12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161616261636164616561666167616861696170617161726173617461756176617761786179618061816182618361846185618661876188618961906191619261936194619561966197619861996200620162026203620462056206620762086209621062116212621362146215621662176218621962206221622262236224622562266227622862296230623162326233623462356236623762386239624062416242624362446245624662476248624962506251625262536254625562566257625862596260626162626263626462656266626762686269627062716272627362746275627662776278627962806281628262836284628562866287628862896290629162926293629462956296629762986299630063016302630363046305630663076308630963106311631263136314631563166317631863196320632163226323632463256326632763286329633063316332633363346335633663376338633963406341634263436344634563466347634863496350635163526353635463556356635763586359636063616362636363646365636663676368636963706371637263736374637563766377637863796380638163826383638463856386638763886389639063916392639363946395639663976398639964006401640264036404640564066407640864096410641164126413641464156416641764186419642064216422642364246425642664276428642964306431643264336434643564366437643864396440644164426443644464456446644764486449645064516452645364546455645664576458645964606461646264636464646564666467646864696470647164726473647464756476647764786479648064816482648364846485648664876488648964906491649264936494649564966497649864996500650165026503650465056506650765086509651065116512651365146515651665176518651965206521652265236524652565266527652865296530653165326533653465356536653765386539654065416542654365446545654665476548654965506551655265536554655565566557655865596560656165626563656465656566656765686569657065716572657365746575657665776578657965806581658265836584658565866587658865896590659165926593659465956596659765986599660066016602660366046605660666076608660966106611661266136614661566166617661866196620662166226623662466256626662766286629663066316632663366346635663666376638663966406641664266436644664566466647664866496650665166526653665466556656665766586659666066616662666366646665666666676668666966706671667266736674667566766677667866796680668166826683668466856686668766886689669066916692669366946695669666976698669967006701670267036704670567066707670867096710671167126713671467156716671767186719672067216722672367246725672667276728672967306731673267336734673567366737673867396740674167426743674467456746674767486749675067516752675367546755675667576758675967606761676267636764676567666767676867696770677167726773677467756776677767786779678067816782678367846785678667876788678967906791679267936794679567966797679867996800680168026803680468056806680768086809681068116812681368146815681668176818681968206821682268236824682568266827682868296830683168326833683468356836683768386839684068416842684368446845684668476848684968506851685268536854685568566857685868596860686168626863686468656866686768686869687068716872687368746875687668776878687968806881688268836884688568866887688868896890689168926893689468956896689768986899690069016902690369046905690669076908690969106911691269136914691569166917691869196920692169226923692469256926692769286929693069316932693369346935693669376938693969406941694269436944694569466947694869496950695169526953695469556956695769586959696069616962696369646965696669676968696969706971697269736974697569766977697869796980698169826983698469856986698769886989699069916992699369946995699669976998699970007001700270037004700570067007700870097010701170127013701470157016701770187019702070217022702370247025702670277028702970307031703270337034703570367037703870397040704170427043704470457046704770487049705070517052705370547055705670577058705970607061706270637064706570667067706870697070707170727073707470757076707770787079708070817082708370847085708670877088708970907091709270937094709570967097709870997100710171027103710471057106710771087109711071117112711371147115711671177118711971207121712271237124712571267127712871297130713171327133713471357136713771387139714071417142714371447145714671477148714971507151715271537154715571567157715871597160716171627163716471657166716771687169717071717172717371747175717671777178717971807181718271837184718571867187718871897190719171927193719471957196719771987199720072017202720372047205720672077208720972107211721272137214721572167217721872197220722172227223722472257226722772287229723072317232723372347235723672377238723972407241724272437244724572467247724872497250725172527253725472557256725772587259726072617262726372647265726672677268726972707271727272737274727572767277727872797280728172827283728472857286728772887289729072917292729372947295729672977298729973007301730273037304730573067307730873097310731173127313731473157316731773187319732073217322732373247325732673277328732973307331733273337334733573367337733873397340734173427343734473457346734773487349735073517352735373547355735673577358735973607361736273637364736573667367736873697370737173727373737473757376737773787379738073817382738373847385738673877388738973907391739273937394739573967397739873997400740174027403740474057406740774087409741074117412741374147415741674177418741974207421742274237424742574267427742874297430743174327433743474357436743774387439744074417442744374447445744674477448744974507451745274537454745574567457745874597460746174627463746474657466746774687469747074717472747374747475747674777478747974807481748274837484748574867487748874897490749174927493749474957496749774987499750075017502750375047505750675077508750975107511751275137514751575167517751875197520752175227523752475257526752775287529753075317532753375347535753675377538753975407541754275437544754575467547754875497550755175527553755475557556755775587559756075617562756375647565756675677568756975707571757275737574757575767577757875797580758175827583758475857586758775887589759075917592759375947595759675977598759976007601760276037604760576067607760876097610761176127613761476157616761776187619762076217622762376247625762676277628762976307631763276337634763576367637763876397640764176427643764476457646764776487649765076517652765376547655765676577658765976607661766276637664766576667667766876697670767176727673767476757676767776787679768076817682768376847685768676877688768976907691769276937694769576967697769876997700770177027703770477057706770777087709771077117712771377147715771677177718771977207721772277237724772577267727772877297730773177327733773477357736773777387739774077417742774377447745774677477748774977507751775277537754775577567757775877597760776177627763776477657766776777687769777077717772777377747775777677777778777977807781778277837784778577867787778877897790779177927793779477957796779777987799780078017802780378047805780678077808780978107811781278137814781578167817781878197820782178227823782478257826782778287829783078317832783378347835783678377838783978407841784278437844784578467847784878497850785178527853785478557856785778587859786078617862786378647865786678677868786978707871787278737874787578767877787878797880788178827883788478857886788778887889789078917892789378947895789678977898789979007901790279037904790579067907790879097910791179127913791479157916791779187919792079217922792379247925792679277928792979307931793279337934793579367937793879397940794179427943794479457946794779487949795079517952795379547955795679577958795979607961796279637964796579667967796879697970797179727973797479757976797779787979798079817982798379847985798679877988798979907991799279937994799579967997799879998000800180028003800480058006800780088009801080118012801380148015801680178018801980208021802280238024802580268027802880298030803180328033803480358036803780388039804080418042804380448045804680478048804980508051805280538054805580568057805880598060806180628063806480658066806780688069807080718072807380748075807680778078807980808081808280838084808580868087808880898090809180928093809480958096809780988099810081018102810381048105810681078108810981108111811281138114811581168117811881198120812181228123812481258126812781288129813081318132813381348135813681378138813981408141814281438144814581468147814881498150815181528153815481558156815781588159816081618162816381648165816681678168816981708171817281738174817581768177817881798180818181828183818481858186818781888189819081918192819381948195819681978198819982008201820282038204820582068207820882098210821182128213821482158216821782188219822082218222822382248225822682278228822982308231823282338234823582368237823882398240824182428243824482458246824782488249825082518252825382548255825682578258825982608261826282638264826582668267826882698270827182728273827482758276827782788279828082818282828382848285828682878288828982908291829282938294829582968297829882998300830183028303830483058306830783088309831083118312831383148315831683178318831983208321832283238324832583268327832883298330833183328333833483358336833783388339834083418342834383448345834683478348834983508351835283538354835583568357835883598360836183628363836483658366836783688369837083718372837383748375837683778378837983808381838283838384838583868387838883898390839183928393839483958396839783988399840084018402840384048405840684078408840984108411841284138414841584168417841884198420842184228423842484258426842784288429843084318432843384348435843684378438843984408441844284438444844584468447844884498450845184528453845484558456845784588459846084618462846384648465846684678468846984708471847284738474847584768477847884798480848184828483848484858486848784888489849084918492849384948495849684978498849985008501850285038504850585068507850885098510851185128513851485158516851785188519852085218522852385248525852685278528852985308531853285338534853585368537853885398540854185428543854485458546854785488549855085518552855385548555855685578558855985608561856285638564856585668567856885698570857185728573857485758576857785788579858085818582858385848585858685878588858985908591859285938594859585968597859885998600860186028603860486058606860786088609861086118612861386148615861686178618861986208621862286238624862586268627862886298630863186328633863486358636863786388639864086418642864386448645864686478648864986508651865286538654865586568657865886598660866186628663866486658666866786688669867086718672867386748675867686778678867986808681868286838684868586868687868886898690869186928693869486958696869786988699870087018702870387048705870687078708870987108711871287138714871587168717871887198720872187228723872487258726872787288729873087318732873387348735873687378738873987408741874287438744874587468747874887498750875187528753875487558756875787588759876087618762876387648765876687678768876987708771877287738774877587768777877887798780878187828783878487858786878787888789879087918792879387948795879687978798879988008801880288038804880588068807880888098810881188128813881488158816881788188819882088218822882388248825882688278828882988308831883288338834883588368837883888398840884188428843884488458846884788488849885088518852885388548855885688578858885988608861886288638864886588668867886888698870887188728873887488758876887788788879888088818882888388848885888688878888888988908891889288938894889588968897889888998900890189028903890489058906890789088909891089118912891389148915891689178918891989208921892289238924892589268927892889298930893189328933893489358936893789388939894089418942894389448945894689478948894989508951895289538954895589568957895889598960896189628963896489658966896789688969897089718972897389748975897689778978897989808981898289838984898589868987898889898990899189928993899489958996899789988999900090019002900390049005900690079008900990109011901290139014901590169017901890199020902190229023902490259026902790289029903090319032903390349035903690379038903990409041904290439044904590469047904890499050905190529053905490559056905790589059906090619062906390649065906690679068906990709071907290739074907590769077907890799080908190829083908490859086908790889089909090919092909390949095909690979098909991009101910291039104910591069107910891099110911191129113911491159116911791189119912091219122912391249125912691279128912991309131913291339134913591369137913891399140914191429143914491459146914791489149915091519152915391549155915691579158915991609161916291639164916591669167916891699170917191729173917491759176917791789179918091819182918391849185918691879188918991909191919291939194919591969197919891999200920192029203920492059206920792089209921092119212921392149215921692179218921992209221922292239224922592269227922892299230923192329233923492359236923792389239924092419242924392449245924692479248924992509251925292539254925592569257925892599260926192629263926492659266926792689269927092719272927392749275927692779278927992809281928292839284928592869287928892899290929192929293929492959296929792989299930093019302930393049305930693079308930993109311931293139314931593169317931893199320932193229323932493259326932793289329933093319332933393349335933693379338933993409341934293439344934593469347934893499350935193529353935493559356935793589359936093619362936393649365936693679368936993709371937293739374937593769377937893799380938193829383938493859386938793889389939093919392939393949395939693979398939994009401940294039404940594069407940894099410941194129413941494159416941794189419942094219422942394249425942694279428942994309431943294339434943594369437943894399440944194429443944494459446944794489449945094519452945394549455945694579458945994609461946294639464946594669467946894699470947194729473947494759476947794789479948094819482948394849485948694879488948994909491949294939494949594969497949894999500950195029503950495059506950795089509951095119512951395149515951695179518951995209521952295239524952595269527952895299530953195329533953495359536953795389539954095419542954395449545954695479548954995509551955295539554955595569557955895599560956195629563956495659566956795689569957095719572957395749575957695779578957995809581958295839584958595869587958895899590959195929593959495959596959795989599960096019602960396049605960696079608960996109611961296139614961596169617961896199620962196229623962496259626962796289629963096319632963396349635963696379638963996409641964296439644964596469647964896499650965196529653965496559656965796589659966096619662966396649665966696679668966996709671967296739674967596769677967896799680968196829683968496859686968796889689969096919692969396949695969696979698969997009701970297039704970597069707970897099710971197129713971497159716971797189719972097219722972397249725972697279728972997309731973297339734973597369737973897399740974197429743974497459746974797489749975097519752975397549755975697579758975997609761976297639764976597669767976897699770977197729773977497759776977797789779978097819782978397849785978697879788978997909791979297939794979597969797979897999800980198029803980498059806980798089809981098119812981398149815981698179818981998209821982298239824982598269827982898299830983198329833983498359836983798389839984098419842984398449845984698479848984998509851985298539854985598569857985898599860986198629863986498659866986798689869987098719872987398749875987698779878987998809881988298839884988598869887988898899890989198929893989498959896989798989899990099019902990399049905990699079908990999109911991299139914991599169917991899199920992199229923992499259926992799289929993099319932993399349935993699379938993999409941994299439944994599469947994899499950995199529953995499559956995799589959996099619962996399649965996699679968996999709971997299739974997599769977997899799980998199829983998499859986998799889989999099919992999399949995999699979998999910000100011000210003100041000510006100071000810009100101001110012100131001410015100161001710018100191002010021100221002310024100251002610027100281002910030100311003210033100341003510036100371003810039100401004110042100431004410045100461004710048100491005010051100521005310054100551005610057100581005910060100611006210063100641006510066100671006810069100701007110072100731007410075100761007710078100791008010081100821008310084100851008610087100881008910090100911009210093100941009510096100971009810099101001010110102101031010410105101061010710108101091011010111101121011310114101151011610117101181011910120101211012210123101241012510126101271012810129101301013110132101331013410135101361013710138101391014010141101421014310144101451014610147101481014910150101511015210153101541015510156101571015810159101601016110162101631016410165101661016710168101691017010171101721017310174101751017610177101781017910180101811018210183101841018510186101871018810189101901019110192101931019410195101961019710198101991020010201102021020310204102051020610207102081020910210102111021210213102141021510216102171021810219102201022110222102231022410225102261022710228102291023010231102321023310234102351023610237102381023910240102411024210243102441024510246102471024810249102501025110252102531025410255102561025710258102591026010261102621026310264102651026610267102681026910270102711027210273102741027510276102771027810279102801028110282102831028410285102861028710288102891029010291102921029310294102951029610297102981029910300103011030210303103041030510306103071030810309103101031110312103131031410315103161031710318103191032010321103221032310324103251032610327103281032910330103311033210333103341033510336103371033810339103401034110342103431034410345103461034710348103491035010351103521035310354103551035610357103581035910360103611036210363103641036510366103671036810369103701037110372103731037410375103761037710378103791038010381103821038310384103851038610387103881038910390103911039210393103941039510396103971039810399104001040110402104031040410405104061040710408104091041010411104121041310414104151041610417104181041910420104211042210423104241042510426104271042810429104301043110432104331043410435104361043710438104391044010441104421044310444104451044610447104481044910450104511045210453104541045510456104571045810459104601046110462104631046410465104661046710468104691047010471104721047310474104751047610477104781047910480104811048210483104841048510486104871048810489104901049110492104931049410495104961049710498104991050010501105021050310504105051050610507105081050910510105111051210513105141051510516105171051810519105201052110522105231052410525105261052710528105291053010531105321053310534105351053610537105381053910540105411054210543105441054510546105471054810549105501055110552105531055410555105561055710558105591056010561105621056310564105651056610567105681056910570105711057210573105741057510576105771057810579105801058110582105831058410585105861058710588105891059010591105921059310594105951059610597105981059910600106011060210603106041060510606106071060810609106101061110612106131061410615106161061710618106191062010621106221062310624106251062610627106281062910630106311063210633106341063510636106371063810639106401064110642106431064410645106461064710648106491065010651106521065310654106551065610657106581065910660106611066210663106641066510666106671066810669106701067110672106731067410675106761067710678106791068010681106821068310684106851068610687106881068910690106911069210693106941069510696106971069810699107001070110702107031070410705107061070710708107091071010711107121071310714107151071610717107181071910720107211072210723107241072510726107271072810729107301073110732107331073410735107361073710738107391074010741107421074310744107451074610747107481074910750107511075210753107541075510756107571075810759107601076110762107631076410765107661076710768107691077010771107721077310774107751077610777107781077910780107811078210783107841078510786107871078810789107901079110792107931079410795107961079710798107991080010801108021080310804108051080610807108081080910810108111081210813108141081510816108171081810819108201082110822108231082410825108261082710828108291083010831108321083310834108351083610837108381083910840108411084210843108441084510846108471084810849108501085110852108531085410855108561085710858108591086010861108621086310864108651086610867108681086910870108711087210873108741087510876108771087810879108801088110882108831088410885108861088710888108891089010891108921089310894108951089610897108981089910900109011090210903109041090510906109071090810909109101091110912109131091410915109161091710918109191092010921109221092310924109251092610927109281092910930109311093210933109341093510936109371093810939109401094110942109431094410945109461094710948109491095010951109521095310954109551095610957109581095910960109611096210963109641096510966109671096810969109701097110972109731097410975109761097710978109791098010981109821098310984109851098610987109881098910990109911099210993109941099510996109971099810999110001100111002110031100411005110061100711008110091101011011110121101311014110151101611017110181101911020110211102211023110241102511026110271102811029110301103111032110331103411035110361103711038110391104011041110421104311044110451104611047110481104911050110511105211053110541105511056110571105811059110601106111062110631106411065110661106711068110691107011071110721107311074110751107611077110781107911080110811108211083110841108511086110871108811089110901109111092110931109411095110961109711098110991110011101111021110311104111051110611107111081110911110111111111211113111141111511116111171111811119111201112111122111231112411125111261112711128111291113011131111321113311134111351113611137111381113911140111411114211143111441114511146111471114811149111501115111152111531115411155111561115711158111591116011161111621116311164111651116611167111681116911170111711117211173111741117511176111771117811179111801118111182111831118411185111861118711188111891119011191111921119311194111951119611197111981119911200112011120211203112041120511206112071120811209112101121111212112131121411215112161121711218112191122011221112221122311224112251122611227112281122911230112311123211233112341123511236112371123811239112401124111242112431124411245112461124711248112491125011251112521125311254112551125611257112581125911260112611126211263112641126511266112671126811269112701127111272112731127411275112761127711278112791128011281112821128311284112851128611287112881128911290112911129211293112941129511296112971129811299113001130111302113031130411305113061130711308113091131011311113121131311314113151131611317113181131911320113211132211323113241132511326113271132811329113301133111332113331133411335113361133711338113391134011341113421134311344113451134611347113481134911350113511135211353113541135511356113571135811359113601136111362113631136411365113661136711368113691137011371113721137311374113751137611377113781137911380113811138211383113841138511386113871138811389113901139111392113931139411395113961139711398113991140011401114021140311404114051140611407114081140911410114111141211413114141141511416114171141811419114201142111422114231142411425114261142711428114291143011431114321143311434114351143611437114381143911440114411144211443114441144511446114471144811449114501145111452114531145411455114561145711458114591146011461114621146311464114651146611467114681146911470114711147211473114741147511476114771147811479114801148111482114831148411485114861148711488114891149011491114921149311494114951149611497114981149911500115011150211503115041150511506115071150811509115101151111512115131151411515115161151711518115191152011521115221152311524115251152611527115281152911530115311153211533115341153511536115371153811539115401154111542115431154411545115461154711548115491155011551115521155311554115551155611557115581155911560115611156211563115641156511566115671156811569115701157111572115731157411575115761157711578115791158011581115821158311584115851158611587115881158911590115911159211593115941159511596115971159811599116001160111602116031160411605116061160711608116091161011611116121161311614116151161611617116181161911620116211162211623116241162511626116271162811629116301163111632116331163411635116361163711638116391164011641116421164311644116451164611647116481164911650116511165211653116541165511656116571165811659116601166111662116631166411665116661166711668116691167011671116721167311674116751167611677116781167911680116811168211683116841168511686116871168811689116901169111692116931169411695116961169711698116991170011701117021170311704117051170611707117081170911710117111171211713117141171511716117171171811719117201172111722117231172411725117261172711728117291173011731117321173311734117351173611737117381173911740117411174211743117441174511746117471174811749117501175111752117531175411755117561175711758117591176011761117621176311764117651176611767117681176911770117711177211773117741177511776117771177811779117801178111782117831178411785117861178711788117891179011791117921179311794117951179611797117981179911800118011180211803118041180511806118071180811809118101181111812118131181411815118161181711818118191182011821118221182311824118251182611827118281182911830118311183211833118341183511836118371183811839118401184111842118431184411845118461184711848118491185011851118521185311854118551185611857118581185911860118611186211863118641186511866118671186811869118701187111872118731187411875118761187711878118791188011881118821188311884118851188611887118881188911890118911189211893118941189511896118971189811899119001190111902119031190411905119061190711908119091191011911119121191311914119151191611917119181191911920119211192211923119241192511926119271192811929119301193111932119331193411935119361193711938119391194011941119421194311944119451194611947119481194911950119511195211953119541195511956119571195811959119601196111962119631196411965119661196711968119691197011971119721197311974119751197611977119781197911980119811198211983119841198511986119871198811989119901199111992119931199411995119961199711998119991200012001120021200312004120051200612007120081200912010120111201212013120141201512016120171201812019120201202112022120231202412025120261202712028120291203012031120321203312034120351203612037120381203912040120411204212043120441204512046120471204812049120501205112052120531205412055120561205712058120591206012061120621206312064120651206612067120681206912070120711207212073120741207512076120771207812079120801208112082120831208412085120861208712088120891209012091120921209312094120951209612097120981209912100121011210212103121041210512106121071210812109121101211112112121131211412115121161211712118121191212012121121221212312124121251212612127121281212912130121311213212133121341213512136121371213812139121401214112142121431214412145121461214712148121491215012151121521215312154121551215612157121581215912160121611216212163121641216512166121671216812169121701217112172121731217412175121761217712178121791218012181121821218312184121851218612187121881218912190121911219212193121941219512196121971219812199122001220112202122031220412205122061220712208122091221012211122121221312214122151221612217122181221912220122211222212223122241222512226122271222812229122301223112232122331223412235122361223712238122391224012241122421224312244122451224612247122481224912250122511225212253122541225512256122571225812259122601226112262122631226412265122661226712268122691227012271122721227312274122751227612277122781227912280122811228212283122841228512286122871228812289122901229112292122931229412295122961229712298122991230012301123021230312304123051230612307123081230912310123111231212313123141231512316123171231812319123201232112322123231232412325123261232712328123291233012331123321233312334123351233612337123381233912340123411234212343123441234512346123471234812349123501235112352123531235412355123561235712358123591236012361123621236312364123651236612367123681236912370123711237212373123741237512376123771237812379123801238112382123831238412385123861238712388123891239012391123921239312394123951239612397123981239912400124011240212403124041240512406124071240812409124101241112412124131241412415124161241712418124191242012421124221242312424124251242612427124281242912430124311243212433124341243512436124371243812439124401244112442124431244412445124461244712448124491245012451124521245312454124551245612457124581245912460124611246212463124641246512466124671246812469124701247112472124731247412475124761247712478124791248012481124821248312484124851248612487124881248912490124911249212493124941249512496124971249812499125001250112502125031250412505125061250712508125091251012511125121251312514125151251612517125181251912520125211252212523125241252512526125271252812529125301253112532125331253412535125361253712538125391254012541125421254312544125451254612547125481254912550125511255212553125541255512556125571255812559125601256112562125631256412565125661256712568125691257012571125721257312574125751257612577125781257912580125811258212583125841258512586125871258812589125901259112592125931259412595125961259712598125991260012601126021260312604126051260612607126081260912610126111261212613126141261512616126171261812619126201262112622126231262412625126261262712628126291263012631126321263312634126351263612637126381263912640126411264212643126441264512646126471264812649126501265112652126531265412655126561265712658126591266012661126621266312664126651266612667126681266912670126711267212673126741267512676126771267812679126801268112682126831268412685126861268712688126891269012691126921269312694126951269612697126981269912700127011270212703127041270512706127071270812709127101271112712127131271412715127161271712718127191272012721127221272312724127251272612727127281272912730127311273212733127341273512736127371273812739127401274112742127431274412745127461274712748127491275012751127521275312754127551275612757127581275912760127611276212763127641276512766127671276812769127701277112772127731277412775127761277712778127791278012781127821278312784127851278612787127881278912790127911279212793127941279512796127971279812799128001280112802128031280412805128061280712808128091281012811128121281312814128151281612817128181281912820128211282212823128241282512826128271282812829128301283112832128331283412835128361283712838128391284012841128421284312844128451284612847128481284912850128511285212853128541285512856128571285812859128601286112862128631286412865128661286712868128691287012871128721287312874128751287612877128781287912880128811288212883128841288512886128871288812889128901289112892128931289412895128961289712898128991290012901129021290312904129051290612907129081290912910129111291212913129141291512916129171291812919129201292112922129231292412925129261292712928129291293012931129321293312934129351293612937129381293912940129411294212943129441294512946129471294812949129501295112952129531295412955129561295712958129591296012961129621296312964129651296612967129681296912970129711297212973129741297512976129771297812979129801298112982129831298412985129861298712988129891299012991129921299312994129951299612997129981299913000130011300213003130041300513006130071300813009130101301113012130131301413015130161301713018130191302013021130221302313024130251302613027130281302913030130311303213033130341303513036130371303813039130401304113042130431304413045130461304713048130491305013051130521305313054130551305613057130581305913060130611306213063130641306513066130671306813069130701307113072130731307413075130761307713078130791308013081130821308313084130851308613087130881308913090130911309213093130941309513096130971309813099131001310113102131031310413105131061310713108131091311013111131121311313114131151311613117131181311913120131211312213123131241312513126131271312813129131301313113132131331313413135131361313713138131391314013141131421314313144131451314613147131481314913150131511315213153131541315513156131571315813159131601316113162131631316413165131661316713168131691317013171131721317313174131751317613177131781317913180131811318213183131841318513186131871318813189131901319113192131931319413195131961319713198131991320013201132021320313204132051320613207132081320913210132111321213213132141321513216132171321813219132201322113222132231322413225132261322713228132291323013231132321323313234132351323613237132381323913240132411324213243132441324513246132471324813249132501325113252132531325413255132561325713258132591326013261132621326313264132651326613267132681326913270132711327213273132741327513276132771327813279132801328113282132831328413285132861328713288132891329013291132921329313294132951329613297132981329913300133011330213303133041330513306133071330813309133101331113312133131331413315133161331713318133191332013321133221332313324133251332613327133281332913330133311333213333133341333513336133371333813339133401334113342133431334413345133461334713348133491335013351133521335313354133551335613357133581335913360133611336213363133641336513366133671336813369133701337113372133731337413375133761337713378133791338013381133821338313384133851338613387133881338913390133911339213393133941339513396133971339813399134001340113402134031340413405134061340713408134091341013411134121341313414134151341613417134181341913420134211342213423134241342513426134271342813429134301343113432134331343413435134361343713438134391344013441134421344313444134451344613447134481344913450134511345213453134541345513456134571345813459134601346113462134631346413465134661346713468134691347013471134721347313474134751347613477134781347913480134811348213483134841348513486134871348813489134901349113492134931349413495134961349713498134991350013501135021350313504135051350613507135081350913510135111351213513135141351513516135171351813519135201352113522135231352413525135261352713528135291353013531135321353313534135351353613537135381353913540135411354213543135441354513546135471354813549135501355113552135531355413555135561355713558135591356013561135621356313564135651356613567135681356913570135711357213573135741357513576135771357813579135801358113582135831358413585135861358713588135891359013591135921359313594135951359613597135981359913600136011360213603136041360513606136071360813609136101361113612136131361413615136161361713618136191362013621136221362313624136251362613627136281362913630136311363213633136341363513636136371363813639136401364113642136431364413645136461364713648136491365013651136521365313654136551365613657136581365913660136611366213663136641366513666136671366813669136701367113672136731367413675136761367713678136791368013681136821368313684136851368613687136881368913690136911369213693136941369513696136971369813699137001370113702137031370413705137061370713708137091371013711137121371313714137151371613717137181371913720137211372213723137241372513726137271372813729137301373113732137331373413735137361373713738137391374013741137421374313744137451374613747137481374913750137511375213753137541375513756137571375813759137601376113762137631376413765137661376713768137691377013771137721377313774137751377613777137781377913780137811378213783137841378513786137871378813789137901379113792137931379413795137961379713798137991380013801138021380313804138051380613807138081380913810138111381213813138141381513816138171381813819138201382113822138231382413825138261382713828138291383013831138321383313834138351383613837138381383913840138411384213843138441384513846138471384813849138501385113852138531385413855138561385713858138591386013861138621386313864138651386613867138681386913870138711387213873138741387513876138771387813879138801388113882138831388413885138861388713888138891389013891138921389313894138951389613897138981389913900139011390213903139041390513906139071390813909139101391113912139131391413915139161391713918139191392013921139221392313924139251392613927139281392913930139311393213933139341393513936139371393813939139401394113942139431394413945139461394713948139491395013951139521395313954139551395613957139581395913960139611396213963139641396513966139671396813969139701397113972139731397413975139761397713978139791398013981139821398313984139851398613987139881398913990139911399213993139941399513996139971399813999140001400114002140031400414005140061400714008140091401014011140121401314014140151401614017140181401914020140211402214023140241402514026140271402814029140301403114032140331403414035140361403714038140391404014041140421404314044140451404614047140481404914050140511405214053140541405514056140571405814059140601406114062140631406414065140661406714068140691407014071140721407314074140751407614077140781407914080140811408214083140841408514086140871408814089140901409114092140931409414095140961409714098140991410014101141021410314104141051410614107141081410914110141111411214113141141411514116141171411814119141201412114122141231412414125141261412714128141291413014131141321413314134141351413614137141381413914140141411414214143141441414514146141471414814149141501415114152141531415414155141561415714158141591416014161141621416314164141651416614167141681416914170141711417214173141741417514176141771417814179141801418114182141831418414185141861418714188141891419014191141921419314194141951419614197141981419914200142011420214203142041420514206142071420814209142101421114212142131421414215142161421714218142191422014221142221422314224142251422614227142281422914230142311423214233142341423514236142371423814239142401424114242142431424414245142461424714248142491425014251142521425314254142551425614257142581425914260142611426214263142641426514266142671426814269142701427114272142731427414275142761427714278142791428014281142821428314284142851428614287142881428914290142911429214293142941429514296142971429814299143001430114302143031430414305143061430714308143091431014311143121431314314143151431614317143181431914320143211432214323143241432514326143271432814329143301433114332143331433414335143361433714338143391434014341143421434314344143451434614347143481434914350143511435214353143541435514356143571435814359143601436114362143631436414365143661436714368143691437014371143721437314374143751437614377143781437914380143811438214383143841438514386143871438814389143901439114392143931439414395143961439714398143991440014401144021440314404144051440614407144081440914410144111441214413144141441514416144171441814419144201442114422144231442414425144261442714428144291443014431144321443314434144351443614437144381443914440144411444214443144441444514446144471444814449144501445114452144531445414455144561445714458144591446014461144621446314464144651446614467144681446914470144711447214473144741447514476144771447814479144801448114482144831448414485144861448714488144891449014491144921449314494144951449614497144981449914500145011450214503145041450514506145071450814509145101451114512145131451414515145161451714518145191452014521145221452314524145251452614527145281452914530145311453214533145341453514536145371453814539145401454114542145431454414545145461454714548145491455014551145521455314554145551455614557145581455914560145611456214563145641456514566145671456814569145701457114572145731457414575145761457714578145791458014581145821458314584145851458614587145881458914590145911459214593145941459514596145971459814599146001460114602146031460414605146061460714608146091461014611146121461314614146151461614617146181461914620146211462214623146241462514626146271462814629146301463114632146331463414635146361463714638146391464014641146421464314644146451464614647146481464914650146511465214653146541465514656146571465814659146601466114662146631466414665146661466714668146691467014671146721467314674146751467614677146781467914680146811468214683146841468514686146871468814689146901469114692146931469414695146961469714698146991470014701147021470314704147051470614707147081470914710147111471214713147141471514716147171471814719147201472114722147231472414725147261472714728147291473014731147321473314734147351473614737147381473914740147411474214743147441474514746147471474814749147501475114752147531475414755147561475714758147591476014761147621476314764147651476614767147681476914770147711477214773147741477514776147771477814779147801478114782147831478414785147861478714788147891479014791147921479314794147951479614797147981479914800148011480214803148041480514806148071480814809148101481114812148131481414815148161481714818148191482014821148221482314824148251482614827148281482914830148311483214833148341483514836148371483814839148401484114842148431484414845148461484714848148491485014851148521485314854148551485614857148581485914860148611486214863148641486514866148671486814869148701487114872148731487414875148761487714878148791488014881148821488314884148851488614887148881488914890148911489214893148941489514896148971489814899149001490114902149031490414905149061490714908149091491014911149121491314914149151491614917149181491914920149211492214923149241492514926149271492814929149301493114932149331493414935149361493714938149391494014941149421494314944149451494614947149481494914950149511495214953149541495514956149571495814959149601496114962149631496414965149661496714968149691497014971149721497314974149751497614977149781497914980149811498214983149841498514986149871498814989149901499114992149931499414995149961499714998149991500015001150021500315004150051500615007150081500915010150111501215013150141501515016150171501815019150201502115022150231502415025150261502715028150291503015031150321503315034150351503615037150381503915040150411504215043150441504515046150471504815049150501505115052150531505415055150561505715058150591506015061150621506315064150651506615067150681506915070150711507215073150741507515076150771507815079150801508115082150831508415085150861508715088150891509015091150921509315094150951509615097150981509915100151011510215103151041510515106151071510815109151101511115112151131511415115151161511715118151191512015121151221512315124151251512615127151281512915130151311513215133151341513515136151371513815139151401514115142151431514415145151461514715148151491515015151151521515315154151551515615157151581515915160151611516215163151641516515166151671516815169151701517115172151731517415175151761517715178151791518015181151821518315184151851518615187151881518915190151911519215193151941519515196151971519815199152001520115202152031520415205152061520715208152091521015211152121521315214152151521615217152181521915220152211522215223152241522515226152271522815229152301523115232152331523415235152361523715238152391524015241152421524315244152451524615247152481524915250152511525215253152541525515256152571525815259152601526115262152631526415265152661526715268152691527015271152721527315274152751527615277152781527915280152811528215283152841528515286152871528815289152901529115292152931529415295152961529715298152991530015301153021530315304153051530615307153081530915310153111531215313153141531515316153171531815319153201532115322153231532415325153261532715328153291533015331153321533315334153351533615337153381533915340153411534215343153441534515346153471534815349153501535115352153531535415355153561535715358153591536015361153621536315364153651536615367153681536915370153711537215373153741537515376153771537815379153801538115382153831538415385153861538715388153891539015391153921539315394153951539615397153981539915400154011540215403154041540515406154071540815409154101541115412154131541415415154161541715418154191542015421154221542315424154251542615427154281542915430154311543215433154341543515436154371543815439154401544115442154431544415445154461544715448154491545015451154521545315454154551545615457154581545915460154611546215463154641546515466154671546815469154701547115472154731547415475154761547715478154791548015481154821548315484154851548615487154881548915490154911549215493154941549515496154971549815499155001550115502155031550415505155061550715508155091551015511155121551315514155151551615517155181551915520155211552215523155241552515526155271552815529155301553115532155331553415535155361553715538155391554015541155421554315544155451554615547155481554915550155511555215553155541555515556155571555815559155601556115562155631556415565155661556715568155691557015571155721557315574155751557615577155781557915580155811558215583155841558515586155871558815589155901559115592155931559415595155961559715598155991560015601156021560315604156051560615607156081560915610156111561215613156141561515616156171561815619156201562115622156231562415625156261562715628156291563015631156321563315634156351563615637156381563915640156411564215643156441564515646156471564815649156501565115652156531565415655156561565715658156591566015661156621566315664156651566615667156681566915670156711567215673156741567515676156771567815679156801568115682156831568415685156861568715688156891569015691156921569315694156951569615697156981569915700157011570215703157041570515706157071570815709157101571115712157131571415715157161571715718157191572015721157221572315724157251572615727157281572915730157311573215733157341573515736157371573815739157401574115742157431574415745157461574715748157491575015751157521575315754157551575615757157581575915760157611576215763157641576515766157671576815769157701577115772157731577415775157761577715778157791578015781157821578315784157851578615787157881578915790157911579215793157941579515796157971579815799158001580115802158031580415805158061580715808158091581015811158121581315814158151581615817158181581915820158211582215823158241582515826158271582815829158301583115832158331583415835158361583715838158391584015841158421584315844158451584615847158481584915850158511585215853158541585515856158571585815859158601586115862158631586415865158661586715868158691587015871158721587315874158751587615877158781587915880158811588215883158841588515886158871588815889158901589115892158931589415895158961589715898158991590015901159021590315904159051590615907159081590915910159111591215913159141591515916159171591815919159201592115922159231592415925159261592715928159291593015931159321593315934159351593615937159381593915940159411594215943159441594515946159471594815949159501595115952159531595415955159561595715958159591596015961159621596315964159651596615967159681596915970159711597215973159741597515976159771597815979159801598115982159831598415985159861598715988159891599015991159921599315994159951599615997159981599916000160011600216003160041600516006160071600816009160101601116012160131601416015160161601716018160191602016021160221602316024160251602616027160281602916030160311603216033160341603516036160371603816039160401604116042160431604416045160461604716048160491605016051160521605316054160551605616057160581605916060160611606216063160641606516066160671606816069160701607116072160731607416075160761607716078160791608016081160821608316084160851608616087160881608916090160911609216093160941609516096160971609816099161001610116102161031610416105161061610716108161091611016111161121611316114161151611616117161181611916120161211612216123161241612516126161271612816129161301613116132161331613416135161361613716138161391614016141161421614316144161451614616147161481614916150161511615216153161541615516156161571615816159161601616116162161631616416165161661616716168161691617016171161721617316174161751617616177161781617916180161811618216183161841618516186161871618816189161901619116192161931619416195161961619716198161991620016201162021620316204162051620616207162081620916210162111621216213162141621516216162171621816219162201622116222162231622416225162261622716228162291623016231162321623316234162351623616237162381623916240162411624216243162441624516246162471624816249162501625116252162531625416255162561625716258162591626016261162621626316264162651626616267162681626916270162711627216273162741627516276162771627816279162801628116282162831628416285162861628716288162891629016291162921629316294162951629616297162981629916300163011630216303163041630516306163071630816309163101631116312163131631416315163161631716318163191632016321163221632316324163251632616327163281632916330163311633216333163341633516336163371633816339163401634116342163431634416345163461634716348163491635016351163521635316354163551635616357163581635916360163611636216363163641636516366163671636816369163701637116372163731637416375163761637716378163791638016381163821638316384163851638616387163881638916390163911639216393163941639516396163971639816399164001640116402164031640416405164061640716408164091641016411164121641316414164151641616417164181641916420164211642216423164241642516426164271642816429164301643116432164331643416435164361643716438164391644016441164421644316444164451644616447164481644916450164511645216453164541645516456164571645816459164601646116462164631646416465164661646716468164691647016471164721647316474164751647616477164781647916480164811648216483164841648516486164871648816489164901649116492164931649416495164961649716498164991650016501165021650316504165051650616507165081650916510165111651216513165141651516516165171651816519165201652116522165231652416525165261652716528165291653016531165321653316534165351653616537165381653916540165411654216543165441654516546165471654816549165501655116552165531655416555165561655716558165591656016561165621656316564165651656616567165681656916570165711657216573165741657516576165771657816579165801658116582165831658416585165861658716588165891659016591165921659316594165951659616597165981659916600166011660216603166041660516606166071660816609166101661116612166131661416615166161661716618166191662016621166221662316624166251662616627166281662916630166311663216633166341663516636166371663816639166401664116642166431664416645166461664716648166491665016651166521665316654166551665616657166581665916660166611666216663166641666516666166671666816669166701667116672166731667416675166761667716678166791668016681166821668316684166851668616687166881668916690166911669216693166941669516696166971669816699167001670116702167031670416705167061670716708167091671016711167121671316714167151671616717167181671916720167211672216723167241672516726167271672816729167301673116732167331673416735167361673716738167391674016741167421674316744167451674616747167481674916750167511675216753167541675516756167571675816759167601676116762167631676416765167661676716768167691677016771167721677316774167751677616777167781677916780167811678216783167841678516786167871678816789167901679116792167931679416795167961679716798167991680016801168021680316804168051680616807168081680916810168111681216813168141681516816168171681816819168201682116822168231682416825168261682716828168291683016831168321683316834168351683616837168381683916840168411684216843168441684516846168471684816849168501685116852168531685416855168561685716858168591686016861168621686316864168651686616867168681686916870168711687216873168741687516876168771687816879168801688116882168831688416885168861688716888168891689016891168921689316894168951689616897168981689916900169011690216903169041690516906169071690816909169101691116912169131691416915169161691716918169191692016921169221692316924169251692616927169281692916930169311693216933169341693516936169371693816939169401694116942169431694416945169461694716948169491695016951169521695316954169551695616957169581695916960169611696216963169641696516966169671696816969169701697116972169731697416975169761697716978169791698016981169821698316984169851698616987169881698916990169911699216993169941699516996169971699816999170001700117002170031700417005170061700717008170091701017011170121701317014170151701617017170181701917020170211702217023170241702517026170271702817029170301703117032170331703417035170361703717038170391704017041170421704317044170451704617047170481704917050170511705217053170541705517056170571705817059170601706117062170631706417065170661706717068170691707017071170721707317074170751707617077170781707917080170811708217083170841708517086170871708817089170901709117092170931709417095170961709717098170991710017101171021710317104171051710617107171081710917110171111711217113171141711517116171171711817119171201712117122171231712417125171261712717128171291713017131171321713317134171351713617137171381713917140171411714217143171441714517146171471714817149171501715117152171531715417155171561715717158171591716017161171621716317164171651716617167171681716917170171711717217173171741717517176171771717817179171801718117182171831718417185171861718717188171891719017191171921719317194171951719617197171981719917200172011720217203172041720517206172071720817209172101721117212172131721417215172161721717218172191722017221172221722317224172251722617227172281722917230172311723217233172341723517236172371723817239172401724117242172431724417245172461724717248172491725017251172521725317254172551725617257172581725917260172611726217263172641726517266172671726817269172701727117272172731727417275172761727717278172791728017281172821728317284172851728617287172881728917290172911729217293172941729517296172971729817299173001730117302173031730417305173061730717308173091731017311173121731317314173151731617317173181731917320173211732217323173241732517326173271732817329173301733117332173331733417335173361733717338173391734017341173421734317344173451734617347173481734917350173511735217353173541735517356173571735817359173601736117362173631736417365173661736717368173691737017371173721737317374173751737617377173781737917380173811738217383173841738517386173871738817389173901739117392173931739417395173961739717398173991740017401174021740317404174051740617407174081740917410174111741217413174141741517416174171741817419174201742117422174231742417425174261742717428174291743017431174321743317434174351743617437174381743917440174411744217443174441744517446174471744817449174501745117452174531745417455174561745717458174591746017461174621746317464174651746617467174681746917470174711747217473174741747517476174771747817479174801748117482174831748417485174861748717488174891749017491174921749317494174951749617497174981749917500175011750217503175041750517506175071750817509175101751117512175131751417515175161751717518175191752017521175221752317524175251752617527175281752917530175311753217533175341753517536175371753817539175401754117542175431754417545175461754717548175491755017551175521755317554175551755617557175581755917560175611756217563175641756517566175671756817569175701757117572175731757417575175761757717578175791758017581175821758317584175851758617587175881758917590175911759217593175941759517596175971759817599176001760117602176031760417605176061760717608176091761017611176121761317614176151761617617176181761917620176211762217623176241762517626176271762817629176301763117632176331763417635176361763717638176391764017641176421764317644176451764617647176481764917650176511765217653176541765517656176571765817659176601766117662176631766417665176661766717668176691767017671176721767317674176751767617677176781767917680176811768217683176841768517686176871768817689176901769117692176931769417695176961769717698176991770017701177021770317704177051770617707177081770917710177111771217713177141771517716177171771817719177201772117722177231772417725177261772717728177291773017731177321773317734177351773617737177381773917740177411774217743177441774517746177471774817749177501775117752177531775417755177561775717758177591776017761177621776317764177651776617767177681776917770177711777217773177741777517776177771777817779177801778117782177831778417785177861778717788177891779017791177921779317794177951779617797177981779917800178011780217803178041780517806178071780817809178101781117812178131781417815178161781717818178191782017821178221782317824178251782617827178281782917830178311783217833178341783517836178371783817839178401784117842178431784417845178461784717848178491785017851178521785317854178551785617857178581785917860178611786217863178641786517866178671786817869178701787117872178731787417875178761787717878178791788017881178821788317884178851788617887178881788917890178911789217893178941789517896178971789817899179001790117902179031790417905179061790717908179091791017911179121791317914179151791617917179181791917920179211792217923179241792517926179271792817929179301793117932179331793417935179361793717938179391794017941179421794317944179451794617947179481794917950179511795217953179541795517956179571795817959179601796117962179631796417965179661796717968179691797017971179721797317974179751797617977179781797917980179811798217983179841798517986179871798817989179901799117992179931799417995179961799717998179991800018001180021800318004180051800618007180081800918010180111801218013180141801518016180171801818019180201802118022180231802418025180261802718028180291803018031180321803318034180351803618037180381803918040180411804218043180441804518046180471804818049180501805118052180531805418055180561805718058180591806018061180621806318064180651806618067180681806918070180711807218073180741807518076180771807818079180801808118082180831808418085180861808718088180891809018091180921809318094180951809618097180981809918100181011810218103181041810518106181071810818109181101811118112181131811418115181161811718118181191812018121181221812318124181251812618127181281812918130181311813218133181341813518136181371813818139181401814118142181431814418145181461814718148181491815018151181521815318154181551815618157181581815918160181611816218163181641816518166181671816818169181701817118172181731817418175181761817718178181791818018181181821818318184181851818618187181881818918190181911819218193181941819518196181971819818199182001820118202182031820418205182061820718208182091821018211182121821318214182151821618217182181821918220182211822218223182241822518226182271822818229182301823118232182331823418235182361823718238182391824018241182421824318244182451824618247182481824918250182511825218253182541825518256182571825818259182601826118262182631826418265182661826718268182691827018271182721827318274182751827618277182781827918280182811828218283182841828518286182871828818289182901829118292182931829418295182961829718298182991830018301183021830318304183051830618307183081830918310183111831218313183141831518316183171831818319183201832118322183231832418325183261832718328183291833018331183321833318334183351833618337183381833918340183411834218343183441834518346183471834818349183501835118352183531835418355183561835718358183591836018361183621836318364183651836618367183681836918370183711837218373183741837518376183771837818379183801838118382183831838418385183861838718388183891839018391183921839318394183951839618397183981839918400184011840218403184041840518406184071840818409184101841118412184131841418415184161841718418184191842018421184221842318424184251842618427184281842918430184311843218433184341843518436184371843818439184401844118442184431844418445184461844718448184491845018451184521845318454184551845618457184581845918460184611846218463184641846518466184671846818469184701847118472184731847418475184761847718478184791848018481184821848318484184851848618487184881848918490184911849218493184941849518496184971849818499185001850118502185031850418505185061850718508185091851018511185121851318514185151851618517185181851918520185211852218523185241852518526185271852818529185301853118532185331853418535185361853718538185391854018541185421854318544185451854618547185481854918550185511855218553185541855518556185571855818559185601856118562185631856418565185661856718568185691857018571185721857318574185751857618577185781857918580185811858218583185841858518586185871858818589185901859118592185931859418595185961859718598185991860018601186021860318604186051860618607186081860918610186111861218613186141861518616186171861818619186201862118622186231862418625186261862718628186291863018631186321863318634186351863618637186381863918640186411864218643186441864518646186471864818649186501865118652186531865418655186561865718658186591866018661186621866318664186651866618667186681866918670186711867218673186741867518676186771867818679186801868118682186831868418685186861868718688186891869018691186921869318694186951869618697186981869918700187011870218703187041870518706187071870818709187101871118712187131871418715187161871718718187191872018721187221872318724187251872618727187281872918730187311873218733187341873518736187371873818739187401874118742187431874418745187461874718748187491875018751187521875318754187551875618757187581875918760187611876218763187641876518766187671876818769187701877118772187731877418775187761877718778187791878018781187821878318784187851878618787187881878918790187911879218793187941879518796187971879818799188001880118802188031880418805188061880718808188091881018811188121881318814188151881618817188181881918820188211882218823188241882518826188271882818829188301883118832188331883418835188361883718838188391884018841188421884318844188451884618847188481884918850188511885218853188541885518856188571885818859188601886118862188631886418865188661886718868188691887018871188721887318874188751887618877188781887918880188811888218883188841888518886188871888818889188901889118892188931889418895188961889718898188991890018901189021890318904189051890618907189081890918910189111891218913189141891518916189171891818919189201892118922189231892418925189261892718928189291893018931189321893318934189351893618937189381893918940189411894218943189441894518946189471894818949189501895118952189531895418955189561895718958189591896018961189621896318964189651896618967189681896918970189711897218973189741897518976189771897818979189801898118982189831898418985189861898718988189891899018991189921899318994189951899618997189981899919000190011900219003190041900519006190071900819009190101901119012190131901419015190161901719018190191902019021190221902319024190251902619027190281902919030190311903219033190341903519036190371903819039190401904119042190431904419045190461904719048190491905019051190521905319054190551905619057190581905919060190611906219063190641906519066190671906819069190701907119072190731907419075190761907719078190791908019081190821908319084190851908619087190881908919090190911909219093190941909519096190971909819099191001910119102191031910419105191061910719108191091911019111191121911319114191151911619117191181911919120191211912219123191241912519126191271912819129191301913119132191331913419135191361913719138191391914019141191421914319144191451914619147191481914919150191511915219153191541915519156191571915819159191601916119162191631916419165191661916719168191691917019171191721917319174191751917619177191781917919180191811918219183191841918519186191871918819189191901919119192191931919419195191961919719198191991920019201192021920319204192051920619207192081920919210192111921219213192141921519216192171921819219192201922119222192231922419225192261922719228192291923019231192321923319234192351923619237192381923919240192411924219243192441924519246192471924819249192501925119252192531925419255192561925719258192591926019261192621926319264192651926619267192681926919270192711927219273192741927519276192771927819279192801928119282192831928419285192861928719288192891929019291192921929319294192951929619297192981929919300193011930219303193041930519306193071930819309193101931119312193131931419315193161931719318193191932019321193221932319324193251932619327193281932919330193311933219333193341933519336193371933819339193401934119342193431934419345193461934719348193491935019351193521935319354193551935619357193581935919360193611936219363193641936519366193671936819369193701937119372193731937419375193761937719378193791938019381193821938319384193851938619387193881938919390193911939219393193941939519396193971939819399194001940119402194031940419405194061940719408194091941019411194121941319414194151941619417194181941919420194211942219423194241942519426194271942819429194301943119432194331943419435194361943719438194391944019441194421944319444194451944619447194481944919450194511945219453194541945519456194571945819459194601946119462194631946419465194661946719468194691947019471194721947319474194751947619477194781947919480194811948219483194841948519486194871948819489194901949119492194931949419495194961949719498194991950019501195021950319504195051950619507195081950919510195111951219513195141951519516195171951819519195201952119522195231952419525195261952719528195291953019531195321953319534195351953619537195381953919540195411954219543195441954519546195471954819549195501955119552195531955419555195561955719558195591956019561195621956319564195651956619567195681956919570195711957219573195741957519576195771957819579195801958119582195831958419585195861958719588195891959019591195921959319594195951959619597195981959919600196011960219603196041960519606196071960819609196101961119612196131961419615196161961719618196191962019621196221962319624196251962619627196281962919630196311963219633196341963519636196371963819639196401964119642196431964419645196461964719648196491965019651196521965319654196551965619657196581965919660196611966219663196641966519666196671966819669196701967119672196731967419675196761967719678196791968019681196821968319684196851968619687196881968919690196911969219693196941969519696196971969819699197001970119702197031970419705197061970719708197091971019711197121971319714197151971619717197181971919720197211972219723197241972519726197271972819729197301973119732197331973419735197361973719738197391974019741197421974319744197451974619747197481974919750197511975219753197541975519756197571975819759197601976119762197631976419765197661976719768197691977019771197721977319774197751977619777197781977919780197811978219783197841978519786197871978819789197901979119792197931979419795197961979719798197991980019801198021980319804198051980619807198081980919810198111981219813198141981519816198171981819819198201982119822198231982419825198261982719828198291983019831198321983319834198351983619837198381983919840198411984219843198441984519846198471984819849198501985119852198531985419855198561985719858198591986019861198621986319864198651986619867198681986919870198711987219873198741987519876198771987819879198801988119882198831988419885198861988719888198891989019891198921989319894198951989619897198981989919900199011990219903199041990519906199071990819909199101991119912199131991419915199161991719918199191992019921199221992319924199251992619927199281992919930199311993219933199341993519936199371993819939199401994119942199431994419945199461994719948199491995019951199521995319954199551995619957199581995919960199611996219963199641996519966199671996819969199701997119972199731997419975199761997719978199791998019981199821998319984199851998619987199881998919990199911999219993199941999519996199971999819999200002000120002200032000420005200062000720008200092001020011200122001320014200152001620017200182001920020200212002220023200242002520026200272002820029200302003120032200332003420035200362003720038200392004020041200422004320044200452004620047200482004920050200512005220053200542005520056200572005820059200602006120062200632006420065200662006720068200692007020071200722007320074200752007620077200782007920080200812008220083200842008520086200872008820089200902009120092200932009420095200962009720098200992010020101201022010320104201052010620107201082010920110201112011220113201142011520116201172011820119201202012120122201232012420125201262012720128201292013020131201322013320134201352013620137201382013920140201412014220143201442014520146201472014820149201502015120152201532015420155201562015720158201592016020161201622016320164201652016620167201682016920170201712017220173201742017520176201772017820179201802018120182201832018420185201862018720188201892019020191201922019320194201952019620197201982019920200202012020220203202042020520206202072020820209202102021120212202132021420215202162021720218202192022020221202222022320224202252022620227202282022920230202312023220233202342023520236202372023820239202402024120242202432024420245202462024720248202492025020251202522025320254202552025620257202582025920260202612026220263202642026520266202672026820269202702027120272202732027420275202762027720278202792028020281202822028320284202852028620287202882028920290202912029220293202942029520296202972029820299203002030120302203032030420305203062030720308203092031020311203122031320314203152031620317203182031920320203212032220323203242032520326203272032820329203302033120332203332033420335203362033720338203392034020341203422034320344203452034620347203482034920350203512035220353203542035520356203572035820359203602036120362203632036420365203662036720368203692037020371203722037320374203752037620377203782037920380203812038220383203842038520386203872038820389203902039120392203932039420395203962039720398203992040020401204022040320404204052040620407204082040920410204112041220413204142041520416204172041820419204202042120422204232042420425204262042720428204292043020431204322043320434204352043620437204382043920440204412044220443204442044520446204472044820449204502045120452204532045420455204562045720458204592046020461204622046320464204652046620467204682046920470204712047220473204742047520476204772047820479204802048120482204832048420485204862048720488204892049020491204922049320494204952049620497204982049920500205012050220503205042050520506205072050820509205102051120512205132051420515205162051720518205192052020521205222052320524205252052620527205282052920530205312053220533205342053520536205372053820539205402054120542205432054420545205462054720548205492055020551205522055320554205552055620557205582055920560205612056220563205642056520566205672056820569205702057120572205732057420575205762057720578205792058020581205822058320584205852058620587205882058920590205912059220593205942059520596205972059820599206002060120602206032060420605206062060720608206092061020611206122061320614206152061620617206182061920620206212062220623206242062520626206272062820629206302063120632206332063420635206362063720638206392064020641206422064320644206452064620647206482064920650206512065220653206542065520656206572065820659206602066120662206632066420665206662066720668206692067020671206722067320674206752067620677206782067920680206812068220683206842068520686206872068820689206902069120692206932069420695206962069720698206992070020701207022070320704207052070620707207082070920710207112071220713207142071520716207172071820719207202072120722207232072420725207262072720728207292073020731207322073320734207352073620737207382073920740207412074220743207442074520746207472074820749207502075120752207532075420755207562075720758207592076020761207622076320764207652076620767207682076920770207712077220773207742077520776207772077820779207802078120782207832078420785207862078720788207892079020791207922079320794207952079620797207982079920800208012080220803208042080520806208072080820809208102081120812208132081420815208162081720818208192082020821208222082320824208252082620827208282082920830208312083220833208342083520836208372083820839208402084120842208432084420845208462084720848208492085020851208522085320854208552085620857208582085920860208612086220863208642086520866208672086820869208702087120872208732087420875208762087720878208792088020881208822088320884208852088620887208882088920890208912089220893208942089520896208972089820899209002090120902209032090420905209062090720908209092091020911209122091320914209152091620917209182091920920209212092220923209242092520926209272092820929209302093120932209332093420935209362093720938209392094020941209422094320944209452094620947209482094920950209512095220953209542095520956209572095820959209602096120962209632096420965209662096720968209692097020971209722097320974209752097620977209782097920980209812098220983209842098520986209872098820989209902099120992209932099420995209962099720998209992100021001210022100321004210052100621007210082100921010210112101221013210142101521016210172101821019210202102121022210232102421025210262102721028210292103021031210322103321034210352103621037210382103921040210412104221043210442104521046210472104821049210502105121052210532105421055210562105721058210592106021061210622106321064210652106621067210682106921070210712107221073210742107521076210772107821079210802108121082210832108421085210862108721088210892109021091210922109321094210952109621097210982109921100211012110221103211042110521106211072110821109211102111121112211132111421115211162111721118211192112021121211222112321124211252112621127211282112921130211312113221133211342113521136211372113821139211402114121142211432114421145211462114721148211492115021151211522115321154211552115621157211582115921160211612116221163211642116521166211672116821169211702117121172211732117421175211762117721178211792118021181211822118321184211852118621187211882118921190211912119221193211942119521196211972119821199212002120121202212032120421205212062120721208212092121021211212122121321214212152121621217212182121921220212212122221223212242122521226212272122821229212302123121232212332123421235212362123721238212392124021241212422124321244212452124621247212482124921250212512125221253212542125521256212572125821259212602126121262212632126421265212662126721268212692127021271212722127321274212752127621277212782127921280212812128221283212842128521286212872128821289212902129121292212932129421295212962129721298212992130021301213022130321304213052130621307213082130921310213112131221313213142131521316213172131821319213202132121322213232132421325213262132721328213292133021331213322133321334213352133621337213382133921340213412134221343213442134521346213472134821349213502135121352213532135421355213562135721358213592136021361213622136321364213652136621367213682136921370213712137221373213742137521376213772137821379213802138121382213832138421385213862138721388213892139021391213922139321394213952139621397213982139921400214012140221403214042140521406214072140821409214102141121412214132141421415214162141721418214192142021421214222142321424214252142621427214282142921430214312143221433214342143521436214372143821439214402144121442214432144421445214462144721448214492145021451214522145321454214552145621457214582145921460214612146221463214642146521466