0x5c, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0x03, 0xcf, 0x21, 0xad, 0x74,
- 0x00, 0x00, 0x83, 0x3f, 0x3b, 0x80, 0x01, 0xac, 0x65, 0x8c, 0x19, 0x2a,
- 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x02, 0x00, 0x9e, 0x09, 0x1c, 0xe8,
- 0xa8, 0x09, 0x9c, 0x00, 0xc0, 0xb5, 0x00, 0x00, 0x11, 0x8f, 0x00, 0x00,
- 0x03, 0x3f, 0x00, 0x0c, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 0x13, 0x05,
- 0x00, 0x00, 0x08, 0x00, 0x00, 0x06, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00,
- 0x0d, 0x00, 0x00, 0x11, 0x00, 0x00, 0x0d, 0x00, 0x2f, 0x00, 0x01, 0xff,
- 0xff, 0xff, 0xff, 0xfa, 0x0d, 0x00, 0x00, 0x00, 0xad, 0x02
- };
- const byte shBadCaNamesExt2[] = {
- 0x16, 0x03, 0x04, 0x00, 0x3f, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0xcf,
- 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e,
- 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07,
- 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c, 0x00, 0x13, 0x03, 0x00, 0x00,
- 0x13, 0x94, 0x7e, 0x00, 0x03, 0x0b, 0xf7, 0x03, 0x00, 0x2b, 0x00, 0x02,
- 0x03, 0x04, 0x00, 0x33, 0x00, 0x02, 0x00, 0x19, 0x16, 0x03, 0x03, 0x00,
- 0x5e, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0x7f, 0xd0, 0x2d, 0xea, 0x6e,
- 0x53, 0xa1, 0x6a, 0xc9, 0xc8, 0x54, 0xef, 0x75, 0xe4, 0xd9, 0xc6, 0x3e,
- 0x74, 0xcb, 0x30, 0x80, 0xcc, 0x83, 0x3a, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0xc0, 0x5a, 0x00, 0xc0, 0xb5, 0x00, 0x00, 0x11, 0x8f, 0x00, 0x00,
- 0x03, 0x03, 0x00, 0x0c, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 0x53, 0x25,
- 0x00, 0x00, 0x08, 0x00, 0x00, 0x06, 0x00, 0x04, 0x02, 0x05, 0x00, 0x00,
- 0x0d, 0x00, 0x00, 0x11, 0x00, 0x00, 0x0d, 0x00, 0x2f, 0x00, 0x06, 0x00,
- 0x04, 0x00, 0x03, 0x30, 0x00, 0x13, 0x94, 0x00, 0x06, 0x00, 0x04, 0x02
- };
- int i = 0;
- for (i = 0; i < 2; i++) {
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL,
- wolfTLSv1_3_client_method, NULL), 0);
- switch (i) {
- case 0:
- XMEMCPY(test_ctx.c_buff, shBadCaNamesExt,
- sizeof(shBadCaNamesExt));
- test_ctx.c_len = sizeof(shBadCaNamesExt);
- break;
- case 1:
- XMEMCPY(test_ctx.c_buff, shBadCaNamesExt2,
- sizeof(shBadCaNamesExt2));
- test_ctx.c_len = sizeof(shBadCaNamesExt2);
- break;
- }
- ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
- #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), OUT_OF_ORDER_E);
- #else
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), BUFFER_ERROR);
- #endif
- wolfSSL_free(ssl_c);
- ssl_c = NULL;
- wolfSSL_CTX_free(ctx_c);
- ctx_c = NULL;
- }
- #endif
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- static void test_dtls_1_0_hvr_downgrade_ctx_ready(WOLFSSL_CTX* ctx)
- {
- AssertIntEQ(wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_DTLSV1_2),
- WOLFSSL_SUCCESS);
- }
- static int test_dtls_1_0_hvr_downgrade(void)
- {
- EXPECT_DECLS;
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- func_cb_client.doUdp = func_cb_server.doUdp = 1;
- func_cb_client.method = wolfDTLS_client_method;
- func_cb_server.method = wolfDTLSv1_2_server_method;
- func_cb_client.ctx_ready = test_dtls_1_0_hvr_downgrade_ctx_ready;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
- ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- static int test_dtls_1_0_hvr_downgrade(void)
- {
- EXPECT_DECLS;
- return EXPECT_RESULT();
- }
- #endif
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_SESSION_TICKET)
- static WOLFSSL_SESSION* test_session_ticket_no_id_session = NULL;
- static void test_session_ticket_no_id_on_result(WOLFSSL* ssl)
- {
- test_session_ticket_no_id_session = wolfSSL_get1_session(ssl);
- AssertNotNull(test_session_ticket_no_id_session);
- }
- static void test_session_ticket_no_id_ctx_ready(WOLFSSL_CTX* ctx)
- {
- AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS);
- }
- static void test_session_ticket_no_id_ssl_ready(WOLFSSL* ssl)
- {
- test_session_ticket_no_id_session->sessionIDSz = 0;
- AssertIntEQ(WOLFSSL_SUCCESS,
- wolfSSL_set_session(ssl, test_session_ticket_no_id_session));
- }
- static int test_session_ticket_no_id(void)
- {
- /* We are testing an expired (invalid crypto context in out case since the
- * ctx changes) session ticket being sent with the session ID being 0
- * length. */
- EXPECT_DECLS;
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- func_cb_client.method = wolfTLSv1_2_client_method;
- func_cb_client.ctx_ready = test_session_ticket_no_id_ctx_ready;
- func_cb_client.on_result = test_session_ticket_no_id_on_result;
- func_cb_server.method = wolfTLSv1_2_server_method;
- func_cb_server.ctx_ready = test_session_ticket_no_id_ctx_ready;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
- ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
- XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
- XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
- func_cb_client.method = wolfTLSv1_2_client_method;
- func_cb_client.ctx_ready = test_session_ticket_no_id_ctx_ready;
- func_cb_client.ssl_ready = test_session_ticket_no_id_ssl_ready;
- func_cb_server.method = wolfTLSv1_2_server_method;
- func_cb_server.ctx_ready = test_session_ticket_no_id_ctx_ready;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
- ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
- wolfSSL_SESSION_free(test_session_ticket_no_id_session);
- return EXPECT_RESULT();
- }
- #else
- static int test_session_ticket_no_id(void)
- {
- EXPECT_DECLS;
- return EXPECT_RESULT();
- }
- #endif
- static int test_session_ticket_hs_update(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
- defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
- struct test_memio_ctx test_ctx;
- struct test_memio_ctx test_ctx2;
- struct test_memio_ctx test_ctx3;
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_c2 = NULL;
- WOLFSSL *ssl_c3 = NULL;
- WOLFSSL *ssl_s = NULL;
- WOLFSSL *ssl_s2 = NULL;
- WOLFSSL *ssl_s3 = NULL;
- WOLFSSL_SESSION *sess = NULL;
- byte read_data[1];
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- XMEMSET(&test_ctx2, 0, sizeof(test_ctx2));
- XMEMSET(&test_ctx3, 0, sizeof(test_ctx3));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
- /* Generate tickets */
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_SetLoggingPrefix("client");
- /* Read the ticket msg */
- ExpectIntEQ(wolfSSL_read(ssl_c, read_data, sizeof(read_data)),
- WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- wolfSSL_SetLoggingPrefix(NULL);
- ExpectIntEQ(test_memio_setup(&test_ctx2, &ctx_c, &ctx_s, &ssl_c2, &ssl_s2,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
- ExpectIntEQ(test_memio_setup(&test_ctx3, &ctx_c, &ctx_s, &ssl_c3, &ssl_s3,
- wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
- ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
- ExpectIntEQ(wolfSSL_set_session(ssl_c2, sess), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_set_session(ssl_c3, sess), WOLFSSL_SUCCESS);
- wolfSSL_SetLoggingPrefix("client");
- /* Exchange initial flights for the second connection */
- ExpectIntEQ(wolfSSL_connect(ssl_c2), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_error(ssl_c2, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- wolfSSL_SetLoggingPrefix(NULL);
- wolfSSL_SetLoggingPrefix("server");
- ExpectIntEQ(wolfSSL_accept(ssl_s2), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_error(ssl_s2, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- wolfSSL_SetLoggingPrefix(NULL);
- /* Complete third connection so that new tickets are exchanged */
- ExpectIntEQ(test_memio_do_handshake(ssl_c3, ssl_s3, 10, NULL), 0);
- /* Read the ticket msg */
- wolfSSL_SetLoggingPrefix("client");
- ExpectIntEQ(wolfSSL_read(ssl_c3, read_data, sizeof(read_data)),
- WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_error(ssl_c3, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- wolfSSL_SetLoggingPrefix(NULL);
- /* Complete second connection */
- ExpectIntEQ(test_memio_do_handshake(ssl_c2, ssl_s2, 10, NULL), 0);
- ExpectIntEQ(wolfSSL_session_reused(ssl_c2), 1);
- ExpectIntEQ(wolfSSL_session_reused(ssl_c3), 1);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_c2);
- wolfSSL_free(ssl_c3);
- wolfSSL_free(ssl_s);
- wolfSSL_free(ssl_s2);
- wolfSSL_free(ssl_s3);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- wolfSSL_SESSION_free(sess);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_SECURE_RENEGOTIATION)
- static void test_dtls_downgrade_scr_server_ctx_ready_server(WOLFSSL_CTX* ctx)
- {
- AssertIntEQ(wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_DTLSV1_2),
- WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx), WOLFSSL_SUCCESS);
- }
- static void test_dtls_downgrade_scr_server_ctx_ready(WOLFSSL_CTX* ctx)
- {
- AssertIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx), WOLFSSL_SUCCESS);
- }
- static void test_dtls_downgrade_scr_server_on_result(WOLFSSL* ssl)
- {
- char testMsg[] = "Message after SCR";
- char msgBuf[sizeof(testMsg)];
- if (wolfSSL_is_server(ssl)) {
- AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_FATAL_ERROR);
- AssertIntEQ(wolfSSL_get_error(ssl, -1), APP_DATA_READY);
- AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
- AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
- sizeof(testMsg));
- }
- else {
- AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
- sizeof(testMsg));
- AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
- }
- }
- static int test_dtls_downgrade_scr_server(void)
- {
- EXPECT_DECLS;
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- func_cb_client.doUdp = func_cb_server.doUdp = 1;
- func_cb_client.method = wolfDTLSv1_2_client_method;
- func_cb_server.method = wolfDTLS_server_method;
- func_cb_client.ctx_ready = test_dtls_downgrade_scr_server_ctx_ready;
- func_cb_server.ctx_ready = test_dtls_downgrade_scr_server_ctx_ready_server;
- func_cb_client.on_result = test_dtls_downgrade_scr_server_on_result;
- func_cb_server.on_result = test_dtls_downgrade_scr_server_on_result;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
- ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- static int test_dtls_downgrade_scr_server(void)
- {
- EXPECT_DECLS;
- return EXPECT_RESULT();
- }
- #endif
- #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_SECURE_RENEGOTIATION)
- static void test_dtls_downgrade_scr_ctx_ready(WOLFSSL_CTX* ctx)
- {
- AssertIntEQ(wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_DTLSV1_2),
- WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx), WOLFSSL_SUCCESS);
- }
- static void test_dtls_downgrade_scr_on_result(WOLFSSL* ssl)
- {
- char testMsg[] = "Message after SCR";
- char msgBuf[sizeof(testMsg)];
- if (wolfSSL_is_server(ssl)) {
- AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_FATAL_ERROR);
- AssertIntEQ(wolfSSL_get_error(ssl, -1), APP_DATA_READY);
- AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
- AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS);
- AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
- sizeof(testMsg));
- }
- else {
- AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)),
- sizeof(testMsg));
- AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf));
- }
- }
- static int test_dtls_downgrade_scr(void)
- {
- EXPECT_DECLS;
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- func_cb_client.doUdp = func_cb_server.doUdp = 1;
- func_cb_client.method = wolfDTLS_client_method;
- func_cb_server.method = wolfDTLSv1_2_server_method;
- func_cb_client.ctx_ready = test_dtls_downgrade_scr_ctx_ready;
- func_cb_client.on_result = test_dtls_downgrade_scr_on_result;
- func_cb_server.on_result = test_dtls_downgrade_scr_on_result;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
- ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
- return EXPECT_RESULT();
- }
- #else
- static int test_dtls_downgrade_scr(void)
- {
- EXPECT_DECLS;
- return EXPECT_RESULT();
- }
- #endif
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
- && !defined(WOLFSSL_NO_TLS12)
- static int test_dtls_client_hello_timeout_downgrade_read_cb(WOLFSSL *ssl,
- char *data, int sz, void *ctx)
- {
- static int call_counter = 0;
- call_counter++;
- (void)ssl;
- (void)data;
- (void)sz;
- (void)ctx;
- switch (call_counter) {
- case 1:
- case 2:
- return WOLFSSL_CBIO_ERR_TIMEOUT;
- case 3:
- return WOLFSSL_CBIO_ERR_WANT_READ;
- default:
- AssertIntLE(call_counter, 3);
- return -1;
- }
- }
- #endif
- /* Make sure we don't send acks before getting a server hello */
- static int test_dtls_client_hello_timeout_downgrade(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
- && !defined(WOLFSSL_NO_TLS12)
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- DtlsRecordLayerHeader* dtlsRH;
- size_t len;
- byte sequence_number[8];
- int i;
- for (i = 0; i < 2; i++) {
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLS_client_method, wolfDTLSv1_2_server_method), 0);
- if (i == 0) {
- /* First time simulate timeout in IO layer */
- /* CH1 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* HVR */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* CH2 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* SH flight */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* Drop the SH */
- dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
- len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
- XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
- sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
- (sizeof(DtlsRecordLayerHeader) + len));
- test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
- /* Read the remainder of the flight */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- wolfSSL_SSLSetIORecv(ssl_c,
- test_dtls_client_hello_timeout_downgrade_read_cb);
- /* CH3 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- wolfSSL_SSLSetIORecv(ssl_c, test_memio_read_cb);
- }
- else {
- /* Second time call wolfSSL_dtls_got_timeout */
- /* CH1 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* HVR */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* CH2 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* SH flight */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* Drop the SH */
- dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff);
- len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
- XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
- sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
- (sizeof(DtlsRecordLayerHeader) + len));
- test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
- /* Read the remainder of the flight */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* Quick timeout should be set as we received at least one msg */
- ExpectIntEQ(wolfSSL_dtls13_use_quick_timeout(ssl_c), 1);
- ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
- /* Quick timeout should be cleared after a quick timeout */
- /* CH3 */
- ExpectIntEQ(wolfSSL_dtls13_use_quick_timeout(ssl_c), 0);
- ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
- }
- /* Parse out to make sure we got exactly one ClientHello message */
- XMEMSET(&sequence_number, 0, sizeof(sequence_number));
- /* Second ClientHello after HVR */
- sequence_number[7] = 2;
- dtlsRH = (DtlsRecordLayerHeader*)test_ctx.s_buff;
- ExpectIntEQ(dtlsRH->type, handshake);
- ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR);
- ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR);
- ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number,
- sizeof(sequence_number)), 0);
- len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
- ExpectIntEQ(sizeof(DtlsRecordLayerHeader) + len, test_ctx.s_len);
- /* Connection should be able to continue */
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = NULL;
- ssl_s = NULL;
- ctx_c = NULL;
- ctx_s = NULL;
- if (!EXPECT_SUCCESS())
- break;
- }
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
- static int test_dtls_client_hello_timeout_read_cb(WOLFSSL *ssl, char *data,
- int sz, void *ctx)
- {
- static int call_counter = 0;
- call_counter++;
- (void)ssl;
- (void)data;
- (void)sz;
- (void)ctx;
- switch (call_counter) {
- case 1:
- return WOLFSSL_CBIO_ERR_TIMEOUT;
- case 2:
- return WOLFSSL_CBIO_ERR_WANT_READ;
- default:
- AssertIntLE(call_counter, 2);
- return -1;
- }
- }
- #endif
- /* Make sure we don't send acks before getting a server hello */
- static int test_dtls_client_hello_timeout(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
- WOLFSSL *ssl_c = NULL;
- WOLFSSL_CTX *ctx_c = NULL;
- struct test_memio_ctx test_ctx;
- DtlsRecordLayerHeader* dtlsRH;
- size_t idx;
- size_t len;
- byte sequence_number[8];
- int i;
- for (i = 0; i < 2; i++) {
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL,
- wolfDTLSv1_3_client_method, NULL), 0);
- if (i == 0) {
- /* First time simulate timeout in IO layer */
- wolfSSL_SSLSetIORecv(ssl_c, test_dtls_client_hello_timeout_read_cb);
- ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- }
- else {
- /* Second time call wolfSSL_dtls_got_timeout */
- ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
- }
- /* Parse out to make sure we got exactly two ClientHello messages */
- idx = 0;
- XMEMSET(&sequence_number, 0, sizeof(sequence_number));
- /* First ClientHello */
- dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.s_buff + idx);
- ExpectIntEQ(dtlsRH->type, handshake);
- ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR);
- ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR);
- ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number,
- sizeof(sequence_number)), 0);
- len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
- ExpectIntLT(idx + sizeof(DtlsRecordLayerHeader) + len, test_ctx.s_len);
- idx += sizeof(DtlsRecordLayerHeader) + len;
- /* Second ClientHello */
- sequence_number[7] = 1;
- dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.s_buff + idx);
- ExpectIntEQ(dtlsRH->type, handshake);
- ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR);
- ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR);
- ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number,
- sizeof(sequence_number)), 0);
- len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
- ExpectIntEQ(idx + sizeof(DtlsRecordLayerHeader) + len, test_ctx.s_len);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- ssl_c = NULL;
- ctx_c = NULL;
- if (!EXPECT_SUCCESS())
- break;
- }
- #endif
- return EXPECT_RESULT();
- }
- /* DTLS test when dropping the changed cipher spec message */
- static int test_dtls_dropped_ccs(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
- && !defined(WOLFSSL_NO_TLS12)
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- DtlsRecordLayerHeader* dtlsRH;
- size_t len;
- byte data[1];
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
- /* CH1 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* HVR */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* CH2 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* Server first flight */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* Client flight */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* Server ccs + finished */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1);
- /* Drop the ccs */
- dtlsRH = (DtlsRecordLayerHeader*)test_ctx.c_buff;
- len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]);
- ExpectIntEQ(len, 1);
- ExpectIntEQ(dtlsRH->type, change_cipher_spec);
- if (EXPECT_SUCCESS()) {
- XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff +
- sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len -
- (sizeof(DtlsRecordLayerHeader) + len));
- }
- test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len;
- /* Client rtx flight */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
- /* Server ccs + finished rtx */
- ExpectIntEQ(wolfSSL_read(ssl_s, data, sizeof(data)), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* Client processes finished */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
- && !defined(WOLFSSL_NO_TLS12)
- static int test_dtls_seq_num_downgrade_check_num(byte* ioBuf, int ioBufLen,
- byte seq_num)
- {
- EXPECT_DECLS;
- DtlsRecordLayerHeader* dtlsRH;
- byte sequence_number[8];
- XMEMSET(&sequence_number, 0, sizeof(sequence_number));
- ExpectIntGE(ioBufLen, sizeof(*dtlsRH));
- dtlsRH = (DtlsRecordLayerHeader*)ioBuf;
- ExpectIntEQ(dtlsRH->type, handshake);
- ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR);
- ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR);
- sequence_number[7] = seq_num;
- ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number,
- sizeof(sequence_number)), 0);
- return EXPECT_RESULT();
- }
- #endif
- /*
- * Make sure that we send the correct sequence number after a HelloVerifyRequest
- * and after a HelloRetryRequest. This is testing the server side as it is
- * operating statelessly and should copy the sequence number of the ClientHello.