214672146821469214702147121472214732147421475214762147721478214792148021481214822148321484214852148621487214882148921490214912149221493214942149521496214972149821499215002150121502215032150421505215062150721508215092151021511215122151321514215152151621517215182151921520215212152221523215242152521526215272152821529215302153121532215332153421535215362153721538215392154021541215422154321544215452154621547215482154921550215512155221553215542155521556215572155821559215602156121562215632156421565215662156721568215692157021571215722157321574215752157621577215782157921580215812158221583215842158521586215872158821589215902159121592215932159421595215962159721598215992160021601216022160321604216052160621607216082160921610216112161221613216142161521616216172161821619216202162121622216232162421625216262162721628216292163021631216322163321634216352163621637216382163921640216412164221643216442164521646216472164821649216502165121652216532165421655216562165721658216592166021661216622166321664216652166621667216682166921670216712167221673216742167521676216772167821679216802168121682216832168421685216862168721688216892169021691216922169321694216952169621697216982169921700217012170221703217042170521706217072170821709217102171121712217132171421715217162171721718217192172021721217222172321724217252172621727217282172921730217312173221733217342173521736217372173821739217402174121742217432174421745217462174721748217492175021751217522175321754217552175621757217582175921760217612176221763217642176521766217672176821769217702177121772217732177421775217762177721778217792178021781217822178321784217852178621787217882178921790217912179221793217942179521796217972179821799218002180121802218032180421805218062180721808218092181021811218122181321814218152181621817218182181921820218212182221823218242182521826218272182821829218302183121832218332183421835218362183721838218392184021841218422184321844218452184621847218482184921850218512185221853218542185521856218572185821859218602186121862218632186421865218662186721868218692187021871218722187321874218752187621877218782187921880218812188221883218842188521886218872188821889218902189121892218932189421895218962189721898218992190021901219022190321904219052190621907219082190921910219112191221913219142191521916219172191821919219202192121922219232192421925219262192721928219292193021931219322193321934219352193621937219382193921940219412194221943219442194521946219472194821949219502195121952219532195421955219562195721958219592196021961219622196321964219652196621967219682196921970219712197221973219742197521976219772197821979219802198121982219832198421985219862198721988219892199021991219922199321994219952199621997219982199922000220012200222003220042200522006220072200822009220102201122012220132201422015220162201722018220192202022021220222202322024220252202622027220282202922030220312203222033220342203522036220372203822039220402204122042220432204422045220462204722048220492205022051220522205322054220552205622057220582205922060220612206222063220642206522066220672206822069220702207122072220732207422075220762207722078220792208022081220822208322084220852208622087220882208922090220912209222093220942209522096220972209822099221002210122102221032210422105221062210722108221092211022111221122211322114221152211622117221182211922120221212212222123221242212522126221272212822129221302213122132221332213422135221362213722138221392214022141221422214322144221452214622147221482214922150221512215222153221542215522156221572215822159221602216122162221632216422165221662216722168221692217022171221722217322174221752217622177221782217922180221812218222183221842218522186221872218822189221902219122192221932219422195221962219722198221992220022201222022220322204222052220622207222082220922210222112221222213222142221522216222172221822219222202222122222222232222422225222262222722228222292223022231222322223322234222352223622237222382223922240222412224222243222442224522246222472224822249222502225122252222532225422255222562225722258222592226022261222622226322264222652226622267222682226922270222712227222273222742227522276222772227822279222802228122282222832228422285222862228722288222892229022291222922229322294222952229622297222982229922300223012230222303223042230522306223072230822309223102231122312223132231422315223162231722318223192232022321223222232322324223252232622327223282232922330223312233222333223342233522336223372233822339223402234122342223432234422345223462234722348223492235022351223522235322354223552235622357223582235922360223612236222363223642236522366223672236822369223702237122372223732237422375223762237722378223792238022381223822238322384223852238622387223882238922390223912239222393223942239522396223972239822399224002240122402224032240422405224062240722408224092241022411224122241322414224152241622417224182241922420224212242222423224242242522426224272242822429224302243122432224332243422435224362243722438224392244022441224422244322444224452244622447224482244922450224512245222453224542245522456224572245822459224602246122462224632246422465224662246722468224692247022471224722247322474224752247622477224782247922480224812248222483224842248522486224872248822489224902249122492224932249422495224962249722498224992250022501225022250322504225052250622507225082250922510225112251222513225142251522516225172251822519225202252122522225232252422525225262252722528225292253022531225322253322534225352253622537225382253922540225412254222543225442254522546225472254822549225502255122552225532255422555225562255722558225592256022561225622256322564225652256622567225682256922570225712257222573225742257522576225772257822579225802258122582225832258422585225862258722588225892259022591225922259322594225952259622597225982259922600226012260222603226042260522606226072260822609226102261122612226132261422615226162261722618226192262022621226222262322624226252262622627226282262922630226312263222633226342263522636226372263822639226402264122642226432264422645226462264722648226492265022651226522265322654226552265622657226582265922660226612266222663226642266522666226672266822669226702267122672226732267422675226762267722678226792268022681226822268322684226852268622687226882268922690226912269222693226942269522696226972269822699227002270122702227032270422705227062270722708227092271022711227122271322714227152271622717227182271922720227212272222723227242272522726227272272822729227302273122732227332273422735227362273722738227392274022741227422274322744227452274622747227482274922750227512275222753227542275522756227572275822759227602276122762227632276422765227662276722768227692277022771227722277322774227752277622777227782277922780227812278222783227842278522786227872278822789227902279122792227932279422795227962279722798227992280022801228022280322804228052280622807228082280922810228112281222813228142281522816228172281822819228202282122822228232282422825228262282722828228292283022831228322283322834228352283622837228382283922840228412284222843228442284522846228472284822849228502285122852228532285422855228562285722858228592286022861228622286322864228652286622867228682286922870228712287222873228742287522876228772287822879228802288122882228832288422885228862288722888228892289022891228922289322894228952289622897228982289922900229012290222903229042290522906229072290822909229102291122912229132291422915229162291722918229192292022921229222292322924229252292622927229282292922930229312293222933229342293522936229372293822939229402294122942229432294422945229462294722948229492295022951229522295322954229552295622957229582295922960229612296222963229642296522966229672296822969229702297122972229732297422975229762297722978229792298022981229822298322984229852298622987229882298922990229912299222993229942299522996229972299822999230002300123002230032300423005230062300723008230092301023011230122301323014230152301623017230182301923020230212302223023230242302523026230272302823029230302303123032230332303423035230362303723038230392304023041230422304323044230452304623047230482304923050230512305223053230542305523056230572305823059230602306123062230632306423065230662306723068230692307023071230722307323074230752307623077230782307923080230812308223083230842308523086230872308823089230902309123092230932309423095230962309723098230992310023101231022310323104231052310623107231082310923110231112311223113231142311523116231172311823119231202312123122231232312423125231262312723128231292313023131231322313323134231352313623137231382313923140231412314223143231442314523146231472314823149231502315123152231532315423155231562315723158231592316023161231622316323164231652316623167231682316923170231712317223173231742317523176231772317823179231802318123182231832318423185231862318723188231892319023191231922319323194231952319623197231982319923200232012320223203232042320523206232072320823209232102321123212232132321423215232162321723218232192322023221232222322323224232252322623227232282322923230232312323223233232342323523236232372323823239232402324123242232432324423245232462324723248232492325023251232522325323254232552325623257232582325923260232612326223263232642326523266232672326823269232702327123272232732327423275232762327723278232792328023281232822328323284232852328623287232882328923290232912329223293232942329523296232972329823299233002330123302233032330423305233062330723308233092331023311233122331323314233152331623317233182331923320233212332223323233242332523326233272332823329233302333123332233332333423335233362333723338233392334023341233422334323344233452334623347233482334923350233512335223353233542335523356233572335823359233602336123362233632336423365233662336723368233692337023371233722337323374233752337623377233782337923380233812338223383233842338523386233872338823389233902339123392233932339423395233962339723398233992340023401234022340323404234052340623407234082340923410234112341223413234142341523416234172341823419234202342123422234232342423425234262342723428234292343023431234322343323434234352343623437234382343923440234412344223443234442344523446234472344823449234502345123452234532345423455234562345723458234592346023461234622346323464234652346623467234682346923470234712347223473234742347523476234772347823479234802348123482234832348423485234862348723488234892349023491234922349323494234952349623497234982349923500235012350223503235042350523506235072350823509235102351123512235132351423515235162351723518235192352023521235222352323524235252352623527235282352923530235312353223533235342353523536235372353823539235402354123542235432354423545235462354723548235492355023551235522355323554235552355623557235582355923560235612356223563235642356523566235672356823569235702357123572235732357423575235762357723578235792358023581235822358323584235852358623587235882358923590235912359223593235942359523596235972359823599236002360123602236032360423605236062360723608236092361023611236122361323614236152361623617236182361923620236212362223623236242362523626236272362823629236302363123632236332363423635236362363723638236392364023641236422364323644236452364623647236482364923650236512365223653236542365523656236572365823659236602366123662236632366423665236662366723668236692367023671236722367323674236752367623677236782367923680236812368223683236842368523686236872368823689236902369123692236932369423695236962369723698236992370023701237022370323704237052370623707237082370923710237112371223713237142371523716237172371823719237202372123722237232372423725237262372723728237292373023731237322373323734237352373623737237382373923740237412374223743237442374523746237472374823749237502375123752237532375423755237562375723758237592376023761237622376323764237652376623767237682376923770237712377223773237742377523776237772377823779237802378123782237832378423785237862378723788237892379023791237922379323794237952379623797237982379923800238012380223803238042380523806238072380823809238102381123812238132381423815238162381723818238192382023821238222382323824238252382623827238282382923830238312383223833238342383523836238372383823839238402384123842238432384423845238462384723848238492385023851238522385323854238552385623857238582385923860238612386223863238642386523866238672386823869238702387123872238732387423875238762387723878238792388023881238822388323884238852388623887238882388923890238912389223893238942389523896238972389823899239002390123902239032390423905239062390723908239092391023911239122391323914239152391623917239182391923920239212392223923239242392523926239272392823929239302393123932239332393423935239362393723938239392394023941239422394323944239452394623947239482394923950239512395223953239542395523956239572395823959239602396123962239632396423965239662396723968239692397023971239722397323974239752397623977239782397923980239812398223983239842398523986239872398823989239902399123992239932399423995239962399723998239992400024001240022400324004240052400624007240082400924010240112401224013240142401524016240172401824019240202402124022240232402424025240262402724028240292403024031240322403324034240352403624037240382403924040240412404224043240442404524046240472404824049240502405124052240532405424055240562405724058240592406024061240622406324064240652406624067240682406924070240712407224073240742407524076240772407824079240802408124082240832408424085240862408724088240892409024091240922409324094240952409624097240982409924100241012410224103241042410524106241072410824109241102411124112241132411424115241162411724118241192412024121241222412324124241252412624127241282412924130241312413224133241342413524136241372413824139241402414124142241432414424145241462414724148241492415024151241522415324154241552415624157241582415924160241612416224163241642416524166241672416824169241702417124172241732417424175241762417724178241792418024181241822418324184241852418624187241882418924190241912419224193241942419524196241972419824199242002420124202242032420424205242062420724208242092421024211242122421324214242152421624217242182421924220242212422224223242242422524226242272422824229242302423124232242332423424235242362423724238242392424024241242422424324244242452424624247242482424924250242512425224253242542425524256242572425824259242602426124262242632426424265242662426724268242692427024271242722427324274242752427624277242782427924280242812428224283242842428524286242872428824289242902429124292242932429424295242962429724298242992430024301243022430324304243052430624307243082430924310243112431224313243142431524316243172431824319243202432124322243232432424325243262432724328243292433024331243322433324334243352433624337243382433924340243412434224343243442434524346243472434824349243502435124352243532435424355243562435724358243592436024361243622436324364243652436624367243682436924370243712437224373243742437524376243772437824379243802438124382243832438424385243862438724388243892439024391243922439324394243952439624397243982439924400244012440224403244042440524406244072440824409244102441124412244132441424415244162441724418244192442024421244222442324424244252442624427244282442924430244312443224433244342443524436244372443824439244402444124442244432444424445244462444724448244492445024451244522445324454244552445624457244582445924460244612446224463244642446524466244672446824469244702447124472244732447424475244762447724478244792448024481244822448324484244852448624487244882448924490244912449224493244942449524496244972449824499245002450124502245032450424505245062450724508245092451024511245122451324514245152451624517245182451924520245212452224523245242452524526245272452824529245302453124532245332453424535245362453724538245392454024541245422454324544245452454624547245482454924550245512455224553245542455524556245572455824559245602456124562245632456424565245662456724568245692457024571245722457324574245752457624577245782457924580245812458224583245842458524586245872458824589245902459124592245932459424595245962459724598245992460024601246022460324604246052460624607246082460924610246112461224613246142461524616246172461824619246202462124622246232462424625246262462724628246292463024631246322463324634246352463624637246382463924640246412464224643246442464524646246472464824649246502465124652246532465424655246562465724658246592466024661246622466324664246652466624667246682466924670246712467224673246742467524676246772467824679246802468124682246832468424685246862468724688246892469024691246922469324694246952469624697246982469924700247012470224703247042470524706247072470824709247102471124712247132471424715247162471724718247192472024721247222472324724247252472624727247282472924730247312473224733247342473524736247372473824739247402474124742247432474424745247462474724748247492475024751247522475324754247552475624757247582475924760247612476224763247642476524766247672476824769247702477124772247732477424775247762477724778247792478024781247822478324784247852478624787247882478924790247912479224793247942479524796247972479824799248002480124802248032480424805248062480724808248092481024811248122481324814248152481624817248182481924820248212482224823248242482524826248272482824829248302483124832248332483424835248362483724838248392484024841248422484324844248452484624847248482484924850248512485224853248542485524856248572485824859248602486124862248632486424865248662486724868248692487024871248722487324874248752487624877248782487924880248812488224883248842488524886248872488824889248902489124892248932489424895248962489724898248992490024901249022490324904249052490624907249082490924910249112491224913249142491524916249172491824919249202492124922249232492424925249262492724928249292493024931249322493324934249352493624937249382493924940249412494224943249442494524946249472494824949249502495124952249532495424955249562495724958249592496024961249622496324964249652496624967249682496924970249712497224973249742497524976249772497824979249802498124982249832498424985249862498724988249892499024991249922499324994249952499624997249982499925000250012500225003250042500525006250072500825009250102501125012250132501425015250162501725018250192502025021250222502325024250252502625027250282502925030250312503225033250342503525036250372503825039250402504125042250432504425045250462504725048250492505025051250522505325054250552505625057250582505925060250612506225063250642506525066250672506825069250702507125072250732507425075250762507725078250792508025081250822508325084250852508625087250882508925090250912509225093250942509525096250972509825099251002510125102251032510425105251062510725108251092511025111251122511325114251152511625117251182511925120251212512225123251242512525126251272512825129251302513125132251332513425135251362513725138251392514025141251422514325144251452514625147251482514925150251512515225153251542515525156251572515825159251602516125162251632516425165251662516725168251692517025171251722517325174251752517625177251782517925180251812518225183251842518525186251872518825189251902519125192251932519425195251962519725198251992520025201252022520325204252052520625207252082520925210252112521225213252142521525216252172521825219252202522125222252232522425225252262522725228252292523025231252322523325234252352523625237252382523925240252412524225243252442524525246252472524825249252502525125252252532525425255252562525725258252592526025261252622526325264252652526625267252682526925270252712527225273252742527525276252772527825279252802528125282252832528425285252862528725288252892529025291252922529325294252952529625297252982529925300253012530225303253042530525306253072530825309253102531125312253132531425315253162531725318253192532025321253222532325324253252532625327253282532925330253312533225333253342533525336253372533825339253402534125342253432534425345253462534725348253492535025351253522535325354253552535625357253582535925360253612536225363253642536525366253672536825369253702537125372253732537425375253762537725378253792538025381253822538325384253852538625387253882538925390253912539225393253942539525396253972539825399254002540125402254032540425405254062540725408254092541025411254122541325414254152541625417254182541925420254212542225423254242542525426254272542825429254302543125432254332543425435254362543725438254392544025441254422544325444254452544625447254482544925450254512545225453254542545525456254572545825459254602546125462254632546425465254662546725468254692547025471254722547325474254752547625477254782547925480254812548225483254842548525486254872548825489254902549125492254932549425495254962549725498254992550025501255022550325504255052550625507255082550925510255112551225513255142551525516255172551825519255202552125522255232552425525255262552725528255292553025531255322553325534255352553625537255382553925540255412554225543255442554525546255472554825549255502555125552255532555425555255562555725558255592556025561255622556325564255652556625567255682556925570255712557225573255742557525576255772557825579255802558125582255832558425585255862558725588255892559025591255922559325594255952559625597255982559925600256012560225603256042560525606256072560825609256102561125612256132561425615256162561725618256192562025621256222562325624256252562625627256282562925630256312563225633256342563525636256372563825639256402564125642256432564425645256462564725648256492565025651256522565325654256552565625657256582565925660256612566225663256642566525666256672566825669256702567125672256732567425675256762567725678256792568025681256822568325684256852568625687256882568925690256912569225693256942569525696256972569825699257002570125702257032570425705257062570725708257092571025711257122571325714257152571625717257182571925720257212572225723257242572525726257272572825729257302573125732257332573425735257362573725738257392574025741257422574325744257452574625747257482574925750257512575225753257542575525756257572575825759257602576125762257632576425765257662576725768257692577025771257722577325774257752577625777257782577925780257812578225783257842578525786257872578825789257902579125792257932579425795257962579725798257992580025801258022580325804258052580625807258082580925810258112581225813258142581525816258172581825819258202582125822258232582425825258262582725828258292583025831258322583325834258352583625837258382583925840258412584225843258442584525846258472584825849258502585125852258532585425855258562585725858258592586025861258622586325864258652586625867258682586925870258712587225873258742587525876258772587825879258802588125882258832588425885258862588725888258892589025891258922589325894258952589625897258982589925900259012590225903259042590525906259072590825909259102591125912259132591425915259162591725918259192592025921259222592325924259252592625927259282592925930259312593225933259342593525936259372593825939259402594125942259432594425945259462594725948259492595025951259522595325954259552595625957259582595925960259612596225963259642596525966259672596825969259702597125972259732597425975259762597725978259792598025981259822598325984259852598625987259882598925990259912599225993259942599525996259972599825999260002600126002260032600426005260062600726008260092601026011260122601326014260152601626017260182601926020260212602226023260242602526026260272602826029260302603126032260332603426035260362603726038260392604026041260422604326044260452604626047260482604926050260512605226053260542605526056260572605826059260602606126062260632606426065260662606726068260692607026071260722607326074260752607626077260782607926080260812608226083260842608526086260872608826089260902609126092260932609426095260962609726098260992610026101261022610326104261052610626107261082610926110261112611226113261142611526116261172611826119261202612126122261232612426125261262612726128261292613026131261322613326134261352613626137261382613926140261412614226143261442614526146261472614826149261502615126152261532615426155261562615726158261592616026161261622616326164261652616626167261682616926170261712617226173261742617526176261772617826179261802618126182261832618426185261862618726188261892619026191261922619326194261952619626197261982619926200262012620226203262042620526206262072620826209262102621126212262132621426215262162621726218262192622026221262222622326224262252622626227262282622926230262312623226233262342623526236262372623826239262402624126242262432624426245262462624726248262492625026251262522625326254262552625626257262582625926260262612626226263262642626526266262672626826269262702627126272262732627426275262762627726278262792628026281262822628326284262852628626287262882628926290262912629226293262942629526296262972629826299263002630126302263032630426305263062630726308263092631026311263122631326314263152631626317263182631926320263212632226323263242632526326263272632826329263302633126332263332633426335263362633726338263392634026341263422634326344263452634626347263482634926350263512635226353263542635526356263572635826359263602636126362263632636426365263662636726368263692637026371263722637326374263752637626377263782637926380263812638226383263842638526386263872638826389263902639126392263932639426395263962639726398263992640026401264022640326404264052640626407264082640926410264112641226413264142641526416264172641826419264202642126422264232642426425264262642726428264292643026431264322643326434264352643626437264382643926440264412644226443264442644526446264472644826449264502645126452264532645426455264562645726458264592646026461264622646326464264652646626467264682646926470264712647226473264742647526476264772647826479264802648126482264832648426485264862648726488264892649026491264922649326494264952649626497264982649926500265012650226503265042650526506265072650826509265102651126512265132651426515265162651726518265192652026521265222652326524265252652626527265282652926530265312653226533265342653526536265372653826539265402654126542265432654426545265462654726548265492655026551265522655326554265552655626557265582655926560265612656226563265642656526566265672656826569265702657126572265732657426575265762657726578265792658026581265822658326584265852658626587265882658926590265912659226593265942659526596265972659826599266002660126602266032660426605266062660726608266092661026611266122661326614266152661626617266182661926620266212662226623266242662526626266272662826629266302663126632266332663426635266362663726638266392664026641266422664326644266452664626647266482664926650266512665226653266542665526656266572665826659266602666126662266632666426665266662666726668266692667026671266722667326674266752667626677266782667926680266812668226683266842668526686266872668826689266902669126692266932669426695266962669726698266992670026701267022670326704267052670626707267082670926710267112671226713267142671526716267172671826719267202672126722267232672426725267262672726728267292673026731267322673326734267352673626737267382673926740267412674226743267442674526746267472674826749267502675126752267532675426755267562675726758267592676026761267622676326764267652676626767267682676926770267712677226773267742677526776267772677826779267802678126782267832678426785267862678726788267892679026791267922679326794267952679626797267982679926800268012680226803268042680526806268072680826809268102681126812268132681426815268162681726818268192682026821268222682326824268252682626827268282682926830268312683226833268342683526836268372683826839268402684126842268432684426845268462684726848268492685026851268522685326854268552685626857268582685926860268612686226863268642686526866268672686826869268702687126872268732687426875268762687726878268792688026881268822688326884268852688626887268882688926890268912689226893268942689526896268972689826899269002690126902269032690426905269062690726908269092691026911269122691326914269152691626917269182691926920269212692226923269242692526926269272692826929269302693126932269332693426935269362693726938269392694026941269422694326944269452694626947269482694926950269512695226953269542695526956269572695826959269602696126962269632696426965269662696726968269692697026971269722697326974269752697626977269782697926980269812698226983269842698526986269872698826989269902699126992269932699426995269962699726998269992700027001270022700327004270052700627007270082700927010270112701227013270142701527016270172701827019270202702127022270232702427025270262702727028270292703027031270322703327034270352703627037270382703927040270412704227043270442704527046270472704827049270502705127052270532705427055270562705727058270592706027061270622706327064270652706627067270682706927070270712707227073270742707527076270772707827079270802708127082270832708427085270862708727088270892709027091270922709327094270952709627097270982709927100271012710227103271042710527106271072710827109271102711127112271132711427115271162711727118271192712027121271222712327124271252712627127271282712927130271312713227133271342713527136271372713827139271402714127142271432714427145271462714727148271492715027151271522715327154271552715627157271582715927160271612716227163271642716527166271672716827169271702717127172271732717427175271762717727178271792718027181271822718327184271852718627187271882718927190271912719227193271942719527196271972719827199272002720127202272032720427205272062720727208272092721027211272122721327214272152721627217272182721927220272212722227223272242722527226272272722827229272302723127232272332723427235272362723727238272392724027241272422724327244272452724627247272482724927250272512725227253272542725527256272572725827259272602726127262272632726427265272662726727268272692727027271272722727327274272752727627277272782727927280272812728227283272842728527286272872728827289272902729127292272932729427295272962729727298272992730027301273022730327304273052730627307273082730927310273112731227313273142731527316273172731827319273202732127322273232732427325273262732727328273292733027331273322733327334273352733627337273382733927340273412734227343273442734527346273472734827349273502735127352273532735427355273562735727358273592736027361273622736327364273652736627367273682736927370273712737227373273742737527376273772737827379273802738127382273832738427385273862738727388273892739027391273922739327394273952739627397273982739927400274012740227403274042740527406274072740827409274102741127412274132741427415274162741727418274192742027421274222742327424274252742627427274282742927430274312743227433274342743527436274372743827439274402744127442274432744427445274462744727448274492745027451274522745327454274552745627457274582745927460274612746227463274642746527466274672746827469274702747127472274732747427475274762747727478274792748027481274822748327484274852748627487274882748927490274912749227493274942749527496274972749827499275002750127502275032750427505275062750727508275092751027511275122751327514275152751627517275182751927520275212752227523275242752527526275272752827529275302753127532275332753427535275362753727538275392754027541275422754327544275452754627547275482754927550275512755227553275542755527556275572755827559275602756127562275632756427565275662756727568275692757027571275722757327574275752757627577275782757927580275812758227583275842758527586275872758827589275902759127592275932759427595275962759727598275992760027601276022760327604276052760627607276082760927610276112761227613276142761527616276172761827619276202762127622276232762427625276262762727628276292763027631276322763327634276352763627637276382763927640276412764227643276442764527646276472764827649276502765127652276532765427655276562765727658276592766027661276622766327664276652766627667276682766927670276712767227673276742767527676276772767827679276802768127682276832768427685276862768727688276892769027691276922769327694276952769627697276982769927700277012770227703277042770527706277072770827709277102771127712277132771427715277162771727718277192772027721277222772327724277252772627727277282772927730277312773227733277342773527736277372773827739277402774127742277432774427745277462774727748277492775027751277522775327754277552775627757277582775927760277612776227763277642776527766277672776827769277702777127772277732777427775277762777727778277792778027781277822778327784277852778627787277882778927790277912779227793277942779527796277972779827799278002780127802278032780427805278062780727808278092781027811278122781327814278152781627817278182781927820278212782227823278242782527826278272782827829278302783127832278332783427835278362783727838278392784027841278422784327844278452784627847278482784927850278512785227853278542785527856278572785827859278602786127862278632786427865278662786727868278692787027871278722787327874278752787627877278782787927880278812788227883278842788527886278872788827889278902789127892278932789427895278962789727898278992790027901279022790327904279052790627907279082790927910279112791227913279142791527916279172791827919279202792127922279232792427925279262792727928279292793027931279322793327934279352793627937279382793927940279412794227943279442794527946279472794827949279502795127952279532795427955279562795727958279592796027961279622796327964279652796627967279682796927970279712797227973279742797527976279772797827979279802798127982279832798427985279862798727988279892799027991279922799327994279952799627997279982799928000280012800228003280042800528006280072800828009280102801128012280132801428015280162801728018280192802028021280222802328024280252802628027280282802928030280312803228033280342803528036280372803828039280402804128042280432804428045280462804728048280492805028051280522805328054280552805628057280582805928060280612806228063280642806528066280672806828069280702807128072280732807428075280762807728078280792808028081280822808328084280852808628087280882808928090280912809228093280942809528096280972809828099281002810128102281032810428105281062810728108281092811028111281122811328114281152811628117281182811928120281212812228123281242812528126281272812828129281302813128132281332813428135281362813728138281392814028141281422814328144281452814628147281482814928150281512815228153281542815528156281572815828159281602816128162281632816428165281662816728168281692817028171281722817328174281752817628177281782817928180281812818228183281842818528186281872818828189281902819128192281932819428195281962819728198281992820028201282022820328204282052820628207282082820928210282112821228213282142821528216282172821828219282202822128222282232822428225282262822728228282292823028231282322823328234282352823628237282382823928240282412824228243282442824528246282472824828249282502825128252282532825428255282562825728258282592826028261282622826328264282652826628267282682826928270282712827228273282742827528276282772827828279282802828128282282832828428285282862828728288282892829028291282922829328294282952829628297282982829928300283012830228303283042830528306283072830828309283102831128312283132831428315283162831728318283192832028321283222832328324283252832628327283282832928330283312833228333283342833528336283372833828339283402834128342283432834428345283462834728348283492835028351283522835328354283552835628357283582835928360283612836228363283642836528366283672836828369283702837128372283732837428375283762837728378283792838028381283822838328384283852838628387283882838928390283912839228393283942839528396283972839828399284002840128402284032840428405284062840728408284092841028411284122841328414284152841628417284182841928420284212842228423284242842528426284272842828429284302843128432284332843428435284362843728438284392844028441284422844328444284452844628447284482844928450284512845228453284542845528456284572845828459284602846128462284632846428465284662846728468284692847028471284722847328474284752847628477284782847928480284812848228483284842848528486284872848828489284902849128492284932849428495284962849728498284992850028501285022850328504285052850628507285082850928510285112851228513285142851528516285172851828519285202852128522285232852428525285262852728528285292853028531285322853328534285352853628537285382853928540285412854228543285442854528546285472854828549285502855128552285532855428555285562855728558285592856028561285622856328564285652856628567285682856928570285712857228573285742857528576285772857828579285802858128582285832858428585285862858728588285892859028591285922859328594285952859628597285982859928600286012860228603286042860528606286072860828609286102861128612286132861428615286162861728618286192862028621286222862328624286252862628627286282862928630286312863228633286342863528636286372863828639286402864128642286432864428645286462864728648286492865028651286522865328654286552865628657286582865928660286612866228663286642866528666286672866828669286702867128672286732867428675286762867728678286792868028681286822868328684286852868628687286882868928690286912869228693286942869528696286972869828699287002870128702287032870428705287062870728708287092871028711287122871328714287152871628717287182871928720287212872228723287242872528726287272872828729287302873128732287332873428735287362873728738287392874028741287422874328744287452874628747287482874928750287512875228753287542875528756287572875828759287602876128762287632876428765287662876728768287692877028771287722877328774287752877628777287782877928780287812878228783287842878528786287872878828789287902879128792287932879428795287962879728798287992880028801288022880328804288052880628807288082880928810288112881228813288142881528816288172881828819288202882128822288232882428825288262882728828288292883028831288322883328834288352883628837288382883928840288412884228843288442884528846288472884828849288502885128852288532885428855288562885728858288592886028861288622886328864288652886628867288682886928870288712887228873288742887528876288772887828879288802888128882288832888428885288862888728888288892889028891288922889328894288952889628897288982889928900289012890228903289042890528906289072890828909289102891128912289132891428915289162891728918289192892028921289222892328924289252892628927289282892928930289312893228933289342893528936289372893828939289402894128942289432894428945289462894728948289492895028951289522895328954289552895628957289582895928960289612896228963289642896528966289672896828969289702897128972289732897428975289762897728978289792898028981289822898328984289852898628987289882898928990289912899228993289942899528996289972899828999290002900129002290032900429005290062900729008290092901029011290122901329014290152901629017290182901929020290212902229023290242902529026290272902829029290302903129032290332903429035290362903729038290392904029041290422904329044290452904629047290482904929050290512905229053290542905529056290572905829059290602906129062290632906429065290662906729068290692907029071290722907329074290752907629077290782907929080290812908229083290842908529086290872908829089290902909129092290932909429095290962909729098290992910029101291022910329104291052910629107291082910929110291112911229113291142911529116291172911829119291202912129122291232912429125291262912729128291292913029131291322913329134291352913629137291382913929140291412914229143291442914529146291472914829149291502915129152291532915429155291562915729158291592916029161291622916329164291652916629167291682916929170291712917229173291742917529176291772917829179291802918129182291832918429185291862918729188291892919029191291922919329194291952919629197291982919929200292012920229203292042920529206292072920829209292102921129212292132921429215292162921729218292192922029221292222922329224292252922629227292282922929230292312923229233292342923529236292372923829239292402924129242292432924429245292462924729248292492925029251292522925329254292552925629257292582925929260292612926229263292642926529266292672926829269292702927129272292732927429275292762927729278292792928029281292822928329284292852928629287292882928929290292912929229293292942929529296292972929829299293002930129302293032930429305293062930729308293092931029311293122931329314293152931629317293182931929320293212932229323293242932529326293272932829329293302933129332293332933429335293362933729338293392934029341293422934329344293452934629347293482934929350293512935229353293542935529356293572935829359293602936129362293632936429365293662936729368293692937029371293722937329374293752937629377293782937929380293812938229383293842938529386293872938829389293902939129392293932939429395293962939729398293992940029401294022940329404294052940629407294082940929410294112941229413294142941529416294172941829419294202942129422294232942429425294262942729428294292943029431294322943329434294352943629437294382943929440294412944229443294442944529446294472944829449294502945129452294532945429455294562945729458294592946029461294622946329464294652946629467294682946929470294712947229473294742947529476294772947829479294802948129482294832948429485294862948729488294892949029491294922949329494294952949629497294982949929500295012950229503295042950529506295072950829509295102951129512295132951429515295162951729518295192952029521295222952329524295252952629527295282952929530295312953229533295342953529536295372953829539295402954129542295432954429545295462954729548295492955029551295522955329554295552955629557295582955929560295612956229563295642956529566295672956829569295702957129572295732957429575295762957729578295792958029581295822958329584295852958629587295882958929590295912959229593295942959529596295972959829599296002960129602296032960429605296062960729608296092961029611296122961329614296152961629617296182961929620296212962229623296242962529626296272962829629296302963129632296332963429635296362963729638296392964029641296422964329644296452964629647296482964929650296512965229653296542965529656296572965829659296602966129662296632966429665296662966729668296692967029671296722967329674296752967629677296782967929680296812968229683296842968529686296872968829689296902969129692296932969429695296962969729698296992970029701297022970329704297052970629707297082970929710297112971229713297142971529716297172971829719297202972129722297232972429725297262972729728297292973029731297322973329734297352973629737297382973929740297412974229743297442974529746297472974829749297502975129752297532975429755297562975729758297592976029761297622976329764297652976629767297682976929770297712977229773297742977529776297772977829779297802978129782297832978429785297862978729788297892979029791297922979329794297952979629797297982979929800298012980229803298042980529806298072980829809298102981129812298132981429815298162981729818298192982029821298222982329824298252982629827298282982929830298312983229833298342983529836298372983829839298402984129842298432984429845298462984729848298492985029851298522985329854298552985629857298582985929860298612986229863298642986529866298672986829869298702987129872298732987429875298762987729878298792988029881298822988329884298852988629887298882988929890298912989229893298942989529896298972989829899299002990129902299032990429905299062990729908299092991029911299122991329914299152991629917299182991929920299212992229923299242992529926299272992829929299302993129932299332993429935299362993729938299392994029941299422994329944299452994629947299482994929950299512995229953299542995529956299572995829959299602996129962299632996429965299662996729968299692997029971299722997329974299752997629977299782997929980299812998229983299842998529986299872998829989299902999129992299932999429995299962999729998299993000030001300023000330004300053000630007300083000930010300113001230013300143001530016300173001830019300203002130022300233002430025300263002730028300293003030031300323003330034300353003630037300383003930040300413004230043300443004530046300473004830049300503005130052300533005430055300563005730058300593006030061300623006330064300653006630067300683006930070300713007230073300743007530076300773007830079300803008130082300833008430085300863008730088300893009030091300923009330094300953009630097300983009930100301013010230103301043010530106301073010830109301103011130112301133011430115301163011730118301193012030121301223012330124301253012630127301283012930130301313013230133301343013530136301373013830139301403014130142301433014430145301463014730148301493015030151301523015330154301553015630157301583015930160301613016230163301643016530166301673016830169301703017130172301733017430175301763017730178301793018030181301823018330184301853018630187301883018930190301913019230193301943019530196301973019830199302003020130202302033020430205302063020730208302093021030211302123021330214302153021630217302183021930220302213022230223302243022530226302273022830229302303023130232302333023430235302363023730238302393024030241302423024330244302453024630247302483024930250302513025230253302543025530256302573025830259302603026130262302633026430265302663026730268302693027030271302723027330274302753027630277302783027930280302813028230283302843028530286302873028830289302903029130292302933029430295302963029730298302993030030301303023030330304303053030630307303083030930310303113031230313303143031530316303173031830319303203032130322303233032430325303263032730328303293033030331303323033330334303353033630337303383033930340303413034230343303443034530346303473034830349303503035130352303533035430355303563035730358303593036030361303623036330364303653036630367303683036930370303713037230373303743037530376303773037830379303803038130382303833038430385303863038730388303893039030391303923039330394303953039630397303983039930400304013040230403304043040530406304073040830409304103041130412304133041430415304163041730418304193042030421304223042330424304253042630427304283042930430304313043230433304343043530436304373043830439304403044130442304433044430445304463044730448304493045030451304523045330454304553045630457304583045930460304613046230463304643046530466304673046830469304703047130472304733047430475304763047730478304793048030481304823048330484304853048630487304883048930490304913049230493304943049530496304973049830499305003050130502305033050430505305063050730508305093051030511305123051330514305153051630517305183051930520305213052230523305243052530526305273052830529305303053130532305333053430535305363053730538305393054030541305423054330544305453054630547305483054930550305513055230553305543055530556305573055830559305603056130562305633056430565305663056730568305693057030571305723057330574305753057630577305783057930580305813058230583305843058530586305873058830589305903059130592305933059430595305963059730598305993060030601306023060330604306053060630607306083060930610306113061230613306143061530616306173061830619306203062130622306233062430625306263062730628306293063030631306323063330634306353063630637306383063930640306413064230643306443064530646306473064830649306503065130652306533065430655306563065730658306593066030661306623066330664306653066630667306683066930670306713067230673306743067530676306773067830679306803068130682306833068430685306863068730688306893069030691306923069330694306953069630697306983069930700307013070230703307043070530706307073070830709307103071130712307133071430715307163071730718307193072030721307223072330724307253072630727307283072930730307313073230733307343073530736307373073830739307403074130742307433074430745307463074730748307493075030751307523075330754307553075630757307583075930760307613076230763307643076530766307673076830769307703077130772307733077430775307763077730778307793078030781307823078330784307853078630787307883078930790307913079230793307943079530796307973079830799308003080130802308033080430805308063080730808308093081030811308123081330814308153081630817308183081930820308213082230823308243082530826308273082830829308303083130832308333083430835308363083730838308393084030841308423084330844308453084630847308483084930850308513085230853308543085530856308573085830859308603086130862308633086430865308663086730868308693087030871308723087330874308753087630877308783087930880308813088230883308843088530886308873088830889308903089130892308933089430895308963089730898308993090030901309023090330904309053090630907309083090930910309113091230913309143091530916309173091830919309203092130922309233092430925309263092730928309293093030931309323093330934309353093630937309383093930940309413094230943309443094530946309473094830949309503095130952309533095430955309563095730958309593096030961309623096330964309653096630967309683096930970309713097230973309743097530976309773097830979309803098130982309833098430985309863098730988309893099030991309923099330994309953099630997309983099931000310013100231003310043100531006310073100831009310103101131012310133101431015310163101731018310193102031021310223102331024310253102631027310283102931030310313103231033310343103531036310373103831039310403104131042310433104431045310463104731048310493105031051310523105331054310553105631057310583105931060310613106231063310643106531066310673106831069310703107131072310733107431075310763107731078310793108031081310823108331084310853108631087310883108931090310913109231093310943109531096310973109831099311003110131102311033110431105311063110731108311093111031111311123111331114311153111631117311183111931120311213112231123311243112531126311273112831129311303113131132311333113431135311363113731138311393114031141311423114331144311453114631147311483114931150311513115231153311543115531156311573115831159311603116131162311633116431165311663116731168311693117031171311723117331174311753117631177311783117931180311813118231183311843118531186311873118831189311903119131192311933119431195311963119731198311993120031201312023120331204312053120631207312083120931210312113121231213312143121531216312173121831219312203122131222312233122431225312263122731228312293123031231312323123331234312353123631237312383123931240312413124231243312443124531246312473124831249312503125131252312533125431255312563125731258312593126031261312623126331264312653126631267312683126931270312713127231273312743127531276312773127831279312803128131282312833128431285312863128731288312893129031291312923129331294312953129631297312983129931300313013130231303313043130531306313073130831309313103131131312313133131431315313163131731318313193132031321313223132331324313253132631327313283132931330313313133231333313343133531336313373133831339313403134131342313433134431345313463134731348313493135031351313523135331354313553135631357313583135931360313613136231363313643136531366313673136831369313703137131372313733137431375313763137731378313793138031381313823138331384313853138631387313883138931390313913139231393313943139531396313973139831399314003140131402314033140431405314063140731408314093141031411314123141331414314153141631417314183141931420314213142231423314243142531426314273142831429314303143131432314333143431435314363143731438314393144031441314423144331444314453144631447314483144931450314513145231453314543145531456314573145831459314603146131462314633146431465314663146731468314693147031471314723147331474314753147631477314783147931480314813148231483314843148531486314873148831489314903149131492314933149431495314963149731498314993150031501315023150331504315053150631507315083150931510315113151231513315143151531516315173151831519315203152131522315233152431525315263152731528315293153031531315323153331534315353153631537315383153931540315413154231543315443154531546315473154831549315503155131552315533155431555315563155731558315593156031561315623156331564315653156631567315683156931570315713157231573315743157531576315773157831579315803158131582315833158431585315863158731588315893159031591315923159331594315953159631597315983159931600316013160231603316043160531606316073160831609316103161131612316133161431615316163161731618316193162031621316223162331624316253162631627316283162931630316313163231633316343163531636316373163831639316403164131642316433164431645316463164731648316493165031651316523165331654316553165631657316583165931660316613166231663316643166531666316673166831669316703167131672316733167431675316763167731678316793168031681316823168331684316853168631687316883168931690316913169231693316943169531696316973169831699317003170131702317033170431705317063170731708317093171031711317123171331714317153171631717317183171931720317213172231723317243172531726317273172831729317303173131732317333173431735317363173731738317393174031741317423174331744317453174631747317483174931750317513175231753317543175531756317573175831759317603176131762317633176431765317663176731768317693177031771317723177331774317753177631777317783177931780317813178231783317843178531786317873178831789317903179131792317933179431795317963179731798317993180031801318023180331804318053180631807318083180931810318113181231813318143181531816318173181831819318203182131822318233182431825318263182731828318293183031831318323183331834318353183631837318383183931840318413184231843318443184531846318473184831849318503185131852318533185431855318563185731858318593186031861318623186331864318653186631867318683186931870318713187231873318743187531876318773187831879318803188131882318833188431885318863188731888318893189031891318923189331894318953189631897318983189931900319013190231903319043190531906319073190831909319103191131912319133191431915319163191731918319193192031921319223192331924319253192631927319283192931930319313193231933319343193531936319373193831939319403194131942319433194431945319463194731948319493195031951319523195331954319553195631957319583195931960319613196231963319643196531966319673196831969319703197131972319733197431975319763197731978319793198031981319823198331984319853198631987319883198931990319913199231993319943199531996319973199831999320003200132002320033200432005320063200732008320093201032011320123201332014320153201632017320183201932020320213202232023320243202532026320273202832029320303203132032320333203432035320363203732038320393204032041320423204332044320453204632047320483204932050320513205232053320543205532056320573205832059320603206132062320633206432065320663206732068320693207032071320723207332074320753207632077320783207932080320813208232083320843208532086320873208832089320903209132092320933209432095320963209732098320993210032101321023210332104321053210632107321083210932110321113211232113321143211532116321173211832119321203212132122321233212432125321263212732128321293213032131321323213332134321353213632137321383213932140321413214232143321443214532146321473214832149321503215132152321533215432155321563215732158321593216032161321623216332164321653216632167321683216932170321713217232173321743217532176321773217832179321803218132182321833218432185321863218732188321893219032191321923219332194321953219632197321983219932200322013220232203322043220532206322073220832209322103221132212322133221432215322163221732218322193222032221322223222332224322253222632227322283222932230322313223232233322343223532236322373223832239322403224132242322433224432245322463224732248322493225032251322523225332254322553225632257322583225932260322613226232263322643226532266322673226832269322703227132272322733227432275322763227732278322793228032281322823228332284322853228632287322883228932290322913229232293322943229532296322973229832299323003230132302323033230432305323063230732308323093231032311323123231332314323153231632317323183231932320323213232232323323243232532326323273232832329323303233132332323333233432335323363233732338323393234032341323423234332344323453234632347323483234932350323513235232353323543235532356323573235832359323603236132362323633236432365323663236732368323693237032371323723237332374323753237632377323783237932380323813238232383323843238532386323873238832389323903239132392323933239432395323963239732398323993240032401324023240332404324053240632407324083240932410324113241232413324143241532416324173241832419324203242132422324233242432425324263242732428324293243032431324323243332434324353243632437324383243932440324413244232443324443244532446324473244832449324503245132452324533245432455324563245732458324593246032461324623246332464324653246632467324683246932470324713247232473324743247532476324773247832479324803248132482324833248432485324863248732488324893249032491324923249332494324953249632497324983249932500325013250232503325043250532506325073250832509325103251132512325133251432515325163251732518325193252032521325223252332524325253252632527325283252932530325313253232533325343253532536325373253832539325403254132542325433254432545325463254732548325493255032551325523255332554325553255632557325583255932560325613256232563325643256532566325673256832569325703257132572325733257432575325763257732578325793258032581325823258332584325853258632587325883258932590325913259232593325943259532596325973259832599326003260132602326033260432605326063260732608326093261032611326123261332614326153261632617326183261932620326213262232623326243262532626326273262832629326303263132632326333263432635326363263732638326393264032641326423264332644326453264632647326483264932650326513265232653326543265532656326573265832659326603266132662326633266432665326663266732668326693267032671326723267332674326753267632677326783267932680326813268232683326843268532686326873268832689326903269132692326933269432695326963269732698326993270032701327023270332704327053270632707327083270932710327113271232713327143271532716327173271832719327203272132722327233272432725327263272732728327293273032731327323273332734327353273632737327383273932740327413274232743327443274532746327473274832749327503275132752327533275432755327563275732758327593276032761327623276332764327653276632767327683276932770327713277232773327743277532776327773277832779327803278132782327833278432785327863278732788327893279032791327923279332794327953279632797327983279932800328013280232803328043280532806328073280832809328103281132812328133281432815328163281732818328193282032821328223282332824328253282632827328283282932830328313283232833328343283532836328373283832839328403284132842328433284432845328463284732848328493285032851328523285332854328553285632857328583285932860328613286232863328643286532866328673286832869328703287132872328733287432875328763287732878328793288032881328823288332884328853288632887328883288932890328913289232893328943289532896328973289832899329003290132902329033290432905329063290732908329093291032911329123291332914329153291632917329183291932920329213292232923329243292532926329273292832929329303293132932329333293432935329363293732938329393294032941329423294332944329453294632947329483294932950329513295232953329543295532956329573295832959329603296132962329633296432965329663296732968329693297032971329723297332974329753297632977329783297932980329813298232983329843298532986329873298832989329903299132992329933299432995329963299732998329993300033001330023300333004330053300633007330083300933010330113301233013330143301533016330173301833019330203302133022330233302433025330263302733028330293303033031330323303333034330353303633037330383303933040330413304233043330443304533046330473304833049330503305133052330533305433055330563305733058330593306033061330623306333064330653306633067330683306933070330713307233073330743307533076330773307833079330803308133082330833308433085330863308733088330893309033091330923309333094330953309633097330983309933100331013310233103331043310533106331073310833109331103311133112331133311433115331163311733118331193312033121331223312333124331253312633127331283312933130331313313233133331343313533136331373313833139331403314133142331433314433145331463314733148331493315033151331523315333154331553315633157331583315933160331613316233163331643316533166331673316833169331703317133172331733317433175331763317733178331793318033181331823318333184331853318633187331883318933190331913319233193331943319533196331973319833199332003320133202332033320433205332063320733208332093321033211332123321333214332153321633217332183321933220332213322233223332243322533226332273322833229332303323133232332333323433235332363323733238332393324033241332423324333244332453324633247332483324933250332513325233253332543325533256332573325833259332603326133262332633326433265332663326733268332693327033271332723327333274332753327633277332783327933280332813328233283332843328533286332873328833289332903329133292332933329433295332963329733298332993330033301333023330333304333053330633307333083330933310333113331233313333143331533316333173331833319333203332133322333233332433325333263332733328333293333033331333323333333334333353333633337333383333933340333413334233343333443334533346333473334833349333503335133352333533335433355333563335733358333593336033361333623336333364333653336633367333683336933370333713337233373333743337533376333773337833379333803338133382333833338433385333863338733388333893339033391333923339333394333953339633397333983339933400334013340233403334043340533406334073340833409334103341133412334133341433415334163341733418334193342033421334223342333424334253342633427334283342933430334313343233433334343343533436334373343833439334403344133442334433344433445334463344733448334493345033451334523345333454334553345633457334583345933460334613346233463334643346533466334673346833469334703347133472334733347433475334763347733478334793348033481334823348333484334853348633487334883348933490334913349233493334943349533496334973349833499335003350133502335033350433505335063350733508335093351033511335123351333514335153351633517335183351933520335213352233523335243352533526335273352833529335303353133532335333353433535335363353733538335393354033541335423354333544335453354633547335483354933550335513355233553335543355533556335573355833559335603356133562335633356433565335663356733568335693357033571335723357333574335753357633577335783357933580335813358233583335843358533586335873358833589335903359133592335933359433595335963359733598335993360033601336023360333604336053360633607336083360933610336113361233613336143361533616336173361833619336203362133622336233362433625336263362733628336293363033631336323363333634336353363633637336383363933640336413364233643336443364533646336473364833649336503365133652336533365433655336563365733658336593366033661336623366333664336653366633667336683366933670336713367233673336743367533676336773367833679336803368133682336833368433685336863368733688336893369033691336923369333694336953369633697336983369933700337013370233703337043370533706337073370833709337103371133712337133371433715337163371733718337193372033721337223372333724337253372633727337283372933730337313373233733337343373533736337373373833739337403374133742337433374433745337463374733748337493375033751337523375333754337553375633757337583375933760337613376233763337643376533766337673376833769337703377133772337733377433775337763377733778337793378033781337823378333784337853378633787337883378933790337913379233793337943379533796337973379833799338003380133802338033380433805338063380733808338093381033811338123381333814338153381633817338183381933820338213382233823338243382533826338273382833829338303383133832338333383433835338363383733838338393384033841338423384333844338453384633847338483384933850338513385233853338543385533856338573385833859338603386133862338633386433865338663386733868338693387033871338723387333874338753387633877338783387933880338813388233883338843388533886338873388833889338903389133892338933389433895338963389733898338993390033901339023390333904339053390633907339083390933910339113391233913339143391533916339173391833919339203392133922339233392433925339263392733928339293393033931339323393333934339353393633937339383393933940339413394233943339443394533946339473394833949339503395133952339533395433955339563395733958339593396033961339623396333964339653396633967339683396933970339713397233973339743397533976339773397833979339803398133982339833398433985339863398733988339893399033991339923399333994339953399633997339983399934000340013400234003340043400534006340073400834009340103401134012340133401434015340163401734018340193402034021340223402334024340253402634027340283402934030340313403234033340343403534036340373403834039340403404134042340433404434045340463404734048340493405034051340523405334054340553405634057340583405934060340613406234063340643406534066340673406834069340703407134072340733407434075340763407734078340793408034081340823408334084340853408634087340883408934090340913409234093340943409534096340973409834099341003410134102341033410434105341063410734108341093411034111341123411334114341153411634117341183411934120341213412234123341243412534126341273412834129341303413134132341333413434135341363413734138341393414034141341423414334144341453414634147341483414934150341513415234153341543415534156341573415834159341603416134162341633416434165341663416734168341693417034171341723417334174341753417634177341783417934180341813418234183341843418534186341873418834189341903419134192341933419434195341963419734198341993420034201342023420334204342053420634207342083420934210342113421234213342143421534216342173421834219342203422134222342233422434225342263422734228342293423034231342323423334234342353423634237342383423934240342413424234243342443424534246342473424834249342503425134252342533425434255342563425734258342593426034261342623426334264342653426634267342683426934270342713427234273342743427534276342773427834279342803428134282342833428434285342863428734288342893429034291342923429334294342953429634297342983429934300343013430234303343043430534306343073430834309343103431134312343133431434315343163431734318343193432034321343223432334324343253432634327343283432934330343313433234333343343433534336343373433834339343403434134342343433434434345343463434734348343493435034351343523435334354343553435634357343583435934360343613436234363343643436534366343673436834369343703437134372343733437434375343763437734378343793438034381343823438334384343853438634387343883438934390343913439234393343943439534396343973439834399344003440134402344033440434405344063440734408344093441034411344123441334414344153441634417344183441934420344213442234423344243442534426344273442834429344303443134432344333443434435344363443734438344393444034441344423444334444344453444634447344483444934450344513445234453344543445534456344573445834459344603446134462344633446434465344663446734468344693447034471344723447334474344753447634477344783447934480344813448234483344843448534486344873448834489344903449134492344933449434495344963449734498344993450034501345023450334504345053450634507345083450934510345113451234513345143451534516345173451834519345203452134522345233452434525345263452734528345293453034531345323453334534345353453634537345383453934540345413454234543345443454534546345473454834549345503455134552345533455434555345563455734558345593456034561345623456334564345653456634567345683456934570345713457234573345743457534576345773457834579345803458134582345833458434585345863458734588345893459034591345923459334594345953459634597345983459934600346013460234603346043460534606346073460834609346103461134612346133461434615346163461734618346193462034621346223462334624346253462634627346283462934630346313463234633346343463534636346373463834639346403464134642346433464434645346463464734648346493465034651346523465334654346553465634657346583465934660346613466234663346643466534666346673466834669346703467134672346733467434675346763467734678346793468034681346823468334684346853468634687346883468934690346913469234693346943469534696346973469834699347003470134702347033470434705347063470734708347093471034711347123471334714347153471634717347183471934720347213472234723347243472534726347273472834729347303473134732347333473434735347363473734738347393474034741347423474334744347453474634747347483474934750347513475234753347543475534756347573475834759347603476134762347633476434765347663476734768347693477034771347723477334774347753477634777347783477934780347813478234783347843478534786347873478834789347903479134792347933479434795347963479734798347993480034801348023480334804348053480634807348083480934810348113481234813348143481534816348173481834819348203482134822348233482434825348263482734828348293483034831348323483334834348353483634837348383483934840348413484234843348443484534846348473484834849348503485134852348533485434855348563485734858348593486034861348623486334864348653486634867348683486934870348713487234873348743487534876348773487834879348803488134882348833488434885348863488734888348893489034891348923489334894348953489634897348983489934900349013490234903349043490534906349073490834909349103491134912349133491434915349163491734918349193492034921349223492334924349253492634927349283492934930349313493234933349343493534936349373493834939349403494134942349433494434945349463494734948349493495034951349523495334954349553495634957349583495934960349613496234963349643496534966349673496834969349703497134972349733497434975349763497734978349793498034981349823498334984349853498634987349883498934990349913499234993349943499534996349973499834999350003500135002350033500435005350063500735008350093501035011350123501335014350153501635017350183501935020350213502235023350243502535026350273502835029350303503135032350333503435035350363503735038350393504035041350423504335044350453504635047350483504935050350513505235053350543505535056350573505835059350603506135062350633506435065350663506735068350693507035071350723507335074350753507635077350783507935080350813508235083350843508535086350873508835089350903509135092350933509435095350963509735098350993510035101351023510335104351053510635107351083510935110351113511235113351143511535116351173511835119351203512135122351233512435125351263512735128351293513035131351323513335134351353513635137351383513935140351413514235143351443514535146351473514835149351503515135152351533515435155351563515735158351593516035161351623516335164351653516635167351683516935170351713517235173351743517535176351773517835179351803518135182351833518435185351863518735188351893519035191351923519335194351953519635197351983519935200352013520235203352043520535206352073520835209352103521135212352133521435215352163521735218352193522035221352223522335224352253522635227352283522935230352313523235233352343523535236352373523835239352403524135242352433524435245352463524735248352493525035251352523525335254352553525635257352583525935260352613526235263352643526535266352673526835269352703527135272352733527435275352763527735278352793528035281352823528335284352853528635287352883528935290352913529235293352943529535296352973529835299353003530135302353033530435305353063530735308353093531035311353123531335314353153531635317353183531935320353213532235323353243532535326353273532835329353303533135332353333533435335353363533735338353393534035341353423534335344353453534635347353483534935350353513535235353353543535535356353573535835359353603536135362353633536435365353663536735368353693537035371353723537335374353753537635377353783537935380353813538235383353843538535386353873538835389353903539135392353933539435395353963539735398353993540035401354023540335404354053540635407354083540935410354113541235413354143541535416354173541835419354203542135422354233542435425354263542735428354293543035431354323543335434354353543635437354383543935440354413544235443354443544535446354473544835449354503545135452354533545435455354563545735458354593546035461354623546335464354653546635467354683546935470354713547235473354743547535476354773547835479354803548135482354833548435485354863548735488354893549035491354923549335494354953549635497354983549935500355013550235503355043550535506355073550835509355103551135512355133551435515355163551735518355193552035521355223552335524355253552635527355283552935530355313553235533355343553535536355373553835539355403554135542355433554435545355463554735548355493555035551355523555335554355553555635557355583555935560355613556235563355643556535566355673556835569355703557135572355733557435575355763557735578355793558035581355823558335584355853558635587355883558935590355913559235593355943559535596355973559835599356003560135602356033560435605356063560735608356093561035611356123561335614356153561635617356183561935620356213562235623356243562535626356273562835629356303563135632356333563435635356363563735638356393564035641356423564335644356453564635647356483564935650356513565235653356543565535656356573565835659356603566135662356633566435665356663566735668356693567035671356723567335674356753567635677356783567935680356813568235683356843568535686356873568835689356903569135692356933569435695356963569735698356993570035701357023570335704357053570635707357083570935710357113571235713357143571535716357173571835719357203572135722357233572435725357263572735728357293573035731357323573335734357353573635737357383573935740357413574235743357443574535746357473574835749357503575135752357533575435755357563575735758357593576035761357623576335764357653576635767357683576935770357713577235773357743577535776357773577835779357803578135782357833578435785357863578735788357893579035791357923579335794357953579635797357983579935800358013580235803358043580535806358073580835809358103581135812358133581435815358163581735818358193582035821358223582335824358253582635827358283582935830358313583235833358343583535836358373583835839358403584135842358433584435845358463584735848358493585035851358523585335854358553585635857358583585935860358613586235863358643586535866358673586835869358703587135872358733587435875358763587735878358793588035881358823588335884358853588635887358883588935890358913589235893358943589535896358973589835899359003590135902359033590435905359063590735908359093591035911359123591335914359153591635917359183591935920359213592235923359243592535926359273592835929359303593135932359333593435935359363593735938359393594035941359423594335944359453594635947359483594935950359513595235953359543595535956359573595835959359603596135962359633596435965359663596735968359693597035971359723597335974359753597635977359783597935980359813598235983359843598535986359873598835989359903599135992359933599435995359963599735998359993600036001360023600336004360053600636007360083600936010360113601236013360143