- */
- static int test_dtls_seq_num_downgrade(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
- && !defined(WOLFSSL_NO_TLS12)
- WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_2_client_method, wolfDTLS_server_method), 0);
- /* CH1 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.s_buff,
- test_ctx.s_len, 0), TEST_SUCCESS);
- /* HVR */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.c_buff,
- test_ctx.c_len, 0), TEST_SUCCESS);
- /* CH2 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.s_buff,
- test_ctx.s_len, 1), TEST_SUCCESS);
- /* Server first flight */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.c_buff,
- test_ctx.c_len, 1), TEST_SUCCESS);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- #endif
- return EXPECT_RESULT();
- }
- /**
- * Make sure we don't send RSA Signature Hash Algorithms in the
- * CertificateRequest when we don't have any such ciphers set.
- * @return EXPECT_RESULT()
- */
- static int test_certreq_sighash_algos(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
- !defined(WOLFSSL_MAX_STRENGTH) && defined(HAVE_ECC) && \
- defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
- defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_TLS12)
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- int idx = 0;
- int maxIdx = 0;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- test_ctx.c_ciphers = test_ctx.s_ciphers =
- "ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA384";
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_c,
- "./certs/ca-ecc-cert.pem", NULL), WOLFSSL_SUCCESS);
- wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_PEER, NULL);
- ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_s, "./certs/ecc-key.pem",
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, "./certs/server-ecc.pem",
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
- WOLFSSL_ERROR_WANT_READ);
- /* Find the CertificateRequest message */
- for (idx = 0; idx < test_ctx.c_len && EXPECT_SUCCESS();) {
- word16 len;
- ExpectIntEQ(test_ctx.c_buff[idx++], handshake);
- ExpectIntEQ(test_ctx.c_buff[idx++], SSLv3_MAJOR);
- ExpectIntEQ(test_ctx.c_buff[idx++], TLSv1_2_MINOR);
- ato16(test_ctx.c_buff + idx, &len);
- idx += OPAQUE16_LEN;
- if (test_ctx.c_buff[idx] == certificate_request) {
- idx++;
- /* length */
- idx += OPAQUE24_LEN;
- /* cert types */
- idx += 1 + test_ctx.c_buff[idx];
- /* Sig algos */
- ato16(test_ctx.c_buff + idx, &len);
- idx += OPAQUE16_LEN;
- maxIdx = idx + (int)len;
- for (; idx < maxIdx && EXPECT_SUCCESS(); idx += OPAQUE16_LEN) {
- if (test_ctx.c_buff[idx+1] == ED25519_SA_MINOR ||
- test_ctx.c_buff[idx+1] == ED448_SA_MINOR)
- ExpectIntEQ(test_ctx.c_buff[idx], NEW_SA_MAJOR);
- else
- ExpectIntEQ(test_ctx.c_buff[idx+1], ecc_dsa_sa_algo);
- }
- break;
- }
- else {
- idx += (int)len;
- }
- }
- ExpectIntLT(idx, test_ctx.c_len);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
- myVerifyAction = VERIFY_USE_PREVERFIY;
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
- "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
- "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
- "./certs/crl/extra-crls/ca-int-cert-revoked.pem",
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
- "./certs/crl/ca-int.pem",
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
- myVerifyAction = VERIFY_USE_PREVERFIY;
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
- "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
- "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
- "./certs/intermediate/ca-int2-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
- "./certs/crl/ca-int2.pem",
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
- "./certs/crl/extra-crls/ca-int-cert-revoked.pem",
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx,
- "./certs/crl/ca-int.pem",
- WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
- return EXPECT_RESULT();
- }
- #endif
- static int test_revoked_loaded_int_cert(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- struct {
- const char* certPemFile;
- const char* keyPemFile;
- ctx_cb client_ctx_ready;
- } test_params[] = {
- {"./certs/intermediate/ca-int2-cert.pem",
- "./certs/intermediate/ca-int2-key.pem",
- test_revoked_loaded_int_cert_ctx_ready1},
- {"./certs/intermediate/server-chain.pem",
- "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
- {"./certs/intermediate/server-chain-short.pem",
- "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2},
- };
- size_t i;
- printf("\n");
- for (i = 0; i < XELEM_CNT(test_params); i++) {
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- printf("\tTesting with %s...\n", test_params[i].certPemFile);
- server_cbf.certPemFile = test_params[i].certPemFile;
- server_cbf.keyPemFile = test_params[i].keyPemFile;
- client_cbf.ctx_ready = test_params[i].client_ctx_ready;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_FAIL);
- #ifndef WOLFSSL_HAPROXY
- ExpectIntEQ(client_cbf.last_err, CRL_CERT_REVOKED);
- #else
- ExpectIntEQ(client_cbf.last_err, WOLFSSL_X509_V_ERR_CERT_REVOKED);
- #endif
- ExpectIntEQ(server_cbf.last_err, FATAL_ERROR);
- if (!EXPECT_SUCCESS())
- break;
- printf("\t%s passed\n", test_params[i].certPemFile);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_dtls13_frag_ch_pq(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
- && defined(WOLFSSL_DTLS_CH_FRAG) && defined(HAVE_LIBOQS)
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- const char *test_str = "test";
- int test_str_size;
- byte buf[255];
- int group = WOLFSSL_KYBER_LEVEL5;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
- /* Add in a large post-quantum key share to make the CH long. */
- ExpectIntEQ(wolfSSL_set_groups(ssl_c, &group, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5");
- ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5");
- test_str_size = XSTRLEN("test") + 1;
- ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
- ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size);
- ExpectIntEQ(XSTRCMP((char*)buf, test_str), 0);
- ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
- && defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_DTLS_CH_FRAG)
- static int test_dtls_frag_ch_count_records(byte* b, int len)
- {
- DtlsRecordLayerHeader* dtlsRH;
- int records = 0;
- size_t recordLen;
- while (len > 0) {
- records++;
- dtlsRH = (DtlsRecordLayerHeader*)b;
- recordLen = (dtlsRH->length[0] << 8) | dtlsRH->length[1];
- b += sizeof(DtlsRecordLayerHeader) + recordLen;
- len -= sizeof(DtlsRecordLayerHeader) + recordLen;
- }
- return records;
- }
- #endif
- static int test_dtls_frag_ch(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
- && defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_DTLS_CH_FRAG)
- WOLFSSL_CTX *ctx_c = NULL;
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- static unsigned int DUMMY_MTU = 256;
- unsigned char four_frag_CH[] = {
- 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xda, 0x01, 0x00, 0x02, 0xdc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xce, 0xfe, 0xfd, 0xf3, 0x94, 0x01, 0x33, 0x2c, 0xcf, 0x2c, 0x47, 0xb1,
- 0xe5, 0xa1, 0x7b, 0x19, 0x3e, 0xac, 0x68, 0xdd, 0xe6, 0x17, 0x6b, 0x85,
- 0xad, 0x5f, 0xfc, 0x7f, 0x6e, 0xf0, 0xb9, 0xe0, 0x2e, 0xca, 0x47, 0x00,
- 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0,
- 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc,
- 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
- 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00,
- 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x02,
- 0x7c, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20,
- 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06,
- 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01,
- 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x0c,
- 0x00, 0x0a, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00,
- 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x02, 0x39, 0x02, 0x37, 0x00, 0x17,
- 0x00, 0x41, 0x04, 0x94, 0xdf, 0x36, 0xd7, 0xb3, 0x90, 0x6d, 0x01, 0xa1,
- 0xe6, 0xed, 0x67, 0xf4, 0xd9, 0x9d, 0x2c, 0xac, 0x57, 0x74, 0xff, 0x19,
- 0xbe, 0x5a, 0xc9, 0x30, 0x11, 0xb7, 0x2b, 0x59, 0x47, 0x80, 0x7c, 0xa9,
- 0xb7, 0x31, 0x8c, 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0xda, 0x01, 0x00, 0x02, 0xdc, 0x00, 0x00, 0x00, 0x00,
- 0xce, 0x00, 0x00, 0xce, 0x9e, 0x13, 0x74, 0x3b, 0x86, 0xba, 0x69, 0x1f,
- 0x12, 0xf7, 0xcd, 0x78, 0x53, 0xe8, 0x50, 0x4d, 0x71, 0x3f, 0x4b, 0x4e,
- 0xeb, 0x3e, 0xe5, 0x43, 0x54, 0x78, 0x17, 0x6d, 0x00, 0x18, 0x00, 0x61,
- 0x04, 0xd1, 0x99, 0x66, 0x4f, 0xda, 0xc7, 0x12, 0x3b, 0xff, 0xb2, 0xd6,
- 0x2f, 0x35, 0xb6, 0x17, 0x1f, 0xb3, 0xd0, 0xb6, 0x52, 0xff, 0x97, 0x8b,
- 0x01, 0xe8, 0xd9, 0x68, 0x71, 0x40, 0x02, 0xd5, 0x68, 0x3a, 0x58, 0xb2,
- 0x5d, 0xee, 0xa4, 0xe9, 0x5f, 0xf4, 0xaf, 0x3e, 0x30, 0x9c, 0x3e, 0x2b,
- 0xda, 0x61, 0x43, 0x99, 0x02, 0x35, 0x33, 0x9f, 0xcf, 0xb5, 0xd3, 0x28,
- 0x19, 0x9d, 0x1c, 0xbe, 0x69, 0x07, 0x9e, 0xfc, 0xe4, 0x8e, 0xcd, 0x86,
- 0x4a, 0x1b, 0xf0, 0xfc, 0x17, 0x94, 0x66, 0x53, 0xda, 0x24, 0x5e, 0xaf,
- 0xce, 0xec, 0x62, 0x4c, 0x06, 0xb4, 0x52, 0x94, 0xb1, 0x4a, 0x7a, 0x8c,
- 0x4f, 0x00, 0x19, 0x00, 0x85, 0x04, 0x00, 0x27, 0xeb, 0x99, 0x49, 0x7f,
- 0xcb, 0x2c, 0x46, 0x54, 0x2d, 0x93, 0x5d, 0x25, 0x92, 0x58, 0x5e, 0x06,
- 0xc3, 0x7c, 0xfb, 0x9a, 0xa7, 0xec, 0xcd, 0x9f, 0xe1, 0x6b, 0x2d, 0x78,
- 0xf5, 0x16, 0xa9, 0x20, 0x52, 0x48, 0x19, 0x0f, 0x1a, 0xd0, 0xce, 0xd8,
- 0x68, 0xb1, 0x4e, 0x7f, 0x33, 0x03, 0x7d, 0x0c, 0x39, 0xdb, 0x9c, 0x4b,
- 0xf4, 0xe7, 0xc2, 0xf5, 0xdd, 0x51, 0x9b, 0x03, 0xa8, 0x53, 0x2b, 0xe6,
- 0x00, 0x15, 0x4b, 0xff, 0xd2, 0xa0, 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0xda, 0x01, 0x00, 0x02, 0xdc, 0x00,
- 0x00, 0x00, 0x01, 0x9c, 0x00, 0x00, 0xce, 0x58, 0x30, 0x10, 0x3d, 0x46,
- 0xcc, 0xca, 0x1a, 0x44, 0xc8, 0x58, 0x9b, 0x27, 0x17, 0x67, 0x31, 0x96,
- 0x8a, 0x66, 0x39, 0xf4, 0xcc, 0xc1, 0x9f, 0x12, 0x1f, 0x01, 0x30, 0x50,
- 0x16, 0xd6, 0x89, 0x97, 0xa3, 0x66, 0xd7, 0x99, 0x50, 0x09, 0x6e, 0x80,
- 0x87, 0xe4, 0xa2, 0x88, 0xae, 0xb4, 0x23, 0x57, 0x2f, 0x12, 0x60, 0xe7,
- 0x7d, 0x44, 0x2d, 0xad, 0xbe, 0xe9, 0x0d, 0x01, 0x00, 0x01, 0x00, 0xd5,
- 0xdd, 0x62, 0xee, 0xf3, 0x0e, 0xd9, 0x30, 0x0e, 0x38, 0xf3, 0x48, 0xf4,
- 0xc9, 0x8f, 0x8c, 0x20, 0xf7, 0xd3, 0xa8, 0xb3, 0x87, 0x3c, 0x98, 0x5d,
- 0x70, 0xc5, 0x03, 0x76, 0xb7, 0xd5, 0x0b, 0x7b, 0x23, 0x97, 0x6b, 0xe3,
- 0xb5, 0x18, 0xeb, 0x64, 0x55, 0x18, 0xb2, 0x8a, 0x90, 0x1a, 0x8f, 0x0e,
- 0x15, 0xda, 0xb1, 0x8e, 0x7f, 0xee, 0x1f, 0xe0, 0x3b, 0xb9, 0xed, 0xfc,
- 0x4e, 0x3f, 0x78, 0x16, 0x39, 0x95, 0x5f, 0xb7, 0xcb, 0x65, 0x55, 0x72,
- 0x7b, 0x7d, 0x86, 0x2f, 0x8a, 0xe5, 0xee, 0xf7, 0x57, 0x40, 0xf3, 0xc4,
- 0x96, 0x4f, 0x11, 0x4d, 0x85, 0xf9, 0x56, 0xfa, 0x3d, 0xf0, 0xc9, 0xa4,
- 0xec, 0x1e, 0xaa, 0x47, 0x90, 0x53, 0xdf, 0xe1, 0xb7, 0x78, 0x18, 0xeb,
- 0xdd, 0x0d, 0x89, 0xb7, 0xf6, 0x15, 0x0e, 0x55, 0x12, 0xb3, 0x23, 0x17,
- 0x0b, 0x59, 0x6f, 0x83, 0x05, 0x6b, 0xa6, 0xf8, 0x6c, 0x3a, 0x9b, 0x1b,
- 0x50, 0x93, 0x51, 0xea, 0x95, 0x2d, 0x99, 0x96, 0x38, 0x16, 0xfe, 0xfd,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x7e, 0x01, 0x00,
- 0x02, 0xdc, 0x00, 0x00, 0x00, 0x02, 0x6a, 0x00, 0x00, 0x72, 0x2d, 0x66,
- 0x3e, 0xf2, 0x36, 0x5a, 0xf2, 0x23, 0x8f, 0x28, 0x09, 0xa9, 0x55, 0x8c,
- 0x8f, 0xc0, 0x0d, 0x61, 0x98, 0x33, 0x56, 0x87, 0x7a, 0xfd, 0xa7, 0x50,
- 0x71, 0x84, 0x2e, 0x41, 0x58, 0x00, 0x87, 0xd9, 0x27, 0xe5, 0x7b, 0xf4,
- 0x6d, 0x84, 0x4e, 0x2e, 0x0c, 0x80, 0x0c, 0xf3, 0x8a, 0x02, 0x4b, 0x99,
- 0x3a, 0x1f, 0x9f, 0x18, 0x7d, 0x1c, 0xec, 0xad, 0x60, 0x54, 0xa6, 0xa3,
- 0x2c, 0x82, 0x5e, 0xf8, 0x8f, 0xae, 0xe1, 0xc4, 0x82, 0x7e, 0x43, 0x43,
- 0xc5, 0x99, 0x49, 0x05, 0xd3, 0xf6, 0xdf, 0xa1, 0xb5, 0x2d, 0x0c, 0x13,
- 0x2f, 0x1e, 0xb6, 0x28, 0x7c, 0x5c, 0xa1, 0x02, 0x6b, 0x8d, 0xa3, 0xeb,
- 0xd4, 0x58, 0xe6, 0xa0, 0x7e, 0x6b, 0xaa, 0x09, 0x43, 0x67, 0x71, 0x87,
- 0xa5, 0xcb, 0x68, 0xf3
- };
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
- /* Fragment msgs */
- ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_c, DUMMY_MTU), WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_s, DUMMY_MTU), WOLFSSL_SUCCESS);
- /* Add in some key shares to make the CH long */
- ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_ECC_SECP256R1),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_ECC_SECP384R1),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_ECC_SECP521R1),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_2048),
- WOLFSSL_SUCCESS);
- ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS);
- /* Reject fragmented first CH */
- ExpectIntEQ(test_dtls_frag_ch_count_records(four_frag_CH,
- sizeof(four_frag_CH)), 4);
- XMEMCPY(test_ctx.s_buff, four_frag_CH, sizeof(four_frag_CH));
- test_ctx.s_len = sizeof(four_frag_CH);
- while (test_ctx.s_len > 0 && EXPECT_SUCCESS()) {
- int s_len = test_ctx.s_len;
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* Fail if we didn't advance the buffer to avoid infinite loops */
- ExpectIntLT(test_ctx.s_len, s_len);
- }
- /* Expect all fragments read */
- ExpectIntEQ(test_ctx.s_len, 0);
- /* Expect quietly dropping fragmented first CH */
- ExpectIntEQ(test_ctx.c_len, 0);
- /* CH1 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* Count records. Expect 1 unfragmented CH */
- ExpectIntEQ(test_dtls_frag_ch_count_records(test_ctx.s_buff,
- test_ctx.s_len), 1);
- /* HRR */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* CH2 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* Count records. Expect fragmented CH */
- ExpectIntGT(test_dtls_frag_ch_count_records(test_ctx.s_buff,
- test_ctx.s_len), 1);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- #endif
- return EXPECT_RESULT();
- }
- static int test_dtls_empty_keyshare_with_cookie(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
- WOLFSSL_CTX *ctx_s = NULL;
- WOLFSSL *ssl_s = NULL;
- struct test_memio_ctx test_ctx;
- unsigned char ch_empty_keyshare_with_cookie[] = {
- 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01,
- 0x12, 0x01, 0x00, 0x01, 0x06, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01,
- 0x06, 0xfe, 0xfd, 0xfb, 0x8c, 0x9b, 0x28, 0xae, 0x50, 0x1c, 0x4d, 0xf3,