601536016360173601836019360203602136022360233602436025360263602736028360293603036031360323603336034360353603636037360383603936040360413604236043360443604536046360473604836049360503605136052360533605436055360563605736058360593606036061360623606336064360653606636067360683606936070360713607236073360743607536076360773607836079360803608136082360833608436085360863608736088360893609036091360923609336094360953609636097360983609936100361013610236103361043610536106361073610836109361103611136112361133611436115361163611736118361193612036121361223612336124361253612636127361283612936130361313613236133361343613536136361373613836139361403614136142361433614436145361463614736148361493615036151361523615336154361553615636157361583615936160361613616236163361643616536166361673616836169361703617136172361733617436175361763617736178361793618036181361823618336184361853618636187361883618936190361913619236193361943619536196361973619836199362003620136202362033620436205362063620736208362093621036211362123621336214362153621636217362183621936220362213622236223362243622536226362273622836229362303623136232362333623436235362363623736238362393624036241362423624336244362453624636247362483624936250362513625236253362543625536256362573625836259362603626136262362633626436265362663626736268362693627036271362723627336274362753627636277362783627936280362813628236283362843628536286362873628836289362903629136292362933629436295362963629736298362993630036301363023630336304363053630636307363083630936310363113631236313363143631536316363173631836319363203632136322363233632436325363263632736328363293633036331363323633336334363353633636337363383633936340363413634236343363443634536346363473634836349363503635136352363533635436355363563635736358363593636036361363623636336364363653636636367363683636936370363713637236373363743637536376363773637836379363803638136382363833638436385363863638736388363893639036391363923639336394363953639636397363983639936400364013640236403364043640536406364073640836409364103641136412364133641436415364163641736418364193642036421364223642336424364253642636427364283642936430364313643236433364343643536436364373643836439364403644136442364433644436445364463644736448364493645036451364523645336454364553645636457364583645936460364613646236463364643646536466364673646836469364703647136472364733647436475364763647736478364793648036481364823648336484364853648636487364883648936490364913649236493364943649536496364973649836499365003650136502365033650436505365063650736508365093651036511365123651336514365153651636517365183651936520365213652236523365243652536526365273652836529365303653136532365333653436535365363653736538365393654036541365423654336544365453654636547365483654936550365513655236553365543655536556365573655836559365603656136562365633656436565365663656736568365693657036571365723657336574365753657636577365783657936580365813658236583365843658536586365873658836589365903659136592365933659436595365963659736598365993660036601366023660336604366053660636607366083660936610366113661236613366143661536616366173661836619366203662136622366233662436625366263662736628366293663036631366323663336634366353663636637366383663936640366413664236643366443664536646366473664836649366503665136652366533665436655366563665736658366593666036661366623666336664366653666636667366683666936670366713667236673366743667536676366773667836679366803668136682366833668436685366863668736688366893669036691366923669336694366953669636697366983669936700367013670236703367043670536706367073670836709367103671136712367133671436715367163671736718367193672036721367223672336724367253672636727367283672936730367313673236733367343673536736367373673836739367403674136742367433674436745367463674736748367493675036751367523675336754367553675636757367583675936760367613676236763367643676536766367673676836769367703677136772367733677436775367763677736778367793678036781367823678336784367853678636787367883678936790367913679236793367943679536796367973679836799368003680136802368033680436805368063680736808368093681036811368123681336814368153681636817368183681936820368213682236823368243682536826368273682836829368303683136832368333683436835368363683736838368393684036841368423684336844368453684636847368483684936850368513685236853368543685536856368573685836859368603686136862368633686436865368663686736868368693687036871368723687336874368753687636877368783687936880368813688236883368843688536886368873688836889368903689136892368933689436895368963689736898368993690036901369023690336904369053690636907369083690936910369113691236913369143691536916369173691836919369203692136922369233692436925369263692736928369293693036931369323693336934369353693636937369383693936940369413694236943369443694536946369473694836949369503695136952369533695436955369563695736958369593696036961369623696336964369653696636967369683696936970369713697236973369743697536976369773697836979369803698136982369833698436985369863698736988369893699036991369923699336994369953699636997369983699937000370013700237003370043700537006370073700837009370103701137012370133701437015370163701737018370193702037021370223702337024370253702637027370283702937030370313703237033370343703537036370373703837039370403704137042370433704437045370463704737048370493705037051370523705337054370553705637057370583705937060370613706237063370643706537066370673706837069370703707137072370733707437075370763707737078370793708037081370823708337084370853708637087370883708937090370913709237093370943709537096370973709837099371003710137102371033710437105371063710737108371093711037111371123711337114371153711637117371183711937120371213712237123371243712537126371273712837129371303713137132371333713437135371363713737138371393714037141371423714337144371453714637147371483714937150371513715237153371543715537156371573715837159371603716137162371633716437165371663716737168371693717037171371723717337174371753717637177371783717937180371813718237183371843718537186371873718837189371903719137192371933719437195371963719737198371993720037201372023720337204372053720637207372083720937210372113721237213372143721537216372173721837219372203722137222372233722437225372263722737228372293723037231372323723337234372353723637237372383723937240372413724237243372443724537246372473724837249372503725137252372533725437255372563725737258372593726037261372623726337264372653726637267372683726937270372713727237273372743727537276372773727837279372803728137282372833728437285372863728737288372893729037291372923729337294372953729637297372983729937300373013730237303373043730537306373073730837309373103731137312373133731437315373163731737318373193732037321373223732337324373253732637327373283732937330373313733237333373343733537336373373733837339373403734137342373433734437345373463734737348373493735037351373523735337354373553735637357373583735937360373613736237363373643736537366373673736837369373703737137372373733737437375373763737737378373793738037381373823738337384373853738637387373883738937390373913739237393373943739537396373973739837399374003740137402374033740437405374063740737408374093741037411374123741337414374153741637417374183741937420374213742237423374243742537426374273742837429374303743137432374333743437435374363743737438374393744037441374423744337444374453744637447374483744937450374513745237453374543745537456374573745837459374603746137462374633746437465374663746737468374693747037471374723747337474374753747637477374783747937480374813748237483374843748537486374873748837489374903749137492374933749437495374963749737498374993750037501375023750337504375053750637507375083750937510375113751237513375143751537516375173751837519375203752137522375233752437525375263752737528375293753037531375323753337534375353753637537375383753937540375413754237543375443754537546375473754837549375503755137552375533755437555375563755737558375593756037561375623756337564375653756637567375683756937570375713757237573375743757537576375773757837579375803758137582375833758437585375863758737588375893759037591375923759337594375953759637597375983759937600376013760237603376043760537606376073760837609376103761137612376133761437615376163761737618376193762037621376223762337624376253762637627376283762937630376313763237633376343763537636376373763837639376403764137642376433764437645376463764737648376493765037651376523765337654376553765637657376583765937660376613766237663376643766537666376673766837669376703767137672376733767437675376763767737678376793768037681376823768337684376853768637687376883768937690376913769237693376943769537696376973769837699377003770137702377033770437705377063770737708377093771037711377123771337714377153771637717377183771937720377213772237723377243772537726377273772837729377303773137732377333773437735377363773737738377393774037741377423774337744377453774637747377483774937750377513775237753377543775537756377573775837759377603776137762377633776437765377663776737768377693777037771377723777337774377753777637777377783777937780377813778237783377843778537786377873778837789377903779137792377933779437795377963779737798377993780037801378023780337804378053780637807378083780937810378113781237813378143781537816378173781837819378203782137822378233782437825378263782737828378293783037831378323783337834378353783637837378383783937840378413784237843378443784537846378473784837849378503785137852378533785437855378563785737858378593786037861378623786337864378653786637867378683786937870378713787237873378743787537876378773787837879378803788137882378833788437885378863788737888378893789037891378923789337894378953789637897378983789937900379013790237903379043790537906379073790837909379103791137912379133791437915379163791737918379193792037921379223792337924379253792637927379283792937930379313793237933379343793537936379373793837939379403794137942379433794437945379463794737948379493795037951379523795337954379553795637957379583795937960379613796237963379643796537966379673796837969379703797137972379733797437975379763797737978379793798037981379823798337984379853798637987379883798937990379913799237993379943799537996379973799837999380003800138002380033800438005380063800738008380093801038011380123801338014380153801638017380183801938020380213802238023380243802538026380273802838029380303803138032380333803438035380363803738038380393804038041380423804338044380453804638047380483804938050380513805238053380543805538056380573805838059380603806138062380633806438065380663806738068380693807038071380723807338074380753807638077380783807938080380813808238083380843808538086380873808838089380903809138092380933809438095380963809738098380993810038101381023810338104381053810638107381083810938110381113811238113381143811538116381173811838119381203812138122381233812438125381263812738128381293813038131381323813338134381353813638137381383813938140381413814238143381443814538146381473814838149381503815138152381533815438155381563815738158381593816038161381623816338164381653816638167381683816938170381713817238173381743817538176381773817838179381803818138182381833818438185381863818738188381893819038191381923819338194381953819638197381983819938200382013820238203382043820538206382073820838209382103821138212382133821438215382163821738218382193822038221382223822338224382253822638227382283822938230382313823238233382343823538236382373823838239382403824138242382433824438245382463824738248382493825038251382523825338254382553825638257382583825938260382613826238263382643826538266382673826838269382703827138272382733827438275382763827738278382793828038281382823828338284382853828638287382883828938290382913829238293382943829538296382973829838299383003830138302383033830438305383063830738308383093831038311383123831338314383153831638317383183831938320383213832238323383243832538326383273832838329383303833138332383333833438335383363833738338383393834038341383423834338344383453834638347383483834938350383513835238353383543835538356383573835838359383603836138362383633836438365383663836738368383693837038371383723837338374383753837638377383783837938380383813838238383383843838538386383873838838389383903839138392383933839438395383963839738398383993840038401384023840338404384053840638407384083840938410384113841238413384143841538416384173841838419384203842138422384233842438425384263842738428384293843038431384323843338434384353843638437384383843938440384413844238443384443844538446384473844838449384503845138452384533845438455384563845738458384593846038461384623846338464384653846638467384683846938470384713847238473384743847538476384773847838479384803848138482384833848438485384863848738488384893849038491384923849338494384953849638497384983849938500385013850238503385043850538506385073850838509385103851138512385133851438515385163851738518385193852038521385223852338524385253852638527385283852938530385313853238533385343853538536385373853838539385403854138542385433854438545385463854738548385493855038551385523855338554385553855638557385583855938560385613856238563385643856538566385673856838569385703857138572385733857438575385763857738578385793858038581385823858338584385853858638587385883858938590385913859238593385943859538596385973859838599386003860138602386033860438605386063860738608386093861038611386123861338614386153861638617386183861938620386213862238623386243862538626386273862838629386303863138632386333863438635386363863738638386393864038641386423864338644386453864638647386483864938650386513865238653386543865538656386573865838659386603866138662386633866438665386663866738668386693867038671386723867338674386753867638677386783867938680386813868238683386843868538686386873868838689386903869138692386933869438695386963869738698386993870038701387023870338704387053870638707387083870938710387113871238713387143871538716387173871838719387203872138722387233872438725387263872738728387293873038731387323873338734387353873638737387383873938740387413874238743387443874538746387473874838749387503875138752387533875438755387563875738758387593876038761387623876338764387653876638767387683876938770387713877238773387743877538776387773877838779387803878138782387833878438785387863878738788387893879038791387923879338794387953879638797387983879938800388013880238803388043880538806388073880838809388103881138812388133881438815388163881738818388193882038821388223882338824388253882638827388283882938830388313883238833388343883538836388373883838839388403884138842388433884438845388463884738848388493885038851388523885338854388553885638857388583885938860388613886238863388643886538866388673886838869388703887138872388733887438875388763887738878388793888038881388823888338884388853888638887388883888938890388913889238893388943889538896388973889838899389003890138902389033890438905389063890738908389093891038911389123891338914389153891638917389183891938920389213892238923389243892538926389273892838929389303893138932389333893438935389363893738938389393894038941389423894338944389453894638947389483894938950389513895238953389543895538956389573895838959389603896138962389633896438965389663896738968389693897038971389723897338974389753897638977389783897938980389813898238983389843898538986389873898838989389903899138992389933899438995389963899738998389993900039001390023900339004390053900639007390083900939010390113901239013390143901539016390173901839019390203902139022390233902439025390263902739028390293903039031390323903339034390353903639037390383903939040390413904239043390443904539046390473904839049390503905139052390533905439055390563905739058390593906039061390623906339064390653906639067390683906939070390713907239073390743907539076390773907839079390803908139082390833908439085390863908739088390893909039091390923909339094390953909639097390983909939100391013910239103391043910539106391073910839109391103911139112391133911439115391163911739118391193912039121391223912339124391253912639127391283912939130391313913239133391343913539136391373913839139391403914139142391433914439145391463914739148391493915039151391523915339154391553915639157391583915939160391613916239163391643916539166391673916839169391703917139172391733917439175391763917739178391793918039181391823918339184391853918639187391883918939190391913919239193391943919539196391973919839199392003920139202392033920439205392063920739208392093921039211392123921339214392153921639217392183921939220392213922239223392243922539226392273922839229392303923139232392333923439235392363923739238392393924039241392423924339244392453924639247392483924939250392513925239253392543925539256392573925839259392603926139262392633926439265392663926739268392693927039271392723927339274392753927639277392783927939280392813928239283392843928539286392873928839289392903929139292392933929439295392963929739298392993930039301393023930339304393053930639307393083930939310393113931239313393143931539316393173931839319393203932139322393233932439325393263932739328393293933039331393323933339334393353933639337393383933939340393413934239343393443934539346393473934839349393503935139352393533935439355393563935739358393593936039361393623936339364393653936639367393683936939370393713937239373393743937539376393773937839379393803938139382393833938439385393863938739388393893939039391393923939339394393953939639397393983939939400394013940239403394043940539406394073940839409394103941139412394133941439415394163941739418394193942039421394223942339424394253942639427394283942939430394313943239433394343943539436394373943839439394403944139442394433944439445394463944739448394493945039451394523945339454394553945639457394583945939460394613946239463394643946539466394673946839469394703947139472394733947439475394763947739478394793948039481394823948339484394853948639487394883948939490394913949239493394943949539496394973949839499395003950139502395033950439505395063950739508395093951039511395123951339514395153951639517395183951939520395213952239523395243952539526395273952839529395303953139532395333953439535395363953739538395393954039541395423954339544395453954639547395483954939550395513955239553395543955539556395573955839559395603956139562395633956439565395663956739568395693957039571395723957339574395753957639577395783957939580395813958239583395843958539586395873958839589395903959139592395933959439595395963959739598395993960039601396023960339604396053960639607396083960939610396113961239613396143961539616396173961839619396203962139622396233962439625396263962739628396293963039631396323963339634396353963639637396383963939640396413964239643396443964539646396473964839649396503965139652396533965439655396563965739658396593966039661396623966339664396653966639667396683966939670396713967239673396743967539676396773967839679396803968139682396833968439685396863968739688396893969039691396923969339694396953969639697396983969939700397013970239703397043970539706397073970839709397103971139712397133971439715397163971739718397193972039721397223972339724397253972639727397283972939730397313973239733397343973539736397373973839739397403974139742397433974439745397463974739748397493975039751397523975339754397553975639757397583975939760397613976239763397643976539766397673976839769397703977139772397733977439775397763977739778397793978039781397823978339784397853978639787397883978939790397913979239793397943979539796397973979839799398003980139802398033980439805398063980739808398093981039811398123981339814398153981639817398183981939820398213982239823398243982539826398273982839829398303983139832398333983439835398363983739838398393984039841398423984339844398453984639847398483984939850398513985239853398543985539856398573985839859398603986139862398633986439865398663986739868398693987039871398723987339874398753987639877398783987939880398813988239883398843988539886398873988839889398903989139892398933989439895398963989739898398993990039901399023990339904399053990639907399083990939910399113991239913399143991539916399173991839919399203992139922399233992439925399263992739928399293993039931399323993339934399353993639937399383993939940399413994239943399443994539946399473994839949399503995139952399533995439955399563995739958399593996039961399623996339964399653996639967399683996939970399713997239973399743997539976399773997839979399803998139982399833998439985399863998739988399893999039991399923999339994399953999639997399983999940000400014000240003400044000540006400074000840009400104001140012400134001440015400164001740018400194002040021400224002340024400254002640027400284002940030400314003240033400344003540036400374003840039400404004140042400434004440045400464004740048400494005040051400524005340054400554005640057400584005940060400614006240063400644006540066400674006840069400704007140072400734007440075400764007740078400794008040081400824008340084400854008640087400884008940090400914009240093400944009540096400974009840099401004010140102401034010440105401064010740108401094011040111401124011340114401154011640117401184011940120401214012240123401244012540126401274012840129401304013140132401334013440135401364013740138401394014040141401424014340144401454014640147401484014940150401514015240153401544015540156401574015840159401604016140162401634016440165401664016740168401694017040171401724017340174401754017640177401784017940180401814018240183401844018540186401874018840189401904019140192401934019440195401964019740198401994020040201402024020340204402054020640207402084020940210402114021240213402144021540216402174021840219402204022140222402234022440225402264022740228402294023040231402324023340234402354023640237402384023940240402414024240243402444024540246402474024840249402504025140252402534025440255402564025740258402594026040261402624026340264402654026640267402684026940270402714027240273402744027540276402774027840279402804028140282402834028440285402864028740288402894029040291402924029340294402954029640297402984029940300403014030240303403044030540306403074030840309403104031140312403134031440315403164031740318403194032040321403224032340324403254032640327403284032940330403314033240333403344033540336403374033840339403404034140342403434034440345403464034740348403494035040351403524035340354403554035640357403584035940360403614036240363403644036540366403674036840369403704037140372403734037440375403764037740378403794038040381403824038340384403854038640387403884038940390403914039240393403944039540396403974039840399404004040140402404034040440405404064040740408404094041040411404124041340414404154041640417404184041940420404214042240423404244042540426404274042840429404304043140432404334043440435404364043740438404394044040441404424044340444404454044640447404484044940450404514045240453404544045540456404574045840459404604046140462404634046440465404664046740468404694047040471404724047340474404754047640477404784047940480404814048240483404844048540486404874048840489404904049140492404934049440495404964049740498404994050040501405024050340504405054050640507405084050940510405114051240513405144051540516405174051840519405204052140522405234052440525405264052740528405294053040531405324053340534405354053640537405384053940540405414054240543405444054540546405474054840549405504055140552405534055440555405564055740558405594056040561405624056340564405654056640567405684056940570405714057240573405744057540576405774057840579405804058140582405834058440585405864058740588405894059040591405924059340594405954059640597405984059940600406014060240603406044060540606406074060840609406104061140612406134061440615406164061740618406194062040621406224062340624406254062640627406284062940630406314063240633406344063540636406374063840639406404064140642406434064440645406464064740648406494065040651406524065340654406554065640657406584065940660406614066240663406644066540666406674066840669406704067140672406734067440675406764067740678406794068040681406824068340684406854068640687406884068940690406914069240693406944069540696406974069840699407004070140702407034070440705407064070740708407094071040711407124071340714407154071640717407184071940720407214072240723407244072540726407274072840729407304073140732407334073440735407364073740738407394074040741407424074340744407454074640747407484074940750407514075240753407544075540756407574075840759407604076140762407634076440765407664076740768407694077040771407724077340774407754077640777407784077940780407814078240783407844078540786407874078840789407904079140792407934079440795407964079740798407994080040801408024080340804408054080640807408084080940810408114081240813408144081540816408174081840819408204082140822408234082440825408264082740828408294083040831408324083340834408354083640837408384083940840408414084240843408444084540846408474084840849408504085140852408534085440855408564085740858408594086040861408624086340864408654086640867408684086940870408714087240873408744087540876408774087840879408804088140882408834088440885408864088740888408894089040891408924089340894408954089640897408984089940900409014090240903409044090540906409074090840909409104091140912409134091440915409164091740918409194092040921409224092340924409254092640927409284092940930409314093240933409344093540936409374093840939409404094140942409434094440945409464094740948409494095040951409524095340954409554095640957409584095940960409614096240963409644096540966409674096840969409704097140972409734097440975409764097740978409794098040981409824098340984409854098640987409884098940990409914099240993409944099540996409974099840999410004100141002410034100441005410064100741008410094101041011410124101341014410154101641017410184101941020410214102241023410244102541026410274102841029410304103141032410334103441035410364103741038410394104041041410424104341044410454104641047410484104941050410514105241053410544105541056410574105841059410604106141062410634106441065410664106741068410694107041071410724107341074410754107641077410784107941080410814108241083410844108541086410874108841089410904109141092410934109441095410964109741098410994110041101411024110341104411054110641107411084110941110411114111241113411144111541116411174111841119411204112141122411234112441125411264112741128411294113041131411324113341134411354113641137411384113941140411414114241143411444114541146411474114841149411504115141152411534115441155411564115741158411594116041161411624116341164411654116641167411684116941170411714117241173411744117541176411774117841179411804118141182411834118441185411864118741188411894119041191411924119341194411954119641197411984119941200412014120241203412044120541206412074120841209412104121141212412134121441215412164121741218412194122041221412224122341224412254122641227412284122941230412314123241233412344123541236412374123841239412404124141242412434124441245412464124741248412494125041251412524125341254412554125641257412584125941260412614126241263412644126541266412674126841269412704127141272412734127441275412764127741278412794128041281412824128341284412854128641287412884128941290412914129241293412944129541296412974129841299413004130141302413034130441305413064130741308413094131041311413124131341314413154131641317413184131941320413214132241323413244132541326413274132841329413304133141332413334133441335413364133741338413394134041341413424134341344413454134641347413484134941350413514135241353413544135541356413574135841359413604136141362413634136441365413664136741368413694137041371413724137341374413754137641377413784137941380413814138241383413844138541386413874138841389413904139141392413934139441395413964139741398413994140041401414024140341404414054140641407414084140941410414114141241413414144141541416414174141841419414204142141422414234142441425414264142741428414294143041431414324143341434414354143641437414384143941440414414144241443414444144541446414474144841449414504145141452414534145441455414564145741458414594146041461414624146341464414654146641467414684146941470414714147241473414744147541476414774147841479414804148141482414834148441485414864148741488414894149041491414924149341494414954149641497414984149941500415014150241503415044150541506415074150841509415104151141512415134151441515415164151741518415194152041521415224152341524415254152641527415284152941530415314153241533415344153541536415374153841539415404154141542415434154441545415464154741548415494155041551415524155341554415554155641557415584155941560415614156241563415644156541566415674156841569415704157141572415734157441575415764157741578415794158041581415824158341584415854158641587415884158941590415914159241593 |
- /* test.c
- *
- * Copyright (C) 2006-2022 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #ifndef WOLFSSL_USER_SETTINGS
- #include <wolfssl/options.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/version.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
- #ifndef NO_CRYPT_TEST
- #if defined(HAVE_STACK_SIZE) && !defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
- #define HAVE_WOLFCRYPT_TEST_OPTIONS
- #endif
- #if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
- #include <wolfssl/ssl.h>
- #define err_sys err_sys_remap /* remap err_sys */
- #include <wolfssl/test.h>
- #undef err_sys
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- #include <stdint.h>
- #endif
- #if defined(HAVE_STACK_SIZE_VERBOSE)
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
- static ssize_t max_relative_stack = WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
- #else
- static ssize_t max_relative_stack = -1;
- #endif
- #else
- #define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) (__VA_ARGS__, 0)
- #define STACK_SIZE_INIT()
- #endif
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
- static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
- #else
- static ssize_t max_relative_heap_allocs = -1;
- #endif
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES
- static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES;
- #else
- static ssize_t max_relative_heap_bytes = -1;
- #endif
- #define PRINT_HEAP_CHECKPOINT() { \
- const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
- const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \
- printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \
- (long int)_rha, \
- _rha == 1 ? "" : "s", \
- (long int)_rhb); \
- if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \
- return err_sys("heap allocs exceed designated max.", -1); \
- if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \
- return err_sys("heap bytes exceed designated max.", -1); \
- heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \
- heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \
- }
- #else
- #define PRINT_HEAP_CHECKPOINT()
- #endif
- #ifdef USE_FLAT_TEST_H
- #ifdef HAVE_CONFIG_H
- #include "test_paths.h"
- #endif
- #include "test.h"
- #else
- #ifdef HAVE_CONFIG_H
- #include "wolfcrypt/test/test_paths.h"
- #endif
- #include "wolfcrypt/test/test.h"
- #endif
- /* printf mappings */
- #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
- #include <mqx.h>
- #include <stdlib.h>
- /* see wc_port.h for fio.h and nio.h includes */
- #elif defined(FREESCALE_KSDK_BM)
- #include "fsl_debug_console.h"
- #undef printf
- #define printf PRINTF
- #elif defined(WOLFSSL_APACHE_MYNEWT)
- #include <assert.h>
- #include <string.h>
- #include "sysinit/sysinit.h"
- #include "os/os.h"
- #ifdef ARCH_sim
- #include "mcu/mcu_sim.h"
- #endif
- #include "os/os_time.h"
- #elif defined(WOLFSSL_ESPIDF)
- #include <time.h>
- #include <sys/time.h>
- #elif defined(WOLFSSL_ZEPHYR)
- #include <stdio.h>
- #define printf printk
- #elif defined(MICRIUM)
- #include <os.h>
- #if (OS_VERSION < 50000)
- #include <bsp_ser.h>
- void BSP_Ser_Printf (CPU_CHAR* format, ...);
- #undef printf
- #define printf BSP_Ser_Printf
- #else
- #include <stdio.h>
- #endif
- #elif defined(WOLFSSL_PB)
- #include <stdarg.h>
- int wolfssl_pb_print(const char*, ...);
- #undef printf
- #define printf wolfssl_pb_print
- #elif defined(WOLFSSL_TELIT_M2MB)
- #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */
- #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */
- /* remap printf */
- #undef printf
- #define printf M2M_LOG_INFO
- /* OS requires occasional sleep() */
- #ifndef TEST_SLEEP_MS
- #define TEST_SLEEP_MS 50
- #endif
- #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS))
- /* don't use file system for these tests, since ./certs dir isn't loaded */
- #undef NO_FILESYSTEM
- #define NO_FILESYSTEM
- #elif defined(THREADX) && !defined(WOLFSSL_WICED) && \
- !defined(THREADX_NO_DC_PRINTF)
- #ifndef NETOS
- /* since just testing, use THREADX log printf instead (NETOS prototypes
- * this elsewhere) */
- int dc_log_printf(char*, ...);
- #endif
- #undef printf
- #define printf dc_log_printf
- #elif defined(ANDROID)
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #ifndef STRING_USER
- #include <stdio.h>
- #endif
- #include <android/log.h>
- #ifdef ANDROID_V454 /* See fips/android/wolfCrypt_v454_android */
- #ifndef NO_FILESYSTEM
- #define NO_FILESYSTEM /* Turn off tests that want to call SaveDerAndPem() */
- #endif
- #else
- #define printf(...) \
- __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
- #define fprintf(fp, ...) \
- __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
- #endif
- #elif defined(WOLFSSL_DEOS)
- #include <printx.h>
- #undef printf
- #define printf printx
- #else
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
- #include <stdio.h>
- #endif
- #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
- #undef printf
- #define printf(...) ({})
- #endif
- /* enable way for customer to override test/bench printf */
- #ifdef XPRINTF
- #undef printf
- #define printf XPRINTF
- #elif !defined(printf)
- /* arrange for printf() to flush after every message -- this assures
- * redirected output (to a log file) records progress right up to the
- * moment of a crash/abort(); otherwise anything queued in stdout would
- * be lost.
- */
- #define printf(...) ( printf(__VA_ARGS__), fflush(stdout) )
- #endif
- #endif
- #include <wolfssl/wolfcrypt/memory.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/types.h>
- #include <wolfssl/wolfcrypt/asn.h>
- #include <wolfssl/wolfcrypt/md2.h>
- #include <wolfssl/wolfcrypt/md5.h>
- #include <wolfssl/wolfcrypt/md4.h>
- #include <wolfssl/wolfcrypt/sha.h>
- #include <wolfssl/wolfcrypt/sha256.h>
- #include <wolfssl/wolfcrypt/sha512.h>
- #include <wolfssl/wolfcrypt/rc2.h>
- #include <wolfssl/wolfcrypt/arc4.h>
- #if defined(WC_NO_RNG)
- #include <wolfssl/wolfcrypt/integer.h>
- #else
- #include <wolfssl/wolfcrypt/random.h>
- #endif
- #include <wolfssl/wolfcrypt/coding.h>
- #include <wolfssl/wolfcrypt/signature.h>
- #include <wolfssl/wolfcrypt/rsa.h>
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/aes.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #include <wolfssl/wolfcrypt/cmac.h>
- #include <wolfssl/wolfcrypt/siphash.h>
- #include <wolfssl/wolfcrypt/poly1305.h>
- #include <wolfssl/wolfcrypt/camellia.h>
- #include <wolfssl/wolfcrypt/hmac.h>
- #include <wolfssl/wolfcrypt/kdf.h>
- #include <wolfssl/wolfcrypt/dh.h>
- #include <wolfssl/wolfcrypt/dsa.h>
- #include <wolfssl/wolfcrypt/srp.h>
- #include <wolfssl/wolfcrypt/chacha.h>
- #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
- #include <wolfssl/wolfcrypt/pwdbased.h>
- #include <wolfssl/wolfcrypt/ripemd.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
- #endif
- #ifdef HAVE_CURVE25519
- #include <wolfssl/wolfcrypt/curve25519.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/wolfcrypt/ed25519.h>
- #endif
- #ifdef HAVE_CURVE448
- #include <wolfssl/wolfcrypt/curve448.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/wolfcrypt/ed448.h>
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- #include <wolfssl/wolfcrypt/eccsi.h>
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- #include <wolfssl/wolfcrypt/sakke.h>
- #endif
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- #include <wolfssl/wolfcrypt/blake2.h>
- #endif
- #ifdef WOLFSSL_SHA3
- #include <wolfssl/wolfcrypt/sha3.h>
- #endif
- #ifdef HAVE_LIBZ
- #include <wolfssl/wolfcrypt/compress.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/wolfcrypt/pkcs7.h>
- #endif
- #ifdef HAVE_FIPS
- #include <wolfssl/wolfcrypt/fips_test.h>
- #endif
- #ifdef HAVE_SELFTEST
- #include <wolfssl/wolfcrypt/selftest.h>
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- #include <wolfssl/wolfcrypt/async.h>
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- #include <wolfssl/wolfcrypt/logging.h>
- #endif
- #ifdef WOLFSSL_CAAM
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #endif
- #ifdef WOLF_CRYPTO_CB
- #include <wolfssl/wolfcrypt/cryptocb.h>
- #ifdef HAVE_INTEL_QA_SYNC
- #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
- #endif
- #endif
- #ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
- #pragma warning(disable: 4996)
- #endif
- #ifdef OPENSSL_EXTRA
- #ifndef WOLFCRYPT_ONLY
- #include <wolfssl/openssl/evp.h>
- #include <wolfssl/openssl/hmac.h>
- #endif
- #include <wolfssl/openssl/rand.h>
- #include <wolfssl/openssl/aes.h>
- #include <wolfssl/openssl/des.h>
- #endif
- #if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #define USE_CERT_BUFFERS_2048
- #endif
- #if !defined(USE_CERT_BUFFERS_256)
- #define USE_CERT_BUFFERS_256
- #endif
- #endif
- #if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
- #define ENABLE_ECC384_CERT_GEN_TEST
- #endif
- #include <wolfssl/certs_test.h>
- #ifdef DEVKITPRO
- #include <wiiuse/wpad.h>
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- static WOLFSSL_HEAP_HINT* HEAP_HINT;
- #else
- #define HEAP_HINT NULL
- #endif /* WOLFSSL_STATIC_MEMORY */
- /* these cases do not have intermediate hashing support */
- #if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \
- && !defined(WOLFSSL_XILINX_CRYPT)
- #define NO_INTM_HASH_TEST
- #endif
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
- defined(WOLFSSL_SECO_CAAM)
- #define HASH_SIZE_LIMIT
- #endif
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- static void initDefaultName(void);
- #endif
- /* for async devices */
- #ifdef WOLFSSL_CAAM_DEVID
- static int devId = WOLFSSL_CAAM_DEVID;
- #else
- static int devId = INVALID_DEVID;
- #endif
- #ifdef HAVE_WNR
- const char* wnrConfigFile = "wnr-example.conf";
- #endif
- #define TEST_STRING "Everyone gets Friday off."
- #define TEST_STRING_SZ 25
- typedef struct testVector {
- const char* input;
- const char* output;
- size_t inLen;
- size_t outLen;
- } testVector;
- #ifndef WOLFSSL_TEST_SUBROUTINE
- #define WOLFSSL_TEST_SUBROUTINE
- #endif
- PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
- WOLFSSL_TEST_SUBROUTINE int error_test(void);
- WOLFSSL_TEST_SUBROUTINE int base64_test(void);
- WOLFSSL_TEST_SUBROUTINE int base16_test(void);
- WOLFSSL_TEST_SUBROUTINE int asn_test(void);
- WOLFSSL_TEST_SUBROUTINE int md2_test(void);
- WOLFSSL_TEST_SUBROUTINE int md5_test(void);
- WOLFSSL_TEST_SUBROUTINE int md4_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha224_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha256_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha512_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha384_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha3_test(void);
- WOLFSSL_TEST_SUBROUTINE int shake128_test(void);
- WOLFSSL_TEST_SUBROUTINE int shake256_test(void);
- WOLFSSL_TEST_SUBROUTINE int hash_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha224_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha256_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha384_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha512_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void);
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- /* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
- static int hkdf_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int sshkdf_test(void);
- #ifdef WOLFSSL_TLS13
- WOLFSSL_TEST_SUBROUTINE int tls13_kdf_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void);
- WOLFSSL_TEST_SUBROUTINE int arc4_test(void);
- #ifdef WC_RC2
- WOLFSSL_TEST_SUBROUTINE int rc2_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int chacha_test(void);
- WOLFSSL_TEST_SUBROUTINE int XChaCha_test(void);
- WOLFSSL_TEST_SUBROUTINE int chacha20_poly1305_aead_test(void);
- WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void);
- WOLFSSL_TEST_SUBROUTINE int des_test(void);
- WOLFSSL_TEST_SUBROUTINE int des3_test(void);
- WOLFSSL_TEST_SUBROUTINE int aes_test(void);
- WOLFSSL_TEST_SUBROUTINE int aes192_test(void);
- WOLFSSL_TEST_SUBROUTINE int aes256_test(void);
- WOLFSSL_TEST_SUBROUTINE int aesofb_test(void);
- WOLFSSL_TEST_SUBROUTINE int cmac_test(void);
- #if defined(WOLFSSL_SIPHASH)
- WOLFSSL_TEST_SUBROUTINE int siphash_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int poly1305_test(void);
- WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void);
- WOLFSSL_TEST_SUBROUTINE int aesgcm_default_test(void);
- WOLFSSL_TEST_SUBROUTINE int gmac_test(void);
- WOLFSSL_TEST_SUBROUTINE int aesccm_test(void);
- WOLFSSL_TEST_SUBROUTINE int aeskeywrap_test(void);
- WOLFSSL_TEST_SUBROUTINE int camellia_test(void);
- #ifdef WC_RSA_NO_PADDING
- WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int rsa_test(void);
- WOLFSSL_TEST_SUBROUTINE int dh_test(void);
- WOLFSSL_TEST_SUBROUTINE int dsa_test(void);
- WOLFSSL_TEST_SUBROUTINE int srp_test(void);
- #ifndef WC_NO_RNG
- WOLFSSL_TEST_SUBROUTINE int random_test(void);
- #endif /* WC_NO_RNG */
- WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void);
- WOLFSSL_TEST_SUBROUTINE int ripemd_test(void);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- WOLFSSL_TEST_SUBROUTINE int openssl_test(void); /* test mini api */
- WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void);
- WOLFSSL_TEST_SUBROUTINE int openssl_pkey1_test(void);
- WOLFSSL_TEST_SUBROUTINE int openSSL_evpMD_test(void);
- WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int pbkdf1_test(void);
- WOLFSSL_TEST_SUBROUTINE int pkcs12_test(void);
- WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void);
- WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
- #ifdef HAVE_ECC
- WOLFSSL_TEST_SUBROUTINE int ecc_test(void);
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
- #endif
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- /* skip for ATECC508/608A, cannot import private key buffers */
- WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void);
- #endif
- #endif
- #ifdef HAVE_CURVE25519
- WOLFSSL_TEST_SUBROUTINE int curve25519_test(void);
- #endif
- #ifdef HAVE_ED25519
- WOLFSSL_TEST_SUBROUTINE int ed25519_test(void);
- #endif
- #ifdef HAVE_CURVE448
- WOLFSSL_TEST_SUBROUTINE int curve448_test(void);
- #endif
- #ifdef HAVE_ED448
- WOLFSSL_TEST_SUBROUTINE int ed448_test(void);
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- WOLFSSL_TEST_SUBROUTINE int eccsi_test(void);
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- WOLFSSL_TEST_SUBROUTINE int sakke_test(void);
- #endif
- #ifdef HAVE_BLAKE2
- WOLFSSL_TEST_SUBROUTINE int blake2b_test(void);
- #endif
- #ifdef HAVE_BLAKE2S
- WOLFSSL_TEST_SUBROUTINE int blake2s_test(void);
- #endif
- #ifdef HAVE_LIBZ
- WOLFSSL_TEST_SUBROUTINE int compress_test(void);
- #endif
- #ifdef HAVE_PKCS7
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void);
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- WOLFSSL_TEST_SUBROUTINE int pkcs7compressed_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void);
- WOLFSSL_TEST_SUBROUTINE int pkcs7enveloped_test(void);
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void);
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key,
- word32 keySz);
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL_TEST_SUBROUTINE int cert_test(void);
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE int certext_test(void);
- #endif
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int memory_test(void);
- #ifdef HAVE_VALGRIND
- WOLFSSL_TEST_SUBROUTINE int mp_test(void);
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- WOLFSSL_TEST_SUBROUTINE int prime_test(void);
- #endif
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- WOLFSSL_TEST_SUBROUTINE int berder_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int logging_test(void);
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- WOLFSSL_TEST_SUBROUTINE int time_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int mutex_test(void);
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- WOLFSSL_TEST_SUBROUTINE int memcb_test(void);
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- WOLFSSL_TEST_SUBROUTINE int blob_test(void);
- #endif
- #ifdef WOLF_CRYPTO_CB
- WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void);
- #endif
- #ifdef WOLFSSL_CERT_PIV
- WOLFSSL_TEST_SUBROUTINE int certpiv_test(void);
- #endif
- #ifdef WOLFSSL_AES_SIV
- WOLFSSL_TEST_SUBROUTINE int aes_siv_test(void);
- #endif
- /* General big buffer size for many tests. */
- #define FOURK_BUF 4096
- #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
- #ifdef HAVE_STACK_SIZE
- static THREAD_RETURN err_sys(const char* msg, int es)
- #else
- static int err_sys(const char* msg, int es)
- #endif
- {
- (void)msg;
- (void)es;
- #ifdef WOLFSSL_LINUXKM
- lkm_printf("%s error = %d\n", msg, es);
- EXIT_TEST(es);
- #else
- printf("%s error = %d\n", msg, es);
- EXIT_TEST(-1);
- #endif
- }
- #ifndef HAVE_WOLFCRYPT_TEST_OPTIONS
- /* func_args from test.h, so don't have to pull in other stuff */
- typedef struct func_args {
- int argc;
- char** argv;
- int return_code;
- } func_args;
- #endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
- #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
- static void myFipsCb(int ok, int err, const char* hash)
- {
- printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
- printf("message = %s\n", wc_GetErrorString(err));
- printf("hash = %s\n", hash);
- if (err == IN_CORE_FIPS_E) {
- printf("In core integrity hash check failure, copy above hash\n");
- printf("into verifyCore[] in fips_test.c and rebuild\n");
- }
- }
- #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
- #ifdef WOLFSSL_STATIC_MEMORY
- #ifdef BENCH_EMBEDDED
- static byte gTestMemory[14000];
- #elif defined(WOLFSSL_CERT_EXT)
- static byte gTestMemory[140000];
- #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(USE_FAST_MATH)) && \
- !defined(ALT_ECC_SIZE)
- static byte gTestMemory[160000];
- #else
- static byte gTestMemory[80000];
- #endif
- #endif
- #ifdef WOLFSSL_PB
- static int wolfssl_pb_print(const char* msg, ...)
- {
- int ret;
- va_list args;
- char tmpBuf[80];
- va_start(args, msg);
- ret = vsprint(tmpBuf, msg, args);
- va_end(args);
- fnDumpStringToSystemLog(tmpBuf);
- return ret;
- }
- #endif /* WOLFSSL_PB */
- /* optional macro to add sleep between tests */
- #ifndef TEST_SLEEP
- #define TEST_SLEEP()
- #else
- #define TEST_PASS test_pass
- #include <stdarg.h> /* for var args */
- static WC_INLINE void test_pass(const char* fmt, ...)
- {
- va_list args;
- va_start(args, fmt);
- STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
- va_end(args);
- PRINT_HEAP_CHECKPOINT();
- TEST_SLEEP();
- ASSERT_RESTORED_VECTOR_REGISTERS(exit(1););
- }
- #endif
- /* set test pass output to printf if not overriden */
- #ifndef TEST_PASS
- /* redirect to printf */
- #define TEST_PASS(...) { \
- if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \
- (max_relative_stack, printf(__VA_ARGS__)) < 0) { \
- return err_sys("post-test check failed", -1); \
- } \
- PRINT_HEAP_CHECKPOINT(); \
- ASSERT_RESTORED_VECTOR_REGISTERS(exit(1);); \
- }
- #endif
- #ifdef HAVE_STACK_SIZE
- THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
- #else
- int wolfcrypt_test(void* args)
- #endif
- {
- int ret;
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- long heap_baselineAllocs, heap_baselineBytes;
- #endif
- STACK_SIZE_INIT();
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- (void)wolfCrypt_heap_peakAllocs_checkpoint();
- heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
- (void)wolfCrypt_heap_peakBytes_checkpoint();
- heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
- #endif
- printf("------------------------------------------------------------------------------\n");
- printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
- printf("------------------------------------------------------------------------------\n");
- if (args) {
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- int ch;
- #endif
- ((func_args*)args)->return_code = -1; /* error state */
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) {
- switch(ch) {
- case 's':
- #ifdef HAVE_STACK_SIZE_VERBOSE
- max_relative_stack = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", -1);
- #endif
- case 'm':
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- max_relative_heap_bytes = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", -1);
- #endif
- case 'a':
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- max_relative_heap_allocs = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", -1);
- #endif
- case 'h':
- return err_sys("\
- options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
- [-a max_relative_heap_allocs] [-h]\n", 0);
- default:
- return err_sys("unknown test option. try -h.", -1);
- }
- }
- #endif
- }
- #ifdef WOLFSSL_STATIC_MEMORY
- if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
- WOLFMEM_GENERAL, 1) != 0) {
- printf("unable to load static memory.\n");
- return(EXIT_FAILURE);
- }
- #endif
- #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
- wolfSSL_Debugging_ON();
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- wc_SetLoggingHeap(HEAP_HINT);
- #endif
- #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
- wolfCrypt_SetCb_fips(myFipsCb);
- #endif
- #if !defined(NO_BIG_INT)
- if (CheckCtcSettings() != 1) {
- printf("Sizeof mismatch (build) %x != (run) %lx\n",
- CTC_SETTINGS, (unsigned long)CheckRunTimeSettings());
- return err_sys("Build vs runtime math mismatch\n", -1000);
- }
- #if defined(USE_FAST_MATH) && \
- (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
- if (CheckFastMathSettings() != 1)
- return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
- -1001);
- #endif /* USE_FAST_MATH */
- #endif /* !NO_BIG_INT */
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- initDefaultName();
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- ret = wolfAsync_DevOpen(&devId);
- if (ret < 0) {
- printf("Async device open failed\nRunning without async\n");
- }
- #else
- (void)devId;
- #endif /* WOLFSSL_ASYNC_CRYPT */
- #ifdef WOLF_CRYPTO_CB
- #ifdef HAVE_INTEL_QA_SYNC
- devId = wc_CryptoCb_InitIntelQa();
- if (INVALID_DEVID == devId) {
- printf("Couldn't init the Intel QA\n");
- }
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- devId = wc_CryptoCb_InitOcteon();
- if (INVALID_DEVID == devId) {
- printf("Couldn't init the Cavium Octeon\n");
- }
- #endif
- #endif
- #ifdef HAVE_SELFTEST
- if ( (ret = wolfCrypt_SelfTest()) != 0)
- return err_sys("CAVP selftest failed!\n", ret);
- else
- TEST_PASS("CAVP selftest passed!\n");
- #endif
- if ( (ret = error_test()) != 0)
- return err_sys("error test failed!\n", ret);
- else
- TEST_PASS("error test passed!\n");
- if ( (ret = memory_test()) != 0)
- return err_sys("MEMORY test failed!\n", ret);
- else
- TEST_PASS("MEMORY test passed!\n");
- #ifndef NO_CODING
- if ( (ret = base64_test()) != 0)
- return err_sys("base64 test failed!\n", ret);
- else
- TEST_PASS("base64 test passed!\n");
- #ifdef WOLFSSL_BASE16
- if ( (ret = base16_test()) != 0)
- return err_sys("base16 test failed!\n", ret);
- else
- TEST_PASS("base16 test passed!\n");
- #endif
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- if ( (ret = asn_test()) != 0)
- return err_sys("asn test failed!\n", ret);
- else
- TEST_PASS("asn test passed!\n");
- #endif
- #ifndef WC_NO_RNG
- if ( (ret = random_test()) != 0)
- return err_sys("RANDOM test failed!\n", ret);
- else
- TEST_PASS("RANDOM test passed!\n");
- #endif /* WC_NO_RNG */
- #ifndef NO_MD5
- if ( (ret = md5_test()) != 0)
- return err_sys("MD5 test failed!\n", ret);
- else
- TEST_PASS("MD5 test passed!\n");
- #endif
- #ifdef WOLFSSL_MD2
- if ( (ret = md2_test()) != 0)
- return err_sys("MD2 test failed!\n", ret);
- else
- TEST_PASS("MD2 test passed!\n");
- #endif
- #ifndef NO_MD4
- if ( (ret = md4_test()) != 0)
- return err_sys("MD4 test failed!\n", ret);
- else
- TEST_PASS("MD4 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = sha_test()) != 0)
- return err_sys("SHA test failed!\n", ret);
- else
- TEST_PASS("SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = sha224_test()) != 0)
- return err_sys("SHA-224 test failed!\n", ret);
- else
- TEST_PASS("SHA-224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = sha256_test()) != 0)
- return err_sys("SHA-256 test failed!\n", ret);
- else
- TEST_PASS("SHA-256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = sha384_test()) != 0)
- return err_sys("SHA-384 test failed!\n", ret);
- else
- TEST_PASS("SHA-384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ret = sha512_test()) != 0)
- return err_sys("SHA-512 test failed!\n", ret);
- else
- TEST_PASS("SHA-512 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA3
- if ( (ret = sha3_test()) != 0)
- return err_sys("SHA-3 test failed!\n", ret);
- else
- TEST_PASS("SHA-3 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHAKE128
- if ( (ret = shake128_test()) != 0)
- return err_sys("SHAKE128 test failed!\n", ret);
- else
- TEST_PASS("SHAKE128 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHAKE256
- if ( (ret = shake256_test()) != 0)
- return err_sys("SHAKE256 test failed!\n", ret);
- else
- TEST_PASS("SHAKE256 test passed!\n");
- #endif
- #ifndef NO_HASH_WRAPPER
- if ( (ret = hash_test()) != 0)
- return err_sys("Hash test failed!\n", ret);
- else
- TEST_PASS("Hash test passed!\n");
- #endif
- #ifdef WOLFSSL_RIPEMD
- if ( (ret = ripemd_test()) != 0)
- return err_sys("RIPEMD test failed!\n", ret);
- else
- TEST_PASS("RIPEMD test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2
- if ( (ret = blake2b_test()) != 0)
- return err_sys("BLAKE2b test failed!\n", ret);
- else
- TEST_PASS("BLAKE2b test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2S
- if ( (ret = blake2s_test()) != 0)
- return err_sys("BLAKE2s test failed!\n", ret);
- else
- TEST_PASS("BLAKE2s test passed!\n");
- #endif
- #ifndef NO_HMAC
- #if !defined(NO_MD5) && !(defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) \
- && (HAVE_FIPS_VERSION >= 5))
- if ( (ret = hmac_md5_test()) != 0)
- return err_sys("HMAC-MD5 test failed!\n", ret);
- else
- TEST_PASS("HMAC-MD5 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = hmac_sha_test()) != 0)
- return err_sys("HMAC-SHA test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = hmac_sha224_test()) != 0)
- return err_sys("HMAC-SHA224 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = hmac_sha256_test()) != 0)
- return err_sys("HMAC-SHA256 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = hmac_sha384_test()) != 0)
- return err_sys("HMAC-SHA384 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ret = hmac_sha512_test()) != 0)
- return err_sys("HMAC-SHA512 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA512 test passed!\n");
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
- !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
- !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
- if ( (ret = hmac_sha3_test()) != 0)
- return err_sys("HMAC-SHA3 test failed!\n", ret);
- else
- TEST_PASS("HMAC-SHA3 test passed!\n");
- #endif
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = hkdf_test()) != 0)
- return err_sys("HMAC-KDF test failed!\n", ret);
- else
- TEST_PASS("HMAC-KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #endif /* !NO_HMAC */
- #ifdef WOLFSSL_WOLFSSH
- PRIVATE_KEY_UNLOCK();
- if ( (ret = sshkdf_test()) != 0)
- return err_sys("SSH-KDF test failed!\n", ret);
- else
- TEST_PASS("SSH-KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif /* WOLFSSL_WOLFSSH */
- #ifdef WOLFSSL_TLS13
- PRIVATE_KEY_UNLOCK();
- if ( (ret = tls13_kdf_test()) != 0)
- return err_sys("TLSv1.3 KDF test failed!\n", ret);
- else
- TEST_PASS("TLSv1.3 KDF test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif /* WOLFSSL_TLS13 */
- #if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
- if ( (ret = x963kdf_test()) != 0)
- return err_sys("X963-KDF test failed!\n", ret);
- else
- TEST_PASS("X963-KDF test passed!\n");
- #endif
- #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
- !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- if ( (ret = gmac_test()) != 0)
- return err_sys("GMAC test failed!\n", ret);
- else
- TEST_PASS("GMAC test passed!\n");
- #endif
- #ifdef WC_RC2
- if ( (ret = rc2_test()) != 0)
- return err_sys("RC2 test failed!\n", ret);
- else
- TEST_PASS("RC2 test passed!\n");
- #endif
- #ifndef NO_RC4
- if ( (ret = arc4_test()) != 0)
- return err_sys("ARC4 test failed!\n", ret);
- else
- TEST_PASS("ARC4 test passed!\n");
- #endif
- #ifdef HAVE_CHACHA
- if ( (ret = chacha_test()) != 0)
- return err_sys("Chacha test failed!\n", ret);
- else
- TEST_PASS("Chacha test passed!\n");
- #endif
- #ifdef HAVE_XCHACHA
- if ( (ret = XChaCha_test()) != 0)
- return err_sys("XChacha test failed!\n", ret);
- else
- TEST_PASS("XChacha test passed!\n");
- #endif
- #ifdef HAVE_POLY1305
- if ( (ret = poly1305_test()) != 0)
- return err_sys("POLY1305 test failed!\n", ret);
- else
- TEST_PASS("POLY1305 test passed!\n");
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- if ( (ret = chacha20_poly1305_aead_test()) != 0)
- return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- TEST_PASS("ChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
- if ( (ret = XChaCha20Poly1305_test()) != 0)
- return err_sys("XChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- TEST_PASS("XChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des_test()) != 0)
- return err_sys("DES test failed!\n", ret);
- else
- TEST_PASS("DES test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des3_test()) != 0)
- return err_sys("DES3 test failed!\n", ret);
- else
- TEST_PASS("DES3 test passed!\n");
- #endif
- #ifndef NO_AES
- if ( (ret = aes_test()) != 0)
- return err_sys("AES test failed!\n", ret);
- else
- TEST_PASS("AES test passed!\n");
- #ifdef WOLFSSL_AES_192
- if ( (ret = aes192_test()) != 0)
- return err_sys("AES192 test failed!\n", ret);
- else
- TEST_PASS("AES192 test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_256
- if ( (ret = aes256_test()) != 0)
- return err_sys("AES256 test failed!\n", ret);
- else
- TEST_PASS("AES256 test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_OFB
- if ( (ret = aesofb_test()) != 0)
- return err_sys("AES-OFB test failed!\n", ret);
- else
- TEST_PASS("AESOFB test passed!\n");
- #endif
- #ifdef HAVE_AESGCM
- #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO)
- if ( (ret = aesgcm_test()) != 0)
- return err_sys("AES-GCM test failed!\n", ret);
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
- !defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \
- (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
- if ((ret = aesgcm_default_test()) != 0) {
- return err_sys("AES-GCM test failed!\n", ret);
- }
- #endif
- if (ret == 0) {
- TEST_PASS("AES-GCM test passed!\n");
- }
- #endif
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if ( (ret = aesccm_test()) != 0)
- return err_sys("AES-CCM test failed!\n", ret);
- else
- TEST_PASS("AES-CCM test passed!\n");
- #endif
- #ifdef HAVE_AES_KEYWRAP
- if ( (ret = aeskeywrap_test()) != 0)
- return err_sys("AES Key Wrap test failed!\n", ret);
- else
- TEST_PASS("AES Key Wrap test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_SIV
- if ( (ret = aes_siv_test()) != 0)
- return err_sys("AES-SIV test failed!\n", ret);
- else
- TEST_PASS("AES-SIV test passed!\n");
- #endif
- #endif
- #ifdef HAVE_CAMELLIA
- if ( (ret = camellia_test()) != 0)
- return err_sys("CAMELLIA test failed!\n", ret);
- else
- TEST_PASS("CAMELLIA test passed!\n");
- #endif
- #if !defined(NO_RSA)
- #ifdef WC_RSA_NO_PADDING
- if ( (ret = rsa_no_pad_test()) != 0)
- return err_sys("RSA NOPAD test failed!\n", ret);
- else
- TEST_PASS("RSA NOPAD test passed!\n");
- #endif
- if ( (ret = rsa_test()) != 0)
- return err_sys("RSA test failed!\n", ret);
- else
- TEST_PASS("RSA test passed!\n");
- #endif
- #ifndef NO_DH
- PRIVATE_KEY_UNLOCK();
- if ( (ret = dh_test()) != 0)
- return err_sys("DH test failed!\n", ret);
- else
- TEST_PASS("DH test passed!\n");
- PRIVATE_KEY_LOCK();
- #endif
- #ifndef NO_DSA
- if ( (ret = dsa_test()) != 0)
- return err_sys("DSA test failed!\n", ret);
- else
- TEST_PASS("DSA test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SRP
- if ( (ret = srp_test()) != 0)
- return err_sys("SRP test failed!\n", ret);
- else
- TEST_PASS("SRP test passed!\n");
- #endif
- #ifndef NO_PWDBASED
- if ( (ret = pwdbased_test()) != 0)
- return err_sys("PWDBASED test failed!\n", ret);
- else
- TEST_PASS("PWDBASED test passed!\n");
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- if ( (ret = openssl_test()) != 0)
- return err_sys("OPENSSL test failed!\n", ret);
- else
- TEST_PASS("OPENSSL test passed!\n");
- if ( (ret = openSSL_evpMD_test()) != 0)
- return err_sys("OPENSSL (EVP MD) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (EVP MD) passed!\n");
- if ( (ret = openssl_pkey0_test()) != 0)
- return err_sys("OPENSSL (PKEY0) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (PKEY0) passed!\n");
- if ( (ret = openssl_pkey1_test()) != 0)
- return err_sys("OPENSSL (PKEY1) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (PKEY1) passed!\n");
- #if !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- if ( (ret = openssl_evpSig_test()) != 0)
- return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
- else
- TEST_PASS("OPENSSL (EVP Sign/Verify) passed!\n");
- #endif
- #endif
- #if defined(HAVE_ECC)
- PRIVATE_KEY_UNLOCK();
- if ( (ret = ecc_test()) != 0)
- return err_sys("ECC test failed!\n", ret);
- else
- TEST_PASS("ECC test passed!\n");
- PRIVATE_KEY_LOCK();
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- if ( (ret = ecc_encrypt_test()) != 0)
- return err_sys("ECC Enc test failed!\n", ret);
- else
- TEST_PASS("ECC Enc test passed!\n");
- #endif
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- /* skip for ATECC508/608A, cannot import private key buffers */
- if ( (ret = ecc_test_buffers()) != 0)
- return err_sys("ECC buffer test failed!\n", ret);
- else
- TEST_PASS("ECC buffer test passed!\n");
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- if ( (ret = cert_test()) != 0)
- return err_sys("CERT test failed!\n", ret);
- else
- TEST_PASS("CERT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
- if ( (ret = certext_test()) != 0)
- return err_sys("CERT EXT test failed!\n", ret);
- else
- TEST_PASS("CERT EXT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- if ( (ret = decodedCertCache_test()) != 0)
- return err_sys("DECODED CERT CACHE test failed!\n", ret);
- else
- TEST_PASS("DECODED CERT CACHE test passed!\n");
- #endif
- #ifdef HAVE_CURVE25519
- if ( (ret = curve25519_test()) != 0)
- return err_sys("CURVE25519 test failed!\n", ret);
- else
- TEST_PASS("CURVE25519 test passed!\n");
- #endif
- #ifdef HAVE_ED25519
- if ( (ret = ed25519_test()) != 0)
- return err_sys("ED25519 test failed!\n", ret);
- else
- TEST_PASS("ED25519 test passed!\n");
- #endif
- #ifdef HAVE_CURVE448
- if ( (ret = curve448_test()) != 0)
- return err_sys("CURVE448 test failed!\n", ret);
- else
- TEST_PASS("CURVE448 test passed!\n");
- #endif
- #ifdef HAVE_ED448
- if ( (ret = ed448_test()) != 0)
- return err_sys("ED448 test failed!\n", ret);
- else
- TEST_PASS("ED448 test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- if ( (ret = eccsi_test()) != 0)
- return err_sys("ECCSI test failed!\n", ret);
- else
- TEST_PASS("ECCSI test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- if ( (ret = sakke_test()) != 0)
- return err_sys("SAKKE test failed!\n", ret);
- else
- TEST_PASS("SAKKE test passed!\n");
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if ( (ret = cmac_test()) != 0)
- return err_sys("CMAC test failed!\n", ret);
- else
- TEST_PASS("CMAC test passed!\n");
- #endif
- #if defined(WOLFSSL_SIPHASH)
- if ( (ret = siphash_test()) != 0)
- return err_sys("SipHash test failed!\n", ret);
- else
- TEST_PASS("SipHash test passed!\n");
- #endif
- #ifdef HAVE_LIBZ
- if ( (ret = compress_test()) != 0)
- return err_sys("COMPRESS test failed!\n", ret);
- else
- TEST_PASS("COMPRESS test passed!\n");
- #endif
- #ifdef HAVE_PKCS7
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- if ( (ret = pkcs7encrypted_test()) != 0)
- return err_sys("PKCS7encrypted test failed!\n", ret);
- else
- TEST_PASS("PKCS7encrypted test passed!\n");
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- if ( (ret = pkcs7compressed_test()) != 0)
- return err_sys("PKCS7compressed test failed!\n", ret);
- else
- TEST_PASS("PKCS7compressed test passed!\n");
- #endif
- if ( (ret = pkcs7signed_test()) != 0)
- return err_sys("PKCS7signed test failed!\n", ret);
- else
- TEST_PASS("PKCS7signed test passed!\n");
- if ( (ret = pkcs7enveloped_test()) != 0)
- return err_sys("PKCS7enveloped test failed!\n", ret);
- else
- TEST_PASS("PKCS7enveloped test passed!\n");
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- if ( (ret = pkcs7authenveloped_test()) != 0)
- return err_sys("PKCS7authenveloped test failed!\n", ret);
- else
- TEST_PASS("PKCS7authenveloped test passed!\n");
- #endif
- #endif
- #ifdef HAVE_VALGRIND
- if ( (ret = mp_test()) != 0)
- return err_sys("mp test failed!\n", ret);
- else
- TEST_PASS("mp test passed!\n");
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- if ( (ret = prime_test()) != 0)
- return err_sys("prime test failed!\n", ret);
- else
- TEST_PASS("prime test passed!\n");
- #endif
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- if ( (ret = berder_test()) != 0)
- return err_sys("ber-der test failed!\n", ret);
- else
- TEST_PASS("ber-der test passed!\n");
- #endif
- if ( (ret = logging_test()) != 0)
- return err_sys("logging test failed!\n", ret);
- else
- TEST_PASS("logging test passed!\n");
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- if ( (ret = time_test()) != 0)
- return err_sys("time test failed!\n", ret);
- else
- TEST_PASS("time test passed!\n");
- #endif
- if ( (ret = mutex_test()) != 0)
- return err_sys("mutex test failed!\n", ret);
- else
- TEST_PASS("mutex test passed!\n");
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- if ( (ret = memcb_test()) != 0)
- return err_sys("memcb test failed!\n", ret);
- else
- TEST_PASS("memcb test passed!\n");
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- if ( (ret = blob_test()) != 0)
- return err_sys("blob test failed!\n", ret);
- else
- TEST_PASS("blob test passed!\n");
- #endif
- #if defined(WOLF_CRYPTO_CB) && \
- !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
- defined(WOLFSSL_QNX_CAAM))
- if ( (ret = cryptocb_test()) != 0)
- return err_sys("crypto callback test failed!\n", ret);
- else
- TEST_PASS("crypto callback test passed!\n");
- #endif
- #ifdef WOLFSSL_CERT_PIV
- if ( (ret = certpiv_test()) != 0)
- return err_sys("cert piv test failed!\n", ret);
- else
- TEST_PASS("cert piv test passed!\n");
- #endif
- #ifdef WOLF_CRYPTO_CB
- #ifdef HAVE_INTEL_QA_SYNC
- wc_CryptoCb_CleanupIntelQa(&devId);
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- wc_CryptoCb_CleanupOcteon(&devId);
- #endif
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- wolfAsync_DevClose(&devId);
- #endif
- /* cleanup the thread if fixed point cache is enabled and have thread local */
- #if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
- wc_ecc_fp_free();
- #endif
- if (args)
- ((func_args*)args)->return_code = ret;
- TEST_PASS("Test complete\n");
- EXIT_TEST(ret);
- }
- #ifndef NO_MAIN_DRIVER
- /* so overall tests can pull in test function */
- #ifdef WOLFSSL_ESPIDF
- void app_main( )
- #else
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- int myoptind = 0;
- char* myoptarg = NULL;
- #endif
- int main(int argc, char** argv)
- #endif
- {
- int ret;
- func_args args;
- #ifdef WOLFSSL_ESPIDF
- /* set dummy wallclock time. */
- struct timeval utctime;
- struct timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- settimeofday(&utctime, &tz);
- #endif
- #ifdef WOLFSSL_APACHE_MYNEWT
- #ifdef ARCH_sim
- mcu_sim_parse_args(argc, argv);
- #endif
- sysinit();
- /* set dummy wallclock time. */
- struct os_timeval utctime;
- struct os_timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- os_settimeofday(&utctime, &tz);
- #endif
- #ifdef WOLFSSL_ZEPHYR
- /* set dummy wallclock time. */
- struct timespec utctime;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_nsec = 0;
- clock_settime(CLOCK_REALTIME, &utctime);
- #endif
- #ifdef DEVKITPRO
- void *framebuffer;
- GXRModeObj *rmode = NULL;
- VIDEO_Init();
- WPAD_Init();
- rmode = VIDEO_GetPreferredMode(NULL);
- #pragma GCC diagnostic ignored "-Wbad-function-cast"
- framebuffer = MEM_K0_TO_K1(SYS_AllocateFramebuffer(rmode));
- #pragma GCC diagnostic pop
- console_init(framebuffer,20,20,rmode->fbWidth,rmode->xfbHeight,rmode->fbWidth*VI_DISPLAY_PIX_SZ);
- VIDEO_Configure(rmode);
- VIDEO_SetNextFramebuffer(framebuffer);
- VIDEO_SetBlack(FALSE);
- VIDEO_Flush();
- VIDEO_WaitVSync();
- if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
- #endif
- #ifdef HAVE_WNR
- if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) {
- err_sys("Whitewood netRandom global config failed", -1001);
- return -1002;
- }
- #endif
- #ifndef WOLFSSL_ESPIDF
- args.argc = argc;
- args.argv = argv;
- #endif
- if ((ret = wolfCrypt_Init()) != 0) {
- printf("wolfCrypt_Init failed %d\n", ret);
- err_sys("Error with wolfCrypt_Init!\n", -1003);
- }
- #ifdef WC_RNG_SEED_CB
- wc_SetSeed_Cb(wc_GenerateSeed);
- #endif
- #ifdef HAVE_STACK_SIZE
- StackSizeCheck(&args, wolfcrypt_test);
- #else
- wolfcrypt_test(&args);
- #endif
- if ((ret = wolfCrypt_Cleanup()) != 0) {
- printf("wolfCrypt_Cleanup failed %d\n", ret);
- err_sys("Error with wolfCrypt_Cleanup!\n", -1004);
- }
- #ifdef HAVE_WNR
- if (wc_FreeNetRandom() < 0)
- err_sys("Failed to free netRandom context", -1005);
- #endif /* HAVE_WNR */
- #ifdef DOLPHIN_EMULATOR
- /* Returning from main panics the emulator. Just hang
- * and let the user force quit the emulator window. */
- printf("args.return_code: %d\n", args.return_code);
- printf("Testing complete. You may close the window now\n");
- while (1);
- #endif
- #ifndef WOLFSSL_ESPIDF
- printf("Exiting main with return code: %d\n", args.return_code);
- return args.return_code;
- #endif
- }
- #endif /* NO_MAIN_DRIVER */
- /* helper to save DER, convert to PEM and save PEM */
- #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
- (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB)
- #else
- #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, NULL, NULL, pT, eB)
- #endif
- static int _SaveDerAndPem(const byte* der, int derSz,
- const char* fileDer, const char* filePem, int pemType, int errBase)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- int ret;
- XFILE derFile;
- derFile = XFOPEN(fileDer, "wb");
- if (!derFile) {
- return errBase + 0;
- }
- ret = (int)XFWRITE(der, 1, derSz, derFile);
- XFCLOSE(derFile);
- if (ret != derSz) {
- return errBase + 1;
- }
- #endif
- #ifdef WOLFSSL_DER_TO_PEM
- if (filePem) {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- XFILE pemFile;
- #endif
- byte* pem;
- int pemSz;
- /* calculate PEM size */
- pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType);
- if (pemSz < 0) {
- return pemSz;
- }
- pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- return MEMORY_E;
- }
- /* Convert to PEM */
- pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
- if (pemSz < 0) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return errBase + 2;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- pemFile = XFOPEN(filePem, "wb");
- if (!pemFile) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return errBase + 3;
- }
- ret = (int)XFWRITE(pem, 1, pemSz, pemFile);
- XFCLOSE(pemFile);
- if (ret != pemSz) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return errBase + 4;
- }
- #endif
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* WOLFSSL_DER_TO_PEM */
- /* suppress unused variable warnings */
- (void)der;
- (void)derSz;
- (void)filePem;
- (void)fileDer;
- (void)pemType;
- (void)errBase;
- return 0;
- }
- #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
- WOLFSSL_TEST_SUBROUTINE int error_test(void)
- {
- const char* errStr;
- char out[WOLFSSL_MAX_ERROR_SZ];
- const char* unknownStr = wc_GetErrorString(0);
- #ifdef NO_ERROR_STRINGS
- /* Ensure a valid error code's string matches an invalid code's.
- * The string is that error strings are not available.
- */
- errStr = wc_GetErrorString(OPEN_RAN_E);
- wc_ErrorString(OPEN_RAN_E, out);
- if (XSTRCMP(errStr, unknownStr) != 0)
- return -1100;
- if (XSTRCMP(out, unknownStr) != 0)
- return -1101;
- #else
- int i;
- int j = 0;
- /* Values that are not or no longer error codes. */
- int missing[] = { -122, -123, -124, -127, -128, -129, -159,
- -163, -164, -165, -166, -167, -168, -169, -233,
- 0 };
- /* Check that all errors have a string and it's the same through the two
- * APIs. Check that the values that are not errors map to the unknown
- * string.