- 0xb8, 0xcf, 0x4d, 0xd8, 0x7e, 0x93, 0x13, 0x7b, 0x9e, 0xd9, 0xeb, 0xe9,
- 0x13, 0x4b, 0x0d, 0x7f, 0x2e, 0x43, 0x62, 0x8c, 0xe4, 0x57, 0x79, 0x00,
- 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0,
- 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc,
- 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
- 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00,
- 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x00,
- 0xa6, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x2c, 0x00, 0x47,
- 0x00, 0x45, 0x20, 0xee, 0x4b, 0x17, 0x70, 0x63, 0xa0, 0x4c, 0x82, 0xbf,
- 0x43, 0x01, 0x7d, 0x8d, 0xc1, 0x1b, 0x4e, 0x9b, 0xa0, 0x3c, 0x53, 0x1f,
- 0xb7, 0xd1, 0x10, 0x81, 0xa8, 0xdf, 0xdf, 0x8c, 0x7f, 0xf3, 0x11, 0x13,
- 0x01, 0x02, 0x3d, 0x3b, 0x7d, 0x14, 0x2c, 0x31, 0xb3, 0x60, 0x72, 0x4d,
- 0xe5, 0x1a, 0xb2, 0xa3, 0x61, 0x77, 0x73, 0x03, 0x40, 0x0e, 0x5f, 0xc5,
- 0x61, 0x38, 0x43, 0x56, 0x21, 0x4a, 0x95, 0xd5, 0x35, 0xa8, 0x0d, 0x00,
- 0x0d, 0x00, 0x2a, 0x00, 0x28, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02,
- 0x03, 0xfe, 0x0b, 0xfe, 0x0e, 0xfe, 0xa0, 0xfe, 0xa3, 0xfe, 0xa5, 0x08,
- 0x06, 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06,
- 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00,
- 0x18, 0x00, 0x16, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01,
- 0x00, 0x02, 0x3a, 0x02, 0x3c, 0x02, 0x3d, 0x2f, 0x3a, 0x2f, 0x3c, 0x2f,
- 0x3d, 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x00, 0x02, 0x00, 0x00
- };
- DtlsRecordLayerHeader* dtlsRH;
- byte sequence_number[8];
- XMEMSET(&sequence_number, 0, sizeof(sequence_number));
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- XMEMCPY(test_ctx.s_buff, ch_empty_keyshare_with_cookie,
- sizeof(ch_empty_keyshare_with_cookie));
- test_ctx.s_len = sizeof(ch_empty_keyshare_with_cookie);
- ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s,
- NULL, wolfDTLSv1_3_server_method), 0);
- /* CH1 */
- ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* Expect an alert. A plaintext alert should be exactly 15 bytes. */
- ExpectIntEQ(test_ctx.c_len, 15);
- dtlsRH = (DtlsRecordLayerHeader*)test_ctx.c_buff;
- ExpectIntEQ(dtlsRH->type, alert);
- ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR);
- ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR);
- sequence_number[7] = 1;
- ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number,
- sizeof(sequence_number)), 0);
- ExpectIntEQ(dtlsRH->length[0], 0);
- ExpectIntEQ(dtlsRH->length[1], 2);
- ExpectIntEQ(test_ctx.c_buff[13], alert_fatal);
- ExpectIntEQ(test_ctx.c_buff[14], illegal_parameter);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_s);
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
- defined(HAVE_LIBOQS)
- static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
- {
- int group = WOLFSSL_KYBER_LEVEL5;
- AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS);
- }
- static void test_tls13_pq_groups_on_result(WOLFSSL* ssl)
- {
- AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5");
- }
- #endif
- static int test_tls13_pq_groups(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
- defined(HAVE_LIBOQS)
- callback_functions func_cb_client;
- callback_functions func_cb_server;
- XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
- XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
- func_cb_client.method = wolfTLSv1_3_client_method;
- func_cb_server.method = wolfTLSv1_3_server_method;
- func_cb_client.ctx_ready = test_tls13_pq_groups_ctx_ready;
- func_cb_client.on_result = test_tls13_pq_groups_on_result;
- func_cb_server.on_result = test_tls13_pq_groups_on_result;
- test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
- ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
- ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
- #endif
- return EXPECT_RESULT();
- }
- static int test_tls13_early_data(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
- defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET)
- int written = 0;
- int read = 0;
- size_t i;
- int splitEarlyData;
- char msg[] = "This is early data";
- char msg2[] = "This is client data";
- char msg3[] = "This is server data";
- char msg4[] = "This is server immediate data";
- char msgBuf[50];
- struct {
- method_provider client_meth;
- method_provider server_meth;
- const char* tls_version;
- int isUdp;
- } params[] = {
- #ifdef WOLFSSL_TLS13
- { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- "TLS 1.3", 0 },
- #endif
- #ifdef WOLFSSL_DTLS13
- { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
- "DTLS 1.3", 1 },
- #endif
- };
- for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
- for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) {
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
- WOLFSSL_SESSION *sess = NULL;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version);
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
- &ssl_s, params[i].client_meth, params[i].server_meth), 0);
- /* Get a ticket so that we can do 0-RTT on the next connection */
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- /* Make sure we read the ticket */
- ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
- wolfSSL_free(ssl_c);
- ssl_c = NULL;
- wolfSSL_free(ssl_s);
- ssl_s = NULL;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- params[i].client_meth, params[i].server_meth), 0);
- ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
- #ifdef WOLFSSL_DTLS13
- if (params[i].isUdp) {
- #ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME
- ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), WOLFSSL_SUCCESS);
- #else
- /* Let's test this but we generally don't recommend turning off the
- * cookie exchange */
- ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
- #endif
- }
- #endif
- /* Test 0-RTT data */
- ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
- &written), sizeof(msg));
- ExpectIntEQ(written, sizeof(msg));
- if (splitEarlyData) {
- ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
- &written), sizeof(msg));
- ExpectIntEQ(written, sizeof(msg));
- }
- /* Read first 0-RTT data (if split otherwise entire data) */
- ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
- &read), sizeof(msg));
- ExpectIntEQ(read, sizeof(msg));
- ExpectStrEQ(msg, msgBuf);
- /* Test 0.5-RTT data */
- ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
- if (splitEarlyData) {
- /* Read second 0-RTT data */
- ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
- &read), sizeof(msg));
- ExpectIntEQ(read, sizeof(msg));
- ExpectStrEQ(msg, msgBuf);
- }
- if (params[i].isUdp) {
- ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), APP_DATA_READY);
- /* Read server 0.5-RTT data */
- ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
- ExpectStrEQ(msg4, msgBuf);
- /* Complete handshake */
- ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* Use wolfSSL_is_init_finished to check if handshake is complete. Normally
- * a user would loop until it is true but here we control both sides so we
- * just assert the expected value. wolfSSL_read_early_data does not provide
- * handshake status to us with non-blocking IO and we can't use
- * wolfSSL_accept as TLS layer may return ZERO_RETURN due to early data
- * parsing logic. */
- ExpectFalse(wolfSSL_is_init_finished(ssl_s));
- ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
- &read), 0);
- ExpectIntEQ(read, 0);
- ExpectTrue(wolfSSL_is_init_finished(ssl_s));
- ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- }
- else {
- ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
- ExpectFalse(wolfSSL_is_init_finished(ssl_s));
- ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
- &read), 0);
- ExpectIntEQ(read, 0);
- ExpectTrue(wolfSSL_is_init_finished(ssl_s));
- /* Read server 0.5-RTT data */
- ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
- ExpectStrEQ(msg4, msgBuf);
- }
- /* Test bi-directional write */
- ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
- ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));
- ExpectStrEQ(msg2, msgBuf);
- ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
- ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg3));
- ExpectStrEQ(msg3, msgBuf);
- ExpectTrue(wolfSSL_session_reused(ssl_c));
- ExpectTrue(wolfSSL_session_reused(ssl_s));
- wolfSSL_SESSION_free(sess);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- }
- }
- #endif
- return EXPECT_RESULT();
- }
- #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
- static int test_self_signed_stapling_client_v1_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), 1);
- ExpectIntEQ(wolfSSL_CTX_UseOCSPStapling(ctx, WOLFSSL_CSR_OCSP,
- WOLFSSL_CSR_OCSP_USE_NONCE), 1);
- return EXPECT_RESULT();
- }
- #endif
- #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
- static int test_self_signed_stapling_client_v2_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), 1);
- ExpectIntEQ(wolfSSL_CTX_UseOCSPStaplingV2(ctx, WOLFSSL_CSR2_OCSP,
- WOLFSSL_CSR2_OCSP_USE_NONCE), 1);
- return EXPECT_RESULT();
- }
- static int test_self_signed_stapling_client_v2_multi_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), 1);
- ExpectIntEQ(wolfSSL_CTX_UseOCSPStaplingV2(ctx, WOLFSSL_CSR2_OCSP_MULTI,
- 0), 1);
- return EXPECT_RESULT();
- }
- #endif
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
- || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
- static int test_self_signed_stapling_server_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), 1);
- return EXPECT_RESULT();
- }
- #endif
- static int test_self_signed_stapling(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
- || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- size_t i;
- struct {
- method_provider client_meth;
- method_provider server_meth;
- ctx_cb client_ctx;
- const char* tls_version;
- } params[] = {
- #if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
- { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
- test_self_signed_stapling_client_v1_ctx_ready, "TLSv1_3 v1" },
- #endif
- #ifndef WOLFSSL_NO_TLS12
- #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
- { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
- test_self_signed_stapling_client_v1_ctx_ready, "TLSv1_2 v1" },
- #endif
- #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
- { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
- test_self_signed_stapling_client_v2_ctx_ready, "TLSv1_2 v2" },
- { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
- test_self_signed_stapling_client_v2_multi_ctx_ready,
- "TLSv1_2 v2 multi" },
- #endif
- #endif
- };
- for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- printf("\nTesting self-signed cert with status request: %s\n",
- params[i].tls_version);
- client_cbf.method = params[i].client_meth;
- client_cbf.ctx_ready = params[i].client_ctx;
- server_cbf.method = params[i].server_meth;
- server_cbf.certPemFile = "certs/ca-cert.pem";
- server_cbf.keyPemFile = "certs/ca-key.pem";
- server_cbf.ctx_ready = test_self_signed_stapling_server_ctx_ready;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_tls_multi_handshakes_one_record(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
- RecordLayerHeader* rh = NULL;
- byte *len ;
- int newRecIdx = RECORD_HEADER_SZ;
- int idx = 0;
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLS_client_method, wolfTLSv1_2_server_method), 0);
- ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* Combine server handshake msgs into one record */
- while (idx < test_ctx.c_len) {
- word16 recLen;
- rh = (RecordLayerHeader*)(test_ctx.c_buff + idx);
- len = &rh->length[0];
- ato16((const byte*)len, &recLen);
- idx += RECORD_HEADER_SZ;
- XMEMMOVE(test_ctx.c_buff + newRecIdx, test_ctx.c_buff + idx,
- (size_t)recLen);
- newRecIdx += recLen;
- idx += recLen;
- }
- rh = (RecordLayerHeader*)(test_ctx.c_buff);
- len = &rh->length[0];
- c16toa(newRecIdx - RECORD_HEADER_SZ, len);
- test_ctx.c_len = newRecIdx;
- ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- #endif
- return EXPECT_RESULT();
- }
- static int test_write_dup(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_WRITE_DUP)
- size_t i, j;
- char hiWorld[] = "dup message";
- char readData[sizeof(hiWorld) + 5];
- struct {
- method_provider client_meth;
- method_provider server_meth;
- const char* version_name;
- int version;
- } methods[] = {
- #ifndef WOLFSSL_NO_TLS12
- {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", WOLFSSL_TLSV1_2},
- #endif
- #ifdef WOLFSSL_TLS13
- {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3},
- #endif
- };
- struct {
- const char* cipher;
- int version;
- } ciphers[] = {
- /* For simplicity the macros are copied from internal.h */
- /* TLS 1.2 */
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
- #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
- #ifndef NO_RSA
- {"ECDHE-RSA-CHACHA20-POLY1305", WOLFSSL_TLSV1_2},
- #endif
- #endif
- #if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH)
- {"DHE-RSA-CHACHA20-POLY1305", WOLFSSL_TLSV1_2},
- #endif
- #endif
- #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
- !defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(NO_TLS_DH)
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
- {"DHE-RSA-AES128-GCM-SHA256", WOLFSSL_TLSV1_2},
- #endif
- #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- {"DHE-RSA-AES256-GCM-SHA384", WOLFSSL_TLSV1_2},
- #endif
- #endif
- #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \
- && !defined(NO_TLS) && !defined(NO_AES)
- #ifdef HAVE_AESGCM
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
- #ifndef NO_RSA
- {"ECDHE-RSA-AES128-GCM-SHA256", WOLFSSL_TLSV1_2},
- #endif
- #endif
- #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- #ifndef NO_RSA
- {"ECDHE-RSA-AES256-GCM-SHA384", WOLFSSL_TLSV1_2},
- #endif
- #endif
- #endif
- #endif
- /* TLS 1.3 */
- #ifdef WOLFSSL_TLS13
- #ifdef HAVE_AESGCM
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
- {"TLS13-AES128-GCM-SHA256", WOLFSSL_TLSV1_3},
- #endif
- #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
- {"TLS13-AES256-GCM-SHA384", WOLFSSL_TLSV1_3},
- #endif
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- #ifndef NO_SHA256