- */
- for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (i != missing[j]) {
- if (XSTRCMP(errStr, unknownStr) == 0)
- return -1102;
- if (XSTRCMP(out, unknownStr) == 0)
- return -1103;
- if (XSTRCMP(errStr, out) != 0)
- return -1104;
- if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ)
- return -1105;
- }
- else {
- j++;
- if (XSTRCMP(errStr, unknownStr) != 0)
- return -1106;
- if (XSTRCMP(out, unknownStr) != 0)
- return -1107;
- }
- }
- /* Check if the next possible value has been given a string. */
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (XSTRCMP(errStr, unknownStr) != 0)
- return -1108;
- if (XSTRCMP(out, unknownStr) != 0)
- return -1109;
- #endif
- return 0;
- }
- #ifndef NO_CODING
- WOLFSSL_TEST_SUBROUTINE int base64_test(void)
- {
- int ret;
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = "A+Gd\0\0\0";
- WOLFSSL_SMALL_STACK_STATIC const byte goodEnd[] = "A+Gd \r\n";
- WOLFSSL_SMALL_STACK_STATIC const byte good_spaces[] = " A + G d \0";
- byte out[128];
- word32 outLen;
- #ifdef WOLFSSL_BASE64_ENCODE
- byte data[3];
- word32 dataLen;
- byte longData[79] = { 0 };
- WOLFSSL_SMALL_STACK_STATIC const byte symbols[] = "+/A=";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte badSmall[] = "AAA!Gdj=";
- WOLFSSL_SMALL_STACK_STATIC const byte badLarge[] = "AAA~Gdj=";
- WOLFSSL_SMALL_STACK_STATIC const byte badEOL[] = "A+Gd!AA";
- WOLFSSL_SMALL_STACK_STATIC const byte badPadding[] = "AA=A";
- WOLFSSL_SMALL_STACK_STATIC const byte badChar[] = ",-.:;<=>?@[\\]^_`";
- byte goodChar[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz"
- "0123456789+/;";
- byte charTest[] = "A+Gd\0\0\0";
- int i;
- /* Good Base64 encodings. */
- outLen = sizeof(out);
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != 0)
- return -1200;
- outLen = sizeof(out);
- ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
- if (ret != 0)
- return -1201;
- outLen = sizeof(goodChar);
- ret = Base64_Decode(goodChar, sizeof(goodChar), goodChar, &outLen);
- if (ret != 0)
- return -1235;
- if (outLen != 64 / 4 * 3)
- return -1236;
- outLen = sizeof(out);
- ret = Base64_Decode(good_spaces, sizeof(good_spaces), out, &outLen);
- if (ret != 0)
- return -1201;
- /* Bad parameters. */
- outLen = 1;
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -1202;
- outLen = sizeof(out);
- ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1203;
- outLen = sizeof(out);
- ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1203;
- /* Bad character at each offset 0-3. */
- for (i = 0; i < 4; i++) {
- outLen = sizeof(out);
- ret = Base64_Decode(badSmall + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1204 - i;
- ret = Base64_Decode(badLarge + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1214 - i;
- }
- /* Invalid character less than 0x2b */
- for (i = 1; i < 0x2b; i++) {
- outLen = sizeof(out);
- charTest[0] = (byte)i;
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1240 - i;
- }
- /* Bad characters in range 0x2b - 0x7a. */
- for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
- outLen = sizeof(out);
- charTest[0] = badChar[i];
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1270 - i;
- }
- /* Invalid character greater than 0x7a */
- for (i = 0x7b; i < 0x100; i++) {
- outLen = sizeof(out);
- charTest[0] = (byte)i;
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1290 - i;
- }
- #ifdef WOLFSSL_BASE64_ENCODE
- /* Decode and encode all symbols - non-alphanumeric. */
- dataLen = sizeof(data);
- ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
- if (ret != 0)
- return -1224;
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return -1225;
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1226;
- outLen = 7;
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != BUFFER_E)
- return -1227;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return -1228;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1229;
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1230;
- /* Data that results in an encoding longer than one line. */
- outLen = sizeof(out);
- dataLen = sizeof(longData);
- ret = Base64_Encode(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1231;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1232;
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1233;
- #endif
- return 0;
- }
- #ifdef WOLFSSL_BASE16
- WOLFSSL_TEST_SUBROUTINE int base16_test(void)
- {
- int ret;
- WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n";
- WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
- byte encoded[40];
- word32 encodedLen;
- byte plain[40];
- word32 len;
- /* length returned includes null termination */
- encodedLen = sizeof(encoded);
- ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
- if (ret != 0)
- return -1300;
- len = (word32)XSTRLEN((char*)encoded);
- if (len != encodedLen - 1)
- return -1301;
- len = sizeof(plain);
- ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
- if (ret != 0)
- return -1302;
- if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
- return -1303;
- if (encodedLen != sizeof(encodedTestData) ||
- XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
- return -1304;
- }
- return 0;
- }
- #endif /* WOLFSSL_BASE16 */
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- WOLFSSL_TEST_SUBROUTINE int asn_test(void)
- {
- int ret;
- /* ASN1 encoded date buffer */
- WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
- 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a};
- byte format;
- int length;
- const byte* datePart;
- #ifndef NO_ASN_TIME
- struct tm timearg;
- time_t now;
- #endif
- ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
- &length);
- if (ret != 0)
- return -1400;
- #ifndef NO_ASN_TIME
- /* Parameter Validation tests. */
- if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG)
- return -1401;
- if (wc_GetTime(&now, 0) != BUFFER_E)
- return -1402;
- now = 0;
- if (wc_GetTime(&now, sizeof(now)) != 0) {
- return -1403;
- }
- if (now == 0) {
- printf("RTC/Time not set!\n");
- return -1404;
- }
- ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
- if (ret != 0)
- return -1405;
- #endif /* !NO_ASN_TIME */
- return 0;
- }
- #endif /* !NO_ASN */
- #ifdef WOLFSSL_MD2
- WOLFSSL_TEST_SUBROUTINE int md2_test(void)
- {
- int ret = 0;
- Md2 md2;
- byte hash[MD2_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md2[7];
- int times = sizeof(test_md2) / sizeof(testVector), i;
- a.input = "";
- a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
- "\x27\x73";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD2_DIGEST_SIZE;
- b.input = "a";
- b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
- "\xb5\xd1";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD2_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
- "\xd6\xbb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD2_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
- "\x06\xb0";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD2_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
- "\x94\x0b";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD2_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
- "\x38\xcd";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD2_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
- "\xef\xd8";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD2_DIGEST_SIZE;
- test_md2[0] = a;
- test_md2[1] = b;
- test_md2[2] = c;
- test_md2[3] = d;
- test_md2[4] = e;
- test_md2[5] = f;
- test_md2[6] = g;
- wc_InitMd2(&md2);
- for (i = 0; i < times; ++i) {
- wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
- wc_Md2Final(&md2, hash);
- if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
- return -1500 - i;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Md2Hash((byte*)test_md2[i].input, (word32)test_md2[i].inLen, hash);
- if (ret != 0) {
- return -1507 - i;
- }
- if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) {
- return -1507 - i;
- }
- }
- return 0;
- }
- #endif
- #ifndef NO_MD5
- WOLFSSL_TEST_SUBROUTINE int md5_test(void)
- {
- int ret = 0;
- wc_Md5 md5, md5Copy;
- byte hash[WC_MD5_DIGEST_SIZE];
- byte hashcopy[WC_MD5_DIGEST_SIZE];
- testVector a, b, c, d, e, f;
- testVector test_md5[6];
- int times = sizeof(test_md5) / sizeof(testVector), i;
- a.input = "";
- a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
- "\x7e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
- "\x72";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "message digest";
- c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
- "\xd0";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- d.input = "abcdefghijklmnopqrstuvwxyz";
- d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
- "\x3b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_MD5_DIGEST_SIZE;
- e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
- "\x9f";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_MD5_DIGEST_SIZE;
- f.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_MD5_DIGEST_SIZE;
- test_md5[0] = a;
- test_md5[1] = b;
- test_md5[2] = c;
- test_md5[3] = d;
- test_md5[4] = e;
- test_md5[5] = f;
- ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId);
- if (ret != 0)
- return -1600;
- ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Md5Free(&md5);
- return -1601;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
- (word32)test_md5[i].inLen);
- if (ret != 0)
- ERROR_OUT(-1602 - i, exit);
- ret = wc_Md5GetHash(&md5, hashcopy);
- if (ret != 0)
- ERROR_OUT(-1603 - i, exit);
- ret = wc_Md5Copy(&md5, &md5Copy);
- if (ret != 0)
- ERROR_OUT(-1604 - i, exit);
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(-1605 - i, exit);
- wc_Md5Free(&md5Copy);
- if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1606 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1607 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Md5SizeSet(&md5, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-1608, exit);
- }
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(-1609, exit);
- if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1610, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Md5Free(&md5);
- wc_Md5Free(&md5Copy);
- return ret;
- }
- #endif /* NO_MD5 */
- #ifndef NO_MD4
- WOLFSSL_TEST_SUBROUTINE int md4_test(void)
- {
- Md4 md4;
- byte hash[MD4_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md4[7];
- int times = sizeof(test_md4) / sizeof(testVector), i;
- a.input = "";
- a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
- "\xc0";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD4_DIGEST_SIZE;
- b.input = "a";
- b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
- "\x24";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD4_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
- "\x9d";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD4_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
- "\x4b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD4_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
- "\xa9";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD4_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
- "\xe4";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD4_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
- "\x36";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD4_DIGEST_SIZE;
- test_md4[0] = a;
- test_md4[1] = b;
- test_md4[2] = c;
- test_md4[3] = d;
- test_md4[4] = e;
- test_md4[5] = f;
- test_md4[6] = g;
- wc_InitMd4(&md4);
- for (i = 0; i < times; ++i) {
- wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
- wc_Md4Final(&md4, hash);
- if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
- return -1700 - i;
- }
- return 0;
- }
- #endif /* NO_MD4 */
- #ifndef NO_SHA
- WOLFSSL_TEST_SUBROUTINE int sha_test(void)
- {
- int ret = 0;
- wc_Sha sha, shaCopy;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte hashcopy[WC_SHA_DIGEST_SIZE];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
- "\x90\xaf\xd8\x07\x09";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
- "\x6C\x9C\xD0\xD8\x9D";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
- "\xE5\xE5\x46\x70\xF1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa";
- d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
- "\x2A\x25\xEC\x64\x4D";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA_DIGEST_SIZE;
- e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -1800;
- ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_ShaFree(&sha);
- return -1801;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-1802 - i, exit);
- ret = wc_ShaGetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-1803 - i, exit);
- ret = wc_ShaCopy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-1804 - i, exit);
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-1805 - i, exit);
- wc_ShaFree(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1806 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1807 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT)
- const char* large_digest =
- "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
- "\x15\x8c\x6d\xb6";
- #else
- const char* large_digest =
- "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
- "\xc5\xd9\x0a\xac";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT)
- times = 20;
- #else
- times = 100;
- #endif
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_ShaSizeSet(&sha, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-1808, exit);
- }
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-1809, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1810, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_ShaFree(&sha);
- wc_ShaFree(&shaCopy);
- return ret;
- }
- #endif /* NO_SHA */
- #ifdef WOLFSSL_RIPEMD
- WOLFSSL_TEST_SUBROUTINE int ripemd_test(void)
- {
- RipeMd ripemd;
- int ret;
- byte hash[RIPEMD_DIGEST_SIZE];
- testVector a, b, c, d;
- testVector test_ripemd[4];
- int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
- a.input = "abc";
- a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
- "\xb0\x87\xf1\x5a\x0b\xfc";
- a.inLen = XSTRLEN(a.input);
- a.outLen = RIPEMD_DIGEST_SIZE;
- b.input = "message digest";
- b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
- "\x5f\xfa\x21\x59\x5f\x36";
- b.inLen = XSTRLEN(b.input);
- b.outLen = RIPEMD_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
- "\xf4\x9a\xda\x62\xeb\x2b";
- c.inLen = XSTRLEN(c.input);
- c.outLen = RIPEMD_DIGEST_SIZE;
- d.input = "12345678901234567890123456789012345678901234567890123456"
- "789012345678901234567890";
- d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
- "\x82\xbf\x63\x32\x6b\xfb";
- d.inLen = XSTRLEN(d.input);
- d.outLen = RIPEMD_DIGEST_SIZE;
- test_ripemd[0] = a;
- test_ripemd[1] = b;
- test_ripemd[2] = c;
- test_ripemd[3] = d;
- ret = wc_InitRipeMd(&ripemd);
- if (ret != 0) {
- return -1900;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
- (word32)test_ripemd[i].inLen);
- if (ret != 0) {
- return -1901 - i;
- }
- ret = wc_RipeMdFinal(&ripemd, hash);
- if (ret != 0) {
- return -1911 - i;
- }
- if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
- return -1921 - i;
- }
- return 0;
- }
- #endif /* WOLFSSL_RIPEMD */
- #ifdef HAVE_BLAKE2
- #define BLAKE2B_TESTS 3
- static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] =
- {
- {
- 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
- 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
- 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
- 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
- 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
- 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
- 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
- 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
- },
- {
- 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
- 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
- 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
- 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
- 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
- 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
- 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
- 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
- },
- {
- 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
- 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
- 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
- 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
- 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
- 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
- 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
- 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
- }
- };
- WOLFSSL_TEST_SUBROUTINE int blake2b_test(void)
- {
- Blake2b b2b;
- byte digest[64];
- byte input[64];
- int i, ret;
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2B_TESTS; i++) {
- ret = wc_InitBlake2b(&b2b, 64);
- if (ret != 0)
- return -2000 - i;
- ret = wc_Blake2bUpdate(&b2b, input, i);
- if (ret != 0)
- return -2010 - 1;
- ret = wc_Blake2bFinal(&b2b, digest, 64);
- if (ret != 0)
- return -2020 - i;
- if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
- return -2030 - i;
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2 */
- #ifdef HAVE_BLAKE2S
- #define BLAKE2S_TESTS 3
- static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] =
- {
- {
- 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
- 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
- 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
- 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9,
- },
- {
- 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6,
- 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2,
- 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb,
- 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea,
- },
- {
- 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49,
- 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe,
- 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88,
- 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c,
- }
- };
- WOLFSSL_TEST_SUBROUTINE int blake2s_test(void)
- {
- Blake2s b2s;
- byte digest[32];
- byte input[64];
- int i, ret;
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2S_TESTS; i++) {
- ret = wc_InitBlake2s(&b2s, 32);
- if (ret != 0)
- return -2100 - i;
- ret = wc_Blake2sUpdate(&b2s, input, i);
- if (ret != 0)
- return -2110 - 1;
- ret = wc_Blake2sFinal(&b2s, digest, 32);
- if (ret != 0)
- return -2120 - i;
- if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) {
- return -2130 - i;
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2S */
- #ifdef WOLFSSL_SHA224
- WOLFSSL_TEST_SUBROUTINE int sha224_test(void)
- {
- wc_Sha224 sha, shaCopy;
- byte hash[WC_SHA224_DIGEST_SIZE];
- byte hashcopy[WC_SHA224_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
- "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
- "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
- "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2200;
- ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha224Free(&sha);
- return -2201;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2202 - i, exit);
- ret = wc_Sha224GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2203 - i, exit);
- ret = wc_Sha224Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2204 - i, exit);
- ret = wc_Sha224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2205 - i, exit);
- wc_Sha224Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2206 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2207 - i, exit);
- }
- exit:
- wc_Sha224Free(&sha);
- wc_Sha224Free(&shaCopy);
- return ret;
- }
- #endif
- #ifndef NO_SHA256
- WOLFSSL_TEST_SUBROUTINE int sha256_test(void)
- {
- wc_Sha256 sha, shaCopy;
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashcopy[WC_SHA256_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
- "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
- "\xb8\x55";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2300;
- ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha256Free(&sha);
- return -2301;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0) {
- ERROR_OUT(-2302 - i, exit);
- }
- ret = wc_Sha256GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2303 - i, exit);
- ret = wc_Sha256Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2304 - i, exit);
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2305 - i, exit);
- wc_Sha256Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2306 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2307 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
- "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
- #else
- const char* large_digest =
- "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
- "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Sha256SizeSet(&sha, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2308, exit);
- }
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2309, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2310, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha256Free(&sha);
- wc_Sha256Free(&shaCopy);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHA512
- WOLFSSL_TEST_SUBROUTINE int sha512_test(void)
- {
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
- "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
- "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
- "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
- "\xf9\x27\xda\x3e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
- "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
- "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
- "\xa5\x4c\xa4\x9f";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2400;
- ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512Free(&sha);
- return -2401;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2402 - i, exit);
- ret = wc_Sha512GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2403 - i, exit);
- ret = wc_Sha512Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2404 - i, exit);
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2405 - i, exit);
- wc_Sha512Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2406 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2407 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\x30\x9B\x96\xA6\xE9\x43\x78\x30\xA3\x71\x51\x61\xC1\xEB\xE1\xBE"
- "\xC8\xA5\xF9\x13\x5A\xD6\x6D\x9E\x46\x31\x31\x67\x8D\xE2\xC0\x0B"
- "\x2A\x1A\x03\xE1\xF3\x48\xA7\x33\xBD\x49\xF8\xFF\xF1\xC2\xC2\x95"
- "\xCB\xF0\xAF\x87\x61\x85\x58\x63\x6A\xCA\x70\x9C\x8B\x83\x3F\x5D";
- #else
- const char* large_digest =
- "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
- "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
- "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
- "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2408, exit);
- }
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2409, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2410, exit);
- #ifndef NO_UNALIGNED_MEMORY_TEST
- /* Unaligned memory access test */
- for (i = 1; i < 16; i++) {
- ret = wc_Sha512Update(&sha, (byte*)large_input + i,
- (word32)sizeof(large_input) - i);
- if (ret != 0)
- ERROR_OUT(-2411, exit);
- ret = wc_Sha512Final(&sha, hash);
- }
- #endif
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha512Free(&sha);
- wc_Sha512Free(&shaCopy);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHA384
- WOLFSSL_TEST_SUBROUTINE int sha384_test(void)
- {
- wc_Sha384 sha, shaCopy;
- byte hash[WC_SHA384_DIGEST_SIZE];
- byte hashcopy[WC_SHA384_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
- "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
- "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
- "\x98\xb9\x5b";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2500;
- ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha384Free(&sha);
- return -2501;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2502 - i, exit);
- ret = wc_Sha384GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2503 - i, exit);
- ret = wc_Sha384Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2504 - i, exit);
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2505 - i, exit);
- wc_Sha384Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2506 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2507 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef HASH_SIZE_LIMIT
- const char* large_digest =
- "\xB5\xAD\x66\x6F\xD9\x58\x5E\x68\xDD\x5E\x30\xD3\x95\x72\x33\xA4"
- "\xE9\x4B\x99\x3A\xEF\xF8\xE1\xBF\x1F\x05\x32\xAA\x16\x00\x82\xEC"
- "\x15\xDA\xF2\x75\xEE\xE9\x06\xAF\x52\x8A\x5C\xEF\x72\x81\x80\xD6";
- #else
- const char* large_digest =
- "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
- "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
- "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef HASH_SIZE_LIMIT
- times = 20;
- #else
- times = 100;
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2508, exit);
- }
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2509, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2510, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha384Free(&sha);
- wc_Sha384Free(&shaCopy);
- return ret;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static int sha3_224_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
- "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
- "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
- "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2600;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2601 - i, exit);
- ret = wc_Sha3_224_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2602 - i, exit);
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2603 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2604 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2605 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
- "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2606, exit);
- }
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2607, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2608, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_224_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- static int sha3_256_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
- "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
- #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* test vector with hash of empty string */
- const char* Keccak256EmptyOut =
- "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0"
- "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70";
- #endif
- a.input = "";
- a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
- "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
- "\x43\x4a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
- "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
- "\x15\x32";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
- "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
- "\x33\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2700;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2701 - i, exit);
- ret = wc_Sha3_256_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2702 - i, exit);
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2703 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2704 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2705 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2706, exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2707, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2708, exit);
- } /* END LARGE HASH TEST */
- /* this is a software only variant of SHA3 not supported by external hardware devices */
- #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* Test for Keccak256 */
- ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
- if (ret != 0) {
- ERROR_OUT(-2709, exit);
- }
- ret = wc_Sha3_256_Update(&sha, (byte*)"", 0);
- if (ret != 0) {
- ERROR_OUT(-2710, exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0) {
- ERROR_OUT(-2711, exit);
- }
- if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) {
- ERROR_OUT(-2712, exit);
- }
- #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
- exit:
- wc_Sha3_256_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- #ifndef WOLFSSL_NOSHA3_384
- static int sha3_384_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- #ifndef NO_INTM_HASH_TEST
- byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
- #endif
- testVector a, b, c;
- testVector test_sha[3];
- int ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
- "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
- "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
- "\xd5\xf0\x04";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_384_DIGEST_SIZE;
- #if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT)
- /* NIST test vector with a length that is a multiple of 4 */
- b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
- "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
- b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4"
- "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4"
- "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14"
- "\x19\x87\x22";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- #else
- b.input = "abc";
- b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
- "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
- "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
- "\x37\x6d\x25";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- #endif
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
- "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
- "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
- "\x65\x7c\x22";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_384_DIGEST_SIZE;
- #ifdef WOLFSSL_XILINX_CRYPT
- test_sha[0] = b; /* hardware acc. can not handle "" string */
- #else
- test_sha[0] = a;
- #endif
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_384(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2800;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2801 - i, exit);
- #ifndef NO_INTM_HASH_TEST
- ret = wc_Sha3_384_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2802 - i, exit);
- #endif
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2803 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2804 - i, exit);
- #ifndef NO_INTM_HASH_TEST
- if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2805 - i, exit);
- #endif
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
- "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
- "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_384_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2806, exit);
- }
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2807, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2808, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_384_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_384 */
- #ifndef WOLFSSL_NOSHA3_512
- static int sha3_512_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
- "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
- "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
- "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
- "\x28\x1d\xcd\x26";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
- "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
- "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
- "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
- "\x4e\xec\x53\xf0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_512_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
- "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
- "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
- "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
- "\x39\xd6\xe7\x5e";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_512(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2900;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2901 - i, exit);
- ret = wc_Sha3_512_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2902 - i, exit);
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2903 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2904 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2905 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
- "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
- "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
- "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2906, exit);
- }
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2907, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2908, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_512_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- WOLFSSL_TEST_SUBROUTINE int sha3_test(void)
- {
- int ret;
- (void)ret;
- #ifndef WOLFSSL_NOSHA3_224
- if ((ret = sha3_224_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- if ((ret = sha3_256_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- if ((ret = sha3_384_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- if ((ret = sha3_512_test()) != 0)
- return ret;
- #endif
- return 0;
- }
- #endif /* WOLFSSL_SHA3 */
- #ifdef WOLFSSL_SHAKE128
- static int shake128_absorb_test(wc_Shake* sha)
- {
- byte hash[WC_SHA3_128_BLOCK_SIZE*2];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\x2b\xd1\x69\x9f\xb3\x75\x40\x74\xb8\xb2\xd2\x0b\x92\x47\x9b\xfe"
- "\xc9\x91\x48\xbe\xda\xa4\x09\xd7\x61\x35\x18\x05\x07\x71\xa5\x61"
- "\x4d\xc4\x94\xad\xbe\x04\x7d\xad\x95\x2f\xeb\x2c\xc0\x10\x67\x43"
- "\x40\xf1\x4a\x58\x1c\x54\xfa\x24\x1c\x1a\x4e\x8d\x9b\xbc\xea\xa7"
- "\x32\xf2\x4c\xc7\x86\x05\x36\xdc\xb4\x42\xd8\x35\xd1\xb4\xa2\x79"
- "\xa2\xe6\xee\x67\x4f\xbf\x2a\x93\x41\x88\x25\x56\x29\x90\x1a\x06"
- "\xba\xfe\x9f\xa6\x1a\x74\xe8\x7e\x85\x4a\xc8\x58\x60\xb1\x7b\x18"
- "\xdf\x77\x59\x46\x04\xc1\xff\x4b\x9b\xcb\xad\xfe\x91\x28\xf0\x01"
- "\xc1\x33\xd0\x99\x99\x2e\x0c\x86\x84\x67\x4d\x37\xa4\x42\x45\x10"
- "\xdc\x8f\xdb\x6f\xa6\x9b\xee\x8a\x60\xa5\x1f\x95\x3f\x8f\xf5\x31"
- "\x4b\x1d\x48\x1e\x45\xff\x79\x5c\xbe\x72\xfc\x56\xed\x6d\x1a\x99"
- "\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b"
- "\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41"
- "\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59"
- "\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d\xa8"
- "\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb\x67\x86"
- "\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b\x3d\xca\x95"
- "\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47\xcf\x56\xba\x71"
- "\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a\xff\xb4\xbe\x72\x26"
- "\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e\xd9\xe9\xe6\xf9\xff\xa5";
- a.input = "";
- a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
- "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
- "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
- "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
- "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
- "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
- "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
- "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
- "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea\x17\xcd\xa7\xcf\xad\x76\x5f"
- "\x56\x23\x47\x4d\x36\x8c\xcc\xa8\xaf\x00\x07\xcd\x9f\x5e\x4c"
- "\x84\x9f\x16\x7a\x58\x0b\x14\xaa\xbd\xef\xae\xe7\xee\xf4\x7c"
- "\xb0\xfc\xa9";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_128_BLOCK_SIZE;
- b.input = "abc";
- b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
- "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
- "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
- "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
- "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
- "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
- "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
- "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
- "\x35\x99\xb2\x7f\x34\x62\xbb\xa4\xa0\xed\x29\x6c\x80\x1f\x9f"
- "\xf7\xf5\x73\x02\xbb\x30\x76\xee\x14\x5f\x97\xa3\x2a\xe6\x8e"
- "\x76\xab\x66\xc4\x8d\x51\x67\x5b\xd4\x9a\xcc\x29\x08\x2f\x56"
- "\x47\x58\x4e";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_128_BLOCK_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
- "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
- "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
- "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
- "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
- "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
- "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
- "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa\x54\x56\x54\xf7\x0a\xe5"
- "\x86\xff\x10\x13\x14\x20\x77\x14\x83\xec\x92\xed\xab\x40\x8c"
- "\x76\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c\x8c\xa2\x14\xd8\x4c\x4d"
- "\xc7\x00\xd0\xc5\x06\x30\xb2\xff\xc3\x79\x3e\xa4\xd8\x72\x58"
- "\xb4\xc9\x54";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_128_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
- "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
- "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
- "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
- "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
- "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
- "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
- "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
- "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
- "\xa1\x41\x9b\xaf\x60\x52\xc0\xc1\xb4\x45\xf8\x35\x17\x57\xb0"
- "\xd0\x22\x87\x21\x89\xe2\xc0\x27\x3f\x82\xd9\x69\x69\x66\x3e"
- "\x55\x4d\x09";
- d.inLen = 32;
- d.outLen = WC_SHA3_128_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
- "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
- "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
- "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
- "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
- "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
- "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
- "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
- "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
- "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
- "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
- "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
- "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
- "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
- "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
- "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d"
- "\xa8\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb"
- "\x67\x86\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b"
- "\x3d\xca\x95\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47"
- "\xcf\x56\xba\x71\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a"
- "\xff\xb4\xbe\x72\x26\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e"
- "\xd9\xe9\xe6\xf9\xff\xa5";
- e.inLen = 32;
- e.outLen = 2 * WC_SHA3_128_BLOCK_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- for (i = 0; i < times; ++i) {
- ret = wc_InitShake128(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-3100 - i, exit);
- ret = wc_Shake128_Absorb(sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-3101 - i, exit);
- ret = wc_Shake128_SqueezeBlocks(sha, hash,
- (word32)test_sha[i].outLen / WC_SHA3_128_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-3102 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
- ERROR_OUT(-3103 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- ret = wc_InitShake128(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-3104, exit);
- /* Absorb is non-incremental. */
- ret = wc_Shake128_Absorb(sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-3105, exit);
- /* Able to squeeze out blocks incrementally. */
- ret = wc_Shake128_SqueezeBlocks(sha, hash, 1);
- if (ret != 0)
- ERROR_OUT(-3106, exit);
- ret = wc_Shake128_SqueezeBlocks(sha, hash,
- ((word32)sizeof(hash) / WC_SHA3_128_BLOCK_SIZE) - 1);
- if (ret != 0)
- ERROR_OUT(-3106, exit);
- if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
- ERROR_OUT(-3107, exit);
- } /* END LARGE HASH TEST */
- exit:
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int shake128_test(void)
- {
- wc_Shake sha;
- byte hash[250];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\x88\xd7\x0e\x86\x46\x72\x6b\x3d\x7d\x22\xe1\xa9\x2d\x02\xdb\x35"
- "\x92\x4f\x1b\x03\x90\xee\xa3\xce\xd1\x3a\x08\x3a\xd7\x4e\x10\xdf"
- "\x09\x67\x33\x35\x4f\xdd\x38\x50\x5b\xcb\x75\xc7\xba\x65\xe5\xe8"
- "\xb8\x76\xde\xc5\xee\xd7\xf1\x65\x93\x4e\x5e\xc4\xb1\xd7\x6b\xee"
- "\x4b\x57\x48\xf5\x38\x49\x9e\x45\xa0\xf7\x32\xe9\x05\x26\x6a\x10"
- "\x70\xd4\x7c\x19\x01\x1f\x6d\x37\xba\x7b\x74\xc2\xbc\xb6\xbc\x74"
- "\xa3\x66\x6c\x9b\x11\x84\x9d\x4a\x36\xbc\x8a\x0d\x4c\xe3\x39\xfa"
- "\xfa\x1b";
- a.input = "";
- a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
- "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
- "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
- "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
- "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
- "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
- "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
- "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = 114;
- b.input = "abc";
- b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
- "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
- "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
- "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
- "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
- "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
- "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
- "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3";
- b.inLen = XSTRLEN(b.input);
- b.outLen = 114;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
- "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
- "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
- "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
- "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
- "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
- "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
- "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa";
- c.inLen = XSTRLEN(c.input);
- c.outLen = 114;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
- "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
- "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
- "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
- "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
- "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
- "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
- "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
- "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
- "\xa1";
- d.inLen = 32;
- d.outLen = 136;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
- "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
- "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
- "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
- "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
- "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
- "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
- "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
- "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
- "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
- "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
- "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
- "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
- "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
- "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
- "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
- "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4";
- e.inLen = 32;
- e.outLen = 250;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitShake128(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -3100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake128_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-3101 - i, exit);
- ret = wc_Shake128_Final(&sha, hash, (word32)test_sha[i].outLen);
- if (ret != 0)
- ERROR_OUT(-3102 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
- ERROR_OUT(-3103 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake128_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-3104, exit);
- }
- ret = wc_Shake128_Final(&sha, hash, (word32)sizeof(hash));
- if (ret != 0)
- ERROR_OUT(-3105, exit);
- if (XMEMCMP(hash, large_digest, 114) != 0)
- ERROR_OUT(-3106, exit);
- } /* END LARGE HASH TEST */
- ret = shake128_absorb_test(&sha);
- exit:
- wc_Shake128_Free(&sha);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHAKE256
- static int shake256_absorb_test(wc_Shake* sha)
- {
- byte hash[WC_SHA3_256_BLOCK_SIZE*2];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\x21\x25\x8e\xae\x6e\x4f\xa7\xe1\xb9\x6d\xa7\xc9\x7d\x46\x03\x69"
- "\x29\x0d\x81\x49\xba\x5d\xaf\x37\xfd\xeb\x25\x52\x1d\xd9\xbd\x65"
- "\xfa\x99\xb9\xd1\x70\x6b\xeb\xd4\xc1\x2c\xea\x24\x20\x27\xa7\xcd"
- "\xfa\xe1\x81\xd9\xd5\xc1\x1c\xc7\xe9\x70\xc3\xc7\x21\x6f\x32\x22"
- "\xe3\x27\xdb\x58\x5e\xea\x18\x2d\x63\x4d\x14\x6c\x94\xcf\x2b\x7e"
- "\x6e\x2a\x74\xf3\xe0\xac\xb3\xb2\xcc\xef\x38\xe9\xe7\x35\xb3\xc5"
- "\x77\x9d\xff\xe3\x08\x8e\xf8\x2c\x89\xbb\x45\x22\x16\x99\x91\xc0"
- "\xe7\x71\x57\x75\xc5\xb1\xc6\xaf\x27\xcb\x64\x8c\xc4\xee\x3d\x5f"
- "\x4c\x35\xfb\x1c\xf3\xf8\x0e\xfd\x5e\xfc\x07\xd8\x4d\x55\x32\x49"
- "\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93"
- "\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43"
- "\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48"
- "\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08"
- "\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a"
- "\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4\xe6"
- "\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97\x68\x44";
- a.input = "";
- a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
- "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
- "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
- "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
- "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
- "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
- "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
- "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
- "\x95\x52\x2a\x6b\xcd\x16\xcf\x86\xf3\xd1\x22\x10\x9e\x3b\x1f"
- "\xdd";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_256_BLOCK_SIZE;
- b.input = "abc";
- b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
- "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
- "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
- "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
- "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
- "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
- "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
- "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
- "\x62\x27\x20\xd7\xa7\x5c\x63\x34\xe8\xa2\xd7\xec\x71\xa7\xcc"
- "\x29";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_256_BLOCK_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
- "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
- "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
- "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
- "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
- "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
- "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
- "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4\x9d\xd3\xef\x7e\x18\x2b"
- "\x15\x24\xdf\x82\xea\x1c\xef\xe1\xc6\xc3\x96\x61\x75\xf0\x22"
- "\x8d";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_256_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
- "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
- "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
- "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
- "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
- "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
- "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
- "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
- "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
- "\xc2";
- d.inLen = 32;
- d.outLen = WC_SHA3_256_BLOCK_SIZE;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
- "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
- "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
- "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
- "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
- "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
- "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
- "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
- "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
- "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
- "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
- "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
- "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
- "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
- "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
- "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4"
- "\xe6\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97"
- "\x68\x44";
- e.inLen = 32;
- e.outLen = 2 * WC_SHA3_256_BLOCK_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- for (i = 0; i < times; ++i) {
- ret = wc_InitShake256(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-3100 - i, exit);
- ret = wc_Shake256_Absorb(sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-3101 - i, exit);
- ret = wc_Shake256_SqueezeBlocks(sha, hash,
- (word32)test_sha[i].outLen / WC_SHA3_256_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-3102 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
- ERROR_OUT(-3103 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- ret = wc_InitShake256(sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-3104, exit);
- /* Absorb is non-incremental. */
- ret = wc_Shake256_Absorb(sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-3105, exit);
- /* Able to squeeze out blocks incrementally. */
- ret = wc_Shake256_SqueezeBlocks(sha, hash, 1);
- if (ret != 0)
- ERROR_OUT(-3106, exit);
- ret = wc_Shake256_SqueezeBlocks(sha, hash,
- ((word32)sizeof(hash) / WC_SHA3_256_BLOCK_SIZE) - 1);
- if (ret != 0)
- ERROR_OUT(-3106, exit);
- if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
- ERROR_OUT(-3107, exit);
- } /* END LARGE HASH TEST */
- exit:
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
- {
- wc_Shake sha;
- byte hash[250];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7"
- "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f"
- "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68"
- "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac"
- "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5"
- "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
- "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
- "\xea\x26";
- a.input = "";
- a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
- "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
- "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
- "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
- "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
- "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
- "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
- "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
- a.inLen = XSTRLEN(a.input);
- a.outLen = 114;
- b.input = "abc";
- b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
- "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
- "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
- "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
- "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
- "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
- "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
- "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = 114;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
- "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
- "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
- "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
- "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
- "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
- "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
- "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
- c.inLen = XSTRLEN(c.input);
- c.outLen = 114;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
- "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
- "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
- "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
- "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
- "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
- "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
- "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
- "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
- "\xc2";
- d.inLen = 32;
- d.outLen = 136;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
- "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
- "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
- "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
- "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
- "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
- "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
- "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
- "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
- "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
- "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
- "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
- "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
- "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
- "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
- "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
- e.inLen = 32;
- e.outLen = 250;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitShake256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -3100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-3101 - i, exit);
- ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen);
- if (ret != 0)
- ERROR_OUT(-3102 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
- ERROR_OUT(-3103 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake256_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-3104, exit);
- }
- ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
- if (ret != 0)
- ERROR_OUT(-3105, exit);
- if (XMEMCMP(hash, large_digest, 114) != 0)
- ERROR_OUT(-3106, exit);
- } /* END LARGE HASH TEST */
- ret = shake256_absorb_test(&sha);
- exit:
- wc_Shake256_Free(&sha);
- return ret;
- }
- #endif
- #ifndef NO_HASH_WRAPPER
- WOLFSSL_TEST_SUBROUTINE int hash_test(void)
- {
- wc_HashAlg hash;
- int ret, exp_ret;
- int i, j;
- int digestSz;
- byte data[] = "0123456789abcdef0123456789abcdef0123456";
- byte out[WC_MAX_DIGEST_SIZE];
- byte hashOut[WC_MAX_DIGEST_SIZE];
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- enum wc_HashType hashType;
- #endif
- enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
- WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
- WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512,
- WC_HASH_TYPE_SHA3_224,
- WC_HASH_TYPE_SHA3_256,
- WC_HASH_TYPE_SHA3_384,
- WC_HASH_TYPE_SHA3_512 };
- enum wc_HashType typesNoImpl[] = {
- #ifdef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifdef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifndef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifdef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifndef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifndef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224)
- WC_HASH_TYPE_SHA3_224,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256)
- WC_HASH_TYPE_SHA3_256,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384)
- WC_HASH_TYPE_SHA3_384,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512)
- WC_HASH_TYPE_SHA3_512,
- #endif
- WC_HASH_TYPE_NONE
- };
- enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 };
- enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_NONE };
- /* Parameter Validation testing. */
- ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
- if (ret != BAD_FUNC_ARG)
- return -3200;
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -3201;
- ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -3202;
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -3203;
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return -3204;
- ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return -3205;
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
- if (ret != BAD_FUNC_ARG)
- return -3206;
- /* Try invalid hash algorithms. */
- for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
- ret = wc_HashInit(&hash, typesBad[i]);
- if (ret != BAD_FUNC_ARG)
- return -3207 - i;
- ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -3217 - i;
- ret = wc_HashFinal(&hash, typesBad[i], out);
- if (ret != BAD_FUNC_ARG)
- return -3227 - i;
- wc_HashFree(&hash, typesBad[i]);
- }
- /* Try valid hash algorithms. */
- for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
- exp_ret = 0;
- if (typesGood[i] == typesNoImpl[j]) {
- /* Recognized but no implementation compiled in. */
- exp_ret = HASH_TYPE_E;
- j++;
- }
- ret = wc_HashInit(&hash, typesGood[i]);
- if (ret != exp_ret)
- return -3237 - i;
- ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
- if (ret != exp_ret)
- return -3247 - i;
- ret = wc_HashFinal(&hash, typesGood[i], out);
- if (ret != exp_ret)
- return -3257 - i;
- wc_HashFree(&hash, typesGood[i]);
- digestSz = wc_HashGetDigestSize(typesGood[i]);
- if (exp_ret < 0 && digestSz != exp_ret)
- return -3267 - i;
- if (exp_ret == 0 && digestSz < 0)
- return -3277 - i;
- if (exp_ret == 0) {
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
- digestSz - 1);
- if (ret != BUFFER_E)
- return -3287 - i;
- }
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz);
- if (ret != exp_ret)
- return -3297 - i;
- if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
- return -3307 -i;
- ret = wc_HashGetBlockSize(typesGood[i]);
- if (exp_ret < 0 && ret != exp_ret)
- return -3308 - i;
- if (exp_ret == 0 && ret < 0)
- return -3318 - i;
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(typesGood[i]);
- if (ret == BAD_FUNC_ARG ||
- (exp_ret == 0 && ret == HASH_TYPE_E) ||
- (exp_ret != 0 && ret != HASH_TYPE_E)) {
- return -3328 - i;
- }
- hashType = wc_OidGetHash(ret);
- if (exp_ret == 0 && hashType != typesGood[i])
- return -3338 - i;
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- }
- for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
- ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
- if (ret != BAD_FUNC_ARG && ret != BUFFER_E)
- return -3348 - i;
- }
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3358;
- #else
- if (ret != HASH_TYPE_E)
- return -3359;
- #endif
- hashType = wc_OidGetHash(646); /* Md2h */
- #ifdef WOLFSSL_MD2
- if (hashType != WC_HASH_TYPE_MD2)
- return -3360;
- #else
- if (hashType != WC_HASH_TYPE_NONE)
- return -3361;
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
- #ifndef NO_MD5
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3362;
- #else
- if (ret != HASH_TYPE_E)
- return -3363;
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
- if (ret != BAD_FUNC_ARG)
- return -3364;
- ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3365;
- hashType = wc_OidGetHash(0);
- if (hashType != WC_HASH_TYPE_NONE)
- return -3366;
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3367;
- #else
- if (ret != HASH_TYPE_E)
- return -3368;
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3369;
- #else
- if (ret != HASH_TYPE_E)
- return -3370;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3371;
- #else
- if (ret != HASH_TYPE_E)
- return -3372;
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3373;
- #else
- if (ret != HASH_TYPE_E)
- return -3374;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
- #if !defined(NO_MD5) && !defined(NO_SHA)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3375;
- #else
- if (ret != HASH_TYPE_E)
- return -3376;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3377;
- #else
- if (ret != HASH_TYPE_E)
- return -3378;
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3379;
- #else
- if (ret != HASH_TYPE_E)
- return -3380;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3381;
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3382;
- #if !defined(NO_CERTS) && !defined(NO_ASN)
- #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = wc_GetCTC_HashOID(MD2);
- if (ret == 0)
- return -3383;
- #endif
- #ifndef NO_MD5
- ret = wc_GetCTC_HashOID(WC_MD5);
- if (ret == 0)
- return -3384;
- #endif
- #ifndef NO_SHA
- ret = wc_GetCTC_HashOID(WC_SHA);
- if (ret == 0)
- return -3385;
- #endif
- #ifdef WOLFSSL_SHA224
- ret = wc_GetCTC_HashOID(WC_SHA224);
- if (ret == 0)
- return -3386;
- #endif
- #ifndef NO_SHA256
- ret = wc_GetCTC_HashOID(WC_SHA256);
- if (ret == 0)
- return -3387;
- #endif
- #ifdef WOLFSSL_SHA384
- ret = wc_GetCTC_HashOID(WC_SHA384);
- if (ret == 0)
- return -3388;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_GetCTC_HashOID(WC_SHA512);
- if (ret == 0)
- return -3389;
- #endif
- ret = wc_GetCTC_HashOID(-1);
- if (ret != 0)
- return -3390;
- #endif
- return 0;
- }
- #endif /* !NO_HASH_WRAPPER */
- #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS) && \
- defined(HAVE_FIPS_VERSION) && \
- (HAVE_FIPS_VERSION >= 5))
- WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void)
- {
- Hmac hmac;
- byte hash[WC_MD5_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- testVector a, b, c;
- testVector test_hmac[3];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
- "\x9d";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
- "\x38";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
- "\xf6";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1) {
- continue; /* cavium can't handle short keys, fips not allowed */
- }
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) {
- return -3400;
- }
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3401;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3402;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3403;
- if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
- return -3404 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE)
- return -3414;
- #endif
- return 0;
- }
- #endif /* !NO_HMAC && !NO_MD5 && (!HAVE_FIPS || (HAVE_FIPS_VERSION < 5)) */
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c;
- testVector test_hmac[3];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
- "\x8e\xf1\x46\xbe\x00";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
- "\x9c\x25\x9a\x7c\x79";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
- "\x4f\x63\xf1\x75\xd3";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3500;
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3501;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3502;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3503;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
- return -3504 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE)
- return -3514;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha224_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA224_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
- "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
- "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
- "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1"
- "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA224_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3600;
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3601;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3602;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3603;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- return -3604 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE)
- return -3614;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha256_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA256_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
- "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
- "\xcf\xf7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
- "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
- "\x38\x43";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
- "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
- "\x65\xfe";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- d.input = 0;
- d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
- "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
- "\x3e\x46";
- d.inLen = 0;
- d.outLen = WC_SHA256_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
- if (i == 3)
- continue; /* QuickAssist can't handle empty HMAC */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3700 - i;
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3710 - i;
- if (test_hmac[i].input != NULL) {
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3720 - i;
- }
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3730 - i;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
- return -3740 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE)
- return -3750;
- if (wc_HmacSizeByType(20) != BAD_FUNC_ARG)
- return -3751;
- #endif
- if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE)
- return -3752;
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha384_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA384_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
- "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
- "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
- "\xfa\x9c\xb6";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
- "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
- "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
- "\xb2\x16\x49";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
- "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
- "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
- "\xa3\x4f\x27";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b"
- "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54"
- "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a"
- "\x57\x41\x69";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA384_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3800;
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3801;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3802;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3803;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- return -3804 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE)
- return -3814;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha512_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA512_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
- "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
- "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
- "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
- "\x3a\x12\x68\x54";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
- "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
- "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
- "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
- "\x38\xbc\xe7\x37";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
- "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
- "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
- "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
- "\xe1\x32\x92\xfb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb"
- "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27"
- "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30"
- "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b"
- "\x1e\x18\xfe\xfa";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA512_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3900;
- ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3901;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3902;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3903;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- return -3904 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE)
- return -3914;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
- !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
- !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- const char* key[4] =
- {
- "Jefe",
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- const char* input[4] =
- {
- "what do ya want for nothing?",
- "Hi There",
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
- "Big Key Input"
- };
- const int hashType[4] =
- {
- WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
- };
- const int hashSz[4] =
- {
- WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
- WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
- };
- const char* output[16] =
- {
- /* key = jefe, input = what do ya want for nothing? */
- /* HMAC-SHA3-224 */
- "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
- "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
- /* HMAC-SHA3-256 */
- "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
- "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
- /* HMAC-SHA3-384 */
- "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
- "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
- "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
- /* HMAC-SHA3-512 */
- "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
- "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
- "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
- "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
- /* key = 0b..., input = Hi There */
- /* HMAC-SHA3-224 */
- "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
- "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
- /* HMAC-SHA3-256 */
- "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
- "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
- /* HMAC-SHA3-384 */
- "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
- "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
- "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
- /* HMAC-SHA3-512 */
- "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
- "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
- "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
- "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
- /* key = aa..., output = dd... */
- /* HMAC-SHA3-224 */
- "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
- "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
- /* HMAC-SHA3-256 */
- "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
- "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
- /* HMAC-SHA3-384 */
- "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
- "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
- "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
- /* HMAC-SHA3-512 */
- "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
- "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
- "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
- "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
- /* key = big key, input = Big Key Input */
- /* HMAC-SHA3-224 */
- "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
- "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
- /* HMAC-SHA3-256 */
- "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
- "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
- /* HMAC-SHA3-384 */
- "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
- "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
- "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
- /* HMAC-SHA3-512 */
- "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
- "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
- "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
- "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
- };
- int i = 0, iMax = sizeof(input) / sizeof(input[0]),
- j, jMax = sizeof(hashType) / sizeof(hashType[0]),
- ret;
- #ifdef HAVE_FIPS
- /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
- * short. Skip it in FIPS builds. */
- i = 1;
- #endif
- for (; i < iMax; i++) {
- for (j = 0; j < jMax; j++) {
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -4000;
- ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
- (word32)XSTRLEN(key[i]));
- if (ret != 0)
- return -4001;
- ret = wc_HmacUpdate(&hmac, (byte*)input[i],
- (word32)XSTRLEN(input[i]));
- if (ret != 0)
- return -4002;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -4003;
- if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0)
- return -4004;
- wc_HmacFree(&hmac);
- if (i > 0)
- continue;
- #ifndef HAVE_FIPS
- ret = wc_HmacSizeByType(hashType[j]);
- if (ret != hashSz[j])
- return -4005;
- #endif
- }
- }
- return 0;
- }
- #endif
- #ifdef WC_RC2
- typedef struct rc2TestVector {
- const char* input;
- const char* output;
- const char* key; /* Key, variable up to 128 bytes */
- const char* iv; /* IV, 8-bytes */
- int inLen;
- int outLen;
- int keyLen;
- int effectiveKeyBits; /* Up to 1024 bits supported */
- } rc2TestVector;
- static int rc2_ecb_test(void)
- {
- int ret = 0;
- byte cipher[RC2_BLOCK_SIZE];
- byte plain[RC2_BLOCK_SIZE];
- rc2TestVector a, b, c, d, e, f, g, h;
- rc2TestVector test_rc2[8];
- int times = sizeof(test_rc2) / sizeof(rc2TestVector), i;
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff";
- a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.inLen = RC2_BLOCK_SIZE;
- a.outLen = RC2_BLOCK_SIZE;
- a.keyLen = 8;
- a.effectiveKeyBits = 63;
- b.input = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49";
- b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.inLen = RC2_BLOCK_SIZE;
- b.outLen = RC2_BLOCK_SIZE;
- b.keyLen = 8;
- b.effectiveKeyBits = 64;
- c.input = "\x10\x00\x00\x00\x00\x00\x00\x01";
- c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
- c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.inLen = RC2_BLOCK_SIZE;
- c.outLen = RC2_BLOCK_SIZE;
- c.keyLen = 8;
- c.effectiveKeyBits = 64;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0";
- d.key = "\x88";
- d.inLen = RC2_BLOCK_SIZE;
- d.outLen = RC2_BLOCK_SIZE;
- d.keyLen = 1;
- d.effectiveKeyBits = 64;
- e.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f";
- e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
- e.inLen = RC2_BLOCK_SIZE;
- e.outLen = RC2_BLOCK_SIZE;
- e.keyLen = 7;
- e.effectiveKeyBits = 64;
- f.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1";
- f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- f.inLen = RC2_BLOCK_SIZE;
- f.outLen = RC2_BLOCK_SIZE;
- f.keyLen = 16;
- f.effectiveKeyBits = 64;
- g.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6";
- g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- g.inLen = RC2_BLOCK_SIZE;
- g.outLen = RC2_BLOCK_SIZE;
- g.keyLen = 16;
- g.effectiveKeyBits = 128;
- h.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1";
- h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
- "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
- "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
- "\x1e";
- h.inLen = RC2_BLOCK_SIZE;
- h.outLen = RC2_BLOCK_SIZE;
- h.keyLen = 33;
- h.effectiveKeyBits = 129;
- a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL;
- test_rc2[0] = a;
- test_rc2[1] = b;
- test_rc2[2] = c;
- test_rc2[3] = d;
- test_rc2[4] = e;
- test_rc2[5] = f;
- test_rc2[6] = g;
- test_rc2[7] = h;
- for (i = 0; i < times; ++i) {
- Rc2 enc;
- XMEMSET(cipher, 0, RC2_BLOCK_SIZE);
- XMEMSET(plain, 0, RC2_BLOCK_SIZE);
- ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen,
- NULL, test_rc2[i].effectiveKeyBits);
- if (ret != 0) {
- return -4100;
- }
- /* ECB encrypt */
- ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input,
- (word32)test_rc2[i].outLen);
- if (ret != 0) {
- return -4101;
- }
- if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) {
- return -4102;
- }
- /* ECB decrypt */
- ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE);
- if (ret != 0) {
- return -4103;
- }
- if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) {
- return -4104;
- }
- }
- return 0;
- }
- static int rc2_cbc_test(void)
- {
- int ret = 0;
- byte cipher[128];
- byte plain[128];
- rc2TestVector a, b, c, d, e, f, g, h, i;
- rc2TestVector test_rc2[9];
- int times = sizeof(test_rc2) / sizeof(rc2TestVector), j;
- /* key length = 7, effective key bits = 63 */
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF"
- "\xF0\x51\x77\x8B\x65\xDB\x13\x57";
- a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.inLen = RC2_BLOCK_SIZE*2;
- a.outLen = RC2_BLOCK_SIZE*2;
- a.keyLen = 8;
- a.effectiveKeyBits = 63;
- /* key length = 8, effective key bits = 64, all 0xFF */
- b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD"
- "\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F";
- b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.inLen = RC2_BLOCK_SIZE*2;
- b.outLen = RC2_BLOCK_SIZE*2;
- b.keyLen = 8;
- b.effectiveKeyBits = 64;
- /* key length = 8, effective key bits = 64 */
- c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
- "\x10\x00\x00\x00\x00\x00\x00\x01";
- c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
- "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
- c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.inLen = RC2_BLOCK_SIZE*2;
- c.outLen = RC2_BLOCK_SIZE*2;
- c.keyLen = 8;
- c.effectiveKeyBits = 64;
- /* key length = 1, effective key bits = 64 */
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0"
- "\x6D\x19\xE8\xF1\xFC\xE7\x38\x87";
- d.key = "\x88";
- d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.inLen = RC2_BLOCK_SIZE*2;
- d.outLen = RC2_BLOCK_SIZE*2;
- d.keyLen = 1;
- d.effectiveKeyBits = 64;
- /* key length = 7, effective key bits = 64 */
- e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F"
- "\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B";
- e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
- e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.inLen = RC2_BLOCK_SIZE*2;
- e.outLen = RC2_BLOCK_SIZE*2;
- e.keyLen = 7;
- e.effectiveKeyBits = 64;
- /* key length = 16, effective key bits = 64 */
- f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1"
- "\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA";
- f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.inLen = RC2_BLOCK_SIZE*2;
- f.outLen = RC2_BLOCK_SIZE*2;
- f.keyLen = 16;
- f.effectiveKeyBits = 64;
- /* key length = 16, effective bits = 128 */
- g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6"
- "\x53\x6E\xFD\x2D\x89\xE1\x2A\x73";
- g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.inLen = RC2_BLOCK_SIZE*2;
- g.outLen = RC2_BLOCK_SIZE*2;
- g.keyLen = 16;
- g.effectiveKeyBits = 128;
- /* key length = 33, effective bits = 129 */
- h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1"
- "\x45\x30\xA8\xD5\xC7\x7C\x46\x19";
- h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
- "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
- "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
- "\x1e";
- h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.inLen = RC2_BLOCK_SIZE*2;
- h.outLen = RC2_BLOCK_SIZE*2;
- h.keyLen = 33;
- h.effectiveKeyBits = 129;
- /* key length = 10, effective bits = 40 */
- i.input = "\x11\x22\x33\x44\x55\x66\x77\x88"
- "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"
- "\x11\x22\x33\x44\x55\x66\x77\x88"
- "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00";
- i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F"
- "\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB"
- "\xB2\x6E\x0D\xA4\x72\xBC\x31\x51"
- "\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D";
- i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8"
- "\x3E\x96";
- i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08";
- i.inLen = RC2_BLOCK_SIZE*4;
- i.outLen = RC2_BLOCK_SIZE*4;
- i.keyLen = 10;
- i.effectiveKeyBits = 40;
- test_rc2[0] = a;
- test_rc2[1] = b;
- test_rc2[2] = c;
- test_rc2[3] = d;
- test_rc2[4] = e;
- test_rc2[5] = f;
- test_rc2[6] = g;
- test_rc2[7] = h;
- test_rc2[8] = i;
- for (j = 0; j < times; ++j) {
- Rc2 rc2;
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen,
- (byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits);
- if (ret != 0) {
- return -4200;
- }
- ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input,
- test_rc2[j].inLen);
- if (ret != 0) {
- return -4201;
- }
- if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) {
- return -4202;
- }
- /* reset IV for decrypt, since overriden by encrypt operation */
- ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv);
- if (ret != 0) {
- return -4203;
- }
- ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen);
- if (ret != 0) {
- return -4204;
- }
- if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) {
- return -4205;
- }
- }
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int rc2_test(void)
- {
- int ret = 0;
- ret = rc2_ecb_test();
- if (ret != 0) {
- return ret;
- }
- return rc2_cbc_test();
- }
- #endif
- #ifndef NO_RC4
- WOLFSSL_TEST_SUBROUTINE int arc4_test(void)
- {
- byte cipher[16];
- byte plain[16];
- const char* keys[] =
- {
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xef\x01\x23\x45"
- };
- testVector a, b, c, d;
- testVector test_arc4[4];
- int times = sizeof(test_arc4) / sizeof(testVector), i;
- a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
- c.inLen = 8;
- c.outLen = 8;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
- d.inLen = 10;
- d.outLen = 10;
- test_arc4[0] = a;
- test_arc4[1] = b;
- test_arc4[2] = c;
- test_arc4[3] = d;
- for (i = 0; i < times; ++i) {
- Arc4 enc;
- Arc4 dec;
- int keylen = 8; /* XSTRLEN with key 0x00 not good */
- if (i == 3)
- keylen = 4;
- if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0)
- return -4400;
- if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0)
- return -4401;
- wc_Arc4SetKey(&enc, (byte*)keys[i], keylen);
- wc_Arc4SetKey(&dec, (byte*)keys[i], keylen);
- wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
- (word32)test_arc4[i].outLen);
- wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
- if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
- return -4402 - i;
- if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
- return -4412 - i;
- wc_Arc4Free(&enc);
- wc_Arc4Free(&dec);
- }
- return 0;
- }
- #endif
- #ifdef HAVE_CHACHA
- WOLFSSL_TEST_SUBROUTINE int chacha_test(void)
- {
- ChaCha enc;
- ChaCha dec;
- byte cipher[128];
- byte plain[128];
- byte sliver[64];
- byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- word32 keySz = 32;
- int ret = 0;
- int i;
- int times = 4;
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- /* 128 bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte key4[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* keys[] = {key1, key2, key3, key4};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
- #ifndef BENCH_EMBEDDED
- WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
- 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
- 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a,
- 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00,
- 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32,
- 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6,
- 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17,
- 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e,
- 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0,
- 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6,
- 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87,
- 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4,
- 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28,
- 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26,
- 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d,
- 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91,
- 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4,
- 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad,
- 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0,
- 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46,
- 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb,
- 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95,
- 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a,
- 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76,
- 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5,
- 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a,
- 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8,
- 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52,
- 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7,
- 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3,
- 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef,
- 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90,
- 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56,
- 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac,
- 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85,
- 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0,
- 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d,
- 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a,
- 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d,
- 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f,
- 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda,
- 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39,
- 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83,
- 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e,
- 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92,
- 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc,
- 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3,
- 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6,
- 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9,
- 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16,
- 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7,
- 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65,
- 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f,
- 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38,
- 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9,
- 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0,
- 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb,
- 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d,
- 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44,
- 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a,
- 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80,
- 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d,
- 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce,
- 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51,
- 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24,
- 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2,
- 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88,
- 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47,
- 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45,
- 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4,
- 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c,
- 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7,
- 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92,
- 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5,
- 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc,
- 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19,
- 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3,
- 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a,
- 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9,
- 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f,
- 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89,
- 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5,
- 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c,
- 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d,
- 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99,
- 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5,
- 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18,
- 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf,
- 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3,
- 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d,
- 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca,
- 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a,
- 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39,
- 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13,
- 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee,
- 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8,
- 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc,
- 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a,
- 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2,
- 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1,
- 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07,
- 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0,
- 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3,
- 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3,
- 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19,
- 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8,
- 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02,
- 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e,
- 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22,
- 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec
- };
- #define CHACHA_BIG_TEST_SIZE 1305
- #ifndef WOLFSSL_SMALL_STACK
- byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0};
- byte plain_big[CHACHA_BIG_TEST_SIZE] = {0};
- byte input_big[CHACHA_BIG_TEST_SIZE] = {0};
- #else
- byte* cipher_big;
- byte* plain_big;
- byte* input_big;
- #endif /* WOLFSSL_SMALL_STACK */
- int block_size;
- #endif /* BENCH_EMBEDDED */
- byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
- byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
- byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
- byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
- byte* test_chacha[4];
- test_chacha[0] = a;
- test_chacha[1] = b;
- test_chacha[2] = c;
- test_chacha[3] = d;
- #ifndef BENCH_EMBEDDED
- #ifdef WOLFSSL_SMALL_STACK
- cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher_big == NULL) {
- return MEMORY_E;
- }
- plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (plain_big == NULL) {
- return MEMORY_E;
- }
- input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (input_big == NULL) {
- return MEMORY_E;
- }
- XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
- XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
- XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE);
- #endif /* WOLFSSL_SMALL_STACK */
- #endif /* BENCH_EMBEDDED */
- for (i = 0; i < times; ++i) {
- if (i < 3) {
- keySz = 32;
- }
- else {
- keySz = 16;
- }
- XMEMCPY(plain, keys[i], keySz);
- XMEMSET(cipher, 0, 32);
- XMEMCPY(cipher + 4, ivs[i], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 0);
- if (ret != 0)
- return ret;
- XMEMCPY(plain, input, 8);
- ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8);
- ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8);
- if (ret != 0)
- return ret;
- if (XMEMCMP(test_chacha[i], cipher, 8))
- return -4700 - i;
- if (XMEMCMP(plain, input, 8))
- return -4710 - i;
- }
- /* test of starting at a different counter
- encrypts all of the information and decrypts starting at 2nd chunk */
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMCPY(cipher + 4, ivs[0], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 1);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain));
- ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver));
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain + 64, sliver, 64))
- return -4720;
- #ifndef BENCH_EMBEDDED
- /* test of encrypting more data */
- keySz = 32;
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
- ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
- ret |= wc_Chacha_Process(&dec, plain_big, cipher_big,
- CHACHA_BIG_TEST_SIZE);
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
- return -4721;
- if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
- return -4722;
- for (i = 0; i < 18; ++i) {
- /* this will test all paths */
- /* block sizes: 1 2 3 4 7 8 15 16 31 32 63 64 127 128 255 256 511 512 */
- block_size = (2 << (i%9)) - (i<9?1:0);
- keySz = 32;
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
- ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, block_size);
- ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, block_size);
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain_big, input_big, block_size))
- return -4723-i;
- if (XMEMCMP(cipher_big, cipher_big_result, block_size))
- return -4724-i;
- }
- /* Streaming test */
- for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) {
- int j, rem;
- ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
- if (ret != 0)
- return -4725;
- ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return -4726;
- ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
- if (ret != 0)
- return -4727;
- ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return -4728;
- for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
- ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, i);
- if (ret != 0)
- return -4729;
- ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, i);
- if (ret != 0)
- return -4730;
- }
- rem = CHACHA_BIG_TEST_SIZE - j;
- ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, rem);
- if (ret != 0)
- return -4731;
- ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, rem);
- if (ret != 0)
- return -4732;
- if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
- return -4733;
- if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
- return -4734;
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* WOLFSSL_SMALL_STACK */
- #endif /* BENCH_EMBEDDED */
- return 0;
- }
- #endif /* HAVE_CHACHA */
- #ifdef HAVE_POLY1305
- WOLFSSL_TEST_SUBROUTINE int poly1305_test(void)
- {
- int ret = 0;
- int i;
- byte tag[16];
- Poly1305 enc;
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
- 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
- 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
- 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
- 0x75,0x70
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
- 0x6c,0x64,0x21
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- byte additional[] =
- {
- 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
- 0xc4,0xc5,0xc6,0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
- {
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
- {
- 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
- 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
- {
- 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
- 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
- {
- 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
- 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
- {
- 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
- 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
- {
- 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
- {
- 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
- 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
- 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
- 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
- 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
- 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key4[] = {
- 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
- 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
- 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
- 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key5[] = {
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6};
- word32 szm[] = {0, sizeof(msg1), sizeof(msg2),
- sizeof(msg3), sizeof(msg5), sizeof(msg6)};
- const byte* keys[] = {key, key, key2, key2, key5, key};
- const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
- correct6};
- for (i = 0; i < 6; i++) {
- ret = wc_Poly1305SetKey(&enc, keys[i], 32);
- if (ret != 0)
- return -4800 - i;
- ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
- if (ret != 0)
- return -4810 - i;
- ret = wc_Poly1305Final(&enc, tag);
- if (ret != 0)
- return -4820 - i;
- if (XMEMCMP(tag, tests[i], sizeof(tag)))
- return -4830 - i;
- }
- /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
- XMEMSET(tag, 0, sizeof(tag));
- ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
- if (ret != 0)
- return -4840;
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return -4841;
- if (XMEMCMP(tag, correct4, sizeof(tag)))
- return -4842;
- /* Check fail of TLS MAC function if altering additional data */
- XMEMSET(tag, 0, sizeof(tag));
- additional[0]++;
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return -4843;
- if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
- return -4844;
- return 0;
- }
- #endif /* HAVE_POLY1305 */
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- WOLFSSL_TEST_SUBROUTINE int chacha20_poly1305_aead_test(void)
- {
- /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plaintext1[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
- 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
- 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
- 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
- 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
- 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
- 0x74, 0x2e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = {
- 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47
- };
- WOLFSSL_SMALL_STACK_STATIC const byte aad1[] = { /* additional data */
- 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
- 0xc4, 0xc5, 0xc6, 0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = { /* expected output from operation */
- 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
- 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
- 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
- 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
- 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
- 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
- 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
- 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
- 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
- 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
- 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
- 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
- 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
- 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
- 0x61, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte authTag1[] = { /* expected output from operation */
- 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
- 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
- };
- /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
- 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
- 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
- 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plaintext2[] = {
- 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
- 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
- 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
- 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
- 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
- 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
- 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
- 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
- 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
- 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
- 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
- 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
- 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
- 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
- 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
- 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
- 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
- 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
- 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
- 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
- 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
- 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
- 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
- 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
- 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
- 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
- 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
- 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
- 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
- 0x9d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
- 0x05, 0x06, 0x07, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte aad2[] = { /* additional data */
- 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x4e, 0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = { /* expected output from operation */
- 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
- 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
- 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
- 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
- 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
- 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
- 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
- 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
- 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
- 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
- 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
- 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
- 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
- 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
- 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
- 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
- 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
- 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
- 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
- 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
- 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
- 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
- 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
- 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
- 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
- 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
- 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
- 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
- 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
- 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
- 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
- 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
- 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
- 0x9b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte authTag2[] = { /* expected output from operation */
- 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
- 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
- };
- byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
- byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
- byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
- int err;
- ChaChaPoly_Aead aead;
- #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
- #define TEST_SMALL_CHACHA_CHUNKS 32
- #else
- #define TEST_SMALL_CHACHA_CHUNKS 64
- #endif
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- word32 testLen;
- #endif
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Parameter Validation testing */
- /* Encrypt */
- err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4900;
- err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1), generatedCiphertext,
- generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4901;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4902;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4903;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, NULL);
- if (err != BAD_FUNC_ARG)
- return -4904;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4905;
- /* Decrypt */
- err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4906;
- err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4907;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4908;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), NULL, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4909;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, NULL);
- if (err != BAD_FUNC_ARG)
- return -4910;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4911;
- /* Test #1 */
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
- aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return err;
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return -4912;
- }
- if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) {
- return -4913;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
- aad1, sizeof(aad1),
- cipher1, sizeof(cipher1),
- authTag1, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
- return -4914;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test #2 */
- err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
- aad2, sizeof(aad2),
- plaintext2, sizeof(plaintext2),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return err;
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return -4915;
- }
- if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) {
- return -4916;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
- aad2, sizeof(aad2),
- cipher2, sizeof(cipher2),
- authTag2, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return -4917;
- }
- /* AEAD init/update/final - bad argument tests */
- err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return -4918;
- err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return -4919;
- err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return -4920;
- err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
- if (err != BAD_FUNC_ARG)
- return -4921;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
- if (err != BAD_FUNC_ARG)
- return -4922;
- err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
- generatedPlaintext, sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return -4923;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
- sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return -4924;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
- sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return -4925;
- err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4926;
- err = wc_ChaCha20Poly1305_Final(&aead, NULL);
- if (err != BAD_FUNC_ARG)
- return -4927;
- /* AEAD init/update/final - bad state tests */
- /* clear struct - make valgrind happy to resolve
- "Conditional jump or move depends on uninitialised value(s)".