- {"TLS13-CHACHA20-POLY1305-SHA256", WOLFSSL_TLSV1_3},
- #endif
- #endif
- #ifdef HAVE_AESCCM
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
- {"TLS13-AES128-CCM-SHA256", WOLFSSL_TLSV1_3},
- #endif
- #endif
- #endif
- };
- for (i = 0; i < XELEM_CNT(methods); i++) {
- for (j = 0; j < XELEM_CNT(ciphers) && !EXPECT_FAIL(); j++) {
- struct test_memio_ctx test_ctx;
- WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
- WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
- WOLFSSL *ssl_c2 = NULL;
- if (methods[i].version != ciphers[j].version)
- continue;
- if (i == 0 && j == 0)
- printf("\n");
- printf("Testing %s with %s... ", methods[i].version_name,
- ciphers[j].cipher);
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- test_ctx.c_ciphers = test_ctx.s_ciphers = ciphers[j].cipher;
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- methods[i].client_meth, methods[i].server_meth), 0);
- ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
- ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c));
- ExpectIntEQ(wolfSSL_write(ssl_c, hiWorld, sizeof(hiWorld)),
- WRITE_DUP_WRITE_E);
- ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)),
- sizeof(hiWorld));
- ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)),
- sizeof(hiWorld));
- ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)),
- sizeof(hiWorld));
- ExpectIntEQ(wolfSSL_read(ssl_c2, readData, sizeof(readData)),
- WRITE_DUP_READ_E);
- ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)),
- sizeof(hiWorld));
- if (EXPECT_SUCCESS())
- printf("ok\n");
- else
- printf("failed\n");
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_c2);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- }
- }
- #endif
- return EXPECT_RESULT();
- }
- static int test_read_write_hs(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
- WOLFSSL_CTX *ctx_s = NULL, *ctx_c = NULL;
- WOLFSSL *ssl_s = NULL, *ssl_c = NULL;
- struct test_memio_ctx test_ctx;
- uint8_t test_buffer[16];
- unsigned int test;
- /* test == 0 : client writes, server reads */
- /* test == 1 : server writes, client reads */
- for (test = 0; test < 2; test++) {
- XMEMSET(&test_ctx, 0, sizeof(test_ctx));
- ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
- wolfTLSv1_2_client_method,
- wolfTLSv1_2_server_method), 0);
- ExpectIntEQ(wolfSSL_set_group_messages(ssl_s), WOLFSSL_SUCCESS);
- /* CH -> */
- if (test == 0) {
- ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
- } else {
- ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
- sizeof(test_buffer)), -1);
- }
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* <- SH + SKE + SHD */
- if (test == 0) {
- ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
- sizeof(test_buffer)), -1);
- } else {
- ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), -1);
- }
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
- /* -> CKE + CLIENT FINISHED */
- if (test == 0) {
- ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
- } else {
- ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
- sizeof(test_buffer)), -1);
- }
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- /* abide clang static analyzer */
- if (ssl_s != NULL) {
- /* disable group message to separate sending of ChangeCipherspec
- * from Finished */
- ssl_s->options.groupMessages = 0;
- }
- /* allow writing of CS, but not FINISHED */
- test_ctx.c_len = TEST_MEMIO_BUF_SZ - 6;
- /* <- CS */
- if (test == 0) {
- ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
- sizeof(test_buffer)), -1);
- } else {
- ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), -1);
- }
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_WRITE);
- /* move CS message where the client can read it */
- memmove(test_ctx.c_buff,
- (test_ctx.c_buff + TEST_MEMIO_BUF_SZ - 6), 6);
- test_ctx.c_len = 6;
- /* read CS */
- if (test == 0) {
- ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1);
- } else {
- ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
- sizeof(test_buffer)), -1);
- }
- ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
- ExpectIntEQ(test_ctx.c_len, 0);
- if (test == 0) {
- /* send SERVER FINISHED */
- ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
- sizeof(test_buffer)), -1);
- ExpectIntEQ(wolfSSL_get_error(ssl_s, -1),
- WOLFSSL_ERROR_WANT_READ);
- } else {
- /* send SERVER FINISHED + App Data */
- ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), 5);
- }
- ExpectIntGT(test_ctx.c_len, 0);
- /* Send and receive the data */
- if (test == 0) {
- ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), 5);
- ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer,
- sizeof(test_buffer)), 5);
- } else {
- ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer,
- sizeof(test_buffer)), 5);
- }
- ExpectBufEQ(test_buffer, "hello", 5);
- wolfSSL_free(ssl_c);
- wolfSSL_free(ssl_s);
- wolfSSL_CTX_free(ctx_c);
- wolfSSL_CTX_free(ctx_s);
- ssl_c = ssl_s = NULL;
- ctx_c = ctx_s = NULL;
- }
- #endif
- return EXPECT_RESULT();
- }
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(OPENSSL_EXTRA)
- static const char* test_get_signature_nid_siglag;
- static int test_get_signature_nid_sig;
- static int test_get_signature_nid_hash;
- static int test_get_signature_nid_ssl_ready(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "ALL"), WOLFSSL_SUCCESS);
- if (!wolfSSL_is_server(ssl)) {
- ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl,
- test_get_signature_nid_siglag), WOLFSSL_SUCCESS);
- }
- return EXPECT_RESULT();
- }
- static int test_get_signature_nid_on_hs_client(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
- {
- EXPECT_DECLS;
- int nid = 0;
- (void)ctx;
- if (XSTRSTR(wolfSSL_get_cipher(*ssl), "TLS_RSA_") == NULL) {
- ExpectIntEQ(SSL_get_peer_signature_type_nid(*ssl, &nid), WOLFSSL_SUCCESS);
- ExpectIntEQ(nid, test_get_signature_nid_sig);
- ExpectIntEQ(SSL_get_peer_signature_nid(*ssl, &nid), WOLFSSL_SUCCESS);
- ExpectIntEQ(nid, test_get_signature_nid_hash);
- }
- else /* No sigalg info on static ciphersuite */
- return TEST_SUCCESS;
- return EXPECT_RESULT();
- }
- static int test_get_signature_nid_on_hs_server(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
- {
- EXPECT_DECLS;
- int nid = 0;
- (void)ctx;
- ExpectIntEQ(SSL_get_signature_type_nid(*ssl, &nid), WOLFSSL_SUCCESS);
- ExpectIntEQ(nid, test_get_signature_nid_sig);
- ExpectIntEQ(SSL_get_signature_nid(*ssl, &nid), WOLFSSL_SUCCESS);
- ExpectIntEQ(nid, test_get_signature_nid_hash);
- return EXPECT_RESULT();
- }
- #endif
- static int test_get_signature_nid(void)
- {
- EXPECT_DECLS;
- #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(OPENSSL_EXTRA)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- size_t i;
- #define TGSN_TLS12_RSA(sigalg, sig_nid, hash_nid) \
- { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_2, svrCertFile, svrKeyFile, \
- caCertFile }
- #define TGSN_TLS12_ECDSA(sigalg, sig_nid, hash_nid) \
- { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_2, eccCertFile, eccKeyFile, \
- caEccCertFile }
- #define TGSN_TLS13_RSA(sigalg, sig_nid, hash_nid) \
- { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, svrCertFile, svrKeyFile, \
- caCertFile }
- #define TGSN_TLS13_ECDSA(sigalg, sig_nid, hash_nid) \
- { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, eccCertFile, eccKeyFile, \
- caEccCertFile }
- #define TGSN_TLS13_ED25519(sigalg, sig_nid, hash_nid) \
- { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, edCertFile, edKeyFile, \
- caEdCertFile }
- #define TGSN_TLS13_ED448(sigalg, sig_nid, hash_nid) \
- { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, ed448CertFile, ed448KeyFile, \
- caEd448CertFile }
- struct {
- const char* siglag;
- int sig_nid;
- int hash_nid;
- int tls_ver;
- const char* server_cert;
- const char* server_key;
- const char* client_ca;
- } params[] = {
- #ifndef NO_RSA
- #ifndef NO_SHA256
- TGSN_TLS12_RSA("RSA+SHA256", NID_rsaEncryption, NID_sha256),
- #ifdef WC_RSA_PSS
- TGSN_TLS12_RSA("RSA-PSS+SHA256", NID_rsassaPss, NID_sha256),
- TGSN_TLS13_RSA("RSA-PSS+SHA256", NID_rsassaPss, NID_sha256),
- #endif
- #endif
- #ifdef WOLFSSL_SHA512
- TGSN_TLS12_RSA("RSA+SHA512", NID_rsaEncryption, NID_sha512),
- #ifdef WC_RSA_PSS
- TGSN_TLS12_RSA("RSA-PSS+SHA512", NID_rsassaPss, NID_sha512),
- TGSN_TLS13_RSA("RSA-PSS+SHA512", NID_rsassaPss, NID_sha512),
- #endif
- #endif
- #endif
- #ifdef HAVE_ECC
- #ifndef NO_SHA256
- TGSN_TLS12_ECDSA("ECDSA+SHA256", NID_X9_62_id_ecPublicKey, NID_sha256),
- TGSN_TLS13_ECDSA("ECDSA+SHA256", NID_X9_62_id_ecPublicKey, NID_sha256),
- #endif
- #endif
- #ifdef HAVE_ED25519
- TGSN_TLS13_ED25519("ED25519", NID_ED25519, NID_sha512),
- #endif
- #ifdef HAVE_ED448
- TGSN_TLS13_ED448("ED448", NID_ED448, NID_sha512),
- #endif
- };
- printf("\n");
- for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) {
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- printf("Testing %s with %s...", tls_desc[params[i].tls_ver],
- params[i].siglag);
- switch (params[i].tls_ver) {
- #ifndef WOLFSSL_NO_TLS12
- case WOLFSSL_TLSV1_2:
- client_cbf.method = wolfTLSv1_2_client_method;
- server_cbf.method = wolfTLSv1_2_server_method;
- break;
- #endif
- #ifdef WOLFSSL_TLS13
- case WOLFSSL_TLSV1_3:
- client_cbf.method = wolfTLSv1_3_client_method;
- server_cbf.method = wolfTLSv1_3_server_method;
- break;
- #endif
- default:
- printf("skipping\n");
- continue;
- }
- test_get_signature_nid_siglag = params[i].siglag;
- test_get_signature_nid_sig = params[i].sig_nid;
- test_get_signature_nid_hash = params[i].hash_nid;
- client_cbf.ssl_ready = test_get_signature_nid_ssl_ready;
- server_cbf.ssl_ready = test_get_signature_nid_ssl_ready;
- client_cbf.on_handshake = test_get_signature_nid_on_hs_client;
- server_cbf.on_handshake = test_get_signature_nid_on_hs_server;
- server_cbf.certPemFile = params[i].server_cert;
- server_cbf.keyPemFile = params[i].server_key;
- client_cbf.caPemFile = params[i].client_ca;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- if (EXPECT_SUCCESS())
- printf("passed\n");
- }
- #endif
- return EXPECT_RESULT();
- }
- #if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
- {
- #ifndef NO_MD5
- enum wc_HashType hashType = WC_HASH_TYPE_MD5;
- #elif !defined(NO_SHA)
- enum wc_HashType hashType = WC_HASH_TYPE_SHA;
- #elif !defined(NO_SHA256)
- enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
- #else
- #error "We need a digest to hash the Signer object"
- #endif
- byte hashBuf[WC_MAX_DIGEST_SIZE];
- wc_HashAlg hash;
- size_t i;
- AssertIntEQ(wc_HashInit(&hash, hashType), 0);
- for (i = 0; i < CA_TABLE_SIZE; i++) {
- Signer* cur;
- for (cur = caTable[i]; cur != NULL; cur = cur->next)
- AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)cur,
- sizeof(*cur)), 0);
- }
- AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
- AssertIntEQ(wc_HashFree(&hash, hashType), 0);
- return MakeWordFromHash(hashBuf);
- }
- static word32 test_tls_cert_store_unchanged_before_hashes[2];
- static size_t test_tls_cert_store_unchanged_before_hashes_idx;
- static word32 test_tls_cert_store_unchanged_after_hashes[2];
- static size_t test_tls_cert_store_unchanged_after_hashes_idx;
- static int test_tls_cert_store_unchanged_ctx_ready(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectIntNE(test_tls_cert_store_unchanged_before_hashes
- [test_tls_cert_store_unchanged_before_hashes_idx++] =
- test_tls_cert_store_unchanged_HashCaTable(ctx->cm->caTable), 0);
- wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER |
- WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
- return EXPECT_RESULT();
- }
- static int test_tls_cert_store_unchanged_ctx_cleanup(WOLFSSL_CTX* ctx)
- {
- EXPECT_DECLS;
- ExpectIntEQ(wolfSSL_CTX_UnloadIntermediateCerts(ctx), WOLFSSL_SUCCESS);
- ExpectIntNE(test_tls_cert_store_unchanged_after_hashes
- [test_tls_cert_store_unchanged_after_hashes_idx++] =
- test_tls_cert_store_unchanged_HashCaTable(ctx->cm->caTable), 0);
- return EXPECT_RESULT();
- }
- static int test_tls_cert_store_unchanged_on_hs(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
- {
- EXPECT_DECLS;
- WOLFSSL_CERT_MANAGER* cm;
- (void)ssl;
- /* WARNING: this approach bypasses the reference counter check in
- * wolfSSL_CTX_UnloadIntermediateCerts. It is not recommended as it may
- * cause unexpected behaviour when other active connections try accessing
- * the caTable. */
- ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(*ctx));
- ExpectIntEQ(wolfSSL_CertManagerUnloadIntermediateCerts(cm),
- WOLFSSL_SUCCESS);
- ExpectIntNE(test_tls_cert_store_unchanged_after_hashes
- [test_tls_cert_store_unchanged_after_hashes_idx++] =
- test_tls_cert_store_unchanged_HashCaTable((*ctx)->cm->caTable), 0);
- return EXPECT_RESULT();
- }
- static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
- {
- EXPECT_DECLS;
- WOLFSSL_CTX* ctx;
- ExpectNotNull(ctx = wolfSSL_get_SSL_CTX(ssl));
- return EXPECT_RESULT();
- }
- #endif
- static int test_tls_cert_store_unchanged(void)
- {
- EXPECT_DECLS;
- #if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- test_ssl_cbf client_cbf;
- test_ssl_cbf server_cbf;
- int i;
- for (i = 0; i < 2; i++) {
- XMEMSET(&client_cbf, 0, sizeof(client_cbf));
- XMEMSET(&server_cbf, 0, sizeof(server_cbf));
- test_tls_cert_store_unchanged_before_hashes_idx = 0;
- XMEMSET(test_tls_cert_store_unchanged_before_hashes, 0,
- sizeof(test_tls_cert_store_unchanged_before_hashes));
- test_tls_cert_store_unchanged_after_hashes_idx = 0;
- XMEMSET(test_tls_cert_store_unchanged_after_hashes, 0,
- sizeof(test_tls_cert_store_unchanged_after_hashes));
- client_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready;
- server_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready;
- client_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
- server_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
- switch (i) {
- case 0:
- client_cbf.on_ctx_cleanup =
- test_tls_cert_store_unchanged_ctx_cleanup;
- server_cbf.on_ctx_cleanup =
- test_tls_cert_store_unchanged_ctx_cleanup;
- break;
- case 1:
- client_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
- server_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
- break;
- default:
- Fail(("Should not enter here"), ("Entered here"));
- }
- client_cbf.certPemFile = "certs/intermediate/client-chain.pem";
- server_cbf.certPemFile = "certs/intermediate/server-chain.pem";
- server_cbf.caPemFile = caCertFile;
- ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
- &server_cbf, NULL), TEST_SUCCESS);
- ExpectBufEQ(test_tls_cert_store_unchanged_before_hashes,
- test_tls_cert_store_unchanged_after_hashes,
- sizeof(test_tls_cert_store_unchanged_after_hashes));
- }
- #endif
- return EXPECT_RESULT();
- }
- /*----------------------------------------------------------------------------*
- | Main
- *----------------------------------------------------------------------------*/
- typedef int (*TEST_FUNC)(void);
- typedef struct {
- const char *name;
- TEST_FUNC func;
- byte run:1;
- byte fail:1;
- } TEST_CASE;
- #define TEST_DECL(func) { #func, func, 0, 0 }
- int testAll = 1;
- TEST_CASE testCases[] = {
- TEST_DECL(test_fileAccess),
- /*********************************
- * wolfcrypt
- *********************************/
- TEST_DECL(test_ForceZero),
- TEST_DECL(test_wolfCrypt_Init),
- /* Locking with Compat Mutex */
- TEST_DECL(test_wc_SetMutexCb),
- TEST_DECL(test_wc_LockMutex_ex),
- /* Digests */
- TEST_DECL(test_wc_InitMd5),
- TEST_DECL(test_wc_Md5Update),
- TEST_DECL(test_wc_Md5Final),
- TEST_DECL(test_wc_InitSha),
- TEST_DECL(test_wc_ShaUpdate),
- TEST_DECL(test_wc_ShaFinal),
- TEST_DECL(test_wc_InitSha256),
- TEST_DECL(test_wc_Sha256Update),
- TEST_DECL(test_wc_Sha256Final),
- TEST_DECL(test_wc_Sha256FinalRaw),
- TEST_DECL(test_wc_Sha256GetFlags),
- TEST_DECL(test_wc_Sha256Free),
- TEST_DECL(test_wc_Sha256GetHash),
- TEST_DECL(test_wc_Sha256Copy),
- TEST_DECL(test_wc_InitSha224),
- TEST_DECL(test_wc_Sha224Update),
- TEST_DECL(test_wc_Sha224Final),
- TEST_DECL(test_wc_Sha224SetFlags),
- TEST_DECL(test_wc_Sha224GetFlags),
- TEST_DECL(test_wc_Sha224Free),
- TEST_DECL(test_wc_Sha224GetHash),
- TEST_DECL(test_wc_Sha224Copy),
- TEST_DECL(test_wc_InitSha512),
- TEST_DECL(test_wc_Sha512Update),
- TEST_DECL(test_wc_Sha512Final),
- TEST_DECL(test_wc_Sha512GetFlags),
- TEST_DECL(test_wc_Sha512FinalRaw),
- TEST_DECL(test_wc_Sha512Free),
- TEST_DECL(test_wc_Sha512GetHash),
- TEST_DECL(test_wc_Sha512Copy),
- TEST_DECL(test_wc_InitSha512_224),
- TEST_DECL(test_wc_Sha512_224Update),
- TEST_DECL(test_wc_Sha512_224Final),
- TEST_DECL(test_wc_Sha512_224GetFlags),
- TEST_DECL(test_wc_Sha512_224FinalRaw),
- TEST_DECL(test_wc_Sha512_224Free),
- TEST_DECL(test_wc_Sha512_224GetHash),
- TEST_DECL(test_wc_Sha512_224Copy),
- TEST_DECL(test_wc_InitSha512_256),
- TEST_DECL(test_wc_Sha512_256Update),
- TEST_DECL(test_wc_Sha512_256Final),
- TEST_DECL(test_wc_Sha512_256GetFlags),
- TEST_DECL(test_wc_Sha512_256FinalRaw),
- TEST_DECL(test_wc_Sha512_256Free),
- TEST_DECL(test_wc_Sha512_256GetHash),
- TEST_DECL(test_wc_Sha512_256Copy),
- TEST_DECL(test_wc_InitSha384),
- TEST_DECL(test_wc_Sha384Update),
- TEST_DECL(test_wc_Sha384Final),
- TEST_DECL(test_wc_Sha384GetFlags),
- TEST_DECL(test_wc_Sha384FinalRaw),
- TEST_DECL(test_wc_Sha384Free),
- TEST_DECL(test_wc_Sha384GetHash),
- TEST_DECL(test_wc_Sha384Copy),
- TEST_DECL(test_wc_InitBlake2b),
- TEST_DECL(test_wc_InitBlake2b_WithKey),
- TEST_DECL(test_wc_InitBlake2s_WithKey),
- TEST_DECL(test_wc_InitRipeMd),
- TEST_DECL(test_wc_RipeMdUpdate),
- TEST_DECL(test_wc_RipeMdFinal),
- TEST_DECL(test_wc_InitSha3),
- TEST_DECL(testing_wc_Sha3_Update),
- TEST_DECL(test_wc_Sha3_224_Final),
- TEST_DECL(test_wc_Sha3_256_Final),
- TEST_DECL(test_wc_Sha3_384_Final),
- TEST_DECL(test_wc_Sha3_512_Final),
- TEST_DECL(test_wc_Sha3_224_Copy),
- TEST_DECL(test_wc_Sha3_256_Copy),
- TEST_DECL(test_wc_Sha3_384_Copy),
- TEST_DECL(test_wc_Sha3_512_Copy),
- TEST_DECL(test_wc_Sha3_GetFlags),
- TEST_DECL(test_wc_InitShake256),
- TEST_DECL(testing_wc_Shake256_Update),
- TEST_DECL(test_wc_Shake256_Final),
- TEST_DECL(test_wc_Shake256_Copy),
- TEST_DECL(test_wc_Shake256Hash),
- /* SM3 Digest */
- TEST_DECL(test_wc_InitSm3Free),
- TEST_DECL(test_wc_Sm3UpdateFinal),
- TEST_DECL(test_wc_Sm3GetHash),
- TEST_DECL(test_wc_Sm3Copy),
- TEST_DECL(test_wc_Sm3FinalRaw),
- TEST_DECL(test_wc_Sm3GetSetFlags),
- TEST_DECL(test_wc_Sm3Hash),
- TEST_DECL(test_wc_HashInit),
- TEST_DECL(test_wc_HashSetFlags),
- TEST_DECL(test_wc_HashGetFlags),
- /* HMAC */
- TEST_DECL(test_wc_Md5HmacSetKey),
- TEST_DECL(test_wc_Md5HmacUpdate),
- TEST_DECL(test_wc_Md5HmacFinal),
- TEST_DECL(test_wc_ShaHmacSetKey),
- TEST_DECL(test_wc_ShaHmacUpdate),
- TEST_DECL(test_wc_ShaHmacFinal),
- TEST_DECL(test_wc_Sha224HmacSetKey),
- TEST_DECL(test_wc_Sha224HmacUpdate),
- TEST_DECL(test_wc_Sha224HmacFinal),
- TEST_DECL(test_wc_Sha256HmacSetKey),
- TEST_DECL(test_wc_Sha256HmacUpdate),
- TEST_DECL(test_wc_Sha256HmacFinal),
- TEST_DECL(test_wc_Sha384HmacSetKey),
- TEST_DECL(test_wc_Sha384HmacUpdate),
- TEST_DECL(test_wc_Sha384HmacFinal),
- /* CMAC */
- TEST_DECL(test_wc_InitCmac),
- TEST_DECL(test_wc_CmacUpdate),
- TEST_DECL(test_wc_CmacFinal),
- TEST_DECL(test_wc_AesCmacGenerate),
- /* Cipher */
- TEST_DECL(test_wc_AesGcmStream),
- TEST_DECL(test_wc_Des3_SetIV),
- TEST_DECL(test_wc_Des3_SetKey),
- TEST_DECL(test_wc_Des3_CbcEncryptDecrypt),
- TEST_DECL(test_wc_Des3_CbcEncryptDecryptWithKey),
- TEST_DECL(test_wc_Des3_EcbEncrypt),
- TEST_DECL(test_wc_Chacha_SetKey),
- TEST_DECL(test_wc_Chacha_Process),
- TEST_DECL(test_wc_ChaCha20Poly1305_aead),
- TEST_DECL(test_wc_Poly1305SetKey),
- TEST_DECL(test_wc_CamelliaSetKey),
- TEST_DECL(test_wc_CamelliaSetIV),
- TEST_DECL(test_wc_CamelliaEncryptDecryptDirect),
- TEST_DECL(test_wc_CamelliaCbcEncryptDecrypt),
- TEST_DECL(test_wc_Arc4SetKey),
- TEST_DECL(test_wc_Arc4Process),
- TEST_DECL(test_wc_Rc2SetKey),
- TEST_DECL(test_wc_Rc2SetIV),
- TEST_DECL(test_wc_Rc2EcbEncryptDecrypt),
- TEST_DECL(test_wc_Rc2CbcEncryptDecrypt),
- /* AES cipher and GMAC. */
- TEST_DECL(test_wc_AesSetKey),
- TEST_DECL(test_wc_AesSetIV),
- TEST_DECL(test_wc_AesCbcEncryptDecrypt),
- TEST_DECL(test_wc_AesCtrEncryptDecrypt),
- TEST_DECL(test_wc_AesGcmSetKey),
- TEST_DECL(test_wc_AesGcmEncryptDecrypt),
- TEST_DECL(test_wc_AesGcmMixedEncDecLongIV),
- TEST_DECL(test_wc_GmacSetKey),
- TEST_DECL(test_wc_GmacUpdate),
- TEST_DECL(test_wc_AesCcmSetKey),
- TEST_DECL(test_wc_AesCcmEncryptDecrypt),
- #if defined(WOLFSSL_AES_EAX) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
- TEST_DECL(test_wc_AesEaxVectors),
- TEST_DECL(test_wc_AesEaxEncryptAuth),
- TEST_DECL(test_wc_AesEaxDecryptAuth),
- #endif /* WOLFSSL_AES_EAX */
- /* SM4 cipher */
- TEST_DECL(test_wc_Sm4),
- TEST_DECL(test_wc_Sm4Ecb),
- TEST_DECL(test_wc_Sm4Cbc),
- TEST_DECL(test_wc_Sm4Ctr),
- TEST_DECL(test_wc_Sm4Gcm),
- TEST_DECL(test_wc_Sm4Ccm),
- /* RNG tests */
- #ifdef HAVE_HASHDRBG
- #ifdef TEST_RESEED_INTERVAL
- TEST_DECL(test_wc_RNG_GenerateBlock_Reseed),
- #endif
- TEST_DECL(test_wc_RNG_GenerateBlock),
- #endif
- TEST_DECL(test_get_rand_digit),
- TEST_DECL(test_wc_InitRngNonce),
- TEST_DECL(test_wc_InitRngNonce_ex),
- /* MP API tests */
- TEST_DECL(test_get_digit_count),
- TEST_DECL(test_mp_cond_copy),
- TEST_DECL(test_mp_rand),
- TEST_DECL(test_get_digit),
- TEST_DECL(test_wc_export_int),
- /* RSA */
- TEST_DECL(test_wc_InitRsaKey),
- TEST_DECL(test_wc_RsaPrivateKeyDecode),
- TEST_DECL(test_wc_RsaPublicKeyDecode),
- TEST_DECL(test_wc_RsaPublicKeyDecodeRaw),
- TEST_DECL(test_wc_MakeRsaKey),
- TEST_DECL(test_wc_CheckProbablePrime),
- TEST_DECL(test_wc_RsaPSS_Verify),
- TEST_DECL(test_wc_RsaPSS_VerifyCheck),
- TEST_DECL(test_wc_RsaPSS_VerifyCheckInline),
- TEST_DECL(test_wc_RsaKeyToDer),
- TEST_DECL(test_wc_RsaKeyToPublicDer),
- TEST_DECL(test_wc_RsaPublicEncryptDecrypt),
- TEST_DECL(test_wc_RsaPublicEncryptDecrypt_ex),
- TEST_DECL(test_wc_RsaEncryptSize),
- TEST_DECL(test_wc_RsaSSL_SignVerify),
- TEST_DECL(test_wc_RsaFlattenPublicKey),
- TEST_DECL(test_RsaDecryptBoundsCheck),
- /* DSA */
- TEST_DECL(test_wc_InitDsaKey),
- TEST_DECL(test_wc_DsaSignVerify),
- TEST_DECL(test_wc_DsaPublicPrivateKeyDecode),
- TEST_DECL(test_wc_MakeDsaKey),
- TEST_DECL(test_wc_DsaKeyToDer),
- TEST_DECL(test_wc_DsaKeyToPublicDer),
- TEST_DECL(test_wc_DsaImportParamsRaw),
- TEST_DECL(test_wc_DsaImportParamsRawCheck),
- TEST_DECL(test_wc_DsaExportParamsRaw),
- TEST_DECL(test_wc_DsaExportKeyRaw),
- /* DH */
- TEST_DECL(test_wc_DhPublicKeyDecode),
- /* wolfCrypt ECC tests */
- TEST_DECL(test_wc_ecc_get_curve_size_from_name),
- TEST_DECL(test_wc_ecc_get_curve_id_from_name),
- TEST_DECL(test_wc_ecc_get_curve_id_from_params),
- #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
- !defined(HAVE_SELFTEST) && \
- !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
- TEST_DECL(test_wc_ecc_get_curve_id_from_dp_params),
- #endif
- TEST_DECL(test_wc_ecc_make_key),
- TEST_DECL(test_wc_ecc_init),
- TEST_DECL(test_wc_ecc_check_key),
- TEST_DECL(test_wc_ecc_get_generator),
- TEST_DECL(test_wc_ecc_size),
- TEST_DECL(test_wc_ecc_params),
- TEST_DECL(test_wc_ecc_signVerify_hash),
- TEST_DECL(test_wc_ecc_shared_secret),
- TEST_DECL(test_wc_ecc_export_x963),
- TEST_DECL(test_wc_ecc_export_x963_ex),
- TEST_DECL(test_wc_ecc_import_x963),
- TEST_DECL(test_wc_ecc_import_private_key),
- TEST_DECL(test_wc_ecc_export_private_only),
- TEST_DECL(test_wc_ecc_rs_to_sig),
- TEST_DECL(test_wc_ecc_import_raw),
- TEST_DECL(test_wc_ecc_import_unsigned),
- TEST_DECL(test_wc_ecc_sig_size),
- TEST_DECL(test_wc_ecc_ctx_new),
- TEST_DECL(test_wc_ecc_ctx_reset),
- TEST_DECL(test_wc_ecc_ctx_set_peer_salt),
- TEST_DECL(test_wc_ecc_ctx_set_info),
- TEST_DECL(test_wc_ecc_encryptDecrypt),
- TEST_DECL(test_wc_ecc_del_point),
- TEST_DECL(test_wc_ecc_pointFns),
- TEST_DECL(test_wc_ecc_shared_secret_ssh),
- TEST_DECL(test_wc_ecc_verify_hash_ex),
- TEST_DECL(test_wc_ecc_mulmod),
- TEST_DECL(test_wc_ecc_is_valid_idx),
- TEST_DECL(test_wc_ecc_get_curve_id_from_oid),
- TEST_DECL(test_wc_ecc_sig_size_calc),
- TEST_DECL(test_wc_EccPrivateKeyToDer),
- /* SM2 elliptic curve */
- TEST_DECL(test_wc_ecc_sm2_make_key),
- TEST_DECL(test_wc_ecc_sm2_shared_secret),
- TEST_DECL(test_wc_ecc_sm2_create_digest),
- TEST_DECL(test_wc_ecc_sm2_verify_hash_ex),
- TEST_DECL(test_wc_ecc_sm2_verify_hash),
- TEST_DECL(test_wc_ecc_sm2_sign_hash_ex),
- TEST_DECL(test_wc_ecc_sm2_sign_hash),
- /* Curve25519 */
- TEST_DECL(test_wc_curve25519_init),
- TEST_DECL(test_wc_curve25519_size),
- TEST_DECL(test_wc_curve25519_export_key_raw),
- TEST_DECL(test_wc_curve25519_export_key_raw_ex),
- TEST_DECL(test_wc_curve25519_make_key),
- TEST_DECL(test_wc_curve25519_shared_secret_ex),
- TEST_DECL(test_wc_curve25519_make_pub),
- TEST_DECL(test_wc_curve25519_export_public_ex),
- TEST_DECL(test_wc_curve25519_export_private_raw_ex),
- TEST_DECL(test_wc_curve25519_import_private_raw_ex),
- TEST_DECL(test_wc_curve25519_import_private),
- /* ED25519 */
- TEST_DECL(test_wc_ed25519_make_key),
- TEST_DECL(test_wc_ed25519_init),
- TEST_DECL(test_wc_ed25519_sign_msg),
- TEST_DECL(test_wc_ed25519_import_public),
- TEST_DECL(test_wc_ed25519_import_private_key),
- TEST_DECL(test_wc_ed25519_export),
- TEST_DECL(test_wc_ed25519_size),
- TEST_DECL(test_wc_ed25519_exportKey),
- TEST_DECL(test_wc_Ed25519PublicKeyToDer),
- TEST_DECL(test_wc_Ed25519KeyToDer),
- TEST_DECL(test_wc_Ed25519PrivateKeyToDer),
- /* Curve448 */
- TEST_DECL(test_wc_curve448_make_key),
- TEST_DECL(test_wc_curve448_shared_secret_ex),
- TEST_DECL(test_wc_curve448_export_public_ex),
- TEST_DECL(test_wc_curve448_export_private_raw_ex),
- TEST_DECL(test_wc_curve448_export_key_raw),
- TEST_DECL(test_wc_curve448_import_private_raw_ex),
- TEST_DECL(test_wc_curve448_import_private),
- TEST_DECL(test_wc_curve448_init),
- TEST_DECL(test_wc_curve448_size),
- /* Ed448 */
- TEST_DECL(test_wc_ed448_make_key),
- TEST_DECL(test_wc_ed448_init),
- TEST_DECL(test_wc_ed448_sign_msg),
- TEST_DECL(test_wc_ed448_import_public),
- TEST_DECL(test_wc_ed448_import_private_key),
- TEST_DECL(test_wc_ed448_export),
- TEST_DECL(test_wc_ed448_size),
- TEST_DECL(test_wc_ed448_exportKey),
- TEST_DECL(test_wc_Ed448PublicKeyToDer),
- TEST_DECL(test_wc_Ed448KeyToDer),
- TEST_DECL(test_wc_Ed448PrivateKeyToDer),
- /* Signature API */
- TEST_DECL(test_wc_SignatureGetSize_ecc),
- TEST_DECL(test_wc_SignatureGetSize_rsa),
- /* PEM and DER APIs. */
- TEST_DECL(test_wc_PemToDer),
- TEST_DECL(test_wc_AllocDer),
- TEST_DECL(test_wc_CertPemToDer),
- TEST_DECL(test_wc_KeyPemToDer),
- TEST_DECL(test_wc_PubKeyPemToDer),
- TEST_DECL(test_wc_PemPubKeyToDer),
- TEST_DECL(test_wc_GetPubKeyDerFromCert),
- TEST_DECL(test_wc_CheckCertSigPubKey),
- /* wolfCrypt ASN tests */
- TEST_DECL(test_ToTraditional),
- TEST_DECL(test_wc_CreateEncryptedPKCS8Key),
- TEST_DECL(test_wc_GetPkcs8TraditionalOffset),
- /* Certificate */
- TEST_DECL(test_wc_SetSubjectRaw),
- TEST_DECL(test_wc_GetSubjectRaw),
- TEST_DECL(test_wc_SetIssuerRaw),
- TEST_DECL(test_wc_SetIssueBuffer),
- TEST_DECL(test_wc_SetSubjectKeyId),
- TEST_DECL(test_wc_SetSubject),
- TEST_DECL(test_CheckCertSignature),
- TEST_DECL(test_wc_ParseCert),
- TEST_DECL(test_wc_ParseCert_Error),
- TEST_DECL(test_MakeCertWithPathLen),
- TEST_DECL(test_MakeCertWithCaFalse),
- TEST_DECL(test_wc_SetKeyUsage),
- TEST_DECL(test_wc_SetAuthKeyIdFromPublicKey_ex),
- TEST_DECL(test_wc_SetSubjectBuffer),
- TEST_DECL(test_wc_SetSubjectKeyIdFromPublicKey_ex),
- /* wolfcrypt PKCS#7 */
- TEST_DECL(test_wc_PKCS7_New),
- TEST_DECL(test_wc_PKCS7_Init),
- TEST_DECL(test_wc_PKCS7_InitWithCert),
- TEST_DECL(test_wc_PKCS7_EncodeData),
- TEST_DECL(test_wc_PKCS7_EncodeSignedData),
- TEST_DECL(test_wc_PKCS7_EncodeSignedData_ex),
- TEST_DECL(test_wc_PKCS7_VerifySignedData_RSA),
- TEST_DECL(test_wc_PKCS7_VerifySignedData_ECC),
- TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData),
- TEST_DECL(test_wc_PKCS7_EncodeEncryptedData),
- TEST_DECL(test_wc_PKCS7_Degenerate),
- TEST_DECL(test_wc_PKCS7_BER),
- TEST_DECL(test_wc_PKCS7_signed_enveloped),
- TEST_DECL(test_wc_PKCS7_NoDefaultSignedAttribs),
- TEST_DECL(test_wc_PKCS7_SetOriEncryptCtx),
- TEST_DECL(test_wc_PKCS7_SetOriDecryptCtx),
- TEST_DECL(test_wc_PKCS7_DecodeCompressedData),
- /* wolfCrypt PKCS#12 */
- TEST_DECL(test_wc_i2d_PKCS12),
- /*
- * test_wolfCrypt_Cleanup needs to come after the above wolfCrypt tests to
- * avoid memory leaks.