- The enum is "int" size and aead.state is "byte" */
- /* The wc_ChaCha20Poly1305_Init function does this normally */
- XMEMSET(&aead, 0, sizeof(aead));
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != BAD_STATE_E)
- return -4928;
- aead.state = CHACHA20_POLY1305_STATE_DATA;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != BAD_STATE_E)
- return -4929;
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
- generatedPlaintext, sizeof(plaintext1));
- if (err != BAD_STATE_E)
- return -4930;
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != BAD_STATE_E)
- return -4931;
- aead.state = CHACHA20_POLY1305_STATE_READY;
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != BAD_STATE_E)
- return -4932;
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test 1 - Encrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
- CHACHA20_POLY1305_AEAD_ENCRYPT);
- if (err != 0)
- return -4933;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != 0)
- return -4934;
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext1); ) {
- word32 dataLen = sizeof(plaintext1) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen],
- &generatedCiphertext[testLen], dataLen);
- if (err != 0)
- return -4935;
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1,
- generatedCiphertext, sizeof(plaintext1));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return -4936;
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
- if (err != 0)
- return -4937;
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return -4938;
- }
- /* Test 1 - Decrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != 0)
- return -4939;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != 0)
- return -4940;
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext1); ) {
- word32 dataLen = sizeof(plaintext1) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead,
- &generatedCiphertext[testLen], &generatedPlaintext[testLen],
- dataLen);
- if (err != 0)
- return -4941;
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
- generatedPlaintext, sizeof(cipher1));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return -4942;
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
- if (err != 0)
- return -4943;
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
- return -4944;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test 2 - Encrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
- CHACHA20_POLY1305_AEAD_ENCRYPT);
- if (err != 0)
- return -4945;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
- if (err != 0)
- return -4946;
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext2); ) {
- word32 dataLen = sizeof(plaintext2) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen],
- &generatedCiphertext[testLen], dataLen);
- if (err != 0)
- return -4947;
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext,
- sizeof(plaintext2));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return -4948;
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
- if (err != 0)
- return -4949;
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return -4950;
- }
- /* Test 2 - Decrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != 0)
- return -4951;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
- if (err != 0)
- return -4952;
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext2); ) {
- word32 dataLen = sizeof(plaintext2) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead,
- &generatedCiphertext[testLen], &generatedPlaintext[testLen],
- dataLen);
- if (err != 0)
- return -4953;
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
- generatedPlaintext, sizeof(cipher2));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return -4954;
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
- if (err != 0)
- return -4955;
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return -4956;
- }
- return err;
- }
- #endif /* HAVE_CHACHA && HAVE_POLY1305 */
- #ifndef NO_DES3
- WOLFSSL_TEST_SUBROUTINE int des_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des enc;
- Des dec;
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- int ret;
- ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
- if (ret != 0)
- return -5000;
- ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- if (ret != 0)
- return -5001;
- ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
- if (ret != 0)
- return -5002;
- ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- if (ret != 0)
- return -5003;
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -5004;
- if (XMEMCMP(cipher, verify, sizeof(cipher)))
- return -5005;
- ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv);
- if (ret != 0)
- return -5006;
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
- {
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(EncryptedInfo));
- XMEMCPY(info.iv, iv, sizeof(iv));
- info.ivSz = sizeof(iv);
- info.keySz = sizeof(key);
- info.cipherType = WC_CIPHER_DES;
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_SHA);
- if (ret != 0)
- return -5007;
- /* Test invalid info ptr */
- ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_SHA);
- if (ret != BAD_FUNC_ARG)
- return -5008;
- #ifndef NO_PWDBASED
- /* Test invalid hash type - only applies to wc_PBKDF1 call */
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_NONE);
- if (ret == 0)
- return -5009;
- #endif /* !NO_PWDBASED */
- }
- #endif
- return 0;
- }
- #endif /* !NO_DES3 */
- #ifndef NO_DES3
- WOLFSSL_TEST_SUBROUTINE int des3_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des3 enc;
- Des3 dec;
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
- {
- 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
- 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
- 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
- };
- int ret;
- if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0)
- return -5100;
- if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0)
- return -5101;
- ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
- if (ret != 0)
- return -5102;
- ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
- if (ret != 0)
- return -5103;
- ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5104;
- ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5105;
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -5106;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return -5107;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- /* test the same vectors with using compatibility layer */
- {
- DES_key_schedule ks1;
- DES_key_schedule ks2;
- DES_key_schedule ks3;
- DES_cblock iv4;
- XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
- XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
- XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
- XMEMCPY(iv4, iv3, sizeof(DES_cblock));
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(cipher, 0, sizeof(cipher));
- DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3,
- &iv4, DES_ENCRYPT);
- DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3,
- &iv4, DES_DECRYPT);
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -5108;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return -5109;
- }
- #endif /* OPENSSL_EXTRA */
- wc_Des3Free(&enc);
- wc_Des3Free(&dec);
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
- {
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(EncryptedInfo));
- XMEMCPY(info.iv, iv3, sizeof(iv3));
- info.ivSz = sizeof(iv3);
- info.keySz = sizeof(key3);
- info.cipherType = WC_CIPHER_DES3;
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3,
- sizeof(key3), WC_HASH_TYPE_SHA);
- if (ret != 0)
- return -5110;
- }
- #endif
- return 0;
- }
- #endif /* NO_DES3 */
- #ifndef NO_AES
- #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
- defined(WOLFSSL_AES_XTS)
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- /* pass in the function, key, iv, plain text and expected and this function
- * tests that the encryption and decryption is successful */
- static int EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
- const byte* iv, const byte* plain, int plainSz,
- const byte* expected, int expectedSz)
- {
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = NULL;
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- int idx, ret = 0, cipherSz;
- byte* cipher;
- #ifdef WOLFSSL_SMALL_STACK
- if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL)
- return MEMORY_E;
- #endif
- cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher == NULL) {
- ret = -5120;
- goto EVP_TEST_END;
- }
- /* test encrypt */
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
- ret = -5121;
- goto EVP_TEST_END;
- }
- if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
- ret = -5122;
- goto EVP_TEST_END;
- }
- cipherSz = idx;
- if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
- ret = -5123;
- goto EVP_TEST_END;
- }
- cipherSz += idx;
- if (XMEMCMP(cipher, expected, plainSz)) {
- ret = -5124;
- goto EVP_TEST_END;
- }
- /* test decrypt */
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
- ret = -5125;
- goto EVP_TEST_END;
- }
- if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
- ret = -5126;
- goto EVP_TEST_END;
- }
- cipherSz = idx;
- if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
- ret = -5127;
- goto EVP_TEST_END;
- }
- cipherSz += idx;
- if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
- ret = -5128;
- goto EVP_TEST_END;
- }
- EVP_TEST_END:
- if (cipher)
- XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- (void)cipherSz;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- return ret;
- }
- #endif /* OPENSSL_EXTRA */
- #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
- #ifdef WOLFSSL_AES_OFB
- /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */
- WOLFSSL_TEST_SUBROUTINE int aesofb_test(void)
- {
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
- 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
- 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
- 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
- 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain1[] =
- {
- 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
- 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
- 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
- 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
- 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
- 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
- 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
- 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
- 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
- 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
- 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
- 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
- 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
- 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
- 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
- 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
- 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #endif
- #endif
- XMEMSET(enc, 0, sizeof *enc);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(dec, 0, sizeof *dec);
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
- cipher2, sizeof(cipher2));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5129, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5130, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5131, out);
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
- ERROR_OUT(-5132, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5133, out);
- if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
- ERROR_OUT(-5134, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
- cipher3, sizeof(cipher3));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5135, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5136, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5137, out);
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
- ERROR_OUT(-5138, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5139, out);
- if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
- ERROR_OUT(-5140, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5141, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5142, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5143, out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
- ERROR_OUT(-5144, out);
- ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
- plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5145, out);
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(-5146, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5147, out);
- if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
- ERROR_OUT(-5148, out);
- ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
- cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5149, out);
- if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(-5150, out);
- #endif /* HAVE_AES_DECRYPT */
- /* multiple blocks at once */
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5151, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5152, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(-5153, out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(-5154, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(-5155, out);
- if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(-5156, out);
- #endif /* HAVE_AES_DECRYPT */
- /* inline decrypt/encrypt*/
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5157, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5158, out);
- #endif
- XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
- ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(-5159, out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(-5160, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(-5161, out);
- if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(-5162, out);
- #endif /* HAVE_AES_DECRYPT */
- /* 256 key size test leftover support */
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5163, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5164, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3);
- if (ret != 0)
- ERROR_OUT(-5165, out);
- if (XMEMCMP(cipher, cipher1, 3))
- ERROR_OUT(-5166, out);
- ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5167, out);
- if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
- ERROR_OUT(-5168, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6);
- if (ret != 0)
- ERROR_OUT(-5169, out);
- if (XMEMCMP(plain, plain1, 6))
- ERROR_OUT(-5170, out);
- ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5171, out);
- if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
- ERROR_OUT(-5172, out);
- #endif /* HAVE_AES_DECRYPT */
- out:
- wc_AesFree(enc);
- wc_AesFree(dec);
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* WOLFSSL_AES_OFB */
- #if defined(WOLFSSL_AES_CFB)
- /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/
- static int aescfb_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- int ret = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
- 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
- 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 size key test */
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
- 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
- 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
- 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
- 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
- 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
- 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
- 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 size key simple test */
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
- 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
- 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
- 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
- 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
- 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
- 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
- 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5173, out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5174, out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5175, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5176, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(-5177, out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(-5178, out);
- /* test restarting encryption process */
- ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
- msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5179, out);
- if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
- cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
- ERROR_OUT(-5180, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(-5181, out);
- if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(-5182, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
- cipher2, sizeof(cipher2));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5183, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5184, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- ERROR_OUT(-5185, out);
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
- ERROR_OUT(-5186, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- ERROR_OUT(-5187, out);
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
- ERROR_OUT(-5188, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
- cipher3, sizeof(cipher3));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5189, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5190, out);
- #endif
- /* test with data left overs, magic lengths are checking near edges */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4);
- if (ret != 0)
- ERROR_OUT(-5191, out);
- if (XMEMCMP(cipher, cipher3, 4))
- ERROR_OUT(-5192, out);
- ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27);
- if (ret != 0)
- ERROR_OUT(-5193, out);
- if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
- ERROR_OUT(-5194, out);
- ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- ERROR_OUT(-5195, out);
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
- ERROR_OUT(-5196, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, 4);
- if (ret != 0)
- ERROR_OUT(-5197, out);
- if (XMEMCMP(plain, msg3, 4))
- ERROR_OUT(-5198, out);
- ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4);
- if (ret != 0)
- ERROR_OUT(-5199, out);
- ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23);
- if (ret != 0)
- ERROR_OUT(-5200, out);
- if (XMEMCMP(plain + 4, msg3 + 4, 27))
- ERROR_OUT(-5201, out);
- ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- ERROR_OUT(-5202, out);
- if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
- ERROR_OUT(-5203, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- out:
- if (enc_inited)
- wc_AesFree(enc);
- if (dec_inited)
- wc_AesFree(dec);
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- return ret;
- }
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- static int aescfb1_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE];
- #endif
- int ret = 0;
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9,
- 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73,
- 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0xC0
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13,
- 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10,
- 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6,
- 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x30
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x80
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
- 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e,
- 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50,
- 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e,
- 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20,
- 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xF7, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x41, 0xC0
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5204, out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5205, out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5206, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5207, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2);
- if (ret != 0)
- ERROR_OUT(-5208, out);
- if (cipher[0] != cipher1[0])
- ERROR_OUT(-5209, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2);
- if (ret != 0)
- ERROR_OUT(-5210, out);
- if (plain[0] != msg1[0])
- ERROR_OUT(-5211, out);
- #endif /* HAVE_AES_DECRYPT */
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5212, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1,
- sizeof(msg1) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(-5213, out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
- cipher, sizeof(msg1));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key tests */
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5214, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4);
- if (ret != 0)
- ERROR_OUT(-5215, out);
- if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0)
- ERROR_OUT(-5216, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5217, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg2,
- sizeof(msg2) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(-5218, out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
- cipher, sizeof(msg2));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key tests */
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5219, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10);
- if (ret != 0)
- ERROR_OUT(-5220, out);
- if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
- ERROR_OUT(-5221, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5222, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg3,
- sizeof(msg3) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(-5223, out);
- #ifndef WOLFCRYPT_ONLY
- ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
- cipher, sizeof(msg3));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- static int aescfb8_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE];
- #endif
- int ret = 0;
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae,
- 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46,
- 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0xd2,0x76,0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0xc9,0x06,0x35
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93,
- 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5,
- 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54,
- 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e,
- 0xb5,0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3,
- 0x3a,0x60
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
- 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44,
- 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc,
- 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9,
- 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23,
- 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0x1c,0xff,0x95
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0xb9,0x74,0xfa
- };
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5238, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5239, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5224, out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5225, out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5226, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5227, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1));
- if (ret != 0)
- ERROR_OUT(-5228, out);
- if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0)
- ERROR_OUT(-5229, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1));
- if (ret != 0)
- ERROR_OUT(-5230, out);
- if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0)
- ERROR_OUT(-5231, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key tests */
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5232, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2));
- if (ret != 0)
- ERROR_OUT(-5233, out);
- if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
- ERROR_OUT(-5234, out);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
- cipher2, sizeof(msg2));
- if (ret != 0) {
- return ret;
- }
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key tests */
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5235, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3));
- if (ret != 0)
- ERROR_OUT(-5236, out);
- if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
- ERROR_OUT(-5237, out);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
- cipher3, sizeof(msg3));
- if (ret != 0) {
- goto out;
- }
- #endif
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
- #endif /* WOLFSSL_AES_CFB */
- static int aes_key_size_test(void)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- Aes *aes;
- #else
- Aes aes[1];
- #endif
- byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- #ifndef WOLFSSL_CRYPTOCELL
- byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
- #endif
- byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- byte iv[] = "1234567890abcdef";
- #ifndef HAVE_FIPS
- word32 keySize;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return -5315;
- #endif
- #if !defined(HAVE_FIPS) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
- /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
- * supported with that FIPS version */
- ret = wc_AesInit(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5300, out);
- #endif
- ret = wc_AesInit(aes, HEAP_HINT, devId);
- /* 0 check OK for FIPSv1 */
- if (ret != 0)
- ERROR_OUT(-5301, out);
- #ifndef HAVE_FIPS
- /* Parameter Validation testing. */
- ret = wc_AesGetKeySize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5302, out);
- ret = wc_AesGetKeySize(aes, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5303, out);
- ret = wc_AesGetKeySize(NULL, &keySize);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5304, out);
- /* Crashes in FIPS */
- ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5305, out);
- #endif
- /* NULL IV indicates to use all zeros IV. */
- ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(-5306, out);
- ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5307, out);
- /* CryptoCell handles rounds internally */
- #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
- /* PSA don't use aes->rounds */
- #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_AES)
- /* Force invalid rounds */
- aes->rounds = 16;
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5308, out);
- #endif
- #endif
- ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(-5309, out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key16))
- ERROR_OUT(-5310, out);
- #endif
- #ifndef WOLFSSL_CRYPTOCELL
- /* Cryptocell only supports AES-128 key size */
- ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_192
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(-5311, out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key24))
- ERROR_OUT(-5312, out);
- #endif
- ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_256
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(-5313, out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key32))
- ERROR_OUT(-5314, out);
- #endif
- #endif /* !WOLFSSL_CRYPTOCELL */
- ret = 0; /* success */
- out:
- wc_AesFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #if defined(WOLFSSL_AES_XTS)
- /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
- #ifdef WOLFSSL_AES_128
- static int aes_xts_128_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- unsigned char cipher[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
- 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
- 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
- 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
- };
- /* plain text test of partial block is not from NIST test vector list */
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
- 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
- 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
- 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
- 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
- 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
- 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
- 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
- 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
- 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
- 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
- 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5417, out);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
- if (ret != 0) {
- printf("EVP_aes_128_xts failed!\n");
- goto out;
- }
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5400, out);
- else
- aes_inited = 1;
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5401, out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(-5402, out);
- XMEMSET(buf, 0, sizeof(buf));
- wc_AesXtsFree(aes);
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5403, out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5404, out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5405, out);
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5406, out);
- wc_AesXtsFree(aes);
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5407, out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5408, out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(-5409, out);
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5410, out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5411, out);
- /* fail case with decrypting using wrong key */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5412, out);
- if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
- ERROR_OUT(-5413, out);
- wc_AesXtsFree(aes);
- /* set correct key and retest */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5414, out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5415, out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(-5416, out);
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_256
- static int aes_xts_256_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 3];
- unsigned char cipher[AES_BLOCK_SIZE * 3];
- /* 256 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
- 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
- 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
- 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
- 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
- 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
- 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
- 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
- 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
- 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
- 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
- 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
- };
- /* plain text test of partial block is not from NIST test vector list */
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
- 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
- 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
- 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
- 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
- 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
- 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
- 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
- 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
- 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
- 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
- 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
- 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
- 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
- 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
- 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
- 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
- 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
- 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
- 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
- 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
- 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5515, out);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
- && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
- if (ret != 0) {
- printf("EVP_aes_256_xts failed\n");
- goto out;
- }
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5500, out);
- else
- aes_inited = 1;
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5501, out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(-5502, out);
- wc_AesXtsFree(aes);
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5503, out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5504, out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5505, out);
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5506, out);
- wc_AesXtsFree(aes);
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5507, out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5508, out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(-5509, out);
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5510, out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5511, out);
- wc_AesXtsFree(aes);
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5512, out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5513, out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(-5514, out);
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- /* both 128 and 256 bit key test */
- static int aes_xts_sector_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- /* 256 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
- 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
- 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
- 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
- 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
- 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
- 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
- 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
- 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
- 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
- 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
- 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
- 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
- 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
- };
- word64 s2 = 187;
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5612, out);
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5600, out);
- else
- aes_inited = 1;
- ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5601, out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5602, out);
- wc_AesXtsFree(aes);
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5603, out);
- ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5604, out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5605, out);
- wc_AesXtsFree(aes);
- /* 256 bit key tests */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5606, out);
- ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5607, out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(-5608, out);
- wc_AesXtsFree(aes);
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5609, out);
- ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5610, out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(-5611, out);
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- /* testing of bad arguments */
- static int aes_xts_args_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- int ret;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5708, out);
- #endif
- if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) == 0)
- ERROR_OUT(-5700, out);
- if (wc_AesXtsSetKey(aes, NULL, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) == 0)
- ERROR_OUT(-5701, out);
- /* encryption operations */
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5702, out);
- else
- aes_inited = 1;
- ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(-5703, out);
- ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(-5704, out);
- wc_AesXtsFree(aes);
- /* decryption operations */
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5705, out);
- ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(-5706, out);
- ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(-5707, out);
- ret = 0;
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* WOLFSSL_AES_XTS */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- static int aes_cbc_test(void)
- {
- byte cipher[AES_BLOCK_SIZE];
- byte plain[AES_BLOCK_SIZE];
- int ret;
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- /* Parameter Validation testing. */
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return -5800;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return -5801;
- #endif
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return -5802;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return -5803;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
- return -5804;
- #endif /* HAVE_AES_DECRYPT */
- (void)plain;
- return 0;
- }
- #endif
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- static int aesecb_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes dec[1];
- #endif
- byte plain [AES_BLOCK_SIZE * 4];
- #endif /* HAVE_AES_DECRYPT */
- int ret = 0;
- #if defined(WOLFSSL_AES_256)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5900, out);
- #if defined(HAVE_AES_DECRYPT)
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5901, out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5923, out);
- if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-5924, out);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-5925, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-5926, out);
- if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-5927, out);
- wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-5928, out);
- }
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(dec);
- #endif
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* HAVE_AES_ECB */
- #ifdef WOLFSSL_AES_COUNTER
- static int aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
- {
- int ret;
- /* test vectors from "Recommendation for Block Cipher Modes of
- * Operation" NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] =
- {
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xfe
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0x0f,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96_2[] =
- {
- 0xff,0xff,0xff,0xf0,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
- };
- #endif
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] =
- {
- 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
- 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
- 0x7e,0xad,0xea,0x5c,0xd1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32CipherLong[] =
- {
- 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
- 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
- 0x7e,0xad,0xea,0x5c,0xd1,0xb7,0x98,0xf0,
- 0x22,0x20,0xfe,0x67,0xb0,0x02,0x23,0x50
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32_2CipherLong[] =
- {
- 0x6e,0xa1,0x27,0x4d,0xea,0x20,0x5f,0x39,
- 0x68,0xc8,0xb6,0x78,0xde,0xfc,0x53,0x5c,
- 0x90,0xc8,0xf6,0xc6,0xfa,0xe0,0x7b,0x09,
- 0x7c,0xf8,0x9c,0x6a,0x5a,0xa5,0x17,0x7f,
- 0x03,0x92,0x5f,0x4e,0x85,0xea,0x26,0xc9,
- 0x5a,0xc2,0x74,0xe2,0xbf,0xe4,0x1b,0xd4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64Cipher[] =
- {
- 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
- 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
- 0xae,0x74,0x94,0x72,0x8e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64CipherLong[] =
- {
- 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
- 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
- 0xae,0x74,0x94,0x72,0x8e,0xd0,0x71,0xc0,
- 0x89,0x8a,0xa1,0xb0,0x29,0xa0,0x10,0x9e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64_2CipherLong[] =
- {
- 0x3f,0xe7,0xd5,0xf3,0xfa,0x09,0xfe,0x40,
- 0xa6,0xa1,0x32,0x8b,0x57,0x12,0xb9,0xfa,
- 0xf2,0x2d,0xe4,0x3c,0x66,0x1d,0x0a,0x8e,
- 0x46,0xf8,0x2e,0x33,0xce,0x8d,0x4e,0x3b,
- 0x17,0x67,0x9e,0x9f,0x76,0x9e,0xc2,0x99,
- 0xd5,0xd4,0x71,0xed,0xb4,0x33,0xb2,0xcd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96Cipher[] =
- {
- 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
- 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
- 0x9d,0x77,0xc9,0x5f,0x38
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96CipherLong[] =
- {
- 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
- 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
- 0x9d,0x77,0xc9,0x5f,0x38,0xb5,0x6e,0x44,
- 0x21,0x8e,0xda,0x57,0xe0,0x41,0xc7,0x6a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96_2CipherLong[] =
- {
- 0xc8,0x81,0x1a,0xbe,0xc7,0x5b,0x93,0x6f,
- 0xe6,0x52,0xe4,0xb1,0x2d,0x1c,0x39,0xbc,
- 0xeb,0x82,0x27,0x0a,0x7e,0xa5,0x0e,0x2d,
- 0x32,0xda,0xbe,0x10,0x7a,0x10,0xcc,0xd3,
- 0x6f,0xc6,0x83,0x28,0x05,0x57,0x8a,0x24,
- 0x44,0x76,0x17,0x81,0xb9,0x5c,0x94,0x81
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] =
- {
- 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
- 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
- 0xd3,0xda,0xe1,0x5b,0x04
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] =
- {
- 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
- 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
- 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
- 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] =
- {
- 0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67,
- 0xc1,0xa7,0x90,0x3b,0x3f,0xdd,0xfa,0x89,
- 0x24,0xdf,0x0c,0x56,0x5c,0xf4,0x2a,0x68,
- 0x97,0x87,0x13,0xb6,0x7a,0xd1,0x24,0xfd,
- 0x4d,0x3f,0x77,0x4a,0xb9,0xe4,0x7d,0xa2,
- 0xdb,0xb9,0x31,0x5e,0xa3,0x11,0x06,0x80
- };
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
- 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
- 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
- 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
- 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
- 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
- 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] =
- {
- 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
- 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
- 0x0c,0x33,0x97,0x06,0xc0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32CipherLong[] =
- {
- 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
- 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
- 0x0c,0x33,0x97,0x06,0xc0,0xbe,0x83,0x87,
- 0xdd,0xd3,0xff,0xd8,0xe4,0x6a,0x5b,0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32_2CipherLong[] =
- {
- 0xf5,0x00,0xa2,0x91,0x54,0xa3,0x76,0xa2,
- 0xdd,0xad,0x16,0x89,0xe5,0xf0,0x1d,0x40,
- 0x84,0xcd,0x74,0x84,0xcb,0x8b,0x9e,0x29,
- 0xa9,0x8a,0x12,0x65,0xa0,0x79,0x5e,0xce,
- 0xd9,0x50,0x65,0x21,0x86,0xb0,0x85,0x0d,
- 0x98,0x2d,0x9a,0x5a,0x11,0xbe,0xa5,0x7f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64Cipher[] =
- {
- 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
- 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
- 0x3d,0xf7,0xb4,0xfd,0x8c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64CipherLong[] =
- {
- 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
- 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
- 0x3d,0xf7,0xb4,0xfd,0x8c,0x55,0x47,0x10,
- 0xd5,0x91,0x35,0xbe,0xd8,0x0d,0xa5,0x9e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64_2CipherLong[] =
- {
- 0x59,0xf1,0xed,0x70,0x62,0x42,0xa8,0x06,
- 0x07,0x36,0xe1,0xc5,0x04,0x79,0xc3,0x9b,
- 0xd1,0x14,0x5c,0xcc,0x6f,0x81,0x5f,0x2f,
- 0xa0,0xde,0xcf,0x61,0x55,0x18,0x7a,0xac,
- 0xb0,0x59,0x37,0x90,0x53,0xb3,0x00,0x88,
- 0xb4,0x49,0x90,0x7b,0x96,0xcd,0xcc,0xc3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96Cipher[] =
- {
- 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
- 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
- 0x47,0xb5,0xf3,0x30,0x3b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96CipherLong[] =
- {
- 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
- 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
- 0x47,0xb5,0xf3,0x30,0x3b,0xef,0xcd,0x80,
- 0xe3,0x61,0x34,0xef,0x4e,0x1b,0x79,0xc1
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96_2CipherLong[] =
- {
- 0x3c,0xb2,0xff,0xc0,0x24,0xe1,0xf5,0xc4,
- 0x0f,0xd1,0x0a,0x1b,0xbe,0x1f,0x23,0xa1,
- 0x8e,0xbf,0x2b,0x96,0xb6,0x37,0xc8,0x25,
- 0x06,0x90,0xe2,0xca,0x71,0x24,0x52,0x95,
- 0xaa,0x8c,0x80,0xdf,0xb7,0xd7,0x30,0xb0,
- 0xcc,0x06,0x4f,0x28,0xa2,0x74,0x27,0xf8
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128Cipher[] =
- {
- 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
- 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
- 0x8c,0x68,0xa7,0xd9,0x57
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128CipherLong[] =
- {
- 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
- 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
- 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f,
- 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] =
- {
- 0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0,
- 0xfc,0xbc,0x63,0xdc,0xd9,0x60,0x52,0xb2,
- 0x99,0x2f,0xbb,0x1e,0x00,0xf5,0x9f,0x6d,
- 0xab,0x48,0x0f,0xc6,0x37,0x12,0x56,0xe3,
- 0x12,0x8d,0x31,0xc8,0xea,0xf4,0x41,0x82,
- 0x7a,0x88,0xe0,0xd7,0xf0,0x67,0x03,0xa4
- };
- #endif
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
- 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
- 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
- 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
- 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
- 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
- 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] =
- {
- 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
- 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
- 0xa2,0x13,0x47,0x74,0xda
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32CipherLong[] =
- {
- 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
- 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
- 0xa2,0x13,0x47,0x74,0xda,0x89,0x77,0x40,
- 0x28,0x9c,0xe8,0x19,0x26,0x32,0xd8,0x1f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32_2CipherLong[] =
- {
- 0xf6,0xd9,0x22,0xc6,0x80,0x29,0xaf,0x14,
- 0x54,0x6c,0x0a,0xce,0x42,0xea,0x3c,0xa1,
- 0x7c,0xeb,0x36,0x0d,0x8e,0xd7,0x8c,0x59,
- 0xa8,0x09,0x9f,0x9e,0xba,0x5b,0x95,0xfa,
- 0x26,0x8c,0x37,0x59,0xf8,0xae,0x8e,0xaa,
- 0x4d,0xe4,0x1c,0xfe,0x51,0xc7,0xb7,0xcc
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64Cipher[] =
- {
- 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
- 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
- 0xd4,0x94,0x4c,0xcd,0x4d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64CipherLong[] =
- {
- 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
- 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
- 0xd4,0x94,0x4c,0xcd,0x4d,0x47,0x5a,0x92,
- 0x26,0x49,0x81,0x7a,0xda,0x36,0x27,0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64_2CipherLong[] =
- {
- 0xf7,0x9c,0xbf,0xf6,0xa2,0xaa,0x8a,0x0a,
- 0x63,0x8a,0x20,0x2f,0x12,0xf1,0x8e,0x49,
- 0x30,0xc0,0x8d,0x5c,0x5f,0x8b,0xbc,0x16,
- 0xdd,0x71,0xee,0x13,0x14,0x7b,0xe1,0x25,
- 0xcb,0x87,0x8a,0xc6,0xdc,0x1d,0x54,0x7a,
- 0xe1,0xe4,0x6f,0x0d,0x95,0x1b,0xd1,0x8b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96Cipher[] =
- {
- 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
- 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
- 0xb8,0x69,0xa1,0x48,0x45
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96CipherLong[] =
- {
- 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
- 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
- 0xb8,0x69,0xa1,0x48,0x45,0xf1,0xc6,0x27,
- 0x36,0xa8,0xb2,0x4b,0x0e,0x62,0x6b,0x72
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96_2CipherLong[] =
- {
- 0xd5,0x56,0x73,0xaa,0xb8,0xe4,0x06,0xf6,
- 0x83,0x45,0x3a,0xb4,0xb9,0x63,0xec,0xad,
- 0x73,0xc5,0xab,0x78,0xb1,0x21,0xab,0xef,
- 0x69,0x15,0xb7,0x0c,0xe9,0xb4,0x3a,0xe7,
- 0xbc,0xc4,0x22,0xbd,0x93,0xba,0x52,0xe0,
- 0x91,0x2f,0x5e,0x8d,0x6d,0x59,0xf7,0xc2
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] =
- {
- 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
- 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
- 0x4b,0x45,0x7c,0xd6,0x8a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] =
- {
- 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
- 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
- 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
- 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05
- };
- #ifdef WOLFSSL_ARMASM
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] =
- {
- 0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94,
- 0x2b,0x93,0x56,0x13,0x48,0xa0,0x21,0xce,
- 0x95,0x11,0xa3,0x76,0xd6,0x59,0x88,0x42,
- 0x04,0x71,0x69,0x62,0x28,0xb2,0xee,0x9d,
- 0xd5,0xa0,0xea,0xc7,0x37,0x93,0x92,0xc7,
- 0xf2,0xb6,0x8d,0xd9,0x59,0x1a,0xfa,0xbb
- };
- #endif
- #endif
- int i;
- struct {
- const byte* key;
- int keySz;
- const byte* iv;
- const byte* plain;
- int len;
- const byte* cipher;
- } testVec[] = {
- #ifdef WOLFSSL_AES_128
- { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr128Cipher },
- /* and an additional 9 bytes to reuse tmp left buffer */
- { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher },
- /* Counter wrapping */
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
- ctr128Wrap128CipherLong },
- #ifdef WOLFSSL_ARMASM
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong),
- ctr128Wrap128_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr128Wrap96Cipher), ctr128Wrap96Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr128Wrap96CipherLong),
- ctr128Wrap96CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr128Wrap96_2CipherLong),
- ctr128Wrap96_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr128Wrap64Cipher), ctr128Wrap64Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr128Wrap64CipherLong),
- ctr128Wrap64CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr128Wrap64_2CipherLong),
- ctr128Wrap64_2CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr128Wrap32Cipher), ctr128Wrap32Cipher },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr128Wrap32CipherLong),
- ctr128Wrap32CipherLong },
- { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr128Wrap32_2CipherLong),
- ctr128Wrap32_2CipherLong },
- #endif
- #endif
- #ifdef WOLFSSL_AES_192
- { ctr192Key, (int)sizeof(ctr192Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr192Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr192Key, (int)sizeof(ctr192Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr192Cipher },
- /* Counter wrapping */
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr192Wrap128CipherLong),
- ctr192Wrap128CipherLong },
- #ifdef WOLFSSL_ARMASM
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong),
- ctr192Wrap128_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr192Wrap96Cipher), ctr192Wrap96Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr192Wrap96CipherLong),
- ctr192Wrap96CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr192Wrap96_2CipherLong),
- ctr192Wrap96_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr192Wrap64Cipher), ctr192Wrap64Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr192Wrap64CipherLong),
- ctr192Wrap64CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr192Wrap64_2CipherLong),
- ctr192Wrap64_2CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr192Wrap32Cipher), ctr192Wrap32Cipher },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr192Wrap32CipherLong),
- ctr192Wrap32CipherLong },
- { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr192Wrap32_2CipherLong),
- ctr192Wrap32_2CipherLong },
- #endif
- #endif
- #ifdef WOLFSSL_AES_256
- { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
- ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher },
- /* let's try with just 9 bytes, non block size test */
- { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
- ctrPlain, (int)sizeof(oddCipher), ctr256Cipher },
- /* Counter wrapping */
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
- ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
- ctr256Wrap128CipherLong },
- #ifdef WOLFSSL_ARMASM
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2,
- ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong),
- ctr256Wrap128_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr256Wrap96Cipher), ctr256Wrap96Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
- ctrPlain, (int)sizeof(ctr256Wrap96CipherLong),
- ctr256Wrap96CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96_2,
- ctrPlain, (int)sizeof(ctr256Wrap96_2CipherLong),
- ctr256Wrap96_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr256Wrap64Cipher), ctr256Wrap64Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
- ctrPlain, (int)sizeof(ctr256Wrap64CipherLong),
- ctr256Wrap64CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64_2,
- ctrPlain, (int)sizeof(ctr256Wrap64_2CipherLong),
- ctr256Wrap64_2CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr256Wrap32Cipher), ctr256Wrap32Cipher },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
- ctrPlain, (int)sizeof(ctr256Wrap32CipherLong),
- ctr256Wrap32CipherLong },
- { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32_2,
- ctrPlain, (int)sizeof(ctr256Wrap32_2CipherLong),
- ctr256Wrap32_2CipherLong },
- #endif
- #endif
- };
- #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
- for (i = 0; i < AES_CTR_TEST_LEN; i++) {
- if (testVec[i].key != NULL) {
- ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(-5930 - i * 10, out);
- }
- /* Ctr only uses encrypt, even on key setup */
- ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
- testVec[i].iv, AES_ENCRYPTION);
- if (ret != 0) {
- ERROR_OUT(-5931 - i * 10, out);
- }
- }
- ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(-5932 - i * 10, out);
- }
- ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
- if (ret != 0) {
- ERROR_OUT(-5933 - i * 10, out);
- }
- if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
- ERROR_OUT(-5934 - i * 10, out);
- }
- if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
- ERROR_OUT(-5935 - i * 10, out);
- }
- }
- out:
- return ret;
- }
- #endif /* WOLFSSL_AES_COUNTER */
- WOLFSSL_TEST_SUBROUTINE int aes_test(void)
- {
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes dec[1];
- #endif
- byte plain [AES_BLOCK_SIZE * 4];
- #endif /* HAVE_AES_DECRYPT */
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */
- #ifdef WOLFSSL_SMALL_STACK
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- if (enc == NULL)
- ERROR_OUT(-5990, out);
- #endif
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- if (dec == NULL)
- ERROR_OUT(-5991, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5900, out); /* note this error code is used programmatically in cleanup. */
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5901, out); /* note this error code is used programmatically in cleanup. */
- #endif
- ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5902, out);
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-5903, out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5904, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5905, out);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- ERROR_OUT(-5906, out);
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- ERROR_OUT(-5907, out);
- #endif /* WOLFSSL_AES_128 */
- #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
- /* "All work and no play makes Jack a dull boy. " */
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
- word32 keySz, msgSz;
- #ifdef WOLFSSL_SMALL_STACK
- byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((bigCipher == NULL) ||
- (bigPlain == NULL)) {
- if (bigCipher != NULL)
- XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ERROR_OUT(-5992, out);
- }
- #else
- byte bigCipher[sizeof(bigMsg)];
- byte bigPlain[sizeof(bigMsg)];
- #endif
- /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
- * message by AES_BLOCK_SIZE for each size of AES key. */
- for (keySz = 16; keySz <= 32; keySz += 8) {
- for (msgSz = AES_BLOCK_SIZE;
- msgSz <= sizeof(bigMsg);
- msgSz += AES_BLOCK_SIZE) {
- XMEMSET(bigCipher, 0, sizeof(bigMsg));
- XMEMSET(bigPlain, 0, sizeof(bigMsg));
- ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
- if (ret != 0) {
- ret = -5908;
- break;
- }
- ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
- if (ret != 0) {
- ret = -5909;
- break;
- }
- ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = -5910;
- break;
- }
- ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = -5911;
- break;
- }
- if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
- ret = -5912;
- break;
- }
- }
- if (ret != 0)
- break;
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (ret != 0)
- goto out;
- }
- #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
- /* Test of AES IV state with encrypt/decrypt */
- #ifdef WOLFSSL_AES_128
- {
- /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
- * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
- */
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] =
- {
- 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
- 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
- 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
- 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5913, out);
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5914, out);
- if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
- ERROR_OUT(-5915, out);
- ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
- msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5916, out);
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(-5917, out);
- #if defined(HAVE_AES_DECRYPT)
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-5918, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5919, out);
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
- ERROR_OUT(-5920, out);
- ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
- verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5921, out);
- if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(-5922, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AES_CBC */
- #ifdef WOLFSSL_AES_COUNTER
- ret = aesctr_test(enc, dec, cipher, plain);
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5994, out);
- #if !defined(HAVE_SELFTEST) && \
- (defined(WOLFSSL_LINUXKM) || \
- !defined(HAVE_FIPS) || \
- (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- if (wc_AesEncryptDirect(enc, cipher, niPlain) != 0)
- ERROR_OUT(-5995, out);
- #else
- wc_AesEncryptDirect(enc, cipher, niPlain);
- #endif
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-5996, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-5997, out);
- #if !defined(HAVE_SELFTEST) && \
- (defined(WOLFSSL_LINUXKM) || \
- !defined(HAVE_FIPS) || \
- (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- if (wc_AesDecryptDirect(dec, plain, niCipher) != 0)
- ERROR_OUT(-5998, out);
- #else
- wc_AesDecryptDirect(dec, plain, niCipher);
- #endif
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-5999, out);
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- ret = aes_key_size_test();
- if (ret != 0)
- goto out;
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- ret = aes_cbc_test();
- if (ret != 0)
- goto out;
- #endif
- #if defined(WOLFSSL_AES_XTS)
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_128_test();
- if (ret != 0)
- goto out;
- #endif
- #ifdef WOLFSSL_AES_256
- ret = aes_xts_256_test();
- if (ret != 0)
- goto out;
- #endif
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- ret = aes_xts_sector_test();
- if (ret != 0)
- goto out;
- #endif
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_args_test();
- if (ret != 0)
- goto out;
- #endif
- #endif
- #if defined(WOLFSSL_AES_CFB)
- ret = aescfb_test();
- if (ret != 0)
- goto out;
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = aescfb1_test();
- if (ret != 0)
- goto out;
- ret = aescfb8_test();
- if (ret != 0)
- goto out;
- #endif
- #endif
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = aesecb_test();
- if (ret != 0)
- goto out;
- #endif
- out:
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- #ifdef WOLFSSL_SMALL_STACK
- if (enc) {
- if (ret != -5900) /* note this must match ERRROR_OUT() code
- * for wc_AesInit(enc, ...) failure above.
- */
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else
- if (ret != -5900)
- wc_AesFree(enc);
- #endif
- (void)cipher;
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- if (dec) {
- if ((ret != -5900) && (ret != -5901))
- /* note these codes must match the ERRROR_OUT() codes for
- * wc_AesInit() failures above.
- */
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else
- if ((ret != -5900) && (ret != -5901))
- wc_AesFree(dec);
- #endif
- (void)plain;
- #endif /* HAVE_AES_DECRYPT */
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
- return ret;
- }
- #ifdef WOLFSSL_AES_192
- WOLFSSL_TEST_SUBROUTINE int aes192_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
- * Appendix F.2.3 */
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
- 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC byte key[] = {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6008, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6009, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6000, out);
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6001, out);
- #endif
- ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-6002, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-6003, out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-6004, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-6005, out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(-6006, out);
- }
- #endif
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(-6007, out);
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(dec);
- #endif
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- WOLFSSL_TEST_SUBROUTINE int aes256_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
- * Appendix F.2.5 */
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
- 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
- };
- WOLFSSL_SMALL_STACK_STATIC byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6108, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6109, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6100, out);
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6101, out);
- #endif
- ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-6102, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-6103, out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-6104, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-6105, out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(-6106, out);
- }
- #endif
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(-6107, out);
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(dec);
- #endif
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #ifdef HAVE_AESGCM
- #ifdef WOLFSSL_AES_128
- static int aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
- byte* plain, int plainSz, byte* cipher, int cipherSz,
- byte* aad, int aadSz, byte* tag, int tagSz)
- {
- int ret, enc_inited = 0, dec_inited = 0;
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- Aes *dec = NULL;
- #else
- Aes enc[1];
- Aes dec[1];
- #endif
- byte resultT[AES_BLOCK_SIZE];
- byte resultP[AES_BLOCK_SIZE * 3];
- byte resultC[AES_BLOCK_SIZE * 3];
- int result;
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6118, out);
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6119, out);
- #endif
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6110, out);
- else
- enc_inited = 1;
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6111, out);
- else
- dec_inited = 1;
- result = wc_AesGcmSetKey(enc, key, keySz);
- if (result != 0)
- ERROR_OUT(-6112, out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
- resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6113, out);
- if (cipher != NULL) {
- if (XMEMCMP(cipher, resultC, cipherSz))
- ERROR_OUT(-6114, out);
- }
- if (XMEMCMP(tag, resultT, tagSz))
- ERROR_OUT(-6115, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmSetKey(dec, key, keySz);
- if (result != 0)
- ERROR_OUT(-6116, out);
- result = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
- iv, ivSz, resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6117, out);
- if (plain != NULL) {
- if (XMEMCMP(plain, resultP, plainSz))
- ERROR_OUT(-6118, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- ret = 0;
- out:
- if (enc_inited)
- wc_AesFree(enc);
- if (dec_inited)
- wc_AesFree(dec);
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif
- /* tests that only use 12 byte IV and 16 or less byte AAD
- * test vectors are from NIST SP 800-38D
- * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
- WOLFSSL_TEST_SUBROUTINE int aesgcm_default_test(void)
- {
- #ifdef WOLFSSL_AES_128
- byte key1[] = {
- 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
- 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
- };
- byte iv1[] = {
- 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
- 0xe4, 0xed, 0x2f, 0x6d
- };
- ALIGN64 byte plain1[] = {
- 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
- 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
- 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
- 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
- };
- byte aad1[] = {
- 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
- 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
- };
- ALIGN64 byte cipher1[] = {
- 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
- 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
- 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
- 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
- };
- byte tag1[] = {
- 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
- 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
- };
- byte key2[] = {
- 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
- 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
- };
- byte iv2[] = {
- 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
- 0xc9, 0x8a, 0xff, 0xe3
- };
- ALIGN64 byte plain2[] = {
- 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
- 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
- };
- ALIGN64 byte cipher2[] = {
- 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
- 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
- };
- byte tag2[] = {
- 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
- 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
- };
- byte key3[] = {
- 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
- 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
- };
- byte iv3[] = {
- 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
- 0x6a, 0x4b, 0xd5, 0xe1
- };
- byte tag3[] = {
- 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
- 0x11, 0x64, 0xb2, 0xff
- };
- int ret;
- ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
- plain1, sizeof(plain1), cipher1, sizeof(cipher1),
- aad1, sizeof(aad1), tag1, sizeof(tag1));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
- plain2, sizeof(plain2), cipher2, sizeof(cipher2),
- NULL, 0, tag2, sizeof(tag2));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
- NULL, 0, NULL, 0,
- NULL, 0, tag3, sizeof(tag3));
- if (ret != 0) {
- return ret;
- }
- #endif
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- Aes *dec = NULL;
- #else
- Aes enc[1];
- Aes dec[1];
- #endif
- /*
- * This is Test Case 16 from the document Galois/
- * Counter Mode of Operation (GCM) by McGrew and
- * Viega.
- */
- WOLFSSL_SMALL_STACK_STATIC const byte p[] =
- {
- 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
- 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
- 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
- 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
- 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
- 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
- 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
- 0xba, 0x63, 0x7b, 0x39
- };
- #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
- WOLFSSL_SMALL_STACK_STATIC const byte a[] =
- {
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xab, 0xad, 0xda, 0xd2
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
- 0xde, 0xca, 0xf8, 0x88
- };
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
- {
- 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
- 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
- 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
- 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
- 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
- 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
- 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
- 0xbc, 0xc9, 0xf6, 0x62
- };
- #endif /* WOLFSSL_AES_256 || WOLFSSL_AES_192 */
- WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
- {
- 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
- 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
- };
- /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */
- #if !defined(HAVE_FIPS) && \
- !defined(WOLFSSL_PIC32MZ_CRYPT) && \
- !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \
- !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
- !defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_AES) && \
- !(defined(WOLF_CRYPTO_CB) && \
- (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
- #define ENABLE_NON_12BYTE_IV_TEST
- #ifdef WOLFSSL_AES_192
- /* Test Case 12, uses same plaintext and AAD data. */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
- 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
- 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
- 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
- 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
- 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
- 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
- 0xa6, 0x37, 0xb3, 0x9b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
- {
- 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
- 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
- 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
- 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
- 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
- 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
- 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
- 0xe9, 0xb7, 0x37, 0x3b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
- {
- 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
- 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- /* The following is an interesting test case from the example
- * FIPS test vectors for AES-GCM. IVlen = 1 byte */
- WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
- {
- 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
- 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
- {
- 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
- 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
- {
- 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
- 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a3[] =
- {
- 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
- 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t3[] =
- {
- 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
- 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_256
- int ivlen;
- #endif
- #endif
- byte resultT[sizeof(t1)];
- byte resultP[sizeof(p) + AES_BLOCK_SIZE];
- byte resultC[sizeof(p) + AES_BLOCK_SIZE];
- int result = 0;
- int ret;
- #ifdef WOLFSSL_AES_256
- int alen;
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- int plen;
- #endif
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
- #if !defined(BENCH_AESGCM_LARGE)
- #define BENCH_AESGCM_LARGE 1024
- #endif
- byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! large_input) || (! large_output) || (! large_outdec))
- ERROR_OUT(MEMORY_E, out);
- XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
- XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
- XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6342, out);
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6343, out);
- #endif
- (void)result;
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0) {
- ERROR_OUT(-6300, out);
- }
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0) {
- ERROR_OUT(-6301, out);
- }
- #ifdef WOLFSSL_AES_256
- result = wc_AesGcmSetKey(enc, k1, sizeof(k1));
- if (result != 0)
- ERROR_OUT(-6302, out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6303, out);
- if (XMEMCMP(c1, resultC, sizeof(c1)))
- ERROR_OUT(-6304, out);
- if (XMEMCMP(t1, resultT, sizeof(resultT)))
- ERROR_OUT(-6305, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmSetKey(dec, k1, sizeof(k1));
- if (result != 0)
- ERROR_OUT(-6306, out);
- result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
- iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6307, out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(-6308, out);
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6309, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6310, out);
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(-6311, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256)
- /* Variable IV length test */
- for (ivlen=1; ivlen<(int)sizeof(k1); ivlen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
- (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6312, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1,
- (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6313, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif
- #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
- /* Variable authenticated data length test */
- for (alen=0; alen<(int)sizeof(p); alen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
- sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6314, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
- sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6315, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- #ifdef BENCH_AESGCM_LARGE
- /* Variable plain text length test */
- for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, large_output, large_input,
- plen, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6316, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- plen, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6317, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #else /* BENCH_AESGCM_LARGE */
- /* Variable plain text length test */
- for (plen=1; plen<(int)sizeof(p); plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6318, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6319, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* BENCH_AESGCM_LARGE */
- #endif
- #endif /* WOLFSSL_AES_256 */
- /* test with IV != 12 bytes */
- #ifdef ENABLE_NON_12BYTE_IV_TEST
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #ifdef WOLFSSL_AES_192
- wc_AesGcmSetKey(enc, k2, sizeof(k2));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6320, out);
- if (XMEMCMP(c2, resultC, sizeof(c2)))
- ERROR_OUT(-6321, out);
- if (XMEMCMP(t2, resultT, sizeof(resultT)))
- ERROR_OUT(-6322, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c1),
- iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6323, out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(-6324, out);
- #endif /* HAVE_AES_DECRYPT */
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- wc_AesGcmSetKey(enc, k3, sizeof(k3));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
- resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6325, out);
- if (XMEMCMP(c3, resultC, sizeof(c3)))
- ERROR_OUT(-6326, out);
- if (XMEMCMP(t3, resultT, sizeof(t3)))
- ERROR_OUT(-6327, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
- iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6328, out);
- if (XMEMCMP(p3, resultP, sizeof(p3)))
- ERROR_OUT(-6329, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #endif /* ENABLE_NON_12BYTE_IV_TEST */
- #if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
- !defined(WOLFSSL_XILINX_CRYPT) && \
- !(defined(WOLF_CRYPTO_CB) && \
- defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(enc, k1, sizeof(k1));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6330, out);
- if (XMEMCMP(c1, resultC, sizeof(c1)))
- ERROR_OUT(-6331, out);
- if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1))
- ERROR_OUT(-6332, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
- iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6333, out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(-6334, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- /* Test encrypt with internally generated IV */
- #if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \
- && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC))
- {
- WC_RNG rng;
- byte randIV[12];
- result = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- if (result != 0)
- ERROR_OUT(-6335, out);
- XMEMSET(randIV, 0, sizeof(randIV));
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(enc, k1, sizeof(k1));
- result = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
- if (result != 0)
- ERROR_OUT(-6336, out);
- result = wc_AesGcmEncrypt_ex(enc,
- resultC, p, sizeof(p),
- randIV, sizeof(randIV),
- resultT, sizeof(resultT),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6337, out);
- /* Check the IV has been set. */
- {
- word32 i, ivSum = 0;
- for (i = 0; i < sizeof(randIV); i++)
- ivSum += randIV[i];
- if (ivSum == 0)
- ERROR_OUT(-6338, out);
- }
- #ifdef HAVE_AES_DECRYPT
- wc_AesGcmSetKey(dec, k1, sizeof(k1));
- result = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
- if (result != 0)
- ERROR_OUT(-6339, out);
- result = wc_AesGcmDecrypt(dec,
- resultP, resultC, sizeof(c1),
- randIV, sizeof(randIV),
- resultT, sizeof(resultT),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6340, out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(-6341, out);
- #endif /* HAVE_AES_DECRYPT */
- wc_FreeRng(&rng);
- }
- #endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
- #endif /* HAVE_FIPS_VERSION >= 2 */
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- #ifdef WOLFSSL_AES_256
- #ifdef WOLFSSL_AESGCM_STREAM
- result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (result != 0)
- ERROR_OUT(-6360, out);
- result = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6361, out);
- result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
- if (result != 0)
- ERROR_OUT(-6362, out);
- if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
- ERROR_OUT(-6363, out);
- if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
- ERROR_OUT(-6364, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (result != 0)
- ERROR_OUT(-6370, out);
- result = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6371, out);
- result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
- if (result != 0)
- ERROR_OUT(-6372, out);
- if (XMEMCMP(resultP, p, sizeof(p)) != 0)
- ERROR_OUT(-6373, out);
- #endif
- /* alen is the size to pass in with each update. */
- for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
- result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (result != 0)
- ERROR_OUT(-6380, out);
- /* plen is the offset into AAD to update with. */
- for (plen = 0; plen < (int)sizeof(a); plen += alen) {
- int len = sizeof(a) - plen;
- if (len > alen) len = alen;
- result = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
- if (result != 0)
- ERROR_OUT(-6381, out);
- }
- /* plen is the offset into plaintext to update with. */
- for (plen = 0; plen < (int)sizeof(p); plen += alen) {
- int len = sizeof(p) - plen;
- if (len > alen) len = alen;
- result = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
- NULL, 0);
- if (result != 0)
- ERROR_OUT(-6382, out);
- }
- result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
- if (result != 0)
- ERROR_OUT(-6383, out);
- if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
- ERROR_OUT(-6384, out);
- if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
- ERROR_OUT(-6385, out);
- }
- #ifdef HAVE_AES_DECRYPT
- for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
- result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (result != 0)
- ERROR_OUT(-6390, out);
- /* plen is the offset into AAD to update with. */
- for (plen = 0; plen < (int)sizeof(a); plen += alen) {
- int len = sizeof(a) - plen;
- if (len > alen) len = alen;
- result = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
- if (result != 0)
- ERROR_OUT(-6391, out);
- }
- /* plen is the offset into cipher text to update with. */
- for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
- int len = sizeof(c1) - plen;
- if (len > alen) len = alen;
- result = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
- NULL, 0);
- if (result != 0)
- ERROR_OUT(-6392, out);
- }
- result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
- if (result != 0)
- ERROR_OUT(-6393, out);
- if (XMEMCMP(resultP, p, sizeof(p)) != 0)
- ERROR_OUT(-6394, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AESGCM_STREAM */
- #endif /* WOLFSSL_AES_256 */
- #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
- wc_AesFree(enc);
- wc_AesFree(dec);
- ret = 0;
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (large_output)
- XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (large_outdec)
- XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #ifdef WOLFSSL_AES_128
- WOLFSSL_TEST_SUBROUTINE int gmac_test(void)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- Gmac *gmac;
- #else
- Gmac gmac[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
- 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
- 0xe2, 0x8c, 0x8f, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
- {
- 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
- 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
- {
- 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
- /* FIPS builds only allow 16-byte auth tags. */
- /* This sample uses a 15-byte auth tag. */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
- 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
- 0x1a, 0x60, 0x24, 0xa7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
- {
- 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
- 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
- {
- 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
- 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
- };
- #endif
- byte tag[16];
- #ifdef WOLFSSL_SMALL_STACK
- if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return -6409;
- #endif
- XMEMSET(gmac, 0, sizeof *gmac); /* clear context */
- (void)wc_AesInit(&gmac->aes, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(gmac, k1, sizeof(k1));
- wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
- if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
- ERROR_OUT(-6400, out);
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) )
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(gmac, k2, sizeof(k2));
- wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
- if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
- ERROR_OUT(-6401, out);
- #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte badT[] =
- {
- 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- WC_RNG rng;
- byte iv[12];
- #ifndef HAVE_FIPS
- if (wc_InitRng_ex(&rng, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6402, out);
- #else
- if (wc_InitRng(&rng) != 0)
- ERROR_OUT(-6403, out);
- #endif
- if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- t1, sizeof(t1)) != 0)
- ERROR_OUT(-6404, out);
- if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- badT, sizeof(badT)) != AES_GCM_AUTH_E)
- ERROR_OUT(-6405, out);
- if (wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
- t2, sizeof(t2)) != 0)
- ERROR_OUT(-6406, out);
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(iv, 0, sizeof(iv));
- if (wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag), &rng) != 0)
- ERROR_OUT(-6407, out);
- if (wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag)) != 0)
- ERROR_OUT(-6408, out);
- wc_FreeRng(&rng);
- }
- #endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */
- #endif /* HAVE_FIPS */
- ret = 0;
- out:
- wc_AesFree(&gmac->aes);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AESGCM */
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- WOLFSSL_TEST_SUBROUTINE int aesccm_test(void)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc;
- #else
- Aes enc[1];
- #endif
- /* key */
- WOLFSSL_SMALL_STACK_STATIC const byte k[] =
- {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- /* nonce */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
- 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
- };
- /* plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte p[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
- };
- /* plaintext - long */
- WOLFSSL_SMALL_STACK_STATIC const byte pl[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
- 0x50
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- /* ciphertext */
- WOLFSSL_SMALL_STACK_STATIC const byte c[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
- };
- /* tag - authentication */
- WOLFSSL_SMALL_STACK_STATIC const byte t[] =
- {
- 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
- };
- /* ciphertext - long */
- WOLFSSL_SMALL_STACK_STATIC const byte cl[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
- 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
- 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
- 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
- 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
- 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
- 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
- 0x0b
- };
- /* tag - authentication - long */
- WOLFSSL_SMALL_STACK_STATIC const byte tl[] =
- {
- 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
- };
- /* tag - authentication - empty plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] =
- {
- 0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5
- };
- byte t2[sizeof(t)];
- byte p2[sizeof(p)];
- byte c2[sizeof(c)];
- byte iv2[sizeof(iv)];
- byte pl2[sizeof(pl)];
- byte cl2[sizeof(cl)];
- byte tl2[sizeof(tl)];
- byte t_empty2[sizeof(t_empty)];
- int result;
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return -6521;
- #endif
- XMEMSET(enc, 0, sizeof *enc); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- result = wc_AesInit(enc, HEAP_HINT, devId);
- if (result != 0)
- ERROR_OUT(-6499, out);
- result = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (result != 0)
- ERROR_OUT(-6500, out);
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6501, out);
- if (XMEMCMP(c, c2, sizeof(c2)))
- ERROR_OUT(-6502, out);
- if (XMEMCMP(t, t2, sizeof(t2)))
- ERROR_OUT(-6503, out);
- result = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6504, out);
- if (XMEMCMP(p, p2, sizeof(p2)))
- ERROR_OUT(-6505, out);
- /* Test the authentication failure */
- t2[0]++; /* Corrupt the authentication tag. */
- result = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result == 0)
- ERROR_OUT(-6506, out);
- /* Clear c2 to compare against p2. p2 should be set to zero in case of
- * authentication fail. */
- XMEMSET(c2, 0, sizeof(c2));
- if (XMEMCMP(p2, c2, sizeof(p2)))
- ERROR_OUT(-6507, out);
- wc_AesFree(enc);
- XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- XMEMSET(iv2, 0, sizeof(iv2));
- #ifndef HAVE_SELFTEST
- /* selftest build does not have wc_AesCcmSetNonce() or
- * wc_AesCcmEncrypt_ex() */
- if (wc_AesCcmSetKey(enc, k, sizeof(k)) != 0)
- ERROR_OUT(-6508, out);
- if (wc_AesCcmSetNonce(enc, iv, sizeof(iv)) != 0)
- ERROR_OUT(-6509, out);
- if (wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
- t2, sizeof(t2), a, sizeof(a)) != 0)
- ERROR_OUT(-6510, out);
- if (XMEMCMP(iv, iv2, sizeof(iv2)))
- ERROR_OUT(-6511, out);
- if (XMEMCMP(c, c2, sizeof(c2)))
- ERROR_OUT(-6512, out);
- if (XMEMCMP(t, t2, sizeof(t2)))
- ERROR_OUT(-6513, out);
- #endif
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- /* test fail on invalid IV sizes */
- result = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (result != 0)
- ERROR_OUT(-6514, out);
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, 1, a, sizeof(a));
- if (result == 0) {
- ERROR_OUT(-6515, out);
- }
- #endif
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
- tl2, sizeof(tl2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6516, out);
- if (XMEMCMP(cl, cl2, sizeof(cl2)))
- ERROR_OUT(-6517, out);
- if (XMEMCMP(tl, tl2, sizeof(tl2)))
- ERROR_OUT(-6518, out);
- result = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
- tl2, sizeof(tl2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6519, out);
- if (XMEMCMP(pl, pl2, sizeof(pl2)))
- ERROR_OUT(-6520, out);
- /* test empty message as null input or output with nonzero inSz. */
- result = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (result != BAD_FUNC_ARG)
- ERROR_OUT(-6527, out);
- result = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (result != BAD_FUNC_ARG)
- ERROR_OUT(-6528, out);
- result = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (result != BAD_FUNC_ARG)
- ERROR_OUT(-6529, out);
- result = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (result != BAD_FUNC_ARG)
- ERROR_OUT(-6530, out);
- /* test empty message as null input and output with zero inSz --
- * must either succeed, or fail early with BAD_FUNC_ARG.