- */
- TEST_DECL(test_wolfCrypt_Cleanup),
- TEST_DECL(test_wolfSSL_Init),
- TEST_DECL(test_dual_alg_support),
- /*********************************
- * OpenSSL compatibility API tests
- *********************************/
- /* If at some point a stub get implemented this test should fail indicating
- * a need to implement a new test case
- */
- TEST_DECL(test_stubs_are_stubs),
- /* ASN.1 compatibility API tests */
- TEST_DECL(test_wolfSSL_ASN1_BIT_STRING),
- TEST_DECL(test_wolfSSL_ASN1_INTEGER),
- TEST_DECL(test_wolfSSL_ASN1_INTEGER_cmp),
- TEST_DECL(test_wolfSSL_ASN1_INTEGER_BN),
- TEST_DECL(test_wolfSSL_ASN1_INTEGER_get_set),
- TEST_DECL(test_wolfSSL_d2i_ASN1_INTEGER),
- TEST_DECL(test_wolfSSL_a2i_ASN1_INTEGER),
- TEST_DECL(test_wolfSSL_i2c_ASN1_INTEGER),
- TEST_DECL(test_wolfSSL_ASN1_OBJECT),
- TEST_DECL(test_wolfSSL_ASN1_get_object),
- TEST_DECL(test_wolfSSL_i2a_ASN1_OBJECT),
- TEST_DECL(test_wolfSSL_i2t_ASN1_OBJECT),
- TEST_DECL(test_wolfSSL_sk_ASN1_OBJECT),
- TEST_DECL(test_wolfSSL_ASN1_STRING),
- TEST_DECL(test_wolfSSL_ASN1_STRING_to_UTF8),
- TEST_DECL(test_wolfSSL_i2s_ASN1_STRING),
- TEST_DECL(test_wolfSSL_ASN1_STRING_canon),
- TEST_DECL(test_wolfSSL_ASN1_STRING_print),
- TEST_DECL(test_wolfSSL_ASN1_STRING_print_ex),
- TEST_DECL(test_wolfSSL_ASN1_UNIVERSALSTRING_to_string),
- TEST_DECL(test_wolfSSL_ASN1_GENERALIZEDTIME_free),
- TEST_DECL(test_wolfSSL_ASN1_GENERALIZEDTIME_print),
- TEST_DECL(test_wolfSSL_ASN1_TIME),
- TEST_DECL(test_wolfSSL_ASN1_TIME_to_string),
- TEST_DECL(test_wolfSSL_ASN1_TIME_diff_compare),
- TEST_DECL(test_wolfSSL_ASN1_TIME_adj),
- TEST_DECL(test_wolfSSL_ASN1_TIME_to_tm),
- TEST_DECL(test_wolfSSL_ASN1_TIME_to_generalizedtime),
- TEST_DECL(test_wolfSSL_ASN1_TIME_print),
- TEST_DECL(test_wolfSSL_ASN1_UTCTIME_print),
- TEST_DECL(test_wolfSSL_ASN1_TYPE),
- TEST_DECL(test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS),
- TEST_DECL(test_wolfSSL_lhash),
- TEST_DECL(test_wolfSSL_certs),
- TEST_DECL(test_wolfSSL_private_keys),
- TEST_DECL(test_wolfSSL_PEM_read_PrivateKey),
- TEST_DECL(test_wolfSSL_PEM_read_RSA_PUBKEY),
- TEST_DECL(test_wolfSSL_PEM_read_PUBKEY),
- TEST_DECL(test_wolfSSL_PEM_PrivateKey),
- TEST_DECL(test_wolfSSL_PEM_file_RSAKey),
- TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey),
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_BIO),
- TEST_DECL(test_wolfSSL_BIO_BIO_ring_read),
- TEST_DECL(test_wolfSSL_PEM_read_bio),
- TEST_DECL(test_wolfSSL_PEM_bio_RSAKey),
- TEST_DECL(test_wolfSSL_PEM_bio_DSAKey),
- TEST_DECL(test_wolfSSL_PEM_bio_ECKey),
- TEST_DECL(test_wolfSSL_PEM_bio_RSAPrivateKey),
- TEST_DECL(test_wolfSSL_PEM_PUBKEY),
- #endif
- /* EVP API testing */
- TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_new),
- TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_free),
- TEST_DECL(test_wolfSSL_EVP_EncodeInit),
- TEST_DECL(test_wolfSSL_EVP_EncodeUpdate),
- TEST_DECL(test_wolfSSL_EVP_EncodeFinal),
- TEST_DECL(test_wolfSSL_EVP_DecodeInit),
- TEST_DECL(test_wolfSSL_EVP_DecodeUpdate),
- TEST_DECL(test_wolfSSL_EVP_DecodeFinal),
- TEST_DECL(test_wolfSSL_EVP_shake128),
- TEST_DECL(test_wolfSSL_EVP_shake256),
- TEST_DECL(test_wolfSSL_EVP_sm3),
- TEST_DECL(test_EVP_blake2),
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_EVP_md4),
- TEST_DECL(test_wolfSSL_EVP_ripemd160),
- TEST_DECL(test_wolfSSL_EVP_get_digestbynid),
- TEST_DECL(test_wolfSSL_EVP_MD_nid),
- TEST_DECL(test_wolfSSL_EVP_DigestFinal_ex),
- #endif
- TEST_DECL(test_EVP_MD_do_all),
- TEST_DECL(test_wolfSSL_EVP_MD_size),
- TEST_DECL(test_wolfSSL_EVP_MD_pkey_type),
- TEST_DECL(test_wolfSSL_EVP_Digest),
- TEST_DECL(test_wolfSSL_EVP_Digest_all),
- TEST_DECL(test_wolfSSL_EVP_MD_hmac_signing),
- TEST_DECL(test_wolfSSL_EVP_MD_rsa_signing),
- TEST_DECL(test_wolfSSL_EVP_MD_ecc_signing),
- TEST_DECL(test_wolfssl_EVP_aes_gcm),
- TEST_DECL(test_wolfssl_EVP_aes_gcm_AAD_2_parts),
- TEST_DECL(test_wolfssl_EVP_aes_gcm_zeroLen),
- TEST_DECL(test_wolfssl_EVP_aes_ccm),
- TEST_DECL(test_wolfssl_EVP_aes_ccm_zeroLen),
- TEST_DECL(test_wolfssl_EVP_chacha20),
- TEST_DECL(test_wolfssl_EVP_chacha20_poly1305),
- TEST_DECL(test_wolfssl_EVP_sm4_ecb),
- TEST_DECL(test_wolfssl_EVP_sm4_cbc),
- TEST_DECL(test_wolfssl_EVP_sm4_ctr),
- TEST_DECL(test_wolfssl_EVP_sm4_gcm_zeroLen),
- TEST_DECL(test_wolfssl_EVP_sm4_gcm),
- TEST_DECL(test_wolfssl_EVP_sm4_ccm_zeroLen),
- TEST_DECL(test_wolfssl_EVP_sm4_ccm),
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_EVP_aes_256_gcm),
- TEST_DECL(test_wolfSSL_EVP_aes_192_gcm),
- TEST_DECL(test_wolfSSL_EVP_aes_256_ccm),
- TEST_DECL(test_wolfSSL_EVP_aes_192_ccm),
- TEST_DECL(test_wolfSSL_EVP_aes_128_ccm),
- TEST_DECL(test_wolfSSL_EVP_rc4),
- TEST_DECL(test_wolfSSL_EVP_enc_null),
- TEST_DECL(test_wolfSSL_EVP_rc2_cbc),
- TEST_DECL(test_wolfSSL_EVP_mdc2),
- TEST_DECL(test_evp_cipher_aes_gcm),
- #endif
- TEST_DECL(test_wolfssl_EVP_aria_gcm),
- TEST_DECL(test_wolfSSL_EVP_Cipher_extra),
- #ifdef OPENSSL_EXTRA
- TEST_DECL(test_wolfSSL_EVP_get_cipherbynid),
- TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX),
- #endif
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_iv_length),
- TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_key_length),
- TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_set_iv),
- TEST_DECL(test_wolfSSL_EVP_CIPHER_block_size),
- TEST_DECL(test_wolfSSL_EVP_CIPHER_iv_length),
- TEST_DECL(test_wolfSSL_EVP_X_STATE),
- TEST_DECL(test_wolfSSL_EVP_X_STATE_LEN),
- TEST_DECL(test_wolfSSL_EVP_BytesToKey),
- #endif
- TEST_DECL(test_wolfSSL_EVP_PKEY_print_public),
- TEST_DECL(test_wolfSSL_EVP_PKEY_new_mac_key),
- TEST_DECL(test_wolfSSL_EVP_PKEY_new_CMAC_key),
- TEST_DECL(test_wolfSSL_EVP_PKEY_up_ref),
- TEST_DECL(test_wolfSSL_EVP_PKEY_hkdf),
- TEST_DECL(test_wolfSSL_EVP_PKEY_derive),
- TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey),
- TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey_ecc),
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_d2i_PUBKEY),
- #endif
- TEST_DECL(test_wolfSSL_d2i_and_i2d_DSAparams),
- TEST_DECL(test_wolfSSL_i2d_PrivateKey),
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_d2i_PrivateKeys_bio),
- #endif /* !NO_BIO */
- #endif
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DSA),
- TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY),
- TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DH),
- TEST_DECL(test_wolfSSL_EVP_PKEY_assign),
- TEST_DECL(test_wolfSSL_EVP_PKEY_assign_DH),
- TEST_DECL(test_wolfSSL_EVP_PKEY_base_id),
- TEST_DECL(test_wolfSSL_EVP_PKEY_id),
- TEST_DECL(test_wolfSSL_EVP_PKEY_paramgen),
- TEST_DECL(test_wolfSSL_EVP_PKEY_keygen),
- TEST_DECL(test_wolfSSL_EVP_PKEY_keygen_init),
- TEST_DECL(test_wolfSSL_EVP_PKEY_missing_parameters),
- TEST_DECL(test_wolfSSL_EVP_PKEY_copy_parameters),
- TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits),
- TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_new_id),
- TEST_DECL(test_wolfSSL_EVP_PKEY_get0_EC_KEY),
- #endif
- TEST_DECL(test_EVP_PKEY_rsa),
- TEST_DECL(test_EVP_PKEY_ec),
- TEST_DECL(test_wolfSSL_EVP_PKEY_encrypt),
- TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_rsa),
- TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_dsa),
- TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_ec),
- TEST_DECL(test_EVP_PKEY_cmp),
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_EVP_SignInit_ex),
- TEST_DECL(test_wolfSSL_EVP_PKEY_param_check),
- TEST_DECL(test_wolfSSL_QT_EVP_PKEY_CTX_free),
- #endif
- TEST_DECL(test_wolfSSL_EVP_PBE_scrypt),
- TEST_DECL(test_wolfSSL_CTX_add_extra_chain_cert),
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- TEST_DECL(test_wolfSSL_ERR_peek_last_error_line),
- #endif
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_ERR_print_errors_cb),
- TEST_DECL(test_wolfSSL_GetLoggingCb),
- TEST_DECL(test_WOLFSSL_ERROR_MSG),
- TEST_DECL(test_wc_ERR_remove_state),
- TEST_DECL(test_wc_ERR_print_errors_fp),
- #endif
- TEST_DECL(test_wolfSSL_configure_args),
- TEST_DECL(test_wolfSSL_sk_SSL_CIPHER),
- TEST_DECL(test_wolfSSL_set1_curves_list),
- TEST_DECL(test_wolfSSL_set1_sigalgs_list),
- TEST_DECL(test_wolfSSL_OtherName),
- TEST_DECL(test_wolfSSL_FPKI),
- TEST_DECL(test_wolfSSL_URI),
- TEST_DECL(test_wolfSSL_TBS),
- TEST_DECL(test_wolfSSL_X509_STORE_CTX),
- TEST_DECL(test_X509_STORE_untrusted),
- TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup),
- TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer),
- TEST_DECL(test_wolfSSL_X509_STORE_set_flags),
- TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file),
- TEST_DECL(test_wolfSSL_X509_Name_canon),
- TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_file),
- TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_hash_dir),
- TEST_DECL(test_wolfSSL_X509_NID),
- TEST_DECL(test_wolfSSL_X509_STORE_CTX_set_time),
- TEST_DECL(test_wolfSSL_get0_param),
- TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_host),
- TEST_DECL(test_wolfSSL_set1_host),
- TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_ip),
- TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_store),
- TEST_DECL(test_wolfSSL_X509_STORE),
- TEST_DECL(test_wolfSSL_X509_STORE_load_locations),
- TEST_DECL(test_X509_STORE_get0_objects),
- TEST_DECL(test_wolfSSL_X509_load_crl_file),
- TEST_DECL(test_wolfSSL_X509_STORE_get1_certs),
- TEST_DECL(test_wolfSSL_X509_NAME_ENTRY_get_object),
- TEST_DECL(test_wolfSSL_X509_cmp_time),
- TEST_DECL(test_wolfSSL_X509_time_adj),
- /* X509 tests */
- TEST_DECL(test_wolfSSL_X509_subject_name_hash),
- TEST_DECL(test_wolfSSL_X509_issuer_name_hash),
- TEST_DECL(test_wolfSSL_X509_check_host),
- TEST_DECL(test_wolfSSL_X509_check_email),
- TEST_DECL(test_wolfSSL_X509_check_private_key),
- TEST_DECL(test_wolfSSL_X509),
- TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM),
- TEST_DECL(test_wolfSSL_X509_sign),
- TEST_DECL(test_wolfSSL_X509_sign2),
- TEST_DECL(test_wolfSSL_X509_verify),
- TEST_DECL(test_wolfSSL_X509_get0_tbs_sigalg),
- TEST_DECL(test_wolfSSL_X509_ALGOR_get0),
- TEST_DECL(test_wolfSSL_X509_get_X509_PUBKEY),
- TEST_DECL(test_wolfSSL_X509_PUBKEY_RSA),
- TEST_DECL(test_wolfSSL_X509_PUBKEY_EC),
- TEST_DECL(test_wolfSSL_X509_PUBKEY_DSA),
- TEST_DECL(test_wolfSSL_PEM_write_bio_X509),
- TEST_DECL(test_wolfSSL_X509_NAME_get_entry),
- TEST_DECL(test_wolfSSL_X509_NAME),
- TEST_DECL(test_wolfSSL_X509_NAME_hash),
- TEST_DECL(test_wolfSSL_X509_NAME_print_ex),
- TEST_DECL(test_wolfSSL_X509_NAME_ENTRY),
- TEST_DECL(test_wolfSSL_X509_set_name),
- TEST_DECL(test_wolfSSL_X509_set_notAfter),
- TEST_DECL(test_wolfSSL_X509_set_notBefore),
- TEST_DECL(test_wolfSSL_X509_set_version),
- TEST_DECL(test_wolfSSL_X509_get_serialNumber),
- TEST_DECL(test_wolfSSL_X509_CRL),
- TEST_DECL(test_wolfSSL_i2d_X509),
- TEST_DECL(test_wolfSSL_d2i_X509_REQ),
- TEST_DECL(test_wolfSSL_PEM_read_X509),
- TEST_DECL(test_wolfSSL_X509_check_ca),
- TEST_DECL(test_wolfSSL_X509_check_ip_asc),
- TEST_DECL(test_wolfSSL_make_cert),
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_X509_INFO_multiple_info),
- TEST_DECL(test_wolfSSL_X509_INFO),
- TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio),
- #endif
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_X509_PUBKEY_get),
- #endif
- TEST_DECL(test_wolfSSL_X509_CA_num),
- TEST_DECL(test_wolfSSL_X509_get_version),
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_X509_print),
- TEST_DECL(test_wolfSSL_X509_CRL_print),
- #endif
- TEST_DECL(test_X509_get_signature_nid),
- /* X509 extension testing. */
- TEST_DECL(test_wolfSSL_X509_get_extension_flags),
- TEST_DECL(test_wolfSSL_X509_get_ext),
- TEST_DECL(test_wolfSSL_X509_get_ext_by_NID),
- TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name),
- TEST_DECL(test_wolfSSL_X509_get_ext_count),
- TEST_DECL(test_wolfSSL_X509_EXTENSION_new),
- TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object),
- TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data),
- TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical),
- TEST_DECL(test_wolfSSL_X509V3_EXT_get),
- TEST_DECL(test_wolfSSL_X509V3_EXT_nconf),
- TEST_DECL(test_wolfSSL_X509V3_EXT),
- TEST_DECL(test_wolfSSL_X509V3_EXT_print),
- TEST_DECL(test_wolfSSL_X509_cmp),
- TEST_DECL(test_GENERAL_NAME_set0_othername),
- TEST_DECL(test_othername_and_SID_ext),
- TEST_DECL(test_wolfSSL_dup_CA_list),
- /* OpenSSL sk_X509 API test */
- TEST_DECL(test_sk_X509),
- /* OpenSSL sk_X509_CRL API test */
- TEST_DECL(test_sk_X509_CRL),
- /* OpenSSL X509 REQ API test */
- TEST_DECL(test_X509_REQ),
- /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */
- TEST_DECL(test_X509_STORE_No_SSL_CTX),
- TEST_DECL(test_X509_LOOKUP_add_dir),
- /* RAND compatibility API */
- TEST_DECL(test_wolfSSL_RAND_set_rand_method),
- TEST_DECL(test_wolfSSL_RAND_bytes),
- TEST_DECL(test_wolfSSL_RAND),
- /* BN compatibility API */
- TEST_DECL(test_wolfSSL_BN_CTX),
- TEST_DECL(test_wolfSSL_BN),
- TEST_DECL(test_wolfSSL_BN_init),
- TEST_DECL(test_wolfSSL_BN_enc_dec),
- TEST_DECL(test_wolfSSL_BN_word),
- TEST_DECL(test_wolfSSL_BN_bits),