- */
- result = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (result != BAD_FUNC_ARG) {
- if (result != 0)
- ERROR_OUT(-6521, out);
- if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
- ERROR_OUT(-6522, out);
- result = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
- 0 /* inSz */, iv, sizeof(iv), t_empty2,
- sizeof(t_empty2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6523, out);
- }
- /* test empty message as zero-length string -- must work. */
- result = wc_AesCcmEncrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv,
- sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (result != 0)
- ERROR_OUT(-6524, out);
- if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
- ERROR_OUT(-6525, out);
- result = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (result != 0)
- ERROR_OUT(-6526, out);
- wc_AesFree(enc);
- ret = 0;
- out:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* HAVE_AESCCM WOLFSSL_AES_128 */
- #ifdef HAVE_AES_KEYWRAP
- #define MAX_KEYWRAP_TEST_OUTLEN 40
- #define MAX_KEYWRAP_TEST_PLAINLEN 32
- typedef struct keywrapVector {
- const byte* kek;
- const byte* data;
- const byte* verify;
- word32 kekLen;
- word32 dataLen;
- word32 verifyLen;
- } keywrapVector;
- WOLFSSL_TEST_SUBROUTINE int aeskeywrap_test(void)
- {
- int wrapSz, plainSz, testSz, i;
- /* test vectors from RFC 3394 (kek, data, verify) */
- #ifdef WOLFSSL_AES_128
- /* Wrap 128 bits of Key Data with a 128-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d1[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v1[] = {
- 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
- 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
- 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* Wrap 128 bits of Key Data with a 192-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d2[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v2[] = {
- 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
- 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
- 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 128 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d3[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v3[] = {
- 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
- 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
- 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
- };
- #endif
- #ifdef WOLFSSL_AES_192
- /* Wrap 192 bits of Key Data with a 192-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k4[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d4[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v4[] = {
- 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
- 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
- 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
- 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 192 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k5[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d5[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v5[] = {
- 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
- 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
- 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
- 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
- };
- /* Wrap 256 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k6[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d6[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v6[] = {
- 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
- 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
- 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
- 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
- 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
- };
- #endif /* WOLFSSL_AES_256 */
- byte output[MAX_KEYWRAP_TEST_OUTLEN];
- byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
- const keywrapVector test_wrap[] =
- {
- #ifdef WOLFSSL_AES_128
- {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
- {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
- #endif
- };
- testSz = sizeof(test_wrap) / sizeof(keywrapVector);
- XMEMSET(output, 0, sizeof(output));
- XMEMSET(plain, 0, sizeof(plain));
- for (i = 0; i < testSz; i++) {
- wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
- test_wrap[i].data, test_wrap[i].dataLen,
- output, sizeof(output), NULL);
- if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
- return -6600;
- if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
- return -6601;
- plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
- output, wrapSz,
- plain, sizeof(plain), NULL);
- if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
- return -6602;
- if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
- return -6603 - i;
- }
- return 0;
- }
- #endif /* HAVE_AES_KEYWRAP */
- #endif /* NO_AES */
- #ifdef HAVE_CAMELLIA
- enum {
- CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
- };
- typedef struct {
- int type;
- const byte* plaintext;
- const byte* iv;
- const byte* ciphertext;
- const byte* key;
- word32 keySz;
- int errorCode;
- } test_vector_t;
- WOLFSSL_TEST_SUBROUTINE int camellia_test(void)
- {
- /* Camellia ECB Test Plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte pte[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- /* Camellia ECB Test Initialization Vector */
- WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- /* Test 1: Camellia ECB 128-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
- {
- 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
- 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
- };
- /* Test 2: Camellia ECB 192-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
- {
- 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
- 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
- };
- /* Test 3: Camellia ECB 256-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
- {
- 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
- 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
- };
- /* Camellia CBC Test Plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte ptc[] =
- {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- /* Camellia CBC Test Initialization Vector */
- WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- /* Test 4: Camellia-CBC 128-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k4[] =
- {
- 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
- 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c4[] =
- {
- 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
- 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
- };
- /* Test 5: Camellia-CBC 192-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k5[] =
- {
- 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
- 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
- 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c5[] =
- {
- 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
- 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
- };
- /* Test 6: CBC 256-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k6[] =
- {
- 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
- 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
- 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
- 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c6[] =
- {
- 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
- 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
- };
- byte out[CAMELLIA_BLOCK_SIZE];
- Camellia cam;
- int i, testsSz, ret;
- WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
- {
- {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
- {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
- {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
- {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
- {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
- {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
- {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
- {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
- {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
- {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
- {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
- {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
- };
- testsSz = sizeof(testVectors)/sizeof(test_vector_t);
- for (i = 0; i < testsSz; i++) {
- if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
- testVectors[i].iv) != 0)
- return testVectors[i].errorCode;
- switch (testVectors[i].type) {
- case CAM_ECB_ENC:
- ret = wc_CamelliaEncryptDirect(&cam, out,
- testVectors[i].plaintext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_ECB_DEC:
- ret = wc_CamelliaDecryptDirect(&cam, out,
- testVectors[i].ciphertext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_ENC:
- ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_DEC:
- ret = wc_CamelliaCbcDecrypt(&cam, out,
- testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- default:
- break;
- }
- }
- /* Setting the IV and checking it was actually set. */
- ret = wc_CamelliaSetIV(&cam, ivc);
- if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE))
- return -6700;
- /* Setting the IV to NULL should be same as all zeros IV */
- if (wc_CamelliaSetIV(&cam, NULL) != 0 ||
- XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE))
- return -6701;
- /* First parameter should never be null */
- if (wc_CamelliaSetIV(NULL, NULL) == 0)
- return -6702;
- /* First parameter should never be null, check it fails */
- if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
- return -6703;
- /* Key should have a size of 16, 24, or 32 */
- if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
- return -6704;
- return 0;
- }
- #endif /* HAVE_CAMELLIA */
- #ifdef HAVE_XCHACHA
- WOLFSSL_TEST_SUBROUTINE int XChaCha_test(void) {
- int ret = -6830;
- WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
- 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
- 0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */
- 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */
- 0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */
- 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */
- 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */
- 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */
- 0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */
- 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */
- 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */
- 0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */
- 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */
- 0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */
- 0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */
- 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */
- 0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */
- 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */
- 0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */
- };
- WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */
- WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
- 0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f,
- 0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9,
- 0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa,
- 0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d,
- 0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a,
- 0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda,
- 0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31,
- 0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44,
- 0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b,
- 0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40,
- 0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e,
- 0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c,
- 0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41,
- 0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae,
- 0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa,
- 0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c,
- 0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20,
- 0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63,
- 0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
- byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
- ERROR_OUT(MEMORY_E, out);
- #else
- struct ChaCha chacha[1];
- byte buf1[sizeof Plaintext];
- byte buf2[sizeof Plaintext];
- #endif
- ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
- if (ret < 0)
- ERROR_OUT(-6831, out);
- ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext);
- if (ret < 0)
- ERROR_OUT(-6832, out);
- if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
- ERROR_OUT(-6833, out);
- ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
- if (ret < 0)
- ERROR_OUT(-6834, out);
- ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext);
- if (ret < 0)
- ERROR_OUT(-6835, out);
- if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
- ERROR_OUT(-6836, out);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (chacha)
- XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
- if (buf1)
- XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf2)
- XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_XCHACHA */
- #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
- WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void) {
- int ret;
- WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
- 0x74, 0x2e }; /* t. */
- WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
- WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
- WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
- 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
- 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
- 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
- 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
- 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
- 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
- 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
- 0xb5, 0x2e };
- WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
- 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((buf1 == NULL) || (buf2 == NULL))
- ERROR_OUT(-6480, out);
- #else
- byte buf1[sizeof Ciphertext + sizeof Tag];
- byte buf2[sizeof Plaintext];
- #endif
- ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
- Plaintext, sizeof Plaintext,
- AAD, sizeof AAD,
- IV, sizeof IV,
- Key, sizeof Key);
- if (ret < 0)
- ERROR_OUT(-6841, out);
- if (XMEMCMP(buf1, Ciphertext, sizeof Ciphertext))
- ERROR_OUT(-6842, out);
- if (XMEMCMP(buf1 + sizeof Ciphertext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
- ERROR_OUT(-6843, out);
- ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
- buf1, sizeof Ciphertext + sizeof Tag,
- AAD, sizeof AAD,
- IV, sizeof IV,
- Key, sizeof Key);
- if (ret < 0)
- ERROR_OUT(-6844, out);
- if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
- ERROR_OUT(-6845, out);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (buf1 != NULL)
- XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf2 != NULL)
- XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
- #ifndef WC_NO_RNG
- static int _rng_test(WC_RNG* rng, int errorOffset)
- {
- byte block[32];
- int ret, i;
- XMEMSET(block, 0, sizeof(block));
- ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
- if (ret != 0) {
- ret = -6850;
- goto exit;
- }
- /* Check for 0's */
- for (i=0; i<(int)sizeof(block); i++) {
- if (block[i] == 0) {
- ret++;
- }
- }
- /* All zeros count check */
- if (ret >= (int)sizeof(block)) {
- ret = -6851;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(rng, block);
- if (ret != 0) {
- ret = -6852;
- goto exit;
- }
- /* Parameter validation testing. */
- ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = -6853;
- goto exit;
- }
- ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = -6854;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(NULL, block);
- if (ret != BAD_FUNC_ARG) {
- ret = -6855;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(rng, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -6856;
- goto exit;
- }
- ret = 0;
- exit:
- if (ret != 0)
- ret += errorOffset;
- return ret;
- }
- static int random_rng_test(void)
- {
- WC_RNG localRng;
- WC_RNG* rng;
- int ret;
- rng = &localRng;
- /* Test stack based RNG. */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(rng);
- #endif
- if (ret != 0) return -6900;
- ret = _rng_test(rng, -6300);
- /* Make sure and free RNG */
- wc_FreeRng(rng);
- if (ret != 0) return ret;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
- {
- byte nonce[8] = { 0 };
- /* Test dynamic RNG. */
- rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
- if (rng == NULL) return -6901;
- ret = _rng_test(rng, -6310);
- wc_rng_free(rng);
- }
- #endif
- return ret;
- }
- #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- #ifdef WC_RNG_SEED_CB
- static int seed_cb(OS_Seed* os, byte* output, word32 sz)
- {
- word32 i;
- (void)os;
- /* Known answer test. Set the seed to the same value every time. */
- for (i = 0; i < sz; i++)
- output[i] = (byte)i;
- return 0;
- }
- static int rng_seed_test(void)
- {
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const byte check[] =
- {
- 0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
- 0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
- 0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
- 0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
- };
- #else
- /* FIPS uses a longer seed, so different check value. */
- WOLFSSL_SMALL_STACK_STATIC const byte check[] =
- {
- 0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
- 0xbd, 0xa5, 0xa3, 0x52, 0x69, 0xf3, 0xb9, 0xb2,
- 0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
- 0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
- };
- #endif
- byte output[WC_SHA256_DIGEST_SIZE];
- WC_RNG rng;
- int ret;
- ret = wc_SetSeed_Cb(seed_cb);
- if (ret != 0) {
- ret = -7007;
- goto exit;
- }
- ret = wc_InitRng(&rng);
- if (ret != 0) {
- ret = -7008;
- goto exit;
- }
- ret = wc_RNG_GenerateBlock(&rng, output, sizeof(output));
- if (ret != 0) {
- ret = -7009;
- goto exit;
- }
- ret = XMEMCMP(output, check, sizeof(output));
- if (ret != 0) {
- ret = -7010;
- goto exit;
- }
- ret = wc_FreeRng(&rng);
- if (ret != 0) {
- ret = -7011;
- goto exit;
- }
- ret = wc_SetSeed_Cb(wc_GenerateSeed);
- if (ret != 0) {
- ret = -7012;
- }
- exit:
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE int random_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
- {
- 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
- 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
- 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
- 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] =
- {
- 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
- 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
- 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
- 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
- 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
- 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
- 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
- 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
- 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
- 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
- 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] =
- {
- 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
- 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
- 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
- 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] =
- {
- 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
- 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
- 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] =
- {
- 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
- 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
- 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
- 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
- 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
- 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
- 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
- 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
- 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
- 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
- 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
- };
- byte output[WC_SHA256_DIGEST_SIZE * 4];
- int ret;
- ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
- output, sizeof(output));
- if (ret != 0)
- return -7000;
- if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
- return -7001;
- ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
- test2EntropyB, sizeof(test2EntropyB),
- output, sizeof(output));
- if (ret != 0)
- return -7002;
- if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
- return -7003;
- /* Basic RNG generate block test */
- if ((ret = random_rng_test()) != 0)
- return ret;
- /* Test the seed check function. */
- #if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- {
- word32 i, outputSz;
- /* Repeat the same byte over and over. Should fail. */
- outputSz = sizeof(output);
- XMEMSET(output, 1, outputSz);
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret == 0)
- return -7004;
- /* Every byte of the entropy scratch is different,
- * entropy is a single byte that shouldn't match. */
- outputSz = (sizeof(output) / 2) + 1;
- for (i = 0; i < outputSz; i++)
- output[i] = (byte)i;
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret != 0)
- return -7005;
- outputSz = sizeof(output);
- for (i = 0; i < outputSz; i++)
- output[i] = (byte)i;
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret != 0)
- return -7006;
- }
- #endif
- /* Test the seed callback. */
- #ifdef WC_RNG_SEED_CB
- if ((ret = rng_seed_test()) != 0)
- return ret;
- #endif
- return 0;
- }
- #else
- WOLFSSL_TEST_SUBROUTINE int random_test(void)
- {
- /* Basic RNG generate block test */
- return random_rng_test();
- }
- #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
- #endif /* WC_NO_RNG */
- #ifndef MEM_TEST_SZ
- #define MEM_TEST_SZ 1024
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
- static int simple_mem_test(int sz)
- {
- int ret = 0;
- byte* b;
- int i;
- b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- return -7110;
- }
- /* utilize memory */
- for (i = 0; i < sz; i++) {
- b[i] = (byte)i;
- }
- /* read back and verify */
- for (i = 0; i < sz; i++) {
- if (b[i] != (byte)i) {
- ret = -7111;
- break;
- }
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE int memory_test(void)
- {
- int ret = 0;
- #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
- int i;
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- word32 size[] = { WOLFMEM_BUCKETS };
- word32 dist[] = { WOLFMEM_DIST };
- byte buffer[30000]; /* make large enough to involve many bucket sizes */
- int pad = -(int)((wc_ptr_t)buffer) & (WOLFSSL_STATIC_ALIGN - 1);
- /* pad to account for if head of buffer is not at set memory
- * alignment when tests are ran */
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- /* check macro settings */
- if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
- return -7200;
- }
- if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
- return -7201;
- }
- for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
- if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
- /* each element in array should be divisible by alignment size */
- return -7202;
- }
- }
- for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) {
- if (size[i - 1] >= size[i]) {
- return -7203; /* sizes should be in increasing order */
- }
- }
- /* check that padding size returned is possible */
- if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
- return -7204; /* no room for wc_Memory struct */
- }
- if (wolfSSL_MemoryPaddingSz() < 0) {
- return -7205;
- }
- if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
- return -7206; /* not aligned! */
- }
- /* check function to return optimum buffer size (rounded down) */
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
- if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
- return -7207; /* not aligned! */
- }
- if (ret < 0) {
- return -7208;
- }
- if ((unsigned int)ret > sizeof(buffer)) {
- return -7209; /* did not round down as expected */
- }
- if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
- return -7210; /* return value changed when using suggested value */
- }
- ret = wolfSSL_MemoryPaddingSz();
- ret += pad; /* add space that is going to be needed if buffer not aligned */
- if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
- (ret + (int)size[0])) {
- return -7211; /* did not round down to nearest bucket value */
- }
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
- if ((ret - pad) < 0) {
- return -7212;
- }
- if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
- return -7213; /* not even chunks of memory for IO size */
- }
- if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
- return -7214; /* memory not aligned */
- }
- /* check for passing bad or unknown arguments to functions */
- if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
- return -7215;
- }
- if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
- return -7216; /* should round to 0 since struct + bucket will not fit */
- }
- (void)dist; /* avoid static analysis warning of variable not used */
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
- /* simple test */
- ret = simple_mem_test(MEM_TEST_SZ);
- if (ret != 0)
- return ret;
- #endif
- #ifdef COMPLEX_MEM_TEST
- /* test various size blocks */
- for (i = 1; i < MEM_TEST_SZ; i*=2) {
- ret = simple_mem_test(i);
- if (ret != 0)
- return ret;
- }
- #endif
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC)
- /* realloc test */
- {
- byte *c = NULL;
- byte *b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (b) {
- c = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (c)
- b = c;
- }
- if (b)
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((b == NULL) || (c == NULL)) {
- return -7217;
- }
- }
- #endif
- return ret;
- }
- #ifndef NO_FILESYSTEM
- /* Cert Paths */
- #ifdef FREESCALE_MQX
- #define CERT_PREFIX "a:\\"
- #define CERT_PATH_SEP "\\"
- #elif defined(WOLFSSL_uTKERNEL2)
- #define CERT_PREFIX "/uda/"
- #define CERT_PATH_SEP "/"
- #elif defined(_WIN32_WCE)
- #define CERT_PREFIX "\\windows\\"
- #define CERT_PATH_SEP "\\"
- #endif
- #ifndef CERT_PREFIX
- #define CERT_PREFIX "./"
- #endif
- #ifndef CERT_PATH_SEP
- #define CERT_PATH_SEP "/"
- #endif
- #ifndef CERT_WRITE_TEMP_DIR
- #define CERT_WRITE_TEMP_DIR CERT_PREFIX
- #endif
- #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
- /* Generated Test Certs */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #if !defined(NO_RSA) && !defined(NO_ASN)
- static const char* clientKey = CERT_ROOT "client-key.der";
- static const char* clientCert = CERT_ROOT "client-cert.der";
- #ifdef WOLFSSL_CERT_EXT
- static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
- #endif
- #endif /* !NO_RSA && !NO_ASN */
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- #if !defined(NO_RSA) && !defined(NO_ASN)
- #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7)
- static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
- #ifdef WOLFSSL_CERT_GEN
- static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
- #endif
- #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
- static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
- #endif
- #ifdef HAVE_PKCS7
- static const char* rsaServerCertDerFile =
- CERT_ROOT "server-cert.der";
- static const char* rsaServerKeyDerFile =
- CERT_ROOT "server-key.der";
- #endif
- #endif
- #endif /* !NO_RSA && !NO_ASN */
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #if !defined(NO_ASN) && !defined(NO_DH)
- static const char* dhParamsFile = CERT_ROOT "dh2048.der";
- #endif
- #endif
- #if !defined(NO_ASN) && !defined(NO_DH)
- #if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der";
- static const char* dhKeyPubFile = CERT_ROOT "statickeys/dh-ffdhe2048-pub.der";
- #endif
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- #ifndef NO_DSA
- static const char* dsaKey = CERT_ROOT "dsa2048.der";
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256)
- #ifdef HAVE_ECC
- /* cert files to be used in rsa cert gen test, check if RSA enabled */
- #ifdef HAVE_ECC_KEY_IMPORT
- static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
- #endif
- #endif
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
- #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
- #ifndef NO_RSA
- static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
- #endif
- static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
- static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- static const char* eccCaKey384File =
- CERT_ROOT "ca-ecc384-key.der";
- static const char* eccCaCert384File =
- CERT_ROOT "ca-ecc384-cert.pem";
- #endif
- #endif
- #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
- static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
- static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
- #endif
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd25519Cert =
- CERT_ROOT "ed25519/server-ed25519.der";
- static const char* caEd25519Cert =
- CERT_ROOT "ed25519/ca-ed25519.der";
- #endif
- #endif
- #ifdef HAVE_ED448
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd448Cert =
- CERT_ROOT "ed448/server-ed448.der";
- static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der";
- #endif
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- static const char* certExtNc =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nc.der";
- static const char* certExtIa =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-ia.der";
- static const char* certExtNct =
- CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nct.der";
- #endif
- #ifndef NO_WRITE_TEMP_FILES
- #ifdef HAVE_ECC
- #ifdef WOLFSSL_CERT_GEN
- static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
- static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
- static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
- static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
- #endif
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
- static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
- static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
- #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
- #endif
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- #ifdef WOLFSSL_CERT_GEN
- static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
- static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
- static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
- static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem";
- #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
- static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der";
- static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem";
- #endif
- #endif
- #endif /* !NO_RSA */
- #if !defined(NO_RSA) || !defined(NO_DSA)
- #ifdef WOLFSSL_KEY_GEN
- static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
- static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
- #endif
- #endif
- #endif /* !NO_WRITE_TEMP_FILES */
- #endif /* !NO_FILESYSTEM */
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- static CertName certDefaultName;
- static void initDefaultName(void)
- {
- #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
- NameAttrib* n;
- #endif
- XMEMCPY(certDefaultName.country, "US", sizeof("US"));
- certDefaultName.countryEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
- certDefaultName.stateEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.street, "Main St", sizeof("Main St"));
- certDefaultName.streetEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
- certDefaultName.localityEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
- certDefaultName.surEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
- certDefaultName.orgEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
- certDefaultName.unitEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
- certDefaultName.commonNameEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
- certDefaultName.serialDevEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.postalCode, "12-456", sizeof("12-456"));
- certDefaultName.postalCodeEnc = CTC_PRINTABLE;
- #ifdef WOLFSSL_CERT_EXT
- XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
- certDefaultName.busCatEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.joiSt, "US", sizeof("US"));
- certDefaultName.joiStEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.joiC, "Oregon", sizeof("Oregon"));
- certDefaultName.joiCEnc = CTC_PRINTABLE;
- #endif
- XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
- XMEMCPY(certDefaultName.userId, "TestUserID", sizeof("TestUserID"));
- certDefaultName.userIdEnc = CTC_PRINTABLE;
- #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
- /* test having additional OUs and setting DC */
- n = &certDefaultName.name[0];
- n->id = ASN_ORGUNIT_NAME;
- n->type = CTC_UTF8;
- n->sz = sizeof("Development-2");
- XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
- #if CTC_MAX_ATTRIB > 3
- n = &certDefaultName.name[1];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("com");
- XMEMCPY(n->value, "com", sizeof("com"));
- n = &certDefaultName.name[2];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("wolfssl");
- XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
- #endif
- #endif /* WOLFSSL_MULTI_ATTRIB && WOLFSSL_TEST_CERT */
- #ifdef WOLFSSL_CUSTOM_OID
- /* TODO: Add test case for custom OID's */
- #endif
- }
- #ifdef WOLFSSL_CERT_EXT
- #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
- defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC)
- WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
- "digitalSignature,nonRepudiation";
- #endif
- #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
- WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
- "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
- #endif
- #endif /* WOLFSSL_CERT_EXT */
- #endif /* WOLFSSL_CERT_GEN */
- #ifndef NO_RSA
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- static byte minSerial[] = { 0x02, 0x01, 0x01 };
- static byte minName[] = { 0x30, 0x00 };
- static byte nameBad[] = {
- 0x30, 0x08,
- 0x31, 0x06,
- 0x30, 0x04,
- 0x06, 0x02,
- 0x55, 0x04,
- };
- static byte minDates[] = {
- 0x30, 0x1e,
- 0x17, 0x0d,
- 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
- 0x32, 0x33, 0x31, 0x30, 0x5a,
- 0x17, 0x0d,
- 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
- 0x32, 0x33, 0x31, 0x30, 0x5a
- };
- static byte minPubKey[] = {
- 0x30, 0x1c,
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01,
- 0x05, 0x00,
- 0x03, 0x0b,
- 0x00, 0x30, 0x08,
- 0x02, 0x01,
- 0x03,
- 0x02, 0x03,
- 0x01, 0x00, 0x01
- };
- static byte minSigAlg[] = {
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x0b,
- 0x05, 0x00
- };
- static byte minSig[] = {
- 0x03, 0x01,
- 0x00
- };
- static int add_seq(byte* certData, int offset, byte* data, byte length)
- {
- XMEMMOVE(certData + offset + 2, data, length);
- certData[offset++] = 0x30;
- certData[offset++] = length;
- return offset + length;
- }
- static int add_data(byte* certData, int offset, byte* data, byte length)
- {
- XMEMCPY(certData + offset, data, length);
- return offset + length;
- }
- static int cert_asn1_test(void)
- {
- int ret;
- int len[3];
- DecodedCert cert;
- byte certData[114];
- byte* badCert = NULL;
- len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
- len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
- len[1] = add_seq(certData, 0, certData, len[2]);
- len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
- len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
- len[0] = add_seq(certData, 0, certData, len[1]);
- /* Minimal good certificate */
- InitDecodedCert(&cert, certData, len[0], 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != 0) {
- ERROR_OUT(-7300, done);
- }
- /* Bad issuer name */
- len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
- len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
- len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
- len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
- len[1] = add_seq(certData, 0, certData, len[2]);
- len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
- len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
- len[0] = add_seq(certData, 0, certData, len[1]);
- /* Put data into allocated buffer to allow access error checking. */
- badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XMEMCPY(badCert, certData, len[0]);
- InitDecodedCert(&cert, badCert, len[0], 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != ASN_PARSE_E) {
- ERROR_OUT(-7301, done);
- }
- XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- badCert = NULL;
- ret = 0;
- done:
- if (badCert != NULL)
- XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int cert_test(void)
- {
- #if !defined(NO_FILESYSTEM)
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- XFILE file;
- int ret;
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return -7400;
- /* Certificate with Name Constraints extension. */
- file = XFOPEN(certExtNc, "rb");
- if (!file) {
- ERROR_OUT(-7401, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-7402, done);
- }
- FreeDecodedCert(&cert);
- /* Certificate with Inhibit Any Policy extension. */
- file = XFOPEN(certExtIa, "rb");
- if (!file) {
- ERROR_OUT(-7403, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-7404, done);
- }
- FreeDecodedCert(&cert);
- /* Certificate with Netscape Certificate Type extension. */
- file = XFOPEN(certExtNct, "rb");
- if (!file) {
- ERROR_OUT(-7405, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- if (ret != 0) {
- ERROR_OUT(-7406, done);
- }
- #else
- if (ret != ASN_CRIT_EXT_E) {
- ERROR_OUT(-7407, done);
- }
- ret = 0;
- #endif
- done:
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* !NO_FILESYSTEM */
- if (ret == 0)
- ret = cert_asn1_test();
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE int certext_test(void)
- {
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- XFILE file;
- int ret;
- /* created from rsa_test : othercert.der */
- byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- /* created from rsa_test : othercert.der */
- byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
- "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
- #ifdef HAVE_ECC
- /* created from ecc_test_cert_gen : certecc.der */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Authority key id from ./certs/ca-ecc384-cert.pem */
- byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
- "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
- #else
- /* Authority key id from ./certs/ca-ecc-cert.pem */
- byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
- "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
- #endif
- #endif /* HAVE_ECC */
- /* created from rsa_test : cert.der */
- byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return -7500;
- /* load othercert.der (Cert signed by an authority) */
- file = XFOPEN(otherCertDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -7501;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -7502;
- /* check the SKID from a RSA certificate */
- if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return -7503;
- /* check the AKID from an RSA certificate */
- if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -7504;
- /* check the Key Usage from an RSA certificate */
- if (!cert.extKeyUsageSet)
- return -7505;
- if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
- return -7506;
- /* check the CA Basic Constraints from an RSA certificate */
- if (cert.isCA)
- return -7507;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 1)
- return -7508;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return -7509;
- #endif
- FreeDecodedCert(&cert);
- #ifdef HAVE_ECC
- /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
- file = XFOPEN(certEccDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -7510;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -7511;
- /* check the SKID from a ECC certificate - generated dynamically */
- /* check the AKID from an ECC certificate */
- if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -7512;
- /* check the Key Usage from an ECC certificate */
- if (!cert.extKeyUsageSet)
- return -7513;
- if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
- return -7514;
- /* check the CA Basic Constraints from an ECC certificate */
- if (cert.isCA)
- return -7515;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return -7516;
- if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
- return -7517;
- if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
- return -7518;
- #endif
- FreeDecodedCert(&cert);
- #endif /* HAVE_ECC */
- /* load cert.der (self signed certificate) */
- file = XFOPEN(certDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -7519;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -7520;
- /* check the SKID from a CA certificate */
- if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return -7521;
- /* check the AKID from an CA certificate */
- if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -7522;
- /* check the Key Usage from CA certificate */
- if (!cert.extKeyUsageSet)
- return -7523;
- if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
- return -7524;
- /* check the CA Basic Constraints CA certificate */
- if (!cert.isCA)
- return -7525;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return -7526;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return -7527;
- if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
- return -7528;
- #endif
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
- #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT &&
- !NO_FILESYSTEM && WOLFSSL_CERT_GEN */
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void)
- {
- int ret = 0;
- Cert cert;
- FILE* file;
- byte* der;
- word32 derSz;
- derSz = FOURK_BUF;
- der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- ret = -7600;
- if (ret == 0) {
- /* load cert.der */
- file = XFOPEN(certDerFile, "rb");
- if (file != NULL) {
- derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- }
- else
- ret = -7601;
- }
- if (ret == 0) {
- if (wc_InitCert_ex(&cert, HEAP_HINT, devId)) {
- ret = -7602;
- }
- }
- if (ret == 0) {
- ret = wc_SetSubjectBuffer(&cert, der, derSz);
- }
- if (ret == 0) {
- if(wc_SetSubjectBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7603;
- }
- if (ret == 0) {
- if (wc_SetSubjectRaw(&cert, der, derSz) != 0)
- ret = -7604;
- }
- if (ret == 0) {
- if(wc_SetSubjectRaw(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7605;
- }
- if (ret == 0) {
- if(wc_SetIssuerBuffer(&cert, der, derSz) != 0)
- ret = -7606;
- }
- if (ret == 0) {
- if(wc_SetIssuerBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7607;
- }
- if (ret == 0) {
- if(wc_SetIssuerRaw(&cert, der, derSz) != 0)
- ret = -7608;
- }
- if (ret == 0) {
- if(wc_SetIssuerRaw(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7609;
- }
- #ifdef WOLFSSL_ALT_NAMES
- if (ret == 0) {
- if(wc_SetAltNamesBuffer(&cert, der, derSz) != 0)
- ret = -7610;
- }
- if (ret == 0) {
- if(wc_SetAltNamesBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7611;
- }
- if (ret == 0) {
- if(wc_SetDatesBuffer(&cert, der, derSz) != 0)
- ret = -7612;
- }
- if (ret == 0) {
- if(wc_SetDatesBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7613;
- }
- #endif
- if (ret == 0) {
- if(wc_SetAuthKeyIdFromCert(&cert, der, derSz) != 0)
- ret = -7614;
- }
- if (ret == 0) {
- if(wc_SetAuthKeyIdFromCert(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7615;
- }
- wc_SetCert_Free(&cert);
- if (ret == 0) {
- if(cert.decodedCert != NULL)
- ret = -7616;
- }
- XFREE(der, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
- #define RSA_TEST_BYTES 512 /* up to 4096-bit key */
- #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static int rsa_flatten_test(RsaKey* key)
- {
- int ret;
- byte e[RSA_TEST_BYTES];
- byte n[RSA_TEST_BYTES];
- word32 eSz = sizeof(e);
- word32 nSz = sizeof(n);
- /* Parameter Validation testing. */
- ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7620;
- ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7621;
- ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7622;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7623;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7624;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != 0)
- return -7625;
- eSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #elif defined(HAVE_FIPS) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
- if (ret != 0)
- #else
- if (ret != RSA_BUFFER_E)
- #endif
- return -7626;
- eSz = sizeof(e);
- nSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != RSA_BUFFER_E)
- #endif
- return -7627;
- return 0;
- }
- #endif /* NO_ASN */
- #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
- && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static int rsa_export_key_test(RsaKey* key)
- {
- int ret;
- byte e[3];
- word32 eSz = sizeof(e);
- byte n[RSA_TEST_BYTES];
- word32 nSz = sizeof(n);
- byte d[RSA_TEST_BYTES];
- word32 dSz = sizeof(d);
- byte p[RSA_TEST_BYTES/2];
- word32 pSz = sizeof(p);
- byte q[RSA_TEST_BYTES/2];
- word32 qSz = sizeof(q);
- word32 zero = 0;
- ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7630;
- ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7631;
- ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7632;
- ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7633;
- ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7634;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7635;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7636;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7637;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7638;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7639;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
- if (ret != BAD_FUNC_ARG)
- return -7640;
- ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -7641;
- ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -7642;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -7643;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -7644;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
- if (ret != RSA_BUFFER_E)
- return -7645;
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != 0)
- return -7646;
- return 0;
- }
- #endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
- #ifndef NO_SIG_WRAPPER
- static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
- {
- int ret;
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
- WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20,
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[RSA_TEST_BYTES];
- /* Parameter Validation testing. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7650;
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
- if (ret != BAD_FUNC_ARG)
- return -7651;
- sigSz = (word32)modLen;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7652;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7653;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7654;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, NULL, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7655;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, NULL, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7656;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, 0, rng);
- if (ret != BAD_FUNC_ARG)
- return -7657;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, NULL);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
- /* blinding / rng handled with hardware acceleration */
- if (ret != 0)
- #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- /* async may not require RNG */
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- if (ret != NO_VALID_DEVID)
- #else
- if (ret != 0 && ret != MISSING_RNG_E)
- #endif
- #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
- /* FIPS140 implementation does not do blinding */
- if (ret != 0)
- #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
- if (ret != SIG_TYPE_E)
- #elif defined(WOLFSSL_CRYPTOCELL)
- /* RNG is handled with the cryptocell */
- if (ret != 0)
- #else
- if (ret != MISSING_RNG_E)
- #endif
- return -7658;
- sigSz = 0;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7659;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7660;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7661;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7662;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, 0, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7663;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, NULL, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7664;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, 0);
- if (ret != BAD_FUNC_ARG)
- return -7665;
- #ifndef HAVE_ECC
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
- if (ret != SIG_TYPE_E)
- return -7666;
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- return 0;
- #endif
- /* Use APIs. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
- if (ret != modLen)
- return -7667;
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
- if (ret != modLen)
- return -7668;
- sigSz = (word32)ret;
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- XMEMSET(out, 0, sizeof(out));
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -7669;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -7670;
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -7671;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -7672;
- /* Wrong signature type. */
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret == 0)
- return -7673;
- /* check hash functions */
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -7674;
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -7675;
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -7676;
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -7677;
- #else
- (void)hash;
- (void)hashEnc;
- #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
- return 0;
- }
- #endif /* !NO_SIG_WRAPPER */
- #ifdef WC_RSA_NONBLOCK
- static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
- word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng)
- {
- int ret = 0, count;
- int signSz = 0;
- RsaNb nb;
- byte* inlinePlain = NULL;
- /* Enable non-blocking RSA mode - provide context */
- ret = wc_RsaSetNonBlock(key, &nb);
- if (ret != 0)
- return ret;
- #ifdef WC_RSA_NONBLOCK_TIME
- /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */
- ret = wc_RsaSetNonBlockTime(key, 8, 3100);
- if (ret != 0)
- return ret;
- #endif
- count = 0;
- do {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #ifdef DEBUG_WOLFSSL
- printf("RSA non-block sign: %d times\n", count);
- #endif
- signSz = ret;
- /* Test non-blocking verify */
- XMEMSET(plain, 0, plainSz);
- count = 0;
- do {
- ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #ifdef DEBUG_WOLFSSL
- printf("RSA non-block verify: %d times\n", count);
- #endif
- if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) {
- return SIG_VERIFY_E;
- }
- /* Test inline non-blocking verify */
- count = 0;
- do {
- ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #ifdef DEBUG_WOLFSSL
- printf("RSA non-block inline verify: %d times\n", count);
- #endif
- if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) {
- return SIG_VERIFY_E;
- }
- /* Disabling non-block RSA mode */
- ret = wc_RsaSetNonBlock(key, NULL);
- (void)count;
- return 0;
- }
- #endif
- #if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
- static int rsa_decode_test(RsaKey* keyPub)
- {
- int ret;
- word32 inSz;
- word32 inOutIdx;
- WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 };
- WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
- 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
- 0x30, 0x1a, 0x30, 0x18,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
- 0x30, 0x1b, 0x30, 0x19,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
- 0x30, 0x18, 0x30, 0x16,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
- 0x30, 0x16, 0x30, 0x14,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
- 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
- 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
- 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
- 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
- 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
- 0x30, 0x17, 0x30, 0x15,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7690;
- /* Parameter Validation testing. */
- ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = -7691;
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = -7692;
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -7693;
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
- #if !defined(WOLFSSL_SP_MATH) & !defined(WOLFSSL_SP_MATH_ALL)
- if (ret != 0) {
- #else
- if (ret != ASN_GETINT_E) {
- #endif
- ret = -7694;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7695;
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
- #if !defined(WOLFSSL_SP_MATH) & !defined(WOLFSSL_SP_MATH_ALL)
- if (ret != 0) {
- #else
- if (ret != ASN_GETINT_E) {
- #endif
- ret = -7696;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7697;
- /* Use API. */
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
- if (ret != 0) {
- ret = -7698;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7699;
- /* Parameter Validation testing. */
- inSz = sizeof(good);
- ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -7700;
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -7701;
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -7702;
- goto done;
- }
- /* Use good data and offset to bad data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7703;
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7704;
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId);
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- #ifndef WOLFSSL_NO_DECODE_EXTRA
- if (ret != ASN_PARSE_E)
- #else
- if (ret != ASN_RSA_KEY_E)
- #endif
- {
- ret = -7705;
- goto done;
- }
- /* Try different bad data. */
- inSz = sizeof(badAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = -7706;
- goto done;
- }
- inSz = sizeof(badNotBitString);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
- if (ret != ASN_BITSTR_E) {
- ret = -7707;
- goto done;
- }
- inSz = sizeof(badBitStringLen);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7708;
- goto done;
- }
- inSz = sizeof(badNoSeq);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7709;
- goto done;
- }
- inSz = sizeof(badNoObj);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
- ret = -7710;
- goto done;
- }
- inSz = sizeof(badIntN);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
- ret = -7711;
- goto done;
- }
- inSz = sizeof(badNotIntE);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
- ret = -7712;
- goto done;
- }
- /* TODO: Shouldn't pass as the sequence length is too small. */
- inSz = sizeof(badLength);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
- #ifndef WOLFSSL_ASN_TEMPLATE
- if (ret != 0)
- #else
- if (ret != ASN_PARSE_E)
- #endif
- {
- ret = -7713;
- goto done;
- }
- /* TODO: Shouldn't ignore object id's data. */
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7714;
- inSz = sizeof(badBitStrNoZero);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
- ret = -7715;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7716;
- /* Valid data cases. */
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -7717;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -7718;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7719;
- inSz = sizeof(goodAlgId);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -7720;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -7721;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7722;
- inSz = sizeof(goodAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -7723;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -7724;
- goto done;
- }
- done:
- wc_FreeRsaKey(keyPub);
- return ret;
- }
- #endif
- #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
- /* Need to create known good signatures to test with this. */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
- {
- byte digest[WC_MAX_DIGEST_SIZE];
- int ret = 0;
- const char inStr[] = TEST_STRING;
- word32 inLen = (word32)TEST_STRING_SZ;
- word32 outSz;
- word32 plainSz;
- word32 digestSz;
- int i, j;
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- int k, l;
- #endif
- int len;
- byte* plain;
- int mgf[] = {
- #ifndef NO_SHA
- WC_MGF1SHA1,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_MGF1SHA224,
- #endif
- WC_MGF1SHA256,
- #ifdef WOLFSSL_SHA384
- WC_MGF1SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_MGF1SHA512
- #endif
- };
- enum wc_HashType hash[] = {
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- WC_HASH_TYPE_SHA256,
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- };
- WC_DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || sig == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa_pss);
- #endif
- XMEMCPY(in, inStr, inLen);
- /* Test all combinations of hash and MGF. */
- for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
- /* Calculate hash of message. */
- ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
- if (ret != 0)
- ERROR_OUT(-7730, exit_rsa_pss);
- digestSz = wc_HashGetDigestSize(hash[j]);
- for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
- hash[j], mgf[i], -1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7731, exit_rsa_pss);
- outSz = ret;
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
- mgf[i], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7732, exit_rsa_pss);
- plainSz = ret;
- TEST_SLEEP();
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz,
- hash[j], -1, wc_RsaEncryptSize(key)*8, HEAP_HINT);
- #endif
- if (ret != 0)
- ERROR_OUT(-7733, exit_rsa_pss);
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
- for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
- if (i == k && j == l)
- continue;
- XMEMCPY(sig, out, outSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
- (byte**)&plain, hash[l], mgf[k], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret >= 0)
- ERROR_OUT(-7734, exit_rsa_pss);
- }
- }
- #endif
- }
- }
- /* Test that a salt length of zero works. */
- digestSz = wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], 0, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7735, exit_rsa_pss);
- outSz = ret;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7736, exit_rsa_pss);
- plainSz = ret;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, sig, plainSz,
- hash[0], 0, 0, HEAP_HINT);
- #endif
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-7737, exit_rsa_pss);
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7738, exit_rsa_pss);
- plainSz = ret;
- TEST_SLEEP();
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], 0);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], 0, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- 0, 0, HEAP_HINT);
- #endif
- if (ret != 0)
- ERROR_OUT(-7739, exit_rsa_pss);
- /* Test bad salt lengths in various APIs. */
- digestSz = wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- len = -2;
- #else
- len = -3;
- #endif
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], len, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7740, exit_rsa_pss);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], digestSz + 1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7741, exit_rsa_pss);
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
- mgf[0], -2, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7742, exit_rsa_pss);
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- digestSz + 1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7743, exit_rsa_pss);
- TEST_SLEEP();
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- len = -2;
- #else
- len = -3;
- #endif
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- len, 0, HEAP_HINT);
- #endif
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7744, exit_rsa_pss);
- #ifndef WOLFSSL_PSS_LONG_SALT
- len = digestSz + 1;
- #else
- len = plainSz - digestSz - 1;
- #endif
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len);
- #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[0], len, 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
- len, 0, HEAP_HINT);
- #endif
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7745, exit_rsa_pss);
- ret = 0;
- exit_rsa_pss:
- WC_FREE_VAR(sig, HEAP_HINT);
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- return ret;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */
- #endif
- #ifdef WC_RSA_NO_PADDING
- WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void)
- {
- WC_RNG rng;
- byte* tmp = NULL;
- size_t bytes;
- int ret;
- word32 inLen = 0;
- word32 idx = 0;
- word32 outSz = RSA_TEST_BYTES;
- word32 plainSz = RSA_TEST_BYTES;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- WC_DECLARE_VAR(key, RsaKey, 1, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (key == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
- #endif
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(key, 0, sizeof(RsaKey));
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- ERROR_OUT(-7800, exit_rsa_nopadding);
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open clientKey, Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7801, exit_rsa_nopadding);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No key to use. */
- ERROR_OUT(-7802, exit_rsa_nopadding);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7803, exit_rsa_nopadding);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_nopadding);
- }
- /* after loading in key use tmp as the test buffer */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7805, exit_rsa_nopadding);
- }
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- inLen = wc_RsaEncryptSize(key);
- outSz = inLen;
- plainSz = inLen;
- XMEMSET(tmp, 7, inLen);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
- RSA_PRIVATE_ENCRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(-7806, exit_rsa_nopadding);
- }
- /* encrypted result should not be the same as input */
- if (XMEMCMP(out, tmp, inLen) == 0) {
- ERROR_OUT(-7807, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- /* decrypt with public key and compare result */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
- RSA_PUBLIC_DECRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(-7808, exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(-7809, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(NULL, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7810, exit_rsa_nopadding);
- }
- ret = wc_RsaSetRNG(key, &rng);
- if (ret < 0) {
- ERROR_OUT(-7811, exit_rsa_nopadding);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, key, &rng,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7812, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, key,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7813, exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(-7814, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* test some bad arguments */
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7815, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7816, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != LENGTH_ONLY_E || plainSz != inLen) {
- ERROR_OUT(-7817, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
- RSA_PUBLIC_DECRYPT, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7818, exit_rsa_nopadding);
- }
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_nopadding:
- wc_FreeRsaKey(key);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WC_FREE_VAR(key, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WC_RSA_NO_PADDING */
- #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
- static int rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
- {
- byte* tmp = NULL;
- size_t bytes;
- int ret;
- word32 inLen = 0;
- #ifndef NO_ASN
- word32 idx = 0;
- #endif
- word32 outSz = RSA_TEST_BYTES;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- word32 plainSz = RSA_TEST_BYTES;
- #endif
- #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \
- !defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (out == NULL
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- || plain == NULL
- #endif
- ) {
- ERROR_OUT(MEMORY_E, exit_rsa_even_mod);
- }
- #endif
- #if defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- ERROR_OUT(-7800, exit_rsa_even_mod);
- }
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7801, exit_rsa_even_mod);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No key to use. */
- ERROR_OUT(-7802, exit_rsa_even_mod);
- #endif /* USE_CERT_BUFFERS */
- #ifndef NO_ASN
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_even_mod);
- }
- #else
- #ifdef USE_CERT_BUFFERS_2048
- ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_even_mod);
- }
- ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_even_mod);
- }
- #ifndef NO_SIG_WRAPPER
- modLen = 2048;
- #endif
- #else
- #error Not supported yet!
- #endif
- #endif
- key->n.dp[0] &= (mp_digit)-2;
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_even_mod);
- }
- /* after loading in key use tmp as the test buffer */
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
- /* The ARM64_ASM code that was FIPS validated did not return these expected
- * failure codes. These tests cases were added after the assembly was
- * in-lined in the module and validated, these tests will be available in
- * the 140-3 module */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- inLen = 32;
- outSz = wc_RsaEncryptSize(key);
- XMEMSET(tmp, 7, plainSz);
- ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
- ERROR_OUT(-7806, exit_rsa_even_mod);
- }
- ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(-7808, exit_rsa_even_mod);
- }
- #endif
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(key, rng);
- if (ret < 0) {
- ERROR_OUT(-7811, exit_rsa_even_mod);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(-7812, exit_rsa_even_mod);
- }
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
- ERROR_OUT(-7813, exit_rsa_even_mod);
- }
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_even_mod:
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- WC_FREE_VAR(out, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- WC_FREE_VAR(plain, HEAP_HINT);
- #endif
- (void)out;
- (void)outSz;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- (void)plain;
- (void)plainSz;
- #endif
- (void)inLen;
- (void)rng;
- return ret;
- }
- #endif /* WOLFSSL_HAVE_SP_RSA */
- #ifdef WOLFSSL_CERT_GEN
- static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
- {
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- RsaKey caKey[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- #endif
- byte* der = NULL;
- int ret;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE file3;
- #endif
- #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
- struct tm beforeTime;
- struct tm afterTime;
- #endif
- const byte mySerial[8] = {1,2,3,4,5,6,7,8};
- (void)keypub;
- #ifdef WOLFSSL_SMALL_STACK
- if (caKey == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #ifdef WOLFSSL_TEST_CERT
- if (decode == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #endif
- XMEMSET(caKey, 0, sizeof *caKey);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7820, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(-7821, exit_rsa);
- }
- /* self signed */
- if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
- ERROR_OUT(-7822, exit_rsa);
- }
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
- myCert->serialSz = (int)sizeof(mySerial);
- myCert->isCA = 1;
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
- ERROR_OUT(-7823, exit_rsa);
- }
- /* add AKID from the Public Key */
- if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
- ERROR_OUT(-7824, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) {
- ERROR_OUT(-7825, exit_rsa);
- }
- #ifdef WOLFSSL_EKU_OID
- {
- const char unique[] = "2.16.840.1.111111.100.1.10.1";
- if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
- HEAP_HINT) != 0) {
- ERROR_OUT(-7826, exit_rsa);
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7827, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(-7828, exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
- CERT_TYPE, -5578);
- if (ret != 0) {
- goto exit_rsa;
- }
- /* Setup Certificate */
- if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
- ERROR_OUT(-7829, exit_rsa);
- }
- #ifdef WOLFSSL_ALT_NAMES
- /* Get CA Cert for testing */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- bytes3 = sizeof_ca_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- bytes3 = sizeof_ca_cert_der_2048;
- #else
- file3 = XFOPEN(rsaCaCertDerFile, "rb");
- if (!file3) {
- ERROR_OUT(-7830, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- #endif /* USE_CERT_BUFFERS */
- #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
- !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
- ret = wc_SetAltNames(myCert, rsaCaCertFile);
- if (ret != 0) {
- ERROR_OUT(-7831, exit_rsa);
- }
- #endif
- /* get alt names from der */
- ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7832, exit_rsa);
- }
- /* get dates from der */
- ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7833, exit_rsa);
- }
- #ifndef NO_ASN_TIME
- ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
- if (ret < 0) {
- ERROR_OUT(-7834, exit_rsa);
- }
- #endif
- #endif /* WOLFSSL_ALT_NAMES */
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = XFOPEN(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(-7835, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7836, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7837, exit_rsa);
- }
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb =1;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) {
- ERROR_OUT(-7838, exit_rsa);
- }
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7839, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) {
- ERROR_OUT(-7840, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0) {
- ERROR_OUT(-7841, exit_rsa);
- }
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
- if (certSz < 0) {
- ERROR_OUT(-7842, exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
- caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7843, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(-7844, exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
- CERT_TYPE, -5598);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- #ifdef WOLFSSL_SMALL_STACK
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(caKey);
- #endif
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- #if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
- /* Make Cert / Sign example for ECC cert and RSA CA */
- static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
- {
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- RsaKey caKey[1];
- ecc_key caEccKey[1];
- ecc_key caEccKeyPub[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- #endif
- byte* der = NULL;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
- || !defined(USE_CERT_BUFFERS_256)
- XFILE file3;
- #endif
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL)
- #ifdef WOLFSSL_TEST_CERT
- || (decode == NULL)
- #endif
- )
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMSET(caKey, 0, sizeof *caKey);
- XMEMSET(caEccKey, 0, sizeof *caEccKey);
- XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7850, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(-7851, exit_rsa);
- }
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = XFOPEN(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(-7852, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7853, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7854, exit_rsa);
- }
- /* Get Cert Key */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
- bytes3 = sizeof_ecc_key_pub_der_256;
- #else
- file3 = XFOPEN(eccKeyPubFileDer, "rb");
- if (!file3) {
- ERROR_OUT(-7855, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- #endif
- ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7856, exit_rsa);
- }
- idx3 = 0;
- ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7857, exit_rsa);
- }
- /* Setup Certificate */
- if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
- ERROR_OUT(-7858, exit_rsa);
- }
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub) != 0) {
- ERROR_OUT(-7859, exit_rsa);
- }
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7860, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
- ERROR_OUT(-7861, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0) {
- ERROR_OUT(-7862, exit_rsa);
- }
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng);
- if (certSz < 0) {
- ERROR_OUT(-7863, exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7864, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, 0);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(-7865, exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
- CERT_TYPE, -5616);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- #ifdef WOLFSSL_SMALL_STACK
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (caEccKey != NULL) {
- wc_ecc_free(caEccKey);
- XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (caEccKeyPub != NULL) {
- wc_ecc_free(caEccKeyPub);
- XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(caKey);
- wc_ecc_free(caEccKey);
- wc_ecc_free(caEccKeyPub);
- #endif
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- myCert = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- if (ret >= 0)
- ret = 0;
- return ret;
- }
- #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
- #ifdef WOLFSSL_KEY_GEN
- static int rsa_keygen_test(WC_RNG* rng)
- {
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey genKey[1];
- #endif
- int ret;
- byte* der = NULL;
- #ifndef WOLFSSL_CRYPTOCELL
- word32 idx = 0;
- #endif
- int derSz = 0;
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
- int keySz = 1024;
- #else
- int keySz = 2048;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (! genKey)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMSET(genKey, 0, sizeof *genKey);
- ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7870, exit_rsa);
- }
- #ifdef HAVE_FIPS
- for (;;) {
- #endif
- ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #ifdef HAVE_FIPS
- if (ret == PRIME_GEN_E)
- continue;
- break;
- }
- #endif
- if (ret != 0) {
- ERROR_OUT(-7871, exit_rsa);
- }
- TEST_SLEEP();
- #ifdef WOLFSSL_RSA_KEY_CHECK
- ret = wc_CheckRsaKey(genKey);
- if (ret != 0) {
- ERROR_OUT(-7872, exit_rsa);
- }
- #endif
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7873, exit_rsa);
- }
- derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
- if (derSz < 0) {
- ERROR_OUT(-7874, exit_rsa);
- }
- ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
- PRIVATEKEY_TYPE, -5555);
- if (ret != 0) {
- goto exit_rsa;
- }
- wc_FreeRsaKey(genKey);
- ret = wc_InitRsaKey(genKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7875, exit_rsa);
- }
- #ifndef WOLFSSL_CRYPTOCELL
- idx = 0;
- /* The private key part of the key gen pairs from cryptocell can't be exported */
- ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
- if (ret != 0) {
- ERROR_OUT(-7876, exit_rsa);
- }
- #endif /* WOLFSSL_CRYPTOCELL */
- exit_rsa:
- #ifdef WOLFSSL_SMALL_STACK
- if (genKey) {
- wc_FreeRsaKey(genKey);
- XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeRsaKey(genKey);
- #endif
- if (der != NULL) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- return ret;
- }
- #endif
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
- !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- static int rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
- {
- int ret = 0;
- word32 idx = 0;
- const char inStr[] = TEST_STRING;
- const word32 inLen = (word32)TEST_STRING_SZ;
- const word32 outSz = RSA_TEST_BYTES;
- const word32 plainSz = RSA_TEST_BYTES;
- byte* res = NULL;
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMCPY(in, inStr, inLen);
- #ifndef NO_SHA
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7918, exit_rsa);
- }
- TEST_SLEEP();
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7919, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7920, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* NO_SHA */
- #endif
- #ifndef NO_SHA256
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7921, exit_rsa);
- }
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7922, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7923, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7924, exit_rsa);
- }
- if (ret != (int)inLen) {
- ERROR_OUT(-7925, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(-7926, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* check fails if not using the same optional label */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7927, exit_rsa);
- }
- TEST_SLEEP();
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_CRYPTOCELL)
- /* label is unused in cryptocell so it won't detect decrypt error due to label */
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* in this case decrypt should fail */
- ERROR_OUT(-7928, exit_rsa);
- }
- ret = 0;
- TEST_SLEEP();
- #endif /* !HAVE_CAVIUM */
- /* check using optional label with encrypt/decrypt */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7929, exit_rsa);
- }
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7930, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7931, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #ifndef NO_SHA
- /* check fail using mismatch hash algorithms */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7932, exit_rsa);
- }
- TEST_SLEEP();
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_CRYPTOCELL)
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
- in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* should fail */
- ERROR_OUT(-7933, exit_rsa);
- }
- ret = 0;
- TEST_SLEEP();
- #endif /* !HAVE_CAVIUM */
- #endif /* NO_SHA */
- #endif /* NO_SHA256 */
- #ifdef WOLFSSL_SHA512
- /* Check valid RSA key size is used while using hash length of SHA512
- If key size is less than (hash length * 2) + 2 then is invalid use
- and test, since OAEP padding requires this.
- BAD_FUNC_ARG is returned when this case is not met */
- if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7934, exit_rsa);
- }
- TEST_SLEEP();
- idx = ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7935, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7936, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- }
- #endif /* WOLFSSL_SHA512 */
- /* check using pkcsv15 padding with _ex API */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7937, exit_rsa);
- }
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7938, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7939, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- exit_rsa:
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- (void)idx;
- (void)inStr;
- (void)res;
- if (ret >= 0)
- ret = 0;
- return ret;
- }
- #endif
- #endif
- WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
- {
- int ret;
- size_t bytes;
- WC_RNG rng;
- #ifdef WOLFSSL_SMALL_STACK
- byte* tmp = NULL;
- byte* der = NULL;
- RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey key[1];
- byte tmp[FOURK_BUF];
- #endif
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey keypub[1];
- #endif
- #endif
- word32 idx = 0;
- const char inStr[] = TEST_STRING;
- const word32 inLen = (word32)TEST_STRING_SZ;
- const word32 outSz = RSA_TEST_BYTES;
- const word32 plainSz = RSA_TEST_BYTES;
- byte* res = NULL;
- #ifndef NO_SIG_WRAPPER
- int modLen;
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #ifdef WOLFSSL_TEST_CERT
- XFILE file2;
- #endif
- #endif
- #ifdef WOLFSSL_TEST_CERT
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DecodedCert cert[1];
- #endif
- #ifndef NO_ASN_TIME
- struct tm timearg;
- const byte* date;
- byte dateFormat;
- int dateLength;
- #endif
- #endif
- WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMCPY(in, inStr, inLen);
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- if (keypub == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #ifdef WOLFSSL_TEST_CERT
- if (cert == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #endif /* WOLFSSL_SMALL_STACK */
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(key, 0, sizeof *key);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- XMEMSET(keypub, 0, sizeof *keypub);
- #endif
- #if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
- ret = rsa_decode_test(key);
- if (ret != 0)
- ERROR_OUT(ret, exit_rsa);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- bytes = (size_t)sizeof_client_key_der_3072;
- if (bytes < (size_t)sizeof_client_cert_der_3072)
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- bytes = (size_t)sizeof_client_key_der_4096;
- if (bytes < (size_t)sizeof_client_cert_der_4096)
- bytes = (size_t)sizeof_client_cert_der_4096;
- #else
- bytes = FOURK_BUF;
- #endif
- #if defined(WOLFSSL_SMALL_STACK)
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- ERROR_OUT(-7900, exit_rsa);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7901, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No key to use. */
- ERROR_OUT(-7902, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7903, exit_rsa);
- }
- #ifndef NO_ASN
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7904, exit_rsa);
- }
- #ifndef NO_SIG_WRAPPER
- modLen = wc_RsaEncryptSize(key);
- #endif
- #else
- #ifdef USE_CERT_BUFFERS_2048
- ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
- if (ret != 0) {
- ERROR_OUT(-7905, exit_rsa);
- }
- ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
- if (ret != 0) {
- ERROR_OUT(-7906, exit_rsa);
- }
- #ifndef NO_SIG_WRAPPER
- modLen = 2048;
- #endif
- #else
- #error Not supported yet!
- #endif
- #endif
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7907, exit_rsa);
- }
- #endif
- #ifndef NO_SIG_WRAPPER
- ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef WC_RSA_NONBLOCK
- ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7908, exit_rsa);
- }
- TEST_SLEEP();
- #ifdef WC_RSA_BLINDING
- {
- int tmpret = ret;
- ret = wc_RsaSetRNG(key, &rng);
- if (ret < 0) {
- ERROR_OUT(-7909, exit_rsa);
- }
- ret = tmpret;
- }
- #endif
- idx = (word32)ret; /* save off encrypted length */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7910, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7911, exit_rsa);
- }
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7912, exit_rsa);
- }
- if (ret != (int)inLen) {
- ERROR_OUT(-7913, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(-7914, exit_rsa);
- }
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7915, exit_rsa);
- }
- TEST_SLEEP();
- #elif defined(WOLFSSL_PUBLIC_MP)
- {
- static byte signature_2048[] = {
- 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
- 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
- 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
- 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
- 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
- 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
- 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
- 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
- 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
- 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
- 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
- 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
- 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
- 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
- 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
- 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
- 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
- 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
- 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
- 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
- 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
- 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
- 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
- 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
- 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
- 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
- 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
- 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
- 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
- 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
- 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
- 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
- };
- ret = sizeof(signature_2048);
- XMEMCPY(out, signature_2048, ret);
- }
- #endif
- #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
- ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
- defined(WOLFSSL_PUBLIC_MP)) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- idx = (word32)ret;
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- #ifndef WOLFSSL_RSA_VERIFY_INLINE
- #if defined(WOLFSSL_CRYPTOCELL)
- /*
- Cryptocell requires the input data and signature byte array to verify.
- first argument must be the input data
- second argument must be the length of input data
- third argument must be the signature byte array or the output from
- wc_RsaSSL_Sign()
- fourth argument must be the length of the signature byte array
- */
- ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key);
- #else
- ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key);
- #endif /* WOLFSSL_CRYPTOCELL */
- #else
- byte* dec = NULL;
- ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key);
- if (ret > 0) {
- XMEMCPY(plain, dec, ret);
- }
- #endif
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7916, exit_rsa);
- }
- if (XMEMCMP(plain, in, (size_t)ret)) {
- ERROR_OUT(-7917, exit_rsa);
- }
- TEST_SLEEP();
- #endif
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
- #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
- && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- ret = rsa_oaep_padding_test(key, &rng);
- if (ret != 0)
- return ret;
- #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
- #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
- && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = rsa_export_key_test(key);
- if (ret != 0)
- return ret;
- #endif
- #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = rsa_flatten_test(key);
- if (ret != 0)
- return ret;
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
- !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- (void)clientCert;
- #endif
- #ifdef WOLFSSL_TEST_CERT
- #if defined(WOLFSSL_MDK_ARM)
- #define sizeof(s) XSTRLEN((char *)(s))
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072);
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096);
- bytes = (size_t)sizeof_client_cert_der_4096;
- #elif !defined(NO_FILESYSTEM)
- file2 = XFOPEN(clientCert, "rb");
- if (!file2) {
- ERROR_OUT(-7940, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file2);
- XFCLOSE(file2);
- #else
- /* No certificate to use. */
- ERROR_OUT(-7941, exit_rsa);
- #endif
- #ifdef sizeof
- #undef sizeof
- #endif
- InitDecodedCert(cert, tmp, (word32)bytes, NULL);
- ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(-7942, exit_rsa);
- }
- #ifndef NO_ASN_TIME
- ret = wc_GetDateInfo(cert->afterDate, cert->afterDateLen, &date,
- &dateFormat, &dateLength);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(-7943, exit_rsa);
- }
- ret = wc_GetDateAsCalendarTime(date, dateLength, dateFormat, &timearg);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(-7944, exit_rsa);
- }
- #endif
- FreeDecodedCert(cert);
- #endif /* WOLFSSL_TEST_CERT */
- #ifdef WOLFSSL_CERT_EXT
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- bytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- bytes = sizeof_client_keypub_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
- bytes = sizeof_client_keypub_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096);
- bytes = sizeof_client_keypub_der_4096;
- #else
- file = XFOPEN(clientKeyPub, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-keyPub.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7945, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(keypub, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7946, exit_rsa);
- }
- idx = 0;
- ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7947, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_KEY_GEN
- ret = rsa_keygen_test(&rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef WOLFSSL_CERT_GEN
- /* Make Cert / Sign example for RSA cert and RSA CA */
- ret = rsa_certgen_test(key, keypub, &rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #if !defined(NO_RSA) && defined(HAVE_ECC)
- ret = rsa_ecc_certgen_test(&rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
- {
- Cert *req;
- int derSz;
- #ifndef WOLFSSL_SMALL_STACK
- byte* der = NULL;
- #endif
- req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (! req)
- ERROR_OUT(MEMORY_E, exit_rsa);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7964, exit_rsa);
- }
- if (wc_InitCert_ex(req, HEAP_HINT, devId)) {
- ERROR_OUT(-7965, exit_rsa);
- }
- req->version = 0;
- req->isCA = 1;
- XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE);
- XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName));
- #ifndef NO_SHA256
- req->sigType = CTC_SHA256wRSA;
- #else
- req->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL) != 0) {
- ERROR_OUT(-7966, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(req, certKeyUsage2) != 0) {
- ERROR_OUT(-7967, exit_rsa);
- }
- /* add Extended Key Usage */
- if (wc_SetExtKeyUsage(req, "serverAuth,clientAuth,codeSigning,"
- "emailProtection,timeStamping,OCSPSigning") != 0) {
- ERROR_OUT(-7968, exit_rsa);
- }
- #ifdef WOLFSSL_EKU_OID
- {
- WOLFSSL_SMALL_STACK_STATIC const char unique[] = "2.16.840.1.111111.100.1.10.1";
- if (wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0,
- HEAP_HINT) != 0) {
- ERROR_OUT(-7969, exit_rsa);
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(-7970, exit_rsa);
- }
- #ifdef WOLFSSL_CERT_EXT
- /* Try again with "any" flag set, will override all others */
- if (wc_SetExtKeyUsage(req, "any") != 0) {
- ERROR_OUT(-7971, exit_rsa);
- }
- derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(-7972, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
- key, NULL, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7973, exit_rsa);
- }
- derSz = ret;
- ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
- CERTREQ_TYPE, -5650);
- if (ret != 0) {
- goto exit_rsa;
- }
- derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key);
- if (derSz < 0) {
- ERROR_OUT(-7974, exit_rsa);
- }
- /* Test getting the size of the buffer without providing the buffer.
- * derSz is set to the "largest buffer" we are willing to allocate. */
- derSz = wc_MakeCertReq(req, NULL, 10000, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(-7975, exit_rsa);
- }
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif /* WOLFSSL_CERT_REQ */
- #endif /* WOLFSSL_CERT_GEN */
- #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
- /* Need to create known good signatures to test with this. */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLF_CRYPTO_CB_ONLY_RSA)
- ret = rsa_pss_test(&rng, key);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
- #ifdef WOLFSSL_SMALL_STACK
- /* New key to be loaded in rsa_even_mod_test(). */
- if (key != NULL)
- #endif
- wc_FreeRsaKey(key);
- /* New key to be loaded in rsa_even_mod_test(). */
- ret = rsa_even_mod_test(&rng, key);
- #endif
- exit_rsa:
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL) {
- wc_FreeRsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- if (keypub != NULL) {
- wc_FreeRsaKey(keypub);
- XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #ifdef WOLFSSL_TEST_CERT
- if (cert != NULL)
- XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_FreeRsaKey(key);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- wc_FreeRsaKey(keypub);
- #endif
- #endif /* WOLFSSL_SMALL_STACK */
- wc_FreeRng(&rng);
- WC_FREE_VAR(in, HEAP_HINT);
- WC_FREE_VAR(out, HEAP_HINT);
- WC_FREE_VAR(plain, HEAP_HINT);
- (void)res;
- (void)bytes;
- (void)idx;
- (void)in;
- (void)out;
- (void)plain;
- (void)idx;
- (void)inStr;
- (void)inLen;
- (void)outSz;
- (void)plainSz;
- /* ret can be greater then 0 with certgen but all negative values should
- * be returned and treated as an error */
- if (ret >= 0) {
- return 0;
- }
- else {
- return ret;
- }
- }
- #endif /* !NO_RSA */
- #ifndef NO_DH
- static int dh_fips_generate_test(WC_RNG *rng)
- {
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DhKey key[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte p[] = {
- 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
- 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
- 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
- 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
- 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
- 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
- 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
- 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
- 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
- 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
- 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
- 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
- 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
- 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
- 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
- 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
- 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
- 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
- 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
- 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
- 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
- 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
- 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
- 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
- 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
- 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
- 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
- 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
- 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
- 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
- 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
- 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
- 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
- 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
- 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
- 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
- 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
- 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
- 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
- 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
- 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
- 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
- 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
- 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
- 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
- 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
- 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
- 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
- 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
- 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
- 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
- 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
- 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
- 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
- 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
- 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
- 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
- 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
- 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
- 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
- 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
- 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
- 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
- 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte q[] = {
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- WOLFSSL_SMALL_STACK_STATIC const byte q0[] = {
- 0x00,
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- byte priv[256];
- byte pub[256];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL)
- ERROR_OUT(MEMORY_E, exit_gen_test);
- #endif
- /* Parameter Validation testing. */
- ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7980, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7981, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7982, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7983, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7984, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7985, exit_gen_test);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-7986, exit_gen_test);
- ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
- if (ret != 0) {
- ERROR_OUT(-7987, exit_gen_test);
- }
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-7988, exit_gen_test);
- ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
- if (ret != 0) {
- ERROR_OUT(-7989, exit_gen_test);
- }
- /* Use API. */
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7990, exit_gen_test);
- }
- ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0));
- if (ret != 0) {
- ERROR_OUT(-7991, exit_gen_test);
- }
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-7992, exit_gen_test);
- ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g));
- if (ret != 0) {
- ERROR_OUT(-7993, exit_gen_test);
- }
- ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q));
- if (ret != 0) {
- ERROR_OUT(-7994, exit_gen_test);
- }
- #ifndef HAVE_SELFTEST
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != 0) {
- ERROR_OUT(-7995, exit_gen_test);
- }
- /* Taint the public key so the check fails. */
- pub[0]++;
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != MP_CMP_E) {
- ERROR_OUT(-7996, exit_gen_test);
- }
- #ifdef WOLFSSL_KEY_GEN
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-7997, exit_gen_test);
- ret = wc_DhGenerateParams(rng, 2048, key);
- if (ret != 0) {
- ERROR_OUT(-7998, exit_gen_test);
- }
- privSz = sizeof(priv);
- pubSz = sizeof(pub);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7999, exit_gen_test);
- }
- #endif /* WOLFSSL_KEY_GEN */
- #endif /* HAVE_SELFTEST */
- ret = 0;
- exit_gen_test:
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeDhKey(key);
- #endif
- return ret;
- }
- static int dh_generate_test(WC_RNG *rng)
- {
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- DhKey *smallKey = NULL;
- #else
- DhKey smallKey[1];
- #endif
- byte p[2] = { 1, 7 }; /* 263 in decimal */
- byte g[2] = { 0, 2 };
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
- #ifdef WOLFSSL_DH_CONST
- /* the table for constant DH lookup will round to the lowest byte size 21 */
- byte priv[21];
- byte pub[21];
- #else
- byte priv[2];
- byte pub[2];
- #endif
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #endif
- int smallKey_inited = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return -8019;
- #endif
- ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-8010, exit_gen_test);
- smallKey_inited = 1;
- /* Parameter Validation testing. */
- ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- return -8011;
- wc_FreeDhKey(NULL);
- ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8012, exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8013, exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8014, exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8015, exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8016, exit_gen_test);
- }
- ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
- if (ret != 0) {
- ERROR_OUT(-8017, exit_gen_test);
- }
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
- /* Use API. */
- ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = -8018;
- }
- #else
- (void)rng;
- #if defined(HAVE_FIPS) || !defined(WOLFSSL_NO_DH186)
- ret = 0;
- #endif
- #endif
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_NO_DH186)
- {
- byte priv[260];
- byte pub[260];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- /* test odd ball param generation with DH */
- wc_FreeDhKey(smallKey);
- ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-8019, exit_gen_test);
- ret = wc_DhGenerateParams(rng, 2056, smallKey);
- if (ret != 0) {
- ERROR_OUT(-8020, exit_gen_test);
- }
- privSz = sizeof(priv);
- pubSz = sizeof(pub);
- ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8021, exit_gen_test);
- }
- }
- #endif /* !HAVE_FIPS and WOLFSSL_NO_DH186 */
- exit_gen_test:
- if (smallKey_inited)
- wc_FreeDhKey(smallKey);
- #ifdef WOLFSSL_SMALL_STACK
- if (smallKey != NULL)
- XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- typedef struct dh_pubvalue_test {
- const byte* data;
- word32 len;
- } dh_pubvalue_test;
- static int dh_test_check_pubvalue(void)
- {
- int ret;
- word32 i;
- WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01};
- WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01};
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
- const dh_pubvalue_test dh_pubval_fail[] = {
- { prime, sizeof(prime) },
- { pubValZero, sizeof(pubValZero) },
- { pubValZeroLong, sizeof(pubValZeroLong) },
- { pubValOne, sizeof(pubValOne) },
- { pubValOneLong, sizeof(pubValOneLong) },
- { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
- { pubValPrimeLong, sizeof(pubValPrimeLong) },
- { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
- { pubValTooBig0, sizeof(pubValTooBig0) },
- { pubValTooBig1, sizeof(pubValTooBig1) },
- { pubValTooLong, sizeof(pubValTooLong) },
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
- const dh_pubvalue_test dh_pubval_pass[] = {
- { pubValTwo, sizeof(pubValTwo) },
- { pubValTwoLong, sizeof(pubValTwoLong) },
- { pubValGood, sizeof(pubValGood) },
- { pubValGoodLen, sizeof(pubValGoodLen) },
- { pubValGoodLong, sizeof(pubValGoodLong) },
- };
- for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
- ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
- dh_pubval_fail[i].len);
- if (ret != MP_VAL)
- return -8020 - (int)i;
- }
- for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) {
- ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data,
- dh_pubval_pass[i].len);
- if (ret != 0)
- return -8030 - (int)i;
- }
- return 0;
- }
- #endif
- #if defined(HAVE_FFDHE)
- #if defined(HAVE_FFDHE_4096)
- #define MAX_DH_PRIV_SZ 39
- #define MAX_DH_KEY_SZ 512
- #elif defined(HAVE_FFDHE_3072)
- #define MAX_DH_PRIV_SZ 34
- #define MAX_DH_KEY_SZ 384
- #else
- #define MAX_DH_PRIV_SZ 29
- #define MAX_DH_KEY_SZ 256
- #endif
- #ifndef WC_NO_RNG
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
- #ifdef HAVE_PUBLIC_FFDHE
- static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
- #else
- static int dh_ffdhe_test(WC_RNG *rng, int name)
- #endif
- {
- int ret;
- word32 privSz, pubSz, privSz2, pubSz2;
- #ifdef WOLFSSL_SMALL_STACK
- byte *priv = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *priv2 = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key = (DhKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key2 = (DhKey*)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte priv[MAX_DH_PRIV_SZ];
- byte pub[MAX_DH_KEY_SZ];
- byte priv2[MAX_DH_PRIV_SZ];
- byte pub2[MAX_DH_KEY_SZ];
- byte agree[MAX_DH_KEY_SZ];
- byte agree2[MAX_DH_KEY_SZ];
- DhKey key[1];
- DhKey key2[1];
- #endif
- word32 agreeSz = MAX_DH_KEY_SZ;
- word32 agreeSz2 = MAX_DH_KEY_SZ;
- #ifdef WOLFSSL_SMALL_STACK
- if ((priv == NULL) ||
- (pub == NULL) ||
- (priv2 == NULL) ||
- (pub2 == NULL) ||
- (agree == NULL) ||
- (agree2 == NULL) ||
- (key == NULL) ||
- (key2 == NULL))
- ERROR_OUT(-8050, done);
- #endif
- pubSz = MAX_DH_KEY_SZ;
- pubSz2 = MAX_DH_KEY_SZ;
- #ifdef HAVE_PUBLIC_FFDHE
- privSz = MAX_DH_PRIV_SZ;
- privSz2 = MAX_DH_PRIV_SZ;
- #else
- privSz = wc_DhGetNamedKeyMinSize(name);
- privSz2 = privSz;
- #endif
- XMEMSET(key, 0, sizeof(*key));
- XMEMSET(key2, 0, sizeof(*key2));
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8051, done);
- }
- ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8052, done);
- }
- #ifdef HAVE_PUBLIC_FFDHE
- ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
- #else
- ret = wc_DhSetNamedKey(key, name);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8053, done);
- }
- #ifdef HAVE_PUBLIC_FFDHE
- ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
- params->g_len);
- #else
- ret = wc_DhSetNamedKey(key2, name);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8054, done);
- }
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8055, done);
- }
- ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8056, done);
- }
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8057, done);
- }
- ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8058, done);
- }
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(-8059, done);
- }
- #if defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)
- /* Make p even */
- key->p.dp[0] &= (mp_digit)-2;
- if (ret != 0) {
- ERROR_OUT(-8058, done);
- }
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(-8058, done);
- }
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
- ERROR_OUT(-8057, done);
- }
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_CMP_E &&
- ret != ASYNC_OP_E) {
- ERROR_OUT(-8057, done);
- }
- /* Getting here means success - set ret to 0. */
- ret = 0;
- #endif
- done:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WC_NO_RNG)
- if (priv)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv2)
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub2)
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree)
- XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree2)
- XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key) {
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_FreeDhKey(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeDhKey(key);
- wc_FreeDhKey(key2);
- #endif
- return ret;
- }
- #endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_FFDHE */
- WOLFSSL_TEST_SUBROUTINE int dh_test(void)
- {
- int ret;
- word32 bytes;
- word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
- #ifndef WC_NO_RNG
- WC_RNG rng;
- #endif
- int keyInit = 0;
- #define DH_TEST_TMP_SIZE 1024
- #if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #define DH_TEST_BUF_SIZE 256
- #else
- #define DH_TEST_BUF_SIZE 512
- #endif
- #ifndef WC_NO_RNG
- word32 agreeSz = DH_TEST_BUF_SIZE;
- word32 agreeSz2 = DH_TEST_BUF_SIZE;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DhKey key[1];
- DhKey key2[1];
- byte tmp[DH_TEST_TMP_SIZE];
- #endif
- #ifndef WC_NO_RNG
- #ifdef WOLFSSL_SMALL_STACK
- byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
- agree == NULL || agree2 == NULL) {
- ERROR_OUT(-8100, done);
- }
- #else
- byte priv[DH_TEST_BUF_SIZE];
- byte pub[DH_TEST_BUF_SIZE];
- byte priv2[DH_TEST_BUF_SIZE];
- byte pub2[DH_TEST_BUF_SIZE];
- byte agree[DH_TEST_BUF_SIZE];
- byte agree2[DH_TEST_BUF_SIZE];
- #endif
- #endif /* !WC_NO_RNG */
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL || key2 == NULL || tmp == NULL) {
- ERROR_OUT(-8100, done);
- }
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
- bytes = (size_t)sizeof_dh_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
- bytes = (size_t)sizeof_dh_key_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072);
- bytes = (size_t)sizeof_dh_key_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096);
- bytes = (size_t)sizeof_dh_key_der_4096;
- #elif defined(NO_ASN)
- /* don't use file, no DER parsing */
- #elif !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(dhParamsFile, "rb");
- if (! file)
- ERROR_OUT(-8101, done);
- bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- }
- #else
- /* No DH key to use. */
- ERROR_OUT(-8102, done);
- #endif /* USE_CERT_BUFFERS */
- (void)idx;
- (void)tmp;
- (void)bytes;
- pubSz = DH_TEST_BUF_SIZE;
- pubSz2 = DH_TEST_BUF_SIZE;
- privSz = DH_TEST_BUF_SIZE;
- privSz2 = DH_TEST_BUF_SIZE;
- #ifndef WC_NO_RNG
- XMEMSET(&rng, 0, sizeof(rng));
- #endif
- /* Use API for coverage. */
- ret = wc_InitDhKey(key);
- if (ret != 0) {
- ERROR_OUT(-8103, done);
- }
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8104, done);
- }
- keyInit = 1;
- ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8105, done);
- }
- #ifdef NO_ASN
- #ifndef WOLFSSL_SP_MATH
- ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0) {
- ERROR_OUT(-8106, done);
- }
- ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0) {
- ERROR_OUT(-8107, done);
- }
- #else
- ret = wc_DhSetKey(key, dh2048_p, sizeof(dh2048_p), dh2048_g,
- sizeof(dh2048_g));
- if (ret != 0) {
- ERROR_OUT(-8106, done);
- }
- ret = wc_DhSetKey(key2, dh2048_p, sizeof(dh2048_p), dh2048_g,
- sizeof(dh2048_g));
- if (ret != 0) {
- ERROR_OUT(-8107, done);
- }
- #endif
- #else
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0) {
- ERROR_OUT(-8108, done);
- }
- idx = 0;
- ret = wc_DhKeyDecode(tmp, &idx, key2, bytes);
- if (ret != 0) {
- ERROR_OUT(-8109, done);
- }
- #endif
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8110, done);
- }
- ret = wc_DhGenerateKeyPair(key, &rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8111, done);
- }
- ret = wc_DhGenerateKeyPair(key2, &rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8112, done);
- }
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8113, done);
- }
- ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8114, done);
- }
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(-8115, done);
- }
- #endif /* !WC_NO_RNG */
- #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG)
- ERROR_OUT(-8116, done);
- if (wc_DhCheckPrivKey(key, priv, privSz) != 0)
- ERROR_OUT(-8117, done);
- if (wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL) != BAD_FUNC_ARG)
- ERROR_OUT(-8118, done);
- {
- word32 pSz, qSz, gSz;
- if (wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz) != LENGTH_ONLY_E)
- ERROR_OUT(-8119, done);
- }
- #endif
- /* Test DH key import / export */
- #if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8120, done);
- }
- #ifndef NO_ASN
- {
- /* DH Private - Key Export / Import */
- #ifdef WOLFSSL_SMALL_STACK
- byte *tmp2;
- #else
- byte tmp2[DH_TEST_TMP_SIZE];
- #endif
- XFILE file = XFOPEN(dhKeyFile, "rb");
- if (!file)
- ERROR_OUT(-8130, done);
- bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- #ifdef WOLFSSL_SMALL_STACK
- tmp2 = (byte*)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp2 == NULL)
- ERROR_OUT(-8131, done);
- #endif
- idx = 0;
- XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
- /* Import DH Private key as DER */
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret == 0) {
- /* Export as DER */
- idx = DH_TEST_TMP_SIZE;
- ret = wc_DhPrivKeyToDer(key, tmp2, &idx);
- }
- /* Verify export matches original */
- if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
- ERROR_OUT(-8132, done);
- }
- /* DH Public Key - Export / Import */
- file = XFOPEN(dhKeyPubFile, "rb");
- if (!file)
- ERROR_OUT(-8133, done);
- bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- /* for HAVE_WOLF_BIGINT prevent leak */
- wc_FreeDhKey(key);
- (void)wc_InitDhKey_ex(key, HEAP_HINT, devId);
- idx = 0;
- XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
- /* Import DH Public key as DER */
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret == 0) {
- /* Export as DER */
- idx = DH_TEST_TMP_SIZE;
- ret = wc_DhPubKeyToDer(key, tmp2, &idx);
- }
- /* Verify export matches original */
- if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
- ERROR_OUT(-8134, done);
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- #else
- ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0) {
- ERROR_OUT(-8121, done);
- }
- #endif /* !NO_ASN */
- privSz = DH_TEST_BUF_SIZE;
- pubSz = DH_TEST_BUF_SIZE;
- ret = wc_DhExportKeyPair(key, priv, &privSz, pub, &pubSz);
- if (ret != 0) {
- ERROR_OUT(-8122, done);
- }
- ret = wc_DhImportKeyPair(key2, priv, privSz, pub, pubSz);
- if (ret != 0) {
- ERROR_OUT(-8125, done);
- }
- #endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM && !FIPS <= 2 */
- #ifndef WC_NO_RNG
- ret = dh_generate_test(&rng);
- if (ret != 0)
- ERROR_OUT(-8123, done);
- ret = dh_fips_generate_test(&rng);
- if (ret != 0)
- ERROR_OUT(-8124, done);
- #endif /* !WC_NO_RNG */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = dh_test_check_pubvalue();
- if (ret != 0)
- ERROR_OUT(-8125, done);
- #endif
- #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
- (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
- /* RNG with DH and SP_ASM code not supported in the in-lined FIPS ASM code,
- * this will be available for testing in the 140-3 module */
- #ifndef WC_NO_RNG
- /* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */
- #ifdef HAVE_FFDHE_2048
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_2048);
- #endif
- if (ret != 0)
- ERROR_OUT(-8126, done);
- #endif
- #ifdef HAVE_FFDHE_3072
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_3072);
- #endif
- if (ret != 0)
- ERROR_OUT(-8127, done);
- #endif
- #ifdef HAVE_FFDHE_4096
- #ifdef HAVE_PUBLIC_FFDHE
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get());
- #else
- ret = dh_ffdhe_test(&rng, WC_FFDHE_4096);
- #endif
- if (ret != 0)
- ERROR_OUT(-8128, done);
- #endif
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */
- wc_FreeDhKey(key);
- keyInit = 0;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
- /* Test Check Key */
- ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
- NULL, 0, 0, &rng);
- if (ret != 0)
- ERROR_OUT(-8129, done);
- keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
- #endif
- done:
- #ifndef WC_NO_RNG
- wc_FreeRng(&rng);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- if (keyInit)
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_FreeDhKey(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmp)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv2)
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub2)
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree)
- XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree2)
- XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- if (keyInit)
- wc_FreeDhKey(key);
- wc_FreeDhKey(key2);
- #endif
- (void)privSz;
- (void)pubSz;
- (void)pubSz2;
- (void)privSz2;
- return ret;
- #undef DH_TEST_BUF_SIZE
- #undef DH_TEST_TMP_SIZE
- }
- #endif /* NO_DH */
- #ifndef NO_DSA
- WOLFSSL_TEST_SUBROUTINE int dsa_test(void)
- {
- int ret = 0, answer;
- word32 bytes;
- word32 idx = 0;
- WC_RNG rng;
- wc_Sha sha;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte signature[40];
- #ifdef WOLFSSL_KEY_GEN
- byte* der = 0;
- #endif
- #define DSA_TEST_TMP_SIZE 1024
- #ifdef WOLFSSL_SMALL_STACK
- byte *tmp = (byte *)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DsaKey *key = (DsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_KEY_GEN
- DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if ((tmp == NULL) ||
- (key == NULL)
- #ifdef WOLFSSL_KEY_GEN
- || (derIn == NULL)
- || (genKey == NULL)
- #endif
- ) {
- ret = -8216;
- goto out;
- }
- #else
- byte tmp[1024];
- DsaKey key[1];
- #ifdef WOLFSSL_KEY_GEN
- DsaKey derIn[1];
- DsaKey genKey[1];
- #endif
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- {
- XFILE file = XFOPEN(dsaKey, "rb");
- if (!file)
- ERROR_OUT(-8200, out);
- bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- }
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-8201, out);
- wc_ShaUpdate(&sha, tmp, bytes);
- wc_ShaFinal(&sha, hash);
- wc_ShaFree(&sha);
- ret = wc_InitDsaKey(key);
- if (ret != 0)
- ERROR_OUT(-8202, out);
- ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0)
- ERROR_OUT(-8203, out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(-8204, out);
- ret = wc_DsaSign(hash, signature, key, &rng);
- if (ret != 0)
- ERROR_OUT(-8205, out);
- ret = wc_DsaVerify(hash, signature, key, &answer);
- if (ret != 0)
- ERROR_OUT(-8206, out);
- if (answer != 1)
- ERROR_OUT(-8207, out);
- wc_FreeDsaKey(key);
- #ifdef WOLFSSL_KEY_GEN
- {
- int derSz = 0;
- ret = wc_InitDsaKey(genKey);
- if (ret != 0)
- ERROR_OUT(-8208, out);
- ret = wc_MakeDsaParameters(&rng, 1024, genKey);
- if (ret != 0) {
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8209, out);
- }
- ret = wc_MakeDsaKey(&rng, genKey);
- if (ret != 0) {
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8210, out);
- }
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8211, out);
- }
- derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF);
- if (derSz < 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ERROR_OUT(-8212, out);
- }
- ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
- DSA_PRIVATEKEY_TYPE, -5814);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(genKey);
- goto out;
- }
- ret = wc_InitDsaKey(derIn);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8213, out);
- }
- idx = 0;
- ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, derSz);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(derIn);
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8214, out);
- }
- }
- #endif /* WOLFSSL_KEY_GEN */
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- #endif
- if (wc_InitDsaKey_h(key, NULL) != 0)
- ret = -8215;
- #ifdef WOLFSSL_SMALL_STACK
- }
- #endif
- #ifdef WOLFSSL_KEY_GEN
- if (der)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (tmp)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_KEY_GEN
- if (derIn) {
- wc_FreeDsaKey(derIn);
- XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (genKey) {
- wc_FreeDsaKey(genKey);
- XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else /* !WOLFSSL_SMALL_STACK */
- #ifdef WOLFSSL_KEY_GEN
- wc_FreeDsaKey(derIn);
- wc_FreeDsaKey(genKey);
- #endif
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* NO_DSA */
- #ifdef WOLFCRYPT_HAVE_SRP
- static int generate_random_salt(byte *buf, word32 size)
- {
- int ret = -8220;
- WC_RNG rng;
- if(NULL == buf || !size)
- return -8221;
- if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
- ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
- wc_FreeRng(&rng);
- }
- return ret;
- }
- static int srp_test_digest(SrpType dgstType)
- {
- int r;
- byte clientPubKey[192]; /* A */
- byte serverPubKey[192]; /* B */
- word32 clientPubKeySz = 192;
- word32 serverPubKeySz = 192;
- byte username[] = "user";
- word32 usernameSz = 4;
- byte password[] = "password";
- word32 passwordSz = 8;
- WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
- 0xfc, 0x58, 0x7a, 0x8a, 0x70, 0xfb, 0x5a, 0x9a,
- 0x5d, 0x39, 0x48, 0xbf, 0x1c, 0x46, 0xd8, 0x3b,
- 0x7a, 0xe9, 0x1f, 0x85, 0x36, 0x18, 0xc4, 0x35,
- 0x3f, 0xf8, 0x8a, 0x8f, 0x8c, 0x10, 0x2e, 0x01,
- 0x58, 0x1d, 0x41, 0xcb, 0xc4, 0x47, 0xa8, 0xaf,
- 0x9a, 0x6f, 0x58, 0x14, 0xa4, 0x68, 0xf0, 0x9c,
- 0xa6, 0xe7, 0xbf, 0x0d, 0xe9, 0x62, 0x0b, 0xd7,
- 0x26, 0x46, 0x5b, 0x27, 0xcb, 0x4c, 0xf9, 0x7e,
- 0x1e, 0x8b, 0xe6, 0xdd, 0x29, 0xb7, 0xb7, 0x15,
- 0x2e, 0xcf, 0x23, 0xa6, 0x4b, 0x97, 0x9f, 0x89,
- 0xd4, 0x86, 0xc4, 0x90, 0x63, 0x92, 0xf4, 0x30,
- 0x26, 0x69, 0x48, 0x9d, 0x7a, 0x4f, 0xad, 0xb5,
- 0x6a, 0x51, 0xad, 0xeb, 0xf9, 0x90, 0x31, 0x77,
- 0x53, 0x30, 0x2a, 0x85, 0xf7, 0x11, 0x21, 0x0c,
- 0xb8, 0x4b, 0x56, 0x03, 0x5e, 0xbb, 0x25, 0x33,
- 0x7c, 0xd9, 0x5a, 0xd1, 0x5c, 0xb2, 0xd4, 0x53,
- 0xc5, 0x16, 0x68, 0xf0, 0xdf, 0x48, 0x55, 0x3e,
- 0xd4, 0x59, 0x87, 0x64, 0x59, 0xaa, 0x39, 0x01,
- 0x45, 0x89, 0x9c, 0x72, 0xff, 0xdd, 0x8f, 0x6d,
- 0xa0, 0x42, 0xbc, 0x6f, 0x6e, 0x62, 0x18, 0x2d,
- 0x50, 0xe8, 0x18, 0x97, 0x87, 0xfc, 0xef, 0x1f,
- 0xf5, 0x53, 0x68, 0xe8, 0x49, 0xd1, 0xa2, 0xe8,
- 0xb9, 0x26, 0x03, 0xba, 0xb5, 0x58, 0x6f, 0x6c,
- 0x8b, 0x08, 0xa1, 0x7b, 0x6f, 0x42, 0xc9, 0x53
- };
- WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
- 0x02
- };
- byte salt[10];
- byte verifier[192];
- word32 v_size = sizeof(verifier);
- word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
- word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
- #ifdef WOLFSSL_SMALL_STACK
- Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER); /* M1 */
- byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER); /* M2 */
- if ((cli == NULL) ||
- (srv == NULL) ||
- (clientProof == NULL) ||
- (serverProof == NULL)) {
- r = -8222;
- goto out;
- }
- #else
- Srp cli[1], srv[1];
- byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
- byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
- #endif
- /* set as 0's so if second init on srv not called SrpTerm is not on
- * garbage values */
- XMEMSET(srv, 0, sizeof *srv);
- XMEMSET(cli, 0, sizeof *cli);
- /* generating random salt */
- r = generate_random_salt(salt, sizeof(salt));
- /* client knows username and password. */
- /* server knows N, g, salt and verifier. */
- if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId);
- if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
- /* loading N, g and salt in advance to generate the verifier. */
- if (!r) r = wc_SrpSetParams(cli, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetPassword(cli, password, passwordSz);
- if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size);
- /* client sends username to server */
- if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId);
- if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
- if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size);
- if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz);
- /* server sends N, g, salt and B to client */
- if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz);
- if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz);
- /* client sends A and M1 to server */
- if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz);
- if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz);
- /* server sends M2 to client */
- if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz);
- wc_SrpTerm(cli);
- wc_SrpTerm(srv);
- #ifdef WOLFSSL_SMALL_STACK
- out:
- if (cli)
- XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (srv)
- XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (clientProof)
- XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (serverProof)
- XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return r;
- }
- WOLFSSL_TEST_SUBROUTINE int srp_test(void)
- {
- int ret;
- #ifndef NO_SHA
- ret = srp_test_digest(SRP_TYPE_SHA);
- if (ret != 0)
- return ret;
- #endif
- #ifndef NO_SHA256
- ret = srp_test_digest(SRP_TYPE_SHA256);
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SHA384
- ret = srp_test_digest(SRP_TYPE_SHA384);
- if (ret != 0)
- return ret;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = srp_test_digest(SRP_TYPE_SHA512);
- if (ret != 0)
- return ret;
- #endif
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_SRP */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- static int openssl_aes_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- int i;
- #ifdef WOLFSSL_SMALL_STACK
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8400;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return -8401;
- if (outlen != 0)
- return -8402;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return -8403;
- if (outlen != 16)
- return -8404;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8405;
- if (outlen != 16)
- return -8406;
- total += outlen;
- if (total != 32)
- return 3408;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8407;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -8408;
- if (outlen != 0)
- return -8409;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return -8410;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return -8411;
- if (outlen != 16)
- return -8412;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8413;
- if (outlen != 2)
- return -8414;
- total += outlen;
- if (total != 18)
- return 3427;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -8415;
- /* test with encrypting/decrypting more than 16 bytes at once */
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8416;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 17) == 0)
- return -8417;
- if (outlen != 16)
- return -8418;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[17] , 1) == 0)
- return -8419;
- if (outlen != 0)
- return -8420;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8421;
- if (outlen != 16)
- return -8422;
- total += outlen;
- if (total != 32)
- return -8423;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8424;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
- return -8425;
- if (outlen != 16)
- return -8426;
- total += outlen;
- /* final call on non block size should fail */
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
- return -8427;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[17], 1) == 0)
- return -8428;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[17+1], 14) == 0)
- return -8429;
- if (outlen != 0)
- return -8430;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8431;
- if (outlen != 2)
- return -8432;
- total += outlen;
- if (total != 18)
- return -8433;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -8434;
- /* test byte by byte decrypt */
- for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
- plain[i] = i;
- }
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8435;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
- return -8436;
- if (outlen != AES_BLOCK_SIZE * 3)
- return -8437;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8438;
- if (outlen != AES_BLOCK_SIZE)
- return -8439;
- total += outlen;
- if (total != sizeof(plain))
- return -8440;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8441;
- for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
- if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
- (byte*)cipher + i, 1) == 0)
- return -8442;
- if (outlen > 0) {
- int j;
- total += outlen;
- for (j = 0; j < total; j++) {
- if (plain[j] != j) {
- return -8443;
- }
- }
- }
- }
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8444;
- total += outlen;
- if (total != AES_BLOCK_SIZE * 3) {
- return -8445;
- }
- for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
- if (plain[i] != i) {
- return -8446;
- }
- }
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- /* set buffers to be exact size to catch potential over read/write */
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- #define EVP_TEST_BUF_SZ 18
- #define EVP_TEST_BUF_PAD 32
- byte cipher[EVP_TEST_BUF_SZ];
- byte plain [EVP_TEST_BUF_SZ];
- byte padded[EVP_TEST_BUF_PAD];
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8447;
- if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
- return -8448;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
- return -8449;
- if (outlen != 16)
- return -8450;
- total += outlen;
- /* should fail here */
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
- return -8451;
- /* turn padding back on and do successful encrypt */
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8452;
- if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
- return -8453;
- if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
- (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
- return -8454;
- if (outlen != 16)
- return -8455;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
- return -8456;
- total += outlen;
- if (total != 32)
- return -8457;
- XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
- /* test out of bounds read on buffers w/o padding during decryption */
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8458;
- if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
- return -8459;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
- EVP_TEST_BUF_SZ) == 0)
- return -8460;
- if (outlen != 16)
- return -8461;
- total += outlen;
- /* should fail since not using padding */
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
- return -8462;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8463;
- if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
- return -8464;
- if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
- EVP_TEST_BUF_PAD) == 0)
- return -8465;
- if (outlen != 16)
- return -8466;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
- return -8467;
- if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
- return -8468;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- { /* evp_cipher test: EVP_aes_128_cbc */
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
- return -8469;
- if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
- return -8470;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -8471;
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
- return -8472;
- if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
- return -8473;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -8474;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
- return -8475;
- if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
- return -8476;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -8477;
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
- return -8478;
- if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
- return -8479;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -8480;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- #ifdef WOLFSSL_SMALL_STACK
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #else
- AES_KEY enc[1];
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec[1];
- #endif
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- #ifdef WOLFSSL_SMALL_STACK
- if (enc == NULL)
- return MEMORY_E;
- #ifdef HAVE_AES_DECRYPT
- if (dec == NULL)
- return MEMORY_E;
- #endif
- #endif
- AES_set_encrypt_key(key, sizeof(key)*8, enc);
- AES_set_decrypt_key(key, sizeof(key)*8, dec);
- AES_encrypt(msg, cipher, enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -8481;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -8482;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #endif
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- #ifdef WOLFSSL_AES_128
- #ifndef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8483;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8484;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8485;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8486;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -8487;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -8488;
- #ifndef WOLFSSL_SMALL_STACK
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_en == NULL)
- return -8489;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_de == NULL)
- return -8490;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8491;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8492;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8493;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8494;
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- #endif /* !WOLFSSL_SMALL_STACK */
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -8495;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -8496;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8497;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return -8498;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8499;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return -8500;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -8501;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return -8502;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return -8503;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return -8504;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -8505;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return -8506;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -8507;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8508;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -8509;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8510;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return -8511;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return -8512;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -8513;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8514;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -8515;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8516;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return -8517;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return -8518;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- #endif /* WOLFSSL_AES_256 */
- }
- #endif /* HAVE_AES_COUNTER */
- #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
- {
- #ifdef WOLFSSL_SMALL_STACK
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- AES_KEY enc[1];
- AES_KEY dec[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
- };
- byte cipher[AES_BLOCK_SIZE * 2];
- byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
- int num = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc == NULL) || (dec == NULL))
- return MEMORY_E;
- #endif
- XMEMCPY(iv, setIv, sizeof(setIv));
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
- wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
- return -8519;
- if (num != 15) /* should have used 15 of the 16 bytes */
- return -8520;
- wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
- cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- return -8521;
- if (num != 0)
- return -8522;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- }
- #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
- return 0;
- }
- #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
- WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
- {
- int ret;
- EVP_MD_CTX md_ctx;
- testVector a, b, c, d, e, f;
- byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
- a.inLen = 0;
- b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
- (void)a;
- (void)b;
- (void)c;
- (void)d;
- (void)e;
- (void)f;
- /* test malloc / free , 10 is an arbitrary amount of memory chosen */
- {
- byte* p;
- p = (byte*)CRYPTO_malloc(10, "", 0);
- if (p == NULL) {
- return -8600;
- }
- XMEMSET(p, 0, 10);
- CRYPTO_free(p, "", 0);
- }
- #ifndef NO_MD5
- a.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_md5());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS)
- return -18601;
- if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
- return -8601;
- #endif /* NO_MD5 */
- #ifndef NO_SHA
- b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha1());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS)
- return -18602;
- if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0)
- return -8602;
- #endif /* NO_SHA */
- #ifdef WOLFSSL_SHA224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
- "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA224_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) {
- return -8603;
- }
- #endif /* WOLFSSL_SHA224 */
- #ifndef NO_SHA256
- d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA256_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) {
- return -8604;
- }
- #endif /* !NO_SHA256 */
- #ifdef WOLFSSL_SHA384
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA384_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha384());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) {
- return -8605;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha512());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) {
- return -8606;
- }
- #endif /* WOLFSSL_SHA512 */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x23\xfe\xc5\xbb\x94\xd6\x0b\x23\x30\x81\x92\x64\x0b\x0c\x45"
- "\x33\x35\xd6\x64\x73\x4f\xe4\x0e\x72\x68\x67\x4a\xf9";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_224_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha512_224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, f.output, WC_SHA512_224_DIGEST_SIZE) != 0) {
- return -8722;
- }
- #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x39\x28\xe1\x84\xfb\x86\x90\xf8\x40\xda\x39\x88\x12\x1d\x31"
- "\xbe\x65\xcb\x9d\x3e\xf8\x3e\xe6\x14\x6f\xea\xc8\x61\xe1\x9b"
- "\x56\x3a";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_256_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha512_256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, f.output, WC_SHA512_256_DIGEST_SIZE) != 0) {
- return -8723;
- }
- #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
- #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a"
- "\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA3_224_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha3_224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, e.output, WC_SHA3_224_DIGEST_SIZE) != 0) {
- return -8607;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf"
- "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad"
- "\x1d\x18";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA3_256_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha3_256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, d.output, WC_SHA3_256_DIGEST_SIZE) != 0) {
- return -8608;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47"
- "\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6"
- "\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79"
- "\xaa\x7f\xc7";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA3_384_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha3_384());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, e.output, WC_SHA3_384_DIGEST_SIZE) != 0) {
- return -8609;
- }
- #ifndef WOLFSSL_NOSHA3_512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78"
- "\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18"
- "\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8"
- "\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55"
- "\xf2\x1d\xd1\x85";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA3_512_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha3_512());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, f.output, WC_SHA3_512_DIGEST_SIZE) != 0) {
- return -8610;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- #endif /* WOLFSSL_SHA3 */
- #ifndef WC_NO_RNG
- if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
- return -8611;
- #endif
- #ifndef NO_MD5
- c.input = "what do ya want for nothing?";
- c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
- "\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)
- /* Expect failure with MD5 + HMAC when using FIPS 140-3. */
- if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
- hash, 0) != NULL)
- #else
- if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
- hash, 0) == NULL ||
- XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0)
- #endif
- {
- return -8612;
- }
- #endif /* NO_MD5 */
- #ifndef NO_DES3
- { /* des test */
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- const_DES_cblock key = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- DES_cblock iv = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- DES_key_schedule sched;
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- DES_key_sched(&key, &sched);
- DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
- DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
- if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
- return -8613;
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return -8614;
- /* test changing iv */
- DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
- DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return -8615;
- } /* end des test */
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- if (openssl_aes_test() != 0) {
- return -8616;
- }
- #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
- { /* evp_cipher test: EVP_aes_128_cbc */
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- int idx, cipherSz, plainSz;
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
- 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
- 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- cipherSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return -8617;
- if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
- return -8618;
- /* check partial decrypt (not enough padding for full block) */
- plainSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- /* this test should fail... not enough padding for full block */
- ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
- if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
- ret = WOLFSSL_SUCCESS;
- else
- ret = -8619;
- }
- else
- ret = -8620;
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return ret;
- plainSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return -8621;
- if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
- return -8622;
- cipherSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return -8623;
- if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
- return -8624;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != 16)
- return -8625;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -8626;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_Cipher(ctx, plain, cipher, 16);
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != 16)
- return -8627;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -8628;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
- #define OPENSSL_TEST_ERROR (-10000)
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- #ifdef WOLFSSL_SMALL_STACK
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #else
- AES_KEY enc[1];
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec[1];
- #endif
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- printf("openSSL extra test\n") ;
- #ifdef WOLFSSL_SMALL_STACK
- if (enc == NULL)
- return MEMORY_E;
- #ifdef HAVE_AES_DECRYPT
- if (dec == NULL)
- return MEMORY_E;
- #endif
- #endif
- AES_set_encrypt_key(key, sizeof(key)*8, enc);
- AES_set_decrypt_key(key, sizeof(key)*8, dec);
- AES_encrypt(msg, cipher, enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return OPENSSL_TEST_ERROR-60;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return OPENSSL_TEST_ERROR-61;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- #ifdef WOLFSSL_AES_128
- #ifndef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8629;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8630;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8631;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8632;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -8633;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -8634;
- #ifndef WOLFSSL_SMALL_STACK
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if(p_en == NULL)return -8635;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if(p_de == NULL)return -8636;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8637;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8638;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8639;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8640;
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- #endif /* !WOLFSSL_SMALL_STACK */
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -8641;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -8642;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8643;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return -8644;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8645;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return -8646;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -8647;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return -8648;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return -8649;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return -8650;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -8651;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return -8652;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -8653;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8654;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -8655;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8656;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return -8657;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return -8658;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -8659;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8660;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -8661;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8662;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return -8663;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return -8664;
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- #endif /* HAVE_AES_COUNTER */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8665;
- /* openSSL compatibility, if(inlen == 0)return 1; */
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 0) != 1)
- return -8666;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8667;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return -8668;
- if(outlen != 0)
- return -8669;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return -8670;
- if(outlen != 16)
- return -8671;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8672;
- if(outlen != 16)
- return -8673;
- total += outlen;
- if(total != 32)
- return -8674;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8675;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -8676;
- if(outlen != 0)
- return -8677;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return -8678;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return -8679;
- if(outlen != 16)
- return -8680;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8681;
- if(outlen != 2)
- return -8682;
- total += outlen;
- if(total != 18)
- return -8683;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -8684;
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -8685;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
- return -8686;
- if(outlen != 0)
- return -8687;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
- return -8688;
- if(outlen != 16)
- return -8689;
- total += outlen;
- if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8690;
- if(outlen != 16)
- return -8691;
- total += outlen;
- if(total != 32)
- return 3438;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -8692;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -8693;
- if(outlen != 0)
- return -8694;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
- return -8695;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
- return -8696;
- if(outlen != 16)
- return -8697;
- total += outlen;
- if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8698;
- if(outlen != 2)
- return -8699;
- total += outlen;
- if(total != 18)
- return 3447;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -8700;
- if (EVP_CIPHER_key_length(NULL) != 0)
- return -8701;
- if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
- return -8702;
- if (EVP_CIPHER_CTX_mode(NULL) != 0)
- return -8703;
- if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
- return -8704;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8705;
- EVP_CIPHER_CTX_init(en);
- if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -8706;
- if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return -8707;
- if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return -8708;
- EVP_CIPHER_CTX_init(de);
- if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -8709;
- if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return -8710;
- if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return -8711;
- if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
- return -8712;
- EVP_CIPHER_CTX_init(en);
- EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv);
- if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
- return -8713;
- if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
- return -8714;
- if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
- return -8715;
- if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
- return -8716;
- if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
- return -8717;
- EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
- EVP_CIPHER_CTX_set_flags(en, 42);
- if (en->flags != 42)
- return -8718;
- if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
- return -8719;
- if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
- return -8720;
- if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
- return -8721;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
- #endif /* ifndef NO_AES */
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int openSSL_evpMD_test(void)
- {
- int ret = 0;
- #if !defined(NO_SHA256) && !defined(NO_SHA)
- WOLFSSL_EVP_MD_CTX* ctx;
- WOLFSSL_EVP_MD_CTX* ctx2;
- ctx = EVP_MD_CTX_create();
- ctx2 = EVP_MD_CTX_create();
- ret = EVP_DigestInit(ctx, EVP_sha256());
- if (ret != SSL_SUCCESS) {
- ret = -8800;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = -8801;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = -8802;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_DigestInit(ctx, EVP_sha1());
- if (ret != SSL_SUCCESS) {
- ret = -8803;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = -8804;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = -8805;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
- ret = -8806;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
- ret = -8807;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
- ret = -8808;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_add_digest(NULL) != 0) {
- ret = -8809;
- goto openSSL_evpMD_test_done;
- }
- if (wolfSSL_EVP_add_cipher(NULL) != 0) {
- ret = -8810;
- goto openSSL_evpMD_test_done;
- }
- ret = 0; /* got to success state without jumping to end with a fail */
- openSSL_evpMD_test_done:
- EVP_MD_CTX_destroy(ctx);
- EVP_MD_CTX_destroy(ctx2);
- #endif /* NO_SHA256 */
- return ret;
- }
- #ifdef DEBUG_SIGN
- static void show(const char *title, const char *p, unsigned int s) {
- char* i;
- printf("%s: ", title);
- for (i = p;
- i < p + s;
- printf("%c", *i), i++);
- printf("\n");
- }
- #else
- #define show(a,b,c)
- #endif
- #define FOURK_BUFF 4096
- #define ERR_BASE_PKEY (-5000)
- WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa = NULL;
- RSA *pubRsa = NULL;
- EVP_PKEY *prvPkey = NULL;
- EVP_PKEY *pubPkey = NULL;
- EVP_PKEY_CTX *enc = NULL;
- EVP_PKEY_CTX *dec = NULL;
- byte in[] = TEST_STRING;
- byte out[256];
- size_t outlen;
- size_t keySz;
- byte plain[256];
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE keyFile;
- XFILE keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return ERR_BASE_PKEY-1;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return ERR_BASE_PKEY-2;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = XFOPEN(cliKey, "rb");
- if (!keyFile) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", ERR_BASE_PKEY-3);
- return ERR_BASE_PKEY-3;
- }
- prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- XFCLOSE(keyFile);
- keypubFile = XFOPEN(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", -4);
- return ERR_BASE_PKEY-4;
- }
- pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- XFCLOSE(keypubFile);
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- printf("error with RSA_new\n");
- ret = ERR_BASE_PKEY-10;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = ERR_BASE_PKEY-11;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = ERR_BASE_PKEY-12;
- goto openssl_pkey0_test_done;
- }
- keySz = (size_t)RSA_size(pubRsa);
- prvPkey = wolfSSL_EVP_PKEY_new();
- pubPkey = wolfSSL_EVP_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- printf("error with PKEY_new\n");
- ret = ERR_BASE_PKEY-13;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if(ret != 2){
- printf("error with PKEY_set1_RSA\n");
- ret = ERR_BASE_PKEY-14;
- goto openssl_pkey0_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvPkey, NULL);
- enc = EVP_PKEY_CTX_new(pubPkey, NULL);
- if((dec == NULL)||(enc==NULL)){
- printf("error with EVP_PKEY_CTX_new\n");
- ret = ERR_BASE_PKEY-15;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = ERR_BASE_PKEY-16;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = ERR_BASE_PKEY-17;
- goto openssl_pkey0_test_done;
- }
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = ERR_BASE_PKEY-18;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = ERR_BASE_PKEY-19;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- /* RSA_PKCS1_OAEP_PADDING test */
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = ERR_BASE_PKEY-30;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = ERR_BASE_PKEY-31;
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- printf("first set rsa padding error\n");
- ret = ERR_BASE_PKEY-32;
- goto openssl_pkey0_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- printf("second set rsa padding error\n");
- ret = ERR_BASE_PKEY-33;
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- printf("third set rsa padding error\n");
- ret = ERR_BASE_PKEY-34;
- goto openssl_pkey0_test_done;
- }
- #endif
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = ERR_BASE_PKEY-35;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = ERR_BASE_PKEY-36;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- ret = 0; /* made it to this point without error then set success */
- openssl_pkey0_test_done:
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- EVP_PKEY_CTX_free(dec);
- EVP_PKEY_CTX_free(enc);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* NO_RSA */
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int openssl_pkey1_test(void)
- {
- int ret = 0;
- #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
- !defined(NO_SHA)
- EVP_PKEY_CTX* dec = NULL;
- EVP_PKEY_CTX* enc = NULL;
- EVP_PKEY* pubKey = NULL;
- EVP_PKEY* prvKey = NULL;
- X509* x509 = NULL;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
- const unsigned char* clikey;
- long cliKeySz;
- size_t outlen;
- int keyLenBits = 2048;
- #ifdef WOLFSSL_SMALL_STACK
- unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((tmp == NULL) ||
- (cipher == NULL) ||
- (plain == NULL)) {
- ret = -9015;
- goto openssl_pkey1_test_done;
- }
- #else
- unsigned char tmp[FOURK_BUF];
- unsigned char cipher[RSA_TEST_BYTES];
- unsigned char plain[RSA_TEST_BYTES];
- #endif
- #if defined(USE_CERT_BUFFERS_1024)
- XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
- cliKeySz = (long)sizeof_client_key_der_1024;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
- sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
- keyLenBits = 1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
- cliKeySz = (long)sizeof_client_key_der_2048;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
- sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
- cliKeySz = (long)sizeof_client_key_der_3072;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
- sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
- keyLenBits = 3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096);
- cliKeySz = (long)sizeof_client_key_der_4096;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096,
- sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1);
- keyLenBits = 4096;
- #else
- {
- XFILE f;
- f = XFOPEN(clientKey, "rb");
- if (!f) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -41);
- ret = -9000;
- goto openssl_pkey1_test_done;
- }
- cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f);
- XFCLOSE(f);
- }
- /* using existing wolfSSL api to get public and private key */
- x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
- #endif /* USE_CERT_BUFFERS */
- clikey = tmp;
- if ((prvKey = EVP_PKEY_new()) == NULL) {
- ret = -9001;
- goto openssl_pkey1_test_done;
- }
- EVP_PKEY_free(prvKey);
- prvKey = NULL;
- if (x509 == NULL) {
- ret = -9002;
- goto openssl_pkey1_test_done;
- }
- pubKey = X509_get_pubkey(x509);
- if (pubKey == NULL) {
- ret = -9003;
- goto openssl_pkey1_test_done;
- }
- prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
- if (prvKey == NULL) {
- ret = -9004;
- goto openssl_pkey1_test_done;
- }
- /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
- if (EVP_PKEY_bits(prvKey) != keyLenBits) {
- ret = -9005;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
- ret = -9006;
- goto openssl_pkey1_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvKey, NULL);
- enc = EVP_PKEY_CTX_new(pubKey, NULL);
- if (dec == NULL || enc == NULL) {
- ret = -9007;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_decrypt_init(dec) != 1) {
- ret = -9008;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_encrypt_init(enc) != 1) {
- ret = -9009;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- ret = -9010;
- goto openssl_pkey1_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- ret = -9011;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- ret = -9012;
- goto openssl_pkey1_test_done;
- }
- #endif
- XMEMSET(cipher, 0, RSA_TEST_BYTES);
- outlen = keyLenBits/8;
- if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
- ret = -9013;
- goto openssl_pkey1_test_done;
- }
- XMEMSET(plain, 0, RSA_TEST_BYTES);
- if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
- ret = -9014;
- goto openssl_pkey1_test_done;
- }
- openssl_pkey1_test_done:
- if (pubKey != NULL) {
- EVP_PKEY_free(pubKey);
- }
- if (prvKey != NULL) {
- EVP_PKEY_free(prvKey);
- }
- if (dec != NULL) {
- EVP_PKEY_CTX_free(dec);
- }
- if (enc != NULL) {
- EVP_PKEY_CTX_free(enc);
- }
- if (x509 != NULL) {
- X509_free(x509);
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher != NULL)
- XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (plain != NULL)
- XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- return ret;
- }
- #define ERR_BASE_EVPSIG (-5100)
- WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void)
- {
- #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa;
- RSA *pubRsa;
- EVP_PKEY *prvPkey;
- EVP_PKEY *pubPkey;
- EVP_MD_CTX* sign;
- EVP_MD_CTX* verf;
- char msg[] = "see spot run";
- unsigned char sig[256];
- unsigned int sigSz;
- const void* pt;
- unsigned int count;
- int ret, ret1, ret2;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE keyFile;
- XFILE keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return ERR_BASE_EVPSIG-1;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ERR_BASE_EVPSIG-2;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = XFOPEN(cliKey, "rb");
- if (!keyFile) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- return ERR_BASE_EVPSIG-3;
- }
- prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- XFCLOSE(keyFile);
- keypubFile = XFOPEN(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", -41);
- return ERR_BASE_EVPSIG-4;
- }
- pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- XFCLOSE(keypubFile);
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("ERROR with RSA_new", -9100);
- return ERR_BASE_EVPSIG-5;
- }
- ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- printf("error with RSA_LoadDer_ex\n");
- return ERR_BASE_EVPSIG-6;
- }
- prvPkey = wolfSSL_EVP_PKEY_new();
- pubPkey = wolfSSL_EVP_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with KEY_new\n");
- return ERR_BASE_EVPSIG-7;
- }
- ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if((ret1 != 1) || (ret2 != 1)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with EVP_PKEY_set1_RSA\n");
- return ERR_BASE_EVPSIG-8;
- }
- /****************** sign and verify *******************/
- sign = EVP_MD_CTX_create();
- verf = EVP_MD_CTX_create();
- if((sign == NULL)||(verf == NULL)){
- printf("error with EVP_MD_CTX_create\n");
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- return ERR_BASE_EVPSIG-10;
- }
- ret = EVP_SignInit(sign, EVP_sha1());
- if (ret != SSL_SUCCESS){
- printf("error with EVP_SignInit\n");
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- return ERR_BASE_EVPSIG-11;
- }
- count = sizeof(msg);
- show("message = ", (char *)msg, count);
- /* sign */
- XMEMSET(sig, 0, sizeof(sig));
- pt = (const void*)msg;
- ret1 = EVP_SignUpdate(sign, pt, count);
- ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_MD_CTX_create\n");
- return ERR_BASE_EVPSIG-12;
- }
- show("signature = ", (char *)sig, sigSz);
- /* verify */
- pt = (const void*)msg;
- ret1 = EVP_VerifyInit(verf, EVP_sha1());
- ret2 = EVP_VerifyUpdate(verf, pt, count);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_Verify\n");
- return ERR_BASE_EVPSIG-13;
- }
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_VerifyFinal\n");
- return ERR_BASE_EVPSIG-14;
- }
- /* expect fail without update */
- EVP_VerifyInit(verf, EVP_sha1());
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("EVP_VerifyInit without update not detected\n");
- return ERR_BASE_EVPSIG-15;
- }
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- #endif /* NO_RSA */
- return 0;
- }
- #endif /* OPENSSL_EXTRA */
- #ifndef NO_PWDBASED
- #ifdef HAVE_SCRYPT
- /* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
- WOLFSSL_TEST_SUBROUTINE int scrypt_test(void)
- {
- #ifdef HAVE_FIPS
- /* RFC 7914 test vector keys are too short for FIPS. */
- #else
- int ret;
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = {
- 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
- 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
- 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
- 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
- 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
- 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
- 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
- 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
- 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
- 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
- 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
- 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
- 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
- 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
- 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
- };
- #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
- 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
- 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
- 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
- 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
- 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
- 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
- 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
- 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
- };
- #endif
- #ifdef SCRYPT_TEST_ALL
- /* Test case is very slow.
- * Use for confirmation after code change or new platform.
- */
- WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
- 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
- 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
- 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
- 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
- 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
- 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
- 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
- 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
- };
- #endif
- ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
- if (ret != 0)
- return -9200;
- if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
- return -9201;
- ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
- sizeof(verify2));
- if (ret != 0)
- return -9202;
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return -9203;
- /* Test case with parallel overflowing */
- ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
- sizeof(verify2));
- if (ret != BAD_FUNC_ARG)
- return -9210;
- /* Don't run these test on embedded, since they use large mallocs */
- #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
- if (ret != 0)
- return -9204;
- if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
- return -9205;
- #ifdef SCRYPT_TEST_ALL
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
- if (ret != 0)
- return -9206;
- if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
- return -9207;
- #endif
- #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
- ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
- 8, 16, sizeof(verify2));
- if (ret != 0)
- return -9208;
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return -9209;
- #endif /* !HAVE_FIPS */
- return 0;
- }
- #endif
- #ifdef HAVE_PKCS12
- WOLFSSL_TEST_SUBROUTINE int pkcs12_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
- 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
- WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
- 0x00, 0x67, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
- 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
- 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
- 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
- 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
- };
- int id = 1;
- int kLen = 24;
- int iterations = 1;
- int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return -9300;
- if (XMEMCMP(derived, verify, kLen) != 0)
- return -9301;
- iterations = 1000;
- ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return -9302;
- ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id, HEAP_HINT);
- if (ret < 0)
- return -9303;
- if (XMEMCMP(derived, verify2, 24) != 0)
- return -9304;
- return 0;
- }
- #endif /* HAVE_PKCS12 */
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void)
- {
- char passwd[] = "passwordpassword";
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 2048;
- int kLen = 24;
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
- 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
- };
- int ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt,
- (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId);
- if (ret != 0)
- return ret;
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return -9400;
- return 0;
- }
- #endif /* HAVE_PBKDF2 && !NO_SHA256 && !NO_HMAC */
- #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
- WOLFSSL_TEST_SUBROUTINE int pbkdf1_test(void)
- {
- char passwd[] = "password";
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 1000;
- int kLen = 16;
- byte derived[16];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F,
- 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
- };
- int ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
- (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
- HEAP_HINT);
- if (ret != 0)
- return ret;
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return -9500;
- return 0;
- }
- #endif /* HAVE_PBKDF2 && !NO_SHA */
- WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void)
- {
- int ret = 0;
- #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
- ret = pbkdf1_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
- ret = pbkdf2_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_PKCS12
- ret = pkcs12_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_SCRYPT
- ret = scrypt_test();
- if (ret != 0)
- return ret;
- #endif
- return ret;
- }
- #endif /* NO_PWDBASED */
- #if defined(HAVE_HKDF) && !defined(NO_HMAC)
- /* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
- static int hkdf_test(void)
- {
- int ret = 0;
- #if !defined(NO_SHA) || !defined(NO_SHA256)
- int L;
- byte okm1[42];
- byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
- #ifndef HAVE_FIPS
- byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c };
- byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9 };
- #endif
- #ifndef NO_SHA
- byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
- 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
- 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
- 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
- 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
- 0x49, 0x18 };
- #ifndef HAVE_FIPS
- byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
- 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
- 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
- 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
- 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
- 0xf8, 0x96 };
- #endif
- #endif /* !NO_SHA */
- #ifndef NO_SHA256
- byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
- 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
- 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
- 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
- 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
- 0x96, 0xc8 };
- #ifndef HAVE_FIPS
- byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
- 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
- 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
- 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
- 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
- 0x58, 0x65 };
- #endif
- #endif /* !NO_SHA256 */
- XMEMSET(okm1, 0, sizeof(okm1));
- L = (int)sizeof(okm1);
- #ifndef NO_SHA
- ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
- okm1, L);
- if (ret != 0)
- return -9700;
- if (XMEMCMP(okm1, res1, L) != 0)
- return -9701;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- L = (int)sizeof(okm1);
- ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1),
- info1, (word32)sizeof(info1), okm1, L);
- if (ret != 0)
- return -9702;
- if (XMEMCMP(okm1, res2, L) != 0)
- return -9703;
- #endif /* HAVE_FIPS */
- #endif /* !NO_SHA */
- #ifndef NO_SHA256
- ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
- okm1, L);
- if (ret != 0)
- return -9704;
- if (XMEMCMP(okm1, res3, L) != 0)
- return -9705;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1),
- salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, L);
- if (ret != 0)
- return -9706;
- if (XMEMCMP(okm1, res4, L) != 0)
- return -9707;
- #endif /* HAVE_FIPS */
- #endif /* !NO_SHA256 */
- #endif /* !NO_SHA || !NO_SHA256 */
- return ret;
- }
- #endif /* HAVE_HKDF */
- #ifdef WOLFSSL_WOLFSSH
- typedef struct {
- byte hashId;
- byte keyId;
- const byte* k;
- word32 kSz;
- const byte* h;
- word32 hSz;
- const byte* sessionId;
- word32 sessionIdSz;
- const byte* expectedKey;
- word32 expectedKeySz;
- } SshKdfTestVector;
- /** Test Vector Set #3: SHA-256 **/
- static const byte sshKdfTvSet3k[] = {
- 0x6A, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1,
- 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64,
- 0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C,
- 0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22,
- 0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE,
- 0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76,
- 0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75,
- 0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0,
- 0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3,
- 0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E,
- 0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56,
- 0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C,
- 0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63,
- 0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF,
- 0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81,
- 0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD,
- 0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC,
- 0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78,
- 0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA,
- 0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24,
- 0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3,
- 0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60,
- 0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE,
- 0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04,
- 0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7,
- 0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE,
- 0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD,
- 0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F,
- 0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F,
- 0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22,
- 0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56,
- 0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22
- };
- static const byte sshKdfTvSet3h[] = {
- 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
- 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
- 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
- 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
- };
- static const byte sshKdfTvSet3sid[] = {
- 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
- 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
- 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
- 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
- };
- static const byte sshKdfTvSet3a[] = {
- 0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61,
- 0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9
- };
- static const byte sshKdfTvSet3b[] = {
- 0x3F, 0x6F, 0xD2, 0x06, 0x5E, 0xEB, 0x2B, 0x0B,
- 0x1D, 0x93, 0x19, 0x5A, 0x1F, 0xED, 0x48, 0xA5
- };
- static const byte sshKdfTvSet3c[] = {
- 0xC3, 0x54, 0x71, 0x03, 0x4E, 0x6F, 0xD6, 0x54,
- 0x76, 0x13, 0x17, 0x8E, 0x23, 0x43, 0x5F, 0x21
- };
- static const byte sshKdfTvSet3d[] = {
- 0x7E, 0x9D, 0x79, 0x03, 0x20, 0x90, 0xD9, 0x9F,
- 0x98, 0xB0, 0x15, 0x63, 0x4D, 0xD9, 0xF4, 0x62
- };
- static const byte sshKdfTvSet3e[] = {
- 0x24, 0xEE, 0x55, 0x9A, 0xD7, 0xCE, 0x71, 0x2B,
- 0x68, 0x5D, 0x0B, 0x22, 0x71, 0xE4, 0x43, 0xC1,
- 0x7A, 0xB1, 0xD1, 0xDC, 0xEB, 0x5A, 0x36, 0x05,
- 0x69, 0xD2, 0x5D, 0x5D, 0xC2, 0x43, 0x00, 0x2F
- };
- static const byte sshKdfTvSet3f[] = {
- 0xC3, 0x41, 0x9C, 0x2B, 0x96, 0x62, 0x35, 0x86,
- 0x9D, 0x71, 0x4B, 0xA5, 0xAC, 0x48, 0xDD, 0xB7,
- 0xD9, 0xE3, 0x5C, 0x8C, 0x19, 0xAA, 0xC7, 0x34,
- 0x22, 0x33, 0x7A, 0x37, 0x34, 0x53, 0x60, 0x7E
- };
- static const SshKdfTestVector sshKdfTestVectors[] = {
- {WC_HASH_TYPE_SHA256, 'A',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3a, sizeof(sshKdfTvSet3a)},
- {WC_HASH_TYPE_SHA256, 'B',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3b, sizeof(sshKdfTvSet3b)},
- {WC_HASH_TYPE_SHA256, 'C',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3c, sizeof(sshKdfTvSet3c)},
- {WC_HASH_TYPE_SHA256, 'D',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3d, sizeof(sshKdfTvSet3d)},
- {WC_HASH_TYPE_SHA256, 'E',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3e, sizeof(sshKdfTvSet3e)},
- {WC_HASH_TYPE_SHA256, 'F',
- sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
- sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
- sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
- sshKdfTvSet3f, sizeof(sshKdfTvSet3f)},
- };
- int sshkdf_test(void)
- {
- int result = 0;
- word32 i;
- word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
- const SshKdfTestVector* tv = NULL;
- byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
- /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
- for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) {
- result = wc_SSH_KDF(tv->hashId, tv->keyId,
- cKey, tv->expectedKeySz,
- tv->k, tv->kSz, tv->h, tv->hSz,
- tv->sessionId, tv->sessionIdSz);
- if (result != 0) {
- printf("KDF: Could not derive key.\n");
- result = -101;
- }
- else {
- if (memcmp(cKey, tv->expectedKey, tv->expectedKeySz) != 0) {
- printf("KDF: Calculated Key does not match Expected Key.\n");
- result = -102;
- }
- }
- if (result != 0) break;
- }
- return result;
- }
- #endif /* WOLFSSL_WOLFSSH */
- #ifdef WOLFSSL_TLS13
- #define TLSV13_PSK_DHE_SZ 40
- typedef struct {
- enum wc_HashType hashAlg;
- word32 pskSz;
- word32 dheSz;
- byte psk[TLSV13_PSK_DHE_SZ];
- byte dhe[TLSV13_PSK_DHE_SZ];
- byte hashHello1[WC_MAX_DIGEST_SIZE];
- byte hashHello2[WC_MAX_DIGEST_SIZE];
- byte hashFinished1[WC_MAX_DIGEST_SIZE];
- byte hashFinished2[WC_MAX_DIGEST_SIZE];
- /* Expected */
- byte clientEarlyTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte earlyExporterMasterSecret[WC_MAX_DIGEST_SIZE];
- byte clientHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte serverHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte clientApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte serverApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
- byte exporterMasterSecret[WC_MAX_DIGEST_SIZE];
- byte resumptionMasterSecret[WC_MAX_DIGEST_SIZE];
- } Tls13KdfTestVector;
- /* The following tests come from the CAVP test vectors we used for
- * our FIPS validation. The hash values used are the components from
- * the test hashed together. hashHello1 is the hash of the
- * clientHelloRandom value of the test vector. hashHello2 is the hash
- * of the clientHelloRandom and serverHelloRandom values from the test
- * vector. hashFinished1 is clientHelloRandom, serverHelloRandom, and
- * serverFinishedRandom. hashFinished2 is clientHelloRandom,
- * serverHelloRandom, serverFinishedRandom, and clietnFinishedRandom
- * hashed together. */
- static const Tls13KdfTestVector tls13KdfTestVectors[] = {
- { /* 1 */
- WC_HASH_TYPE_SHA256, 35, 35,
- { /* PSK */
- 0x7b, 0xf1, 0x05, 0x31, 0x36, 0xfa, 0x03, 0xdc,
- 0x31, 0x97, 0x88, 0x04, 0x9c, 0xbc, 0xee, 0xf7,
- 0x8d, 0x84, 0x95, 0x26, 0xaf, 0x1d, 0x68, 0xb0,
- 0x60, 0x7a, 0xcc, 0x4f, 0xc1, 0xd3, 0xa1, 0x68,
- 0x7f, 0x6d, 0xbe
- },
- { /* DHE */
- 0x6e, 0xa1, 0x77, 0xab, 0x2f, 0x43, 0xd2, 0x4b,
- 0xe5, 0xa1, 0x09, 0xe0, 0x7a, 0xd0, 0x01, 0x35,
- 0x8d, 0xf8, 0xf2, 0x5c, 0x91, 0x02, 0xb0, 0x6c,
- 0x3f, 0xeb, 0xee, 0xa4, 0x42, 0x19, 0xce, 0xdc,
- 0x81, 0x26, 0x40
- },
- { /* Hello 1 */
- 0xd9, 0x4b, 0xe4, 0x17, 0xef, 0x58, 0x73, 0x7d,
- 0x28, 0x3d, 0xf0, 0xcc, 0x05, 0x03, 0xaf, 0xac,
- 0x3d, 0x92, 0x79, 0x48, 0xe8, 0x8c, 0xdb, 0xce,
- 0x95, 0x82, 0x21, 0x31, 0x7b, 0x61, 0xd7, 0xc6
- },
- { /* Hello 2 */
- 0xb7, 0x7f, 0x29, 0x91, 0xa4, 0x8b, 0x34, 0xdb,
- 0xbd, 0xc7, 0x54, 0x1c, 0x3b, 0x86, 0xa3, 0x69,
- 0xfe, 0x26, 0xe4, 0x7b, 0xac, 0x57, 0x71, 0xb3,
- 0x32, 0x97, 0xed, 0xd2, 0x0e, 0x95, 0xb8, 0x63
- },
- { /* Finished 1 */
- 0x65, 0xdb, 0x6d, 0x71, 0x71, 0xd0, 0xd8, 0x49,
- 0xd0, 0x3c, 0x8e, 0x2b, 0x24, 0xdf, 0xc2, 0xe9,
- 0xd6, 0xfd, 0xea, 0x04, 0x95, 0x7c, 0xf0, 0x7e,
- 0x57, 0x74, 0x7c, 0xdd, 0xa3, 0x0b, 0x2b, 0x36
- },
- { /* Finished 2 */
- 0x28, 0xf2, 0xf2, 0x79, 0xcf, 0x20, 0x52, 0x90,
- 0x1d, 0x91, 0x05, 0xad, 0x44, 0x26, 0x23, 0x96,
- 0x32, 0xce, 0xec, 0x61, 0xd1, 0xbf, 0x00, 0x48,
- 0x4a, 0xa5, 0x60, 0xcc, 0x28, 0xb5, 0x8d, 0x98
- },
- { /* Client Early Traffic Secret */
- 0x07, 0x14, 0x6a, 0x26, 0x5b, 0x6c, 0x7f, 0x4d, 0x6b, 0x47, 0x3f, 0xd5,
- 0x03, 0x1d, 0xd2, 0x23, 0x3d, 0x89, 0x3e, 0xc6, 0x51, 0xd1, 0xac, 0xf8,
- 0x28, 0xae, 0x4b, 0x76, 0xc8, 0x10, 0x7e, 0xdd
- },
- { /* Early Exporter Master Secret */
- 0xb8, 0xd3, 0x25, 0x7e, 0x2d, 0x41, 0x7b, 0xcb, 0x5e, 0x82, 0x49, 0xf5,
- 0x51, 0x3d, 0xb7, 0x59, 0x32, 0xb3, 0xdf, 0x99, 0x4e, 0x04, 0x69, 0xc6,
- 0x96, 0x8e, 0xe6, 0x3d, 0x91, 0xe4, 0x81, 0x11
- },
- { /* Client Handshake Traffic Secret */
- 0xd9, 0x3b, 0x54, 0xe2, 0xb0, 0xd1, 0x85, 0xf0, 0xfd, 0xf3, 0x48, 0x4a,
- 0xf8, 0x0b, 0xa5, 0xdc, 0x4c, 0x37, 0xcb, 0xd4, 0x20, 0xaf, 0x60, 0xc7,
- 0xd5, 0x50, 0x5d, 0x0c, 0x77, 0x3b, 0x6f, 0xd2
- },
- { /* Server Handshake Traffic Secret */
- 0x4d, 0x40, 0x2b, 0xd2, 0x8c, 0x33, 0x90, 0x39, 0x67, 0x67, 0x05, 0xf7,
- 0x5d, 0x37, 0x1e, 0xdc, 0x4a, 0x70, 0x6b, 0x9e, 0xf8, 0x06, 0x61, 0x89,
- 0x70, 0xe1, 0x3d, 0x36, 0xad, 0x88, 0x7e, 0x5b
- },
- { /* Client Application Traffic Secret */
- 0x74, 0x6e, 0xa0, 0x13, 0x18, 0x34, 0x48, 0x4d, 0x23, 0x31, 0xf1, 0xf9,
- 0xee, 0x44, 0x6d, 0xad, 0xc1, 0xad, 0x92, 0x73, 0xca, 0x27, 0x16, 0x91,
- 0xa2, 0x50, 0x9a, 0xfc, 0xec, 0xf0, 0x6b, 0x24
- },
- { /* Server Application Traffic Secret */
- 0x89, 0x18, 0x7e, 0x34, 0x8d, 0xfc, 0x14, 0xb1, 0x4f, 0x21, 0xd8, 0x29,
- 0xdb, 0x9b, 0xfb, 0x55, 0xcf, 0xa1, 0x4f, 0x95, 0xf8, 0xe0, 0xb0, 0x83,
- 0xd5, 0x34, 0x9e, 0x0b, 0x83, 0x37, 0x42, 0x93
- },
- { /* Exporter Master Secret */
- 0x7d, 0xc8, 0x88, 0x46, 0xd5, 0x57, 0x15, 0xb6, 0x24, 0x25, 0x92, 0x61,
- 0xb1, 0x18, 0x86, 0x2a, 0x6d, 0xa5, 0x84, 0xeb, 0x59, 0xdf, 0x13, 0xbd,
- 0x73, 0xaa, 0x5d, 0x65, 0xab, 0xd9, 0xb4, 0x56
- },
- { /* Resumption Master Secret */
- 0x20, 0xb7, 0xd0, 0xe3, 0x82, 0x01, 0xa1, 0x04, 0xb8, 0x13, 0x29, 0xed,
- 0x35, 0xe4, 0x2f, 0xbf, 0x58, 0x23, 0x7f, 0x21, 0xdb, 0x9f, 0xf8, 0xe0,
- 0xe8, 0xe4, 0xab, 0xc4, 0xa1, 0x61, 0xb9, 0xbb
- }
- },
- { /* 6 */
- WC_HASH_TYPE_SHA256, 0, 33,
- { 0 }, /* PSK */
- { /* DHE */
- 0x7a, 0x46, 0x8c, 0x5a, 0xd1, 0x8e, 0x95, 0xba,
- 0x61, 0xe6, 0x6f, 0xe6, 0x76, 0x0c, 0x20, 0x43,
- 0x16, 0x82, 0x15, 0xfe, 0x54, 0xa3, 0xc7, 0xfd,
- 0x3b, 0x2c, 0x88, 0xb4, 0xd3, 0x42, 0x70, 0x12,
- 0x18
- },
- { /* Hello 1 */
- 0x63, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3,
- 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6,
- 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb,
- 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b
- },
- { /* Hello 2 */
- 0xea, 0xfe, 0x9e, 0x8e, 0xff, 0x1f, 0x6f, 0x43,
- 0xf9, 0x5d, 0xfd, 0xbf, 0xe2, 0x5f, 0x02, 0x2f,
- 0x6d, 0x47, 0x60, 0x9a, 0x48, 0x9a, 0x75, 0xfb,
- 0xb5, 0x4a, 0xbf, 0x9c, 0x4e, 0xff, 0xbf, 0x0b
- },
- { /* Finished 1 */
- 0xca, 0x25, 0xb3, 0x53, 0x8e, 0x6d, 0xc3, 0x36,
- 0x17, 0x30, 0x07, 0xdf, 0x0d, 0xd7, 0x79, 0xb0,
- 0x7f, 0xcb, 0xbe, 0x7a, 0xbc, 0x2d, 0x9f, 0x2d,
- 0x94, 0x44, 0x94, 0xe6, 0xa4, 0xf3, 0xe8, 0x53
- },
- { /* Finished 2 */
- 0x2e, 0xa6, 0x5a, 0xaf, 0xb5, 0xba, 0x9f, 0x2f,
- 0x74, 0x83, 0x5d, 0xbf, 0x86, 0xa4, 0xa6, 0xf6,
- 0xb9, 0x89, 0xdf, 0x17, 0xe1, 0xa8, 0x14, 0xc0,
- 0xe1, 0x50, 0xfa, 0xec, 0xfa, 0xae, 0x8b, 0x7b
- },
- {
- 0x20, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72,
- 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4,
- 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3
- },
- {
- 0x68, 0x10, 0x20, 0xd1, 0x5e, 0xfc, 0x0c, 0x53, 0x85, 0xbb, 0xdb, 0x18,
- 0xa8, 0x78, 0xf1, 0x2b, 0x13, 0xba, 0x64, 0x1d, 0xe7, 0x09, 0xbe, 0x13,
- 0x49, 0x26, 0xf9, 0x98, 0x56, 0xf1, 0x43, 0xfb
- },
- {
- 0x24, 0x35, 0x3e, 0x10, 0x6f, 0x39, 0x50, 0xd6, 0xa2, 0x12, 0x99, 0xf2,
- 0xd5, 0xf5, 0x19, 0xf5, 0x84, 0xed, 0xee, 0x78, 0x2a, 0xa6, 0xfa, 0x3d,
- 0x06, 0xa8, 0xa7, 0x5d, 0x97, 0x78, 0xd6, 0x58
- },
- {
- 0xf4, 0x57, 0xac, 0x24, 0x7a, 0xfb, 0x7c, 0x3b, 0xb6, 0x39, 0x17, 0x14,
- 0xd9, 0xd4, 0x58, 0x4d, 0x46, 0xd5, 0x1b, 0xde, 0xf7, 0x9d, 0x06, 0xee,
- 0x8d, 0x1a, 0x2c, 0x25, 0x6d, 0x64, 0xde, 0x89
- },
- {
- 0xb6, 0x00, 0xce, 0x63, 0xed, 0x65, 0x8b, 0x66, 0x66, 0x42, 0xc6, 0xbd,
- 0x89, 0xc4, 0x71, 0x6f, 0xce, 0x28, 0xb2, 0xac, 0x97, 0x07, 0x5b, 0xea,
- 0xb8, 0x1d, 0x4c, 0xeb, 0x9e, 0x71, 0x07, 0x8f
- },
- {
- 0xf8, 0x92, 0xc8, 0xba, 0xe7, 0x83, 0xfe, 0x68, 0xe4, 0xd6, 0x5e, 0xcb,
- 0xb3, 0xef, 0x49, 0xd0, 0xe7, 0xb1, 0xac, 0xcb, 0x39, 0x19, 0xfd, 0xa7,
- 0xf7, 0xca, 0xab, 0x1e, 0x42, 0x14, 0xd8, 0xe7
- },
- {
- 0x32, 0x4a, 0x1a, 0xad, 0xe2, 0xbb, 0x55, 0x8a, 0xdd, 0xe9, 0xa5, 0x2a,
- 0x46, 0x5e, 0x6c, 0x83, 0x66, 0x27, 0x27, 0x94, 0xdd, 0x68, 0x59, 0xa0,
- 0xbb, 0xe8, 0x31, 0x7c, 0x39, 0xd7, 0xfd, 0x6d
- },
- {
- 0x58, 0xbc, 0x6c, 0x5b, 0x24, 0xad, 0x82, 0xb3, 0xcc, 0xc7, 0xd1, 0xa1,
- 0xaa, 0x2b, 0x98, 0x9f, 0x2f, 0x7e, 0xa9, 0x63, 0xc2, 0x8e, 0xb6, 0x06,
- 0xc2, 0x2b, 0x74, 0x4b, 0x79, 0x19, 0x7e, 0x2e
- }
- },
- { /* 11 */
- WC_HASH_TYPE_SHA256, 33, 0,
- { /* PSK */
- 0x3d, 0x39, 0x49, 0x36, 0x98, 0xc5, 0xfd, 0xcd,
- 0xa0, 0x17, 0xbd, 0x65, 0x0a, 0xdb, 0xd4, 0x07,
- 0x56, 0xa2, 0x7b, 0xb8, 0x2a, 0x7e, 0xfb, 0x26,
- 0x74, 0xe1, 0xbc, 0x08, 0x4b, 0xf0, 0x30, 0x14,
- 0x12
- },
- { 0 }, /* DHE */
- { /* Hello 1 */
- 0xb7, 0x44, 0x74, 0x6c, 0x57, 0x1f, 0xf3, 0x84,
- 0x8f, 0x63, 0xfb, 0x8c, 0x94, 0x6c, 0x16, 0x68,
- 0x4b, 0xe1, 0xb5, 0xb5, 0x2a, 0x4e, 0x5f, 0xdf,
- 0x4b, 0x53, 0xb2, 0x35, 0xfc, 0x30, 0xf1, 0x36
- },
- { /* Hello 2 */
- 0xe6, 0x4f, 0x3a, 0x4f, 0xd7, 0xe0, 0x64, 0xd4,
- 0x69, 0x50, 0xe4, 0x8b, 0xba, 0xbc, 0x47, 0x74,
- 0xa7, 0x9b, 0x40, 0x91, 0x8f, 0xa8, 0x72, 0x22,
- 0x97, 0xad, 0x43, 0xa7, 0x11, 0x86, 0xb5, 0x72
- },
- { /* Finished 1 */
- 0x5f, 0xa6, 0x10, 0xe2, 0xa3, 0x99, 0x0b, 0x5e,
- 0x57, 0xee, 0xc3, 0x3a, 0x8e, 0x04, 0xf3, 0x0e,
- 0x58, 0x02, 0x09, 0xb2, 0x7e, 0x2d, 0xc6, 0xd2,
- 0x08, 0xae, 0x68, 0x0a, 0x55, 0xa5, 0xda, 0x51
- },
- { /* Finished 2 */
- 0xfc, 0x5b, 0xc0, 0x7e, 0x1b, 0xaa, 0xc0, 0xb4,
- 0x34, 0x85, 0x49, 0x8e, 0x16, 0x31, 0x98, 0xdf,
- 0x10, 0x54, 0x22, 0xda, 0x1e, 0x6b, 0x51, 0xf6,
- 0x97, 0x57, 0xa0, 0x7a, 0x92, 0xe7, 0x47, 0x52
- },
- {
- 0x80, 0xfa, 0x36, 0x30, 0xb8, 0x65, 0xb3, 0x2a, 0x1d, 0x68, 0x91, 0x06,
- 0x98, 0xa0, 0x17, 0x8f, 0xee, 0xb7, 0x9e, 0x3d, 0xd8, 0x84, 0x99, 0x30,
- 0xb9, 0xd6, 0x09, 0x25, 0x5e, 0xfb, 0x8f, 0xd3 },
- {
- 0xa9, 0x89, 0x29, 0x70, 0xe4, 0x55, 0xec, 0x97, 0xfb, 0x24, 0x5b, 0xf9,
- 0xf1, 0xa3, 0x19, 0x3d, 0xf1, 0x31, 0x14, 0xcd, 0x2a, 0xed, 0x21, 0xc8,
- 0xb1, 0x53, 0xad, 0x11, 0x0b, 0x9e, 0x5a, 0xee },
- {
- 0x72, 0xad, 0x8d, 0x7f, 0xfc, 0xb7, 0x68, 0xda, 0x27, 0x60, 0x37, 0xa3,
- 0x4a, 0x63, 0xe8, 0xa5, 0xc8, 0xcd, 0x36, 0x6a, 0x77, 0x99, 0x0d, 0xa9,
- 0xb1, 0x5b, 0x2f, 0x47, 0x2e, 0x22, 0xa7, 0x5e },
- {
- 0x95, 0x6e, 0x85, 0x09, 0xe5, 0x04, 0x88, 0x14, 0x28, 0x8d, 0xdf, 0xe6,
- 0x0d, 0x0f, 0x0d, 0x6b, 0x4e, 0x66, 0x1c, 0x03, 0xb9, 0xaa, 0x2d, 0x45,
- 0x56, 0x67, 0x5c, 0x55, 0x29, 0xd6, 0x89, 0xd0 },
- {
- 0xe8, 0xf2, 0x14, 0xf9, 0x9b, 0x2b, 0x9f, 0x24, 0x2b, 0x37, 0xbe, 0x86,
- 0xdb, 0x23, 0x4b, 0xbe, 0x39, 0x57, 0xe8, 0xa9, 0xa5, 0xee, 0x08, 0xf2,
- 0x75, 0x58, 0xdb, 0xd9, 0x51, 0xc1, 0x46, 0x02 },
- {
- 0x3d, 0x19, 0xaf, 0xa3, 0x0b, 0x21, 0xf7, 0x3d, 0xe7, 0x37, 0x6e, 0x32,
- 0x13, 0x48, 0x9d, 0xea, 0xe0, 0x90, 0xbf, 0x64, 0x48, 0xf7, 0x1e, 0xcc,
- 0xf0, 0xbc, 0x92, 0xd7, 0x8a, 0x4a, 0xa8, 0xc1 },
- {
- 0x16, 0x35, 0xb1, 0x66, 0x28, 0xa3, 0x3e, 0x19, 0xf5, 0x2d, 0x92, 0x22,
- 0x95, 0x48, 0xe8, 0x34, 0x7b, 0x30, 0x50, 0xa2, 0xa0, 0xd9, 0xc2, 0x59,
- 0x39, 0xf9, 0x8c, 0x69, 0xf2, 0x2a, 0xb9, 0xff },
- {
- 0x32, 0x71, 0xa6, 0x87, 0x0c, 0x97, 0x42, 0x07, 0xdd, 0x5f, 0xc9, 0x44,
- 0xa5, 0x7c, 0x50, 0x14, 0xfd, 0xe7, 0x5f, 0x8b, 0xd3, 0x2f, 0xdc, 0x9b,
- 0xa9, 0x93, 0x22, 0x19, 0xe6, 0xf2, 0x0c, 0xd8 }
- },
- #ifdef WOLFSSL_SHA384
- { /* 26 */
- WC_HASH_TYPE_SHA384, 35, 35,
- { /* PSK */
- 0x62, 0x83, 0x25, 0xc7, 0xcc, 0x08, 0x5e, 0x63,
- 0x64, 0x56, 0xf0, 0xc6, 0x88, 0x27, 0x5a, 0x5b,
- 0x68, 0x59, 0x0b, 0x14, 0x55, 0x13, 0x2e, 0xfd,
- 0x8f, 0x28, 0x5b, 0x3d, 0xe3, 0xad, 0x67, 0xe4,
- 0x68, 0xba, 0xf9
- },
- { /* DHE */
- 0xa8, 0xb1, 0xab, 0xd8, 0xc8, 0x5b, 0x52, 0xdf,
- 0x7f, 0x49, 0x10, 0xf4, 0xa1, 0x31, 0xd1, 0x91,
- 0x36, 0xc1, 0x87, 0x5d, 0x42, 0x2a, 0xe7, 0x1d,
- 0x2c, 0x29, 0x3d, 0x40, 0x64, 0x61, 0x63, 0x76,
- 0xd8, 0x66, 0xac
- },
- { /* Hello 1 */
- 0x6f, 0xc6, 0x4c, 0xe1, 0xc6, 0x68, 0x34, 0x8c,
- 0x0a, 0xe1, 0xf8, 0xb8, 0x3e, 0xd4, 0xf8, 0x0b,
- 0x54, 0x50, 0xe4, 0xc5, 0x4a, 0x33, 0x7d, 0xbd,
- 0x90, 0xd2, 0xa2, 0xb9, 0xb7, 0x92, 0xed, 0xab,
- 0x14, 0xf1, 0xe4, 0x86, 0x22, 0x67, 0xd7, 0x44,
- 0x03, 0x21, 0xdc, 0x51, 0x52, 0x7f, 0x35, 0x80
- },
- { /* Hello 2 */
- 0x3e, 0xcf, 0x2f, 0xc3, 0x87, 0xba, 0xc5, 0xbd,
- 0x7c, 0xe8, 0x35, 0x5b, 0x95, 0x51, 0x30, 0x3b,
- 0x08, 0xcc, 0x2a, 0x7d, 0xb5, 0x74, 0x7c, 0x16,
- 0xb3, 0x0b, 0xe7, 0x61, 0xa3, 0x7c, 0x6c, 0xbd,
- 0x39, 0x74, 0xfd, 0x1e, 0x4c, 0xff, 0xc8, 0xcc,
- 0xa0, 0xef, 0x29, 0x4d, 0x94, 0xaa, 0x55, 0x6f,
- },
- { /* Finished 1 */
- 0x06, 0xc1, 0x47, 0x78, 0x66, 0x53, 0x6f, 0x24,
- 0x94, 0x61, 0x69, 0xec, 0xd8, 0x60, 0x31, 0x2f,
- 0xbf, 0xd6, 0x8a, 0x29, 0x17, 0xff, 0xa3, 0x88,
- 0x13, 0x09, 0x8c, 0x9d, 0x6c, 0x64, 0x84, 0x48,
- 0x44, 0xdd, 0x2d, 0x29, 0x4d, 0xe6, 0x98, 0x2b,
- 0x45, 0x3b, 0x84, 0x33, 0x79, 0xb2, 0x75, 0x68
- },
- { /* Finished 2 */
- 0x28, 0x1e, 0x18, 0xf7, 0x9c, 0x32, 0xa9, 0xbf,
- 0x0c, 0x24, 0x58, 0x21, 0xce, 0xbc, 0xf2, 0x44,
- 0xb1, 0x18, 0xaf, 0x9d, 0xd9, 0x20, 0xf9, 0xf4,
- 0xed, 0xcc, 0x53, 0x82, 0x66, 0x5c, 0x46, 0x94,
- 0x8c, 0x36, 0x5e, 0xca, 0x9f, 0xd8, 0x9a, 0xd3,
- 0xf0, 0xe1, 0x53, 0x71, 0xdd, 0x19, 0x1e, 0x59
- },
- {
- 0xd0, 0xef, 0xa8, 0xcb, 0x5b, 0x14, 0x0f, 0x0a, 0x62, 0xba, 0x5a, 0xb1,
- 0xc5, 0xb5, 0x3f, 0x11, 0xda, 0xa1, 0x0c, 0x9c, 0xb4, 0x32, 0x48, 0x4e,
- 0xfa, 0x84, 0x4f, 0xe4, 0xe7, 0x91, 0x8f, 0x42, 0x3f, 0xc7, 0x4e, 0xd3,
- 0x83, 0x3d, 0x7f, 0x70, 0x12, 0xee, 0x9a, 0x37, 0x01, 0xbb, 0x14, 0xd3
- },
- {
- 0x48, 0x6f, 0x77, 0x1d, 0x39, 0x1b, 0xa5, 0x9a, 0x76, 0xd9, 0x1d, 0x7d,
- 0xb3, 0xd9, 0xb9, 0x78, 0x35, 0x0f, 0xd0, 0xe1, 0x07, 0x1f, 0x8d, 0xe5,
- 0x75, 0x00, 0xda, 0xc0, 0x19, 0x01, 0xfb, 0x08, 0x35, 0xe7, 0x18, 0x8f,
- 0xf0, 0x19, 0xfb, 0x46, 0xf6, 0xa5, 0x77, 0x0e, 0x90, 0x38, 0x8b, 0x15
- },
- {
- 0x80, 0x8c, 0xa7, 0x24, 0x97, 0xf9, 0xd3, 0x52, 0xb0, 0x69, 0x9d, 0x4b,
- 0xa4, 0x19, 0x4a, 0xb1, 0x46, 0x53, 0x3a, 0xc8, 0xe4, 0x02, 0x69, 0xf2,
- 0xe7, 0xb6, 0x1d, 0x33, 0x51, 0xcc, 0x14, 0x40, 0x4a, 0xb0, 0xe7, 0x58,
- 0x84, 0xba, 0xc2, 0x14, 0x58, 0x6b, 0xb9, 0xdc, 0x50, 0x98, 0x67, 0x01
- },
- {
- 0xb1, 0xa8, 0xc0, 0x06, 0xb3, 0x2e, 0xa7, 0x8a, 0x6a, 0x12, 0x88, 0x00,
- 0x65, 0x88, 0x9c, 0x5d, 0x35, 0xee, 0xe5, 0x51, 0x0b, 0x62, 0xf8, 0x67,
- 0xe5, 0xef, 0x15, 0x1f, 0x23, 0x02, 0x74, 0x08, 0x9c, 0xc8, 0xba, 0x27,
- 0x5d, 0x32, 0x19, 0x6f, 0x6d, 0x5d, 0x72, 0x5e, 0x15, 0xde, 0x30, 0xc3
- },
- {
- 0xfd, 0xce, 0xf5, 0x65, 0x45, 0x84, 0xfb, 0x8c, 0x79, 0xa4, 0x6c, 0x1b,
- 0x0e, 0x1b, 0xfd, 0x26, 0xa2, 0x53, 0xf4, 0x4e, 0x00, 0x4d, 0x4b, 0x0b,
- 0x24, 0x6d, 0x35, 0x35, 0xd9, 0x97, 0x70, 0xc5, 0xf4, 0xee, 0xe3, 0xba,
- 0x31, 0x1e, 0x2a, 0x42, 0xcb, 0xdf, 0x40, 0xb1, 0x14, 0xb8, 0x53, 0xce
- },
- {
- 0xbb, 0xb3, 0x26, 0x7c, 0x22, 0x21, 0x9b, 0x72, 0x32, 0xa1, 0x97, 0xfb,
- 0x78, 0x8c, 0xbe, 0x3d, 0x71, 0x45, 0xb8, 0xf5, 0x24, 0x8f, 0x0f, 0xac,
- 0x42, 0x5b, 0x81, 0xe8, 0xd0, 0x71, 0x4a, 0xcb, 0x32, 0x3f, 0x03, 0xfb,
- 0xec, 0x6a, 0x1f, 0x76, 0x80, 0x65, 0x01, 0x7a, 0x3d, 0xce, 0xc4, 0xdf
- },
- {
- 0x3f, 0xcf, 0x2f, 0x63, 0x94, 0x94, 0x99, 0xfd, 0x04, 0x3a, 0x89, 0x83,
- 0xcf, 0x06, 0x05, 0xec, 0x20, 0x3e, 0x5f, 0x51, 0x9d, 0x6e, 0x4a, 0xc6,
- 0xf1, 0x2b, 0x37, 0x17, 0x34, 0x72, 0x6e, 0x1d, 0x2a, 0xfd, 0xc7, 0x73,
- 0xb5, 0x07, 0x22, 0x81, 0x32, 0x2e, 0x21, 0x85, 0xaf, 0x10, 0xb2, 0x73
- },
- {
- 0x52, 0x0c, 0x3d, 0x2e, 0x2d, 0x4a, 0x11, 0xae, 0x96, 0x78, 0xe9, 0x5b,
- 0xd8, 0x0f, 0x6c, 0xf4, 0xbd, 0x96, 0x13, 0x55, 0x88, 0xdd, 0xa3, 0x67,
- 0x36, 0x86, 0x1e, 0x0b, 0x36, 0x41, 0xec, 0xf6, 0x04, 0xb2, 0xc4, 0x16,
- 0xbc, 0x2c, 0xdb, 0x30, 0x02, 0x94, 0xd4, 0x42, 0xbf, 0x38, 0xee, 0x9d
- }
- },
- { /* 36 */
- WC_HASH_TYPE_SHA384, 0, 33,
- { 0 }, /* PSK */
- { /* DHE */
- 0xd3, 0x00, 0x72, 0x9a, 0xa8, 0xc5, 0xf3, 0xc4,
- 0xf1, 0xa0, 0x26, 0x89, 0x65, 0x70, 0xc7, 0x0b,
- 0x77, 0xbb, 0xe1, 0x4b, 0x2b, 0xa8, 0x4f, 0xa6,
- 0x09, 0x4b, 0xba, 0x45, 0x36, 0x15, 0xee, 0x68,
- 0xfd
- },
- { /* Hello 1 */
- 0x10, 0x9d, 0x8b, 0xa2, 0x93, 0xe7, 0xd3, 0xb9,
- 0xb4, 0x0f, 0xeb, 0x6a, 0xb9, 0x69, 0xcb, 0x39,
- 0x16, 0x29, 0xcc, 0xd3, 0xcc, 0x1a, 0x4c, 0x1b,
- 0x53, 0x7c, 0x33, 0x88, 0x06, 0xbc, 0x0a, 0x02,
- 0xa0, 0xbe, 0x62, 0xc0, 0xe6, 0x5e, 0x97, 0x5b,
- 0x6a, 0xa1, 0x98, 0xf3, 0xd2, 0x1e, 0xcd, 0xc5
- },
- { /* Hello 2 */
- 0x74, 0xc0, 0x07, 0x2c, 0xc1, 0x63, 0xcc, 0x11,
- 0xad, 0x1a, 0x55, 0x63, 0xbc, 0x20, 0x77, 0x96,
- 0x30, 0x1c, 0x68, 0x45, 0x1e, 0x9b, 0xa7, 0xb4,
- 0xf3, 0x04, 0x45, 0x16, 0x76, 0x55, 0xf9, 0xdf,
- 0x4b, 0x2f, 0x1a, 0xdf, 0x5a, 0xb0, 0x93, 0xc9,
- 0xab, 0xf5, 0x32, 0x47, 0x79, 0x9c, 0x01, 0xeb
- },
- { /* Finished 1 */
- 0x27, 0x08, 0x8e, 0xa5, 0xf1, 0x30, 0xe1, 0xd6,
- 0x4f, 0xa2, 0x9e, 0x3b, 0x03, 0x2d, 0x2e, 0xa3,
- 0x84, 0x75, 0x51, 0x3a, 0xc3, 0xf6, 0xee, 0x2e,
- 0x37, 0x0c, 0xe3, 0x28, 0x46, 0xa5, 0x2d, 0xc7,
- 0xf0, 0x64, 0x78, 0x53, 0x66, 0x43, 0x02, 0xa4,
- 0x7a, 0x43, 0x66, 0x4b, 0xa7, 0xcb, 0x97, 0x16
- },
- { /* Finished 2 */
- 0x1d, 0x0d, 0xf8, 0xe1, 0x81, 0xa5, 0xbd, 0xa8,
- 0x6f, 0x9d, 0x01, 0xa4, 0x9a, 0x92, 0xe2, 0xef,
- 0x08, 0xab, 0xef, 0x3e, 0x2d, 0xd4, 0x82, 0xac,
- 0x68, 0x9d, 0xe0, 0x54, 0x17, 0xde, 0x1a, 0xed,
- 0x57, 0xcb, 0xd9, 0x2d, 0xc8, 0xbc, 0x93, 0xe6,
- 0xa3, 0xec, 0xde, 0xee, 0xa1, 0x1c, 0x41, 0x85
- },
- {
- 0x7f, 0x1f, 0xe6, 0x7b, 0xd8, 0xf5, 0x2b, 0x37, 0xbe, 0xb7, 0xd0, 0x37,
- 0xce, 0x46, 0xad, 0x04, 0x2f, 0xc7, 0xdb, 0xc9, 0x9a, 0xb6, 0x00, 0x3f,
- 0xc1, 0x97, 0xe9, 0x5c, 0x5e, 0x14, 0xd1, 0x38, 0x4d, 0x55, 0xe1, 0x07,
- 0xb5, 0x85, 0x6d, 0xfa, 0xa7, 0x66, 0xad, 0xfa, 0xb6, 0xad, 0x29, 0x44
- },
- {
- 0x4e, 0x6b, 0x20, 0x99, 0x55, 0x1b, 0x21, 0x89, 0xb6, 0x70, 0xdb, 0xe8,
- 0xa7, 0x16, 0x55, 0xf2, 0x93, 0x13, 0x90, 0x7d, 0xfa, 0x62, 0x65, 0x53,
- 0xa0, 0x97, 0xe9, 0xb4, 0xc0, 0xf1, 0xc9, 0x1a, 0x67, 0xdd, 0xca, 0x57,
- 0xbc, 0xca, 0x39, 0xe6, 0x39, 0x6b, 0x63, 0x47, 0x25, 0x08, 0x3a, 0xd7
- },
- {
- 0x35, 0x0d, 0xac, 0xd8, 0x10, 0x6a, 0x46, 0x50, 0x66, 0xae, 0x02, 0xc9,
- 0xde, 0x13, 0x48, 0xce, 0x53, 0xd4, 0x92, 0x62, 0xc5, 0x65, 0x10, 0x08,
- 0xc2, 0xc2, 0x82, 0xed, 0x9d, 0xc9, 0x6f, 0xa8, 0xc3, 0xc1, 0x0b, 0x7c,
- 0xe1, 0x97, 0x85, 0xd6, 0x46, 0x29, 0x0e, 0x42, 0x51, 0xc1, 0x35, 0xcf
- },
- {
- 0x3d, 0x5d, 0x84, 0xbd, 0x16, 0x46, 0x34, 0xb3, 0xf6, 0x31, 0x49, 0x3e,
- 0x8d, 0xdc, 0xcb, 0x8c, 0x6a, 0x42, 0xf4, 0x88, 0xfc, 0x19, 0xfa, 0xa2,
- 0x25, 0xc7, 0xa0, 0xa4, 0xca, 0xf0, 0xea, 0x2d, 0xe8, 0xc4, 0x02, 0x14,
- 0x63, 0xfb, 0xd3, 0x7b, 0x51, 0x1c, 0xce, 0xca, 0xa3, 0xc3, 0xe4, 0xa5
- },
- {
- 0x7c, 0x3a, 0x55, 0x92, 0x2e, 0xdd, 0x75, 0xdd, 0x76, 0x54, 0x4a, 0x9f,
- 0xd0, 0xa2, 0x88, 0x83, 0xe9, 0x27, 0xda, 0x30, 0xe9, 0x96, 0x58, 0xc5,
- 0xb7, 0x56, 0xfc, 0x4b, 0xb8, 0x5d, 0xee, 0x46, 0x70, 0x4e, 0x1b, 0x06,
- 0x86, 0xaf, 0x48, 0x5c, 0x17, 0x35, 0xfa, 0x69, 0xc2, 0x4d, 0xfb, 0x09
- },
- {
- 0x00, 0x0e, 0x28, 0x51, 0xc1, 0x7f, 0x41, 0x89, 0x6f, 0x9a, 0xca, 0x15,
- 0xee, 0xed, 0x43, 0xca, 0x6d, 0x65, 0x6f, 0x51, 0x18, 0x6c, 0x08, 0x4b,
- 0x77, 0xca, 0x75, 0xc4, 0xc3, 0xde, 0x29, 0x41, 0x8b, 0xaf, 0xa7, 0x1c,
- 0x28, 0x37, 0xa0, 0xa0, 0x74, 0x8e, 0x09, 0x42, 0x7a, 0x1b, 0x68, 0xdb
- },
- {
- 0x14, 0x8f, 0xab, 0x28, 0x64, 0xea, 0x45, 0x88, 0xdb, 0xc1, 0xc6, 0xa0,
- 0x48, 0xdf, 0x15, 0xd0, 0x28, 0x07, 0x2d, 0x6c, 0xb8, 0x42, 0xbb, 0x60,
- 0x02, 0x08, 0x9e, 0x29, 0x9b, 0x8d, 0xd6, 0x1c, 0xaf, 0xf2, 0x1a, 0xdc,
- 0xf0, 0x78, 0x0b, 0x4d, 0x90, 0xa1, 0x0c, 0xb3, 0x13, 0xde, 0xca, 0x5a
- },
- {
- 0x4d, 0x80, 0x7d, 0x0b, 0xb9, 0x00, 0x6f, 0x65, 0x51, 0x65, 0x23, 0xde,
- 0x72, 0xdc, 0x4f, 0x04, 0xa5, 0xa2, 0x90, 0x45, 0x51, 0x9e, 0xd0, 0x3a,
- 0xe4, 0xd7, 0x78, 0xa3, 0x0f, 0x2d, 0x65, 0x12, 0xad, 0xc8, 0x92, 0x30,
- 0x79, 0x9d, 0x9d, 0x08, 0x7a, 0x9c, 0x9f, 0x83, 0xb1, 0xca, 0x59, 0x56
- }
- },
- { /* 41 */
- WC_HASH_TYPE_SHA384, 33, 0,
- { /* PSK */
- 0xa4, 0x8b, 0x1b, 0x5f, 0xd0, 0xea, 0x75, 0x62,
- 0x06, 0x4d, 0x68, 0x40, 0x85, 0x20, 0x45, 0x95,
- 0x4a, 0x00, 0xca, 0x05, 0xeb, 0xd4, 0x1d, 0x48,
- 0x81, 0x89, 0xe8, 0x86, 0x43, 0xfa, 0x28, 0x17,
- 0x12
- },
- { 0 }, /* DHE */
- { /* Hello 1 */
- 0x03, 0x7c, 0x33, 0x75, 0xdc, 0xc5, 0x46, 0x3a,
- 0x0d, 0x56, 0xc6, 0xfb, 0xab, 0x1e, 0x1d, 0xda,
- 0x59, 0xc2, 0xb2, 0xb1, 0x7c, 0x48, 0x9b, 0x06,
- 0x0a, 0x5a, 0xbb, 0xf8, 0x98, 0x53, 0x78, 0x2d,
- 0xd2, 0xcc, 0x87, 0x68, 0x25, 0xdd, 0x88, 0x22,
- 0xcd, 0xb7, 0x74, 0x55, 0x21, 0xf9, 0x34, 0x98
- },
- { /* Hello 2 */
- 0x03, 0xb4, 0xfb, 0xcc, 0x28, 0x2c, 0xc1, 0x70,
- 0x42, 0x73, 0x57, 0xac, 0xdb, 0x47, 0x71, 0xf6,
- 0x2e, 0x11, 0x8a, 0x5b, 0x47, 0x2f, 0x02, 0x54,
- 0x95, 0x34, 0xed, 0x5f, 0x19, 0xc1, 0x75, 0xe0,
- 0x76, 0xad, 0xb0, 0x90, 0x57, 0xcd, 0xfd, 0xd7,
- 0x58, 0x1f, 0x0d, 0x6b, 0x9e, 0x51, 0x3c, 0x08
- },
- { /* Finished 1 */
- 0x2b, 0x50, 0xd9, 0xa7, 0x43, 0x24, 0xda, 0x2c,
- 0x7a, 0xaa, 0x0e, 0x37, 0xd7, 0x6b, 0x2c, 0xab,
- 0x8e, 0xb2, 0xfe, 0x31, 0x1b, 0xa8, 0x12, 0x59,
- 0x5b, 0x7b, 0xdc, 0x3e, 0xa7, 0x86, 0xa5, 0x48,
- 0xe4, 0x46, 0x2b, 0x4c, 0xc1, 0x66, 0x4b, 0xf3,
- 0x2a, 0x99, 0x93, 0x08, 0xbc, 0x3d, 0x08, 0x76
- },
- { /* Finished 2 */
- 0x7c, 0x34, 0xc8, 0x56, 0x17, 0xf1, 0x62, 0x1c,
- 0x9f, 0x0b, 0xeb, 0xfd, 0x69, 0x72, 0x51, 0xc5,
- 0xfa, 0x74, 0x87, 0xc9, 0xbd, 0x50, 0xe9, 0x48,
- 0xa7, 0x3c, 0x94, 0x3e, 0x06, 0x7d, 0xe8, 0x8e,
- 0xc1, 0xd1, 0x08, 0x1f, 0x5d, 0x48, 0x8a, 0x25,
- 0xfc, 0xea, 0xe7, 0xd9, 0xd4, 0xd0, 0xf9, 0xad
- },
- {
- 0x4b, 0x0b, 0xed, 0xb9, 0xc8, 0xb8, 0xa8, 0x1e, 0xb0, 0x81, 0x76, 0xd5,
- 0x33, 0x22, 0x71, 0x33, 0x3a, 0x85, 0x19, 0x67, 0x7e, 0x91, 0x37, 0xf2,
- 0xa6, 0x11, 0x22, 0xdf, 0x41, 0x04, 0x3d, 0xa9, 0x13, 0xb9, 0xb2, 0xb1,
- 0xbb, 0xd8, 0xef, 0x23, 0x7c, 0xc2, 0xab, 0x70, 0x1b, 0x51, 0x9f, 0xc9
- },
- {
- 0xeb, 0x96, 0x10, 0x8c, 0x7d, 0x92, 0xea, 0x80, 0x86, 0xb2, 0xf8, 0x27,
- 0xf2, 0x9a, 0x09, 0xc1, 0x7c, 0x09, 0x43, 0xbc, 0xfe, 0xc8, 0x75, 0xe0,
- 0x97, 0xe7, 0x6d, 0xd5, 0xb2, 0x3c, 0xed, 0x12, 0xb7, 0x74, 0x0e, 0xe3,
- 0xb6, 0xe0, 0xba, 0xe1, 0x8d, 0x89, 0xcf, 0x4f, 0x57, 0xf6, 0x6d, 0x90
- },
- {
- 0x22, 0xb0, 0x39, 0x34, 0xb6, 0x6c, 0x2d, 0x7a, 0x97, 0x1c, 0x5d, 0xcc,
- 0x78, 0x84, 0x71, 0xbb, 0xc6, 0x7b, 0xb6, 0xbc, 0xcc, 0x0b, 0xf8, 0xac,
- 0x8e, 0xd7, 0x20, 0xbd, 0xbe, 0x32, 0xf0, 0xd6, 0xe9, 0x69, 0x13, 0xf2,
- 0x9a, 0xce, 0xfe, 0x86, 0xd3, 0xee, 0xba, 0x69, 0x51, 0xb6, 0x77, 0x56
- },
- {
- 0x16, 0xfd, 0xda, 0xf3, 0x5e, 0xb9, 0xa6, 0x17, 0x24, 0xb2, 0x16, 0x9f,
- 0xb6, 0x59, 0x13, 0x0f, 0x25, 0x5a, 0xf1, 0x5b, 0x5f, 0xe4, 0x54, 0x2a,
- 0xa7, 0xbf, 0x29, 0xaf, 0x5a, 0x77, 0xf4, 0x4f, 0x25, 0xba, 0x94, 0xad,
- 0x6b, 0x91, 0x3b, 0xe7, 0xd5, 0x73, 0x0d, 0xff, 0xaa, 0xe3, 0x72, 0x2c
- },
- {
- 0x22, 0xb4, 0x94, 0xc0, 0x53, 0xd7, 0x82, 0x06, 0x38, 0x9d, 0x4a, 0xa0,
- 0x3f, 0xf1, 0x5f, 0x6e, 0x23, 0x8d, 0x09, 0x62, 0xbf, 0x6f, 0x7c, 0x84,
- 0xc6, 0x3e, 0x15, 0xad, 0x18, 0x37, 0x76, 0x29, 0xc7, 0xd6, 0x68, 0x0c,
- 0x1e, 0xc6, 0x93, 0x31, 0xef, 0x85, 0x69, 0x30, 0x68, 0xf0, 0x1e, 0x37
- },
- {
- 0x6d, 0x4d, 0x20, 0xaf, 0x47, 0xe8, 0x1b, 0xfa, 0xd0, 0xb6, 0xc8, 0x97,
- 0xd1, 0x03, 0xfc, 0x9d, 0x59, 0xa0, 0x68, 0x9d, 0xe9, 0x17, 0x8b, 0xce,
- 0x48, 0x2c, 0x77, 0x8a, 0x22, 0x4b, 0x5c, 0x54, 0x22, 0xa1, 0x15, 0x12,
- 0xe1, 0x07, 0x8e, 0x15, 0xd8, 0x7b, 0x16, 0x65, 0x99, 0x6b, 0xcb, 0x71
- },
- {
- 0x79, 0x64, 0x79, 0xdd, 0x75, 0x5c, 0x6f, 0x98, 0xac, 0x03, 0xe0, 0xcd,
- 0x92, 0xba, 0x0e, 0x2d, 0xb4, 0xd1, 0x8b, 0x97, 0xd0, 0x85, 0xbb, 0x2e,
- 0x4f, 0x26, 0x93, 0xf5, 0x1d, 0xf3, 0xd2, 0x43, 0x4f, 0xd2, 0x47, 0xaa,
- 0x91, 0x1e, 0xf3, 0x67, 0x10, 0x18, 0x2c, 0xb9, 0x01, 0xba, 0x10, 0x9f
- },
- {
- 0x79, 0xb6, 0x9c, 0xbe, 0xf1, 0x6a, 0xb0, 0x92, 0xa0, 0x29, 0x52, 0x61,
- 0xf1, 0xcd, 0x3a, 0x67, 0xe1, 0x6b, 0xb8, 0x9d, 0x0d, 0x95, 0xb6, 0x03,
- 0x80, 0x1f, 0xd5, 0x75, 0xb6, 0x1d, 0x79, 0x02, 0x93, 0x43, 0x77, 0xa7,
- 0x9d, 0x2f, 0xc3, 0x84, 0xc6, 0x83, 0x76, 0x16, 0x06, 0x98, 0x7b, 0x79
- }
- },
- #endif /* WOLFSSL_SHA384 */
- };
- const char protocolLabel[] = "tls13 ";
- const char ceTrafficLabel[] = "c e traffic";
- const char eExpMasterLabel[] = "e exp master";
- const char cHsTrafficLabel[] = "c hs traffic";
- const char sHsTrafficLabel[] = "s hs traffic";
- const char cAppTrafficLabel[] = "c ap traffic";
- const char sAppTrafficLabel[] = "s ap traffic";
- const char expMasterLabel[] = "exp master";
- const char resMasterLabel[] = "res master";
- const char derivedLabel[] = "derived";
- WOLFSSL_TEST_SUBROUTINE int tls13_kdf_test(void)
- {
- int ret = 0;
- word32 i;
- word32 tc = sizeof(tls13KdfTestVectors)/sizeof(Tls13KdfTestVector);
- const Tls13KdfTestVector* tv = NULL;
- for (i = 0, tv = tls13KdfTestVectors; i < tc; i++, tv++) {
- byte output[WC_MAX_DIGEST_SIZE];
- byte secret[WC_MAX_DIGEST_SIZE];
- byte salt[WC_MAX_DIGEST_SIZE];
- byte zeroes[WC_MAX_DIGEST_SIZE];
- byte hashZero[WC_MAX_DIGEST_SIZE];
- int hashAlgSz;
- XMEMSET(zeroes, 0, sizeof zeroes);
- hashAlgSz = wc_HashGetDigestSize(tv->hashAlg);
- if (hashAlgSz == BAD_FUNC_ARG) break;
- ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, NULL, 0,
- (tv->pskSz == 0) ? zeroes : (byte*)tv->psk,
- tv->pskSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)ceTrafficLabel, (word32)strlen(ceTrafficLabel),
- tv->hashHello1, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)eExpMasterLabel, (word32)strlen(eExpMasterLabel),
- tv->hashHello1, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(salt, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)derivedLabel, (word32)strlen(derivedLabel),
- hashZero, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, salt, hashAlgSz,
- (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe,
- tv->dheSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)cHsTrafficLabel, (word32)strlen(cHsTrafficLabel),
- tv->hashHello2, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientHandshakeTrafficSecret,
- output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)sHsTrafficLabel, (word32)strlen(sHsTrafficLabel),
- tv->hashHello2, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(salt, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)derivedLabel, (word32)strlen(derivedLabel),
- hashZero, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Extract(secret, salt, hashAlgSz,
- zeroes, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)cAppTrafficLabel, (word32)strlen(cAppTrafficLabel),
- tv->hashFinished1, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)sAppTrafficLabel, (word32)strlen(sAppTrafficLabel),
- tv->hashFinished1, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)expMasterLabel, (word32)strlen(expMasterLabel),
- tv->hashFinished1, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
- secret, hashAlgSz,
- (byte*)protocolLabel, (word32)strlen(protocolLabel),
- (byte*)resMasterLabel, (word32)strlen(resMasterLabel),
- tv->hashFinished2, hashAlgSz, tv->hashAlg);
- if (ret != 0) break;
- ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz);
- if (ret != 0) break;
- }
- return ret;
- }
- #endif /* WOLFSSL_TLS13 */
- #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
- WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void)
- {
- int ret;
- byte kek[128];
- #ifndef NO_SHA
- /* SHA-1, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z[] = {
- 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
- 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
- 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
- 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
- };
- #endif
- #ifndef NO_SHA256
- /* SHA-256, COUNT = 3
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = {
- 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
- 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
- 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
- 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
- };
- #endif
- #ifdef WOLFSSL_SHA512
- /* SHA-512, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = {
- 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
- 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
- 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
- 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
- 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
- };
- /* SHA-512, COUNT = 0
- * shared secret length: 521
- * SharedInfo length: 128
- * key data length: 1024
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = {
- 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
- 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
- 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
- 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
- 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
- 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
- 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
- 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
- 0x5a, 0x2d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte info4[] = {
- 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
- 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
- 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
- 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
- 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
- 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
- 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
- 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
- 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
- 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
- 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
- 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
- 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
- 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
- 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
- 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
- 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
- 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
- };
- #endif
- #ifndef NO_SHA
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
- kek, sizeof(verify));
- if (ret != 0)
- return -9800;
- if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
- return -9801;
- #endif
- #ifndef NO_SHA256
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
- kek, sizeof(verify2));
- if (ret != 0)
- return -9802;
- if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
- return -9803;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
- kek, sizeof(verify3));
- if (ret != 0)
- return -9804;
- if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
- return -9805;
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
- sizeof(info4), kek, sizeof(verify4));
- if (ret != 0)
- return -9806;
- if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
- return -9807;
- #endif
- return 0;
- }
- #endif /* HAVE_X963_KDF */
- #ifdef HAVE_ECC
- /* size to use for ECC key gen tests */
- #ifndef ECC_KEYGEN_SIZE
- #ifndef NO_ECC256
- #define ECC_KEYGEN_SIZE 32
- #elif defined(HAVE_ECC384)
- #define ECC_KEYGEN_SIZE 48
- #elif defined(HAVE_ECC224)
- #define ECC_KEYGEN_SIZE 28
- #elif defined(HAVE_ECC521)
- #define ECC_KEYGEN_SIZE 66
- #else
- #error No ECC keygen size defined for test
- #endif
- #endif
- #ifdef BENCH_EMBEDDED
- #define ECC_SHARED_SIZE 128
- #else
- #define ECC_SHARED_SIZE MAX_ECC_BYTES
- #endif
- #define ECC_DIGEST_SIZE MAX_ECC_BYTES
- #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
- #ifndef NO_ECC_VECTOR_TEST
- #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
- !defined(NO_ECC256) || defined(HAVE_ECC384) ||\
- defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
- #define HAVE_ECC_VECTOR_TEST
- #endif
- #endif
- #ifdef HAVE_ECC_VECTOR_TEST
- typedef struct eccVector {
- const char* msg; /* SHA-1 Encoded Message */
- const char* Qx;
- const char* Qy;
- const char* d; /* Private Key */
- const char* R;
- const char* S;
- const char* curveName;
- word32 msgLen;
- word32 keySize;
- #ifndef NO_ASN
- const byte* r;
- word32 rSz;
- const byte* s;
- word32 sSz;
- #endif
- } eccVector;
- #if !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static int ecc_test_vector_item(const eccVector* vector)
- {
- int ret = 0, verify = 0;
- word32 sigSz;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- #endif
- WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES;
- WC_DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
- WC_DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- if (sig == NULL)
- ERROR_OUT(MEMORY_E, done);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- if (sigRaw == NULL || r == NULL || s == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (userA == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
- vector->d, vector->curveName);
- if (ret != 0)
- goto done;
- XMEMSET(sig, 0, ECC_SIG_SIZE);
- sigSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
- if (ret != 0)
- goto done;
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
- sigRawSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
- sigRaw, &sigRawSz);
- if (ret != 0)
- goto done;
- if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
- ret = -9810;
- goto done;
- }
- ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
- if (ret != 0)
- goto done;
- if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
- sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
- ret = -9811;
- goto done;
- }
- #endif
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
- vector->msgLen, &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- TEST_SLEEP();