- TEST_DECL(test_wolfSSL_BN_shift),
- TEST_DECL(test_wolfSSL_BN_math),
- TEST_DECL(test_wolfSSL_BN_math_mod),
- TEST_DECL(test_wolfSSL_BN_math_other),
- TEST_DECL(test_wolfSSL_BN_rand),
- TEST_DECL(test_wolfSSL_BN_prime),
- /* OpenSSL PKCS5 API test */
- TEST_DECL(test_wolfSSL_PKCS5),
- /* OpenSSL PKCS8 API test */
- TEST_DECL(test_wolfSSL_PKCS8_Compat),
- TEST_DECL(test_wolfSSL_PKCS8_d2i),
- /* OpenSSL PKCS7 API test */
- TEST_DECL(test_wolfssl_PKCS7),
- TEST_DECL(test_wolfSSL_PKCS7_certs),
- TEST_DECL(test_wolfSSL_PKCS7_sign),
- TEST_DECL(test_wolfSSL_PKCS7_SIGNED_new),
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_PEM_write_bio_PKCS7),
- #ifdef HAVE_SMIME
- TEST_DECL(test_wolfSSL_SMIME_read_PKCS7),
- TEST_DECL(test_wolfSSL_SMIME_write_PKCS7),
- #endif /* HAVE_SMIME */
- #endif /* !NO_BIO */
- /* OpenSSL PKCS12 API test */
- TEST_DECL(test_wolfSSL_PKCS12),
- /* Can't memory test as callbacks use Assert. */
- TEST_DECL(test_error_queue_per_thread),
- TEST_DECL(test_wolfSSL_ERR_put_error),
- TEST_DECL(test_wolfSSL_ERR_get_error_order),
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_ERR_print_errors),
- #endif
- TEST_DECL(test_OBJ_NAME_do_all),
- TEST_DECL(test_wolfSSL_OBJ),
- TEST_DECL(test_wolfSSL_OBJ_cmp),
- TEST_DECL(test_wolfSSL_OBJ_txt2nid),
- TEST_DECL(test_wolfSSL_OBJ_txt2obj),
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_OBJ_ln),
- TEST_DECL(test_wolfSSL_OBJ_sn),
- #endif
- #ifndef NO_BIO
- TEST_DECL(test_wolfSSL_BIO_gets),
- TEST_DECL(test_wolfSSL_BIO_puts),
- TEST_DECL(test_wolfSSL_BIO_dump),
- /* Can't memory test as server hangs. */
- TEST_DECL(test_wolfSSL_BIO_should_retry),
- TEST_DECL(test_wolfSSL_BIO_write),
- TEST_DECL(test_wolfSSL_BIO_printf),
- TEST_DECL(test_wolfSSL_BIO_f_md),
- TEST_DECL(test_wolfSSL_BIO_up_ref),
- TEST_DECL(test_wolfSSL_BIO_reset),
- TEST_DECL(test_wolfSSL_BIO_get_len),
- #endif
- #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- TEST_DECL(test_wolfSSL_check_domain),
- #endif
- TEST_DECL(test_wolfSSL_cert_cb),
- TEST_DECL(test_wolfSSL_cert_cb_dyn_ciphers),
- TEST_DECL(test_wolfSSL_ciphersuite_auth),
- TEST_DECL(test_wolfSSL_sigalg_info),
- /* Can't memory test as tcp_connect aborts. */
- TEST_DECL(test_wolfSSL_SESSION),
- TEST_DECL(test_wolfSSL_SESSION_expire_downgrade),
- TEST_DECL(test_wolfSSL_CTX_sess_set_remove_cb),
- TEST_DECL(test_wolfSSL_ticket_keys),
- TEST_DECL(test_wolfSSL_sk_GENERAL_NAME),
- TEST_DECL(test_wolfSSL_GENERAL_NAME_print),
- TEST_DECL(test_wolfSSL_sk_DIST_POINT),
- TEST_DECL(test_wolfSSL_verify_mode),
- TEST_DECL(test_wolfSSL_verify_depth),
- TEST_DECL(test_wolfSSL_verify_result),
- TEST_DECL(test_wolfSSL_msg_callback),
- TEST_DECL(test_wolfSSL_OCSP_id_get0_info),
- TEST_DECL(test_wolfSSL_i2d_OCSP_CERTID),
- TEST_DECL(test_wolfSSL_d2i_OCSP_CERTID),
- TEST_DECL(test_wolfSSL_OCSP_id_cmp),
- TEST_DECL(test_wolfSSL_OCSP_SINGLERESP_get0_id),
- TEST_DECL(test_wolfSSL_OCSP_single_get0_status),
- TEST_DECL(test_wolfSSL_OCSP_resp_count),
- TEST_DECL(test_wolfSSL_OCSP_resp_get0),
- TEST_DECL(test_wolfSSL_PEM_read),
- TEST_DECL(test_wolfSSL_OpenSSL_version),
- TEST_DECL(test_wolfSSL_OpenSSL_add_all_algorithms),
- TEST_DECL(test_wolfSSL_OPENSSL_hexstr2buf),
- TEST_DECL(test_CONF_modules_xxx),
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_TXT_DB),
- TEST_DECL(test_wolfSSL_NCONF),
- #endif
- TEST_DECL(test_wolfSSL_CRYPTO_memcmp),
- TEST_DECL(test_wolfSSL_CRYPTO_get_ex_new_index),
- TEST_DECL(test_wolfSSL_SESSION_get_ex_new_index),
- TEST_DECL(test_CRYPTO_set_dynlock_xxx),
- TEST_DECL(test_CRYPTO_THREADID_xxx),
- TEST_DECL(test_ENGINE_cleanup),
- /* test the no op functions for compatibility */
- TEST_DECL(test_no_op_functions),
- /* OpenSSL error API tests */
- TEST_DECL(test_ERR_load_crypto_strings),
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_sk_CIPHER_description),
- TEST_DECL(test_wolfSSL_get_ciphers_compat),
- TEST_DECL(test_wolfSSL_CTX_ctrl),
- #endif /* OPENSSL_ALL */
- #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
- TEST_DECL(test_wolfSSL_CTX_use_certificate_ASN1),
- #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
- /*********************************
- * Crypto API tests
- *********************************/
- TEST_DECL(test_wolfSSL_MD4),
- TEST_DECL(test_wolfSSL_MD5),
- TEST_DECL(test_wolfSSL_MD5_Transform),
- TEST_DECL(test_wolfSSL_SHA),
- TEST_DECL(test_wolfSSL_SHA_Transform),
- TEST_DECL(test_wolfSSL_SHA224),
- TEST_DECL(test_wolfSSL_SHA256),
- TEST_DECL(test_wolfSSL_SHA256_Transform),
- TEST_DECL(test_wolfSSL_SHA512_Transform),
- TEST_DECL(test_wolfSSL_SHA512_224_Transform),
- TEST_DECL(test_wolfSSL_SHA512_256_Transform),
- TEST_DECL(test_wolfSSL_HMAC_CTX),
- TEST_DECL(test_wolfSSL_HMAC),
- TEST_DECL(test_wolfSSL_CMAC),
- TEST_DECL(test_wolfSSL_DES),
- TEST_DECL(test_wolfSSL_DES_ncbc),
- TEST_DECL(test_wolfSSL_DES_ecb_encrypt),
- TEST_DECL(test_wolfSSL_DES_ede3_cbc_encrypt),
- TEST_DECL(test_wolfSSL_AES_encrypt),
- TEST_DECL(test_wolfSSL_AES_ecb_encrypt),
- TEST_DECL(test_wolfSSL_AES_cbc_encrypt),
- TEST_DECL(test_wolfSSL_AES_cfb128_encrypt),
- TEST_DECL(test_wolfSSL_CRYPTO_cts128),
- TEST_DECL(test_wolfSSL_RC4),
- TEST_DECL(test_wolfSSL_RSA),
- TEST_DECL(test_wolfSSL_RSA_DER),
- TEST_DECL(test_wolfSSL_RSA_print),
- TEST_DECL(test_wolfSSL_RSA_padding_add_PKCS1_PSS),
- TEST_DECL(test_wolfSSL_RSA_sign_sha3),
- TEST_DECL(test_wolfSSL_RSA_get0_key),
- TEST_DECL(test_wolfSSL_RSA_meth),
- TEST_DECL(test_wolfSSL_RSA_verify),
- TEST_DECL(test_wolfSSL_RSA_sign),
- TEST_DECL(test_wolfSSL_RSA_sign_ex),
- TEST_DECL(test_wolfSSL_RSA_public_decrypt),
- TEST_DECL(test_wolfSSL_RSA_private_encrypt),
- TEST_DECL(test_wolfSSL_RSA_public_encrypt),
- TEST_DECL(test_wolfSSL_RSA_private_decrypt),
- TEST_DECL(test_wolfSSL_RSA_GenAdd),
- TEST_DECL(test_wolfSSL_RSA_blinding_on),
- TEST_DECL(test_wolfSSL_RSA_ex_data),
- TEST_DECL(test_wolfSSL_RSA_LoadDer),
- TEST_DECL(test_wolfSSL_RSA_To_Der),
- TEST_DECL(test_wolfSSL_PEM_read_RSAPublicKey),
- TEST_DECL(test_wolfSSL_PEM_write_RSA_PUBKEY),
- TEST_DECL(test_wolfSSL_PEM_write_RSAPrivateKey),
- TEST_DECL(test_wolfSSL_PEM_write_mem_RSAPrivateKey),
- TEST_DECL(test_wolfSSL_DH),
- TEST_DECL(test_wolfSSL_DH_dup),
- TEST_DECL(test_wolfSSL_DH_check),
- TEST_DECL(test_wolfSSL_DH_prime),
- TEST_DECL(test_wolfSSL_DH_1536_prime),
- TEST_DECL(test_wolfSSL_DH_get_2048_256),
- TEST_DECL(test_wolfSSL_PEM_write_DHparams),
- TEST_DECL(test_wolfSSL_PEM_read_DHparams),
- TEST_DECL(test_wolfSSL_d2i_DHparams),
- TEST_DECL(test_wolfSSL_DH_LoadDer),
- TEST_DECL(test_wolfSSL_i2d_DHparams),
- #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
- TEST_DECL(test_wolfSSL_EC_GROUP),
- TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters),
- TEST_DECL(test_wolfSSL_EC_POINT),
- TEST_DECL(test_wolfSSL_SPAKE),
- TEST_DECL(test_wolfSSL_EC_KEY_generate),
- TEST_DECL(test_EC_i2d),
- TEST_DECL(test_wolfSSL_EC_curve),
- TEST_DECL(test_wolfSSL_EC_KEY_dup),
- TEST_DECL(test_wolfSSL_EC_KEY_set_group),
- TEST_DECL(test_wolfSSL_EC_KEY_set_conv_form),
- TEST_DECL(test_wolfSSL_EC_KEY_private_key),
- TEST_DECL(test_wolfSSL_EC_KEY_public_key),
- TEST_DECL(test_wolfSSL_EC_KEY_print_fp),
- TEST_DECL(test_wolfSSL_EC_get_builtin_curves),
- TEST_DECL(test_wolfSSL_ECDSA_SIG),
- TEST_DECL(test_ECDSA_size_sign),
- TEST_DECL(test_ECDH_compute_key),
- #endif
- #ifdef OPENSSL_EXTRA
- TEST_DECL(test_ED25519),
- TEST_DECL(test_ED448),
- #endif
- TEST_DECL(test_DSA_do_sign_verify),
- #ifdef OPENSSL_ALL
- TEST_DECL(test_wolfSSL_DSA_generate_parameters),
- TEST_DECL(test_wolfSSL_DSA_SIG),
- #endif
- TEST_DECL(test_openssl_generate_key_and_cert),
- TEST_DECL(test_wolfSSL_FIPS_mode),
- TEST_DECL(test_openssl_FIPS_drbg),
- /*********************************
- * CertManager API tests
- *********************************/
- TEST_DECL(test_wolfSSL_CertManagerAPI),
- TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer),
- TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer_ex),
- TEST_DECL(test_wolfSSL_CertManagerGetCerts),
- TEST_DECL(test_wolfSSL_CertManagerSetVerify),
- TEST_DECL(test_wolfSSL_CertManagerNameConstraint),
- TEST_DECL(test_wolfSSL_CertManagerNameConstraint2),
- TEST_DECL(test_wolfSSL_CertManagerNameConstraint3),
- TEST_DECL(test_wolfSSL_CertManagerNameConstraint4),
- TEST_DECL(test_wolfSSL_CertManagerNameConstraint5),
- TEST_DECL(test_wolfSSL_CertManagerCRL),
- TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse),
- TEST_DECL(test_wolfSSL_CheckOCSPResponse),
- #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
- !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
- !defined(WOLFSSL_NO_CLIENT_AUTH))
- TEST_DECL(test_various_pathlen_chains),
- #endif
- /*********************************
- * SSL/TLS API tests
- *********************************/
- TEST_DECL(test_wolfSSL_Method_Allocators),
- #ifndef NO_WOLFSSL_SERVER
- TEST_DECL(test_wolfSSL_CTX_new),
- #endif
- TEST_DECL(test_server_wolfSSL_new),
- TEST_DECL(test_client_wolfSSL_new),
- #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
- (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM)
- TEST_DECL(test_for_double_Free),
- #endif
- TEST_DECL(test_wolfSSL_set_options),
- #ifdef WOLFSSL_TLS13
- /* TLS v1.3 API tests */
- TEST_DECL(test_tls13_apis),
- TEST_DECL(test_tls13_cipher_suites),
- #endif
- TEST_DECL(test_wolfSSL_tmp_dh),
- TEST_DECL(test_wolfSSL_ctrl),
- #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
- (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
- defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
- defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
- TEST_DECL(test_wolfSSL_set_SSL_CTX),
- #endif
- TEST_DECL(test_wolfSSL_CTX_get_min_proto_version),
- TEST_DECL(test_wolfSSL_security_level),
- TEST_DECL(test_wolfSSL_SSL_in_init),
- TEST_DECL(test_wolfSSL_CTX_set_timeout),
- TEST_DECL(test_wolfSSL_set_psk_use_session_callback),
- TEST_DECL(test_CONF_CTX_FILE),
- TEST_DECL(test_CONF_CTX_CMDLINE),
- #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
- !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM)
- /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
- /* Bad certificate signature tests */
- TEST_DECL(test_EccSigFailure_cm),
- TEST_DECL(test_RsaSigFailure_cm),
- #endif /* NO_CERTS */
- /* PKCS8 testing */
- TEST_DECL(test_wolfSSL_no_password_cb),
- TEST_DECL(test_wolfSSL_PKCS8),
- TEST_DECL(test_wolfSSL_PKCS8_ED25519),
- TEST_DECL(test_wolfSSL_PKCS8_ED448),
- #ifdef HAVE_IO_TESTS_DEPENDENCIES
- TEST_DECL(test_wolfSSL_get_finished),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_CTX_add_session),
- /* Large number of memory allocations. */
- TEST_DECL(test_wolfSSL_CTX_add_session_ext_tls13),
- /* Large number of memory allocations. */
- TEST_DECL(test_wolfSSL_CTX_add_session_ext_dtls13),
- /* Large number of memory allocations. */
- TEST_DECL(test_wolfSSL_CTX_add_session_ext_tls12),
- /* Large number of memory allocations. */
- TEST_DECL(test_wolfSSL_CTX_add_session_ext_dtls12),
- /* Large number of memory allocations. */
- TEST_DECL(test_wolfSSL_CTX_add_session_ext_tls11),
- /* Large number of memory allocations. */
- TEST_DECL(test_wolfSSL_CTX_add_session_ext_dtls1),
- #endif
- TEST_DECL(test_SSL_CIPHER_get_xxx),
- TEST_DECL(test_wolfSSL_ERR_strings),
- TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes),
- TEST_DECL(test_wolfSSL_CTX_use_certificate_file),
- TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer),
- TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file),
- TEST_DECL(test_wolfSSL_CTX_load_verify_locations),
- /* Large number of memory allocations. */
- TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs),
- TEST_DECL(test_wolfSSL_CertRsaPss),
- TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex),
- TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex),
- TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format),
- TEST_DECL(test_wolfSSL_CTX_add1_chain_cert),
- TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format),
- TEST_DECL(test_wolfSSL_CTX_trust_peer_cert),
- TEST_DECL(test_wolfSSL_CTX_LoadCRL),
- TEST_DECL(test_multiple_crls_same_issuer),
- TEST_DECL(test_wolfSSL_CTX_SetTmpDH_file),
- TEST_DECL(test_wolfSSL_CTX_SetTmpDH_buffer),
- TEST_DECL(test_wolfSSL_CTX_SetMinMaxDhKey_Sz),
- TEST_DECL(test_wolfSSL_CTX_der_load_verify_locations),
- TEST_DECL(test_wolfSSL_CTX_enable_disable),
- TEST_DECL(test_wolfSSL_CTX_ticket_API),
- TEST_DECL(test_wolfSSL_SetTmpDH_file),
- TEST_DECL(test_wolfSSL_SetTmpDH_buffer),
- TEST_DECL(test_wolfSSL_SetMinMaxDhKey_Sz),
- TEST_DECL(test_SetTmpEC_DHE_Sz),
- TEST_DECL(test_wolfSSL_CTX_get0_privatekey),
- #ifdef WOLFSSL_DTLS
- TEST_DECL(test_wolfSSL_DtlsUpdateWindow),
- TEST_DECL(test_wolfSSL_DTLS_fragment_buckets),
- #endif
- TEST_DECL(test_wolfSSL_dtls_set_mtu),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_dtls_plaintext),
- #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- TEST_DECL(test_wolfSSL_read_write),
- /* Can't memory test as server hangs if client fails before second connect.
- */
- TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj),
- TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_1),
- TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_2),
- TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_3),
- TEST_DECL(test_wolfSSL_CTX_set_cipher_list),
- /* Can't memory test as server hangs. */
- TEST_DECL(test_wolfSSL_dtls_export),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_tls_export),
- #endif
- TEST_DECL(test_wolfSSL_dtls_export_peers),
- TEST_DECL(test_wolfSSL_SetMinVersion),
- TEST_DECL(test_wolfSSL_CTX_SetMinVersion),
- /* wolfSSL handshake APIs. */
- TEST_DECL(test_wolfSSL_CTX_get0_set1_param),
- TEST_DECL(test_wolfSSL_a2i_IPADDRESS),
- TEST_DECL(test_wolfSSL_BUF),
- TEST_DECL(test_wolfSSL_set_tlsext_status_type),
- /* Can't memory test as server hangs. */
- TEST_DECL(test_wolfSSL_CTX_set_client_CA_list),
- TEST_DECL(test_wolfSSL_CTX_add_client_CA),
- TEST_DECL(test_wolfSSL_CTX_set_srp_username),
- TEST_DECL(test_wolfSSL_CTX_set_srp_password),
- TEST_DECL(test_wolfSSL_CTX_set_keylog_callback),
- TEST_DECL(test_wolfSSL_CTX_get_keylog_callback),
- TEST_DECL(test_wolfSSL_Tls12_Key_Logging_test),
- /* Can't memory test as server hangs. */
- TEST_DECL(test_wolfSSL_Tls13_Key_Logging_test),
- TEST_DECL(test_wolfSSL_Tls13_postauth),
- TEST_DECL(test_wolfSSL_CTX_set_ecdh_auto),
- TEST_DECL(test_wolfSSL_set_minmax_proto_version),
- TEST_DECL(test_wolfSSL_CTX_set_max_proto_version),
- TEST_DECL(test_wolfSSL_THREADID_hash),
- /* TLS extensions tests */
- #ifdef HAVE_IO_TESTS_DEPENDENCIES
- #ifdef HAVE_SNI
- TEST_DECL(test_wolfSSL_UseSNI_params),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_UseSNI_connection),
- TEST_DECL(test_wolfSSL_SNI_GetFromBuffer),
- #endif /* HAVE_SNI */
- #endif
- TEST_DECL(test_wolfSSL_UseTrustedCA),
- TEST_DECL(test_wolfSSL_UseMaxFragment),
- TEST_DECL(test_wolfSSL_UseTruncatedHMAC),
- TEST_DECL(test_wolfSSL_UseSupportedCurve),
- #if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES)
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_UseALPN_connection),
- TEST_DECL(test_wolfSSL_UseALPN_params),
- #endif
- #ifdef HAVE_ALPN_PROTOS_SUPPORT
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_set_alpn_protos),
- #endif
- TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret),
- TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
- TEST_DECL(test_wolfSSL_SCR_Reconnect),
- TEST_DECL(test_tls_ext_duplicate),
- #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \
- defined(HAVE_IO_TESTS_DEPENDENCIES)
- TEST_DECL(test_wolfSSL_Tls13_ECH_params),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_Tls13_ECH),
- #endif
- TEST_DECL(test_wolfSSL_X509_TLS_version_test_1),
- TEST_DECL(test_wolfSSL_X509_TLS_version_test_2),
- /* OCSP Stapling */
- TEST_DECL(test_wolfSSL_UseOCSPStapling),
- TEST_DECL(test_wolfSSL_UseOCSPStaplingV2),
- TEST_DECL(test_self_signed_stapling),
- /* Multicast */
- TEST_DECL(test_wolfSSL_mcast),
- TEST_DECL(test_wolfSSL_read_detect_TCP_disconnect),
- TEST_DECL(test_wolfSSL_msgCb),
- TEST_DECL(test_wolfSSL_either_side),
- TEST_DECL(test_wolfSSL_DTLS_either_side),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_dtls_fragments),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_dtls_AEAD_limit),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_ignore_alert_before_cookie),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_dtls_bad_record),
- /* Uses Assert in handshake callback. */
- TEST_DECL(test_wolfSSL_dtls_stateless),
- TEST_DECL(test_generate_cookie),
- #ifndef NO_BIO
- /* Can't memory test as server hangs. */
- TEST_DECL(test_wolfSSL_BIO_connect),
- /* Can't memory test as server Asserts in thread. */
- TEST_DECL(test_wolfSSL_BIO_accept),
- TEST_DECL(test_wolfSSL_BIO_tls),
- #endif
- #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12)
- TEST_DECL(test_DhCallbacks),
- #endif
- #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
- TEST_DECL(test_export_keying_material),
- #endif
- /* Can't memory test as client/server Asserts in thread. */
- TEST_DECL(test_ticket_and_psk_mixing),
- /* Can't memory test as client/server Asserts in thread. */
- TEST_DECL(test_prioritize_psk),
- /* Can't memory test as client/server hangs. */
- TEST_DECL(test_wc_CryptoCb),
- /* Can't memory test as client/server hangs. */
- TEST_DECL(test_wolfSSL_CTX_StaticMemory),
- #if !defined(NO_FILESYSTEM) && \
- defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
- #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME
- TEST_DECL(test_wolfSSL_dtls_stateless_resume),
- #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */
- #ifdef HAVE_MAX_FRAGMENT
- TEST_DECL(test_wolfSSL_dtls_stateless_maxfrag),
- #endif /* HAVE_MAX_FRAGMENT */
- #ifndef NO_RSA
- TEST_DECL(test_wolfSSL_dtls_stateless2),
- #if !defined(NO_OLD_TLS)
- TEST_DECL(test_wolfSSL_dtls_stateless_downgrade),
- #endif /* !defined(NO_OLD_TLS) */
- #endif /* ! NO_RSA */
- #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
- * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) */
- TEST_DECL(test_wolfSSL_CTX_set_ciphersuites),
- TEST_DECL(test_wolfSSL_CRL_CERT_REVOKED_alert),
- TEST_DECL(test_TLS_13_ticket_different_ciphers),
- TEST_DECL(test_WOLFSSL_dtls_version_alert),
- #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \
- && defined(WOLFSSL_TLS13) && \
- (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- TEST_DECL(test_ticket_nonce_malloc),
- #endif
- TEST_DECL(test_ticket_ret_create),
- TEST_DECL(test_extra_alerts_wrong_cs),
- TEST_DECL(test_extra_alerts_skip_hs),
- TEST_DECL(test_extra_alerts_bad_psk),
- TEST_DECL(test_tls13_bad_psk_binder),
- /* Can't memory test as client/server Asserts. */
- TEST_DECL(test_harden_no_secure_renegotiation),
- TEST_DECL(test_override_alt_cert_chain),
- TEST_DECL(test_rpk_set_xxx_cert_type),
- TEST_DECL(test_tls13_rpk_handshake),
- TEST_DECL(test_dtls13_bad_epoch_ch),
- TEST_DECL(test_short_session_id),
- TEST_DECL(test_wolfSSL_dtls13_null_cipher),
- /* Can't memory test as client/server hangs. */
- TEST_DECL(test_dtls_msg_from_other_peer),
- TEST_DECL(test_dtls_ipv6_check),
- TEST_DECL(test_wolfSSL_SCR_after_resumption),
- TEST_DECL(test_dtls_no_extensions),
- TEST_DECL(test_TLSX_CA_NAMES_bad_extension),
- TEST_DECL(test_dtls_1_0_hvr_downgrade),
- TEST_DECL(test_session_ticket_no_id),
- TEST_DECL(test_session_ticket_hs_update),
- TEST_DECL(test_dtls_downgrade_scr_server),
- TEST_DECL(test_dtls_downgrade_scr),
- TEST_DECL(test_dtls_client_hello_timeout_downgrade),
- TEST_DECL(test_dtls_client_hello_timeout),
- TEST_DECL(test_dtls_dropped_ccs),
- TEST_DECL(test_dtls_seq_num_downgrade),
- TEST_DECL(test_certreq_sighash_algos),
- TEST_DECL(test_revoked_loaded_int_cert),
- TEST_DECL(test_dtls_frag_ch),
- TEST_DECL(test_dtls13_frag_ch_pq),
- TEST_DECL(test_dtls_empty_keyshare_with_cookie),
- TEST_DECL(test_tls13_pq_groups),
- TEST_DECL(test_tls13_early_data),
- TEST_DECL(test_tls_multi_handshakes_one_record),
- TEST_DECL(test_write_dup),
- TEST_DECL(test_read_write_hs),
- TEST_DECL(test_get_signature_nid),
- TEST_DECL(test_tls_cert_store_unchanged),
- /* This test needs to stay at the end to clean up any caches allocated. */
- TEST_DECL(test_wolfSSL_Cleanup)
- };
- #define TEST_CASE_CNT (int)(sizeof(testCases) / sizeof(*testCases))
- static void TestSetup(void)
- {
- /* Stub, for now. Add common test setup code here. */
- }
- static void TestCleanup(void)
- {
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- /* Clear any errors added to the error queue during the test run. */
- wolfSSL_ERR_clear_error();
- #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */
- }
- /* Print out all API test cases with numeric identifier.
- */
- void ApiTest_PrintTestCases(void)
- {
- int i;
- printf("All Test Cases:\n");
- for (i = 0; i < TEST_CASE_CNT; i++) {
- printf("%3d: %s\n", i + 1, testCases[i].name);
- }
- }
- /* Add test case with index to the list to run.
- *
- * @param [in] idx Index of test case to run starting at 1.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when index is out of range of test case identifiers.
- */
- int ApiTest_RunIdx(int idx)
- {
- if (idx < 1 || idx > TEST_CASE_CNT) {
- printf("Index out of range (1 - %d): %d\n", TEST_CASE_CNT, idx);
- return BAD_FUNC_ARG;
- }
- testAll = 0;
- testCases[idx-1].run = 1;
- return 0;
- }
- /* Add test case with name to the list to run.
- *
- * @param [in] name Name of test case to run.
- * @return 0 on success.
- * @return BAD_FUNC_ARG when name is not a known test case name.
- */
- int ApiTest_RunName(char* name)
- {
- int i;
- for (i = 0; i < TEST_CASE_CNT; i++) {
- if (XSTRCMP(testCases[i].name, name) == 0) {
- testAll = 0;
- testCases[i].run = 1;
- return 0;
- }
- }
- printf("Test case name not found: %s\n", name);
- printf("Use --list to see all test case names.\n");
- return BAD_FUNC_ARG;
- }
- /* Converts the result code to a string.
- *
- * @param [in] res Test result code.
- * @return String describing test result.
- */
- static const char* apitest_res_string(int res)
- {
- const char* str = "invalid result";
- switch (res) {
- case TEST_SUCCESS:
- str = "passed";
- break;
- case TEST_FAIL:
- str = "failed";
- break;
- case TEST_SKIPPED:
- str = "skipped";
- break;
- }
- return str;
- }
- #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
- static double gettime_secs(void)
- #if defined(_MSC_VER) && defined(_WIN32)
- {
- /* there's no gettimeofday for Windows, so we'll use system time */
- #define EPOCH_DIFF 11644473600LL
- FILETIME currentFileTime;
- GetSystemTimePreciseAsFileTime(¤tFileTime);
- ULARGE_INTEGER uli = { 0, 0 };
- uli.LowPart = currentFileTime.dwLowDateTime;
- uli.HighPart = currentFileTime.dwHighDateTime;
- /* Convert to seconds since Unix epoch */
- return (double)((uli.QuadPart - (EPOCH_DIFF * 10000000)) / 10000000.0);
- }
- #else
- {
- struct timeval tv;
- LIBCALL_CHECK_RET(gettimeofday(&tv, 0));
- return (double)tv.tv_sec + (double)tv.tv_usec / 1000000.0;
- }
- #endif
- #endif
- int ApiTest(void)
- {
- int i;
- int ret;
- int res = 0;
- #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
- double timeDiff;
- #endif
- printf(" Begin API Tests\n");
- fflush(stdout);
- /* we must perform init and cleanup if not all tests are running */
- if (!testAll) {
- #ifdef WOLFCRYPT_ONLY
- if (wolfCrypt_Init() != 0) {
- printf("wolfCrypt Initialization failed\n");
- res = 1;
- }
- #else
- if (wolfSSL_Init() != WOLFSSL_SUCCESS) {
- printf("wolfSSL Initialization failed\n");
- res = 1;
- }
- #endif
- }
- #ifdef WOLFSSL_DUMP_MEMIO_STREAM
- if (res == 0) {
- if (create_tmp_dir(tmpDirName, sizeof(tmpDirName) - 1) == NULL) {
- printf("failed to create tmp dir\n");
- res = 1;
- }
- else {
- tmpDirNameSet = 1;
- }
- }
- #endif
- if (res == 0) {
- for (i = 0; i < TEST_CASE_CNT; ++i) {
- EXPECT_DECLS;
- #ifdef WOLFSSL_DUMP_MEMIO_STREAM
- currentTestName = testCases[i].name;
- #endif
- /* When not testing all cases then skip if not marked for running.
- */
- if (!testAll && !testCases[i].run) {
- continue;
- }
- TestSetup();
- printf(" %3d: %-52s:", i + 1, testCases[i].name);
- fflush(stdout);
- #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
- timeDiff = gettime_secs();
- #endif
- ret = testCases[i].func();
- #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
- timeDiff = gettime_secs() - timeDiff;
- #endif
- #ifndef WOLFSSL_UNIT_TEST_NO_TIMING
- if (ret != TEST_SKIPPED) {
- printf(" %s (%9.5lf)\n", apitest_res_string(ret), timeDiff);
- }
- else
- #endif
- {
- printf(" %s\n", apitest_res_string(ret));
- }
- fflush(stdout);
- /* if return code is < 0 and not skipped then assert error */
- Expect((ret > 0 || ret == TEST_SKIPPED),
- ("Test failed\n"),
- ("ret %d", ret));
- testCases[i].fail = ((ret <= 0) && (ret != TEST_SKIPPED));
- res |= ((ret <= 0) && (ret != TEST_SKIPPED));
- TestCleanup();
- }
- }
- #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
- && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
- wc_ecc_fp_free(); /* free per thread cache */
- #endif
- if (!testAll) {
- #ifdef WOLFCRYPT_ONLY
- wolfCrypt_Cleanup();
- #else
- wolfSSL_Cleanup();
- #endif
- }
- (void)testDevId;
- if (res != 0) {
- printf("\nFAILURES:\n");
- for (i = 0; i < TEST_CASE_CNT; ++i) {
- if (testCases[i].fail) {
- printf(" %3d: %s\n", i + 1, testCases[i].name);
- }
- }
- printf("\n");
- fflush(stdout);
- }
- #ifdef WOLFSSL_DUMP_MEMIO_STREAM
- if (tmpDirNameSet) {
- printf("\nBinary dumps of the memio streams can be found in the\n"
- "%s directory. This can be imported into\n"
- "Wireshark by transforming the file with\n"
- "\tod -Ax -tx1 -v stream.dump > stream.dump.hex\n"
- "And then loading test_output.dump.hex into Wireshark using\n"
- "the \"Import from Hex Dump...\" option and selecting the\n"
- "TCP encapsulation option.\n", tmpDirName);
- }
- #endif
- printf(" End API Tests\n");
- fflush(stdout);
- return res;
- }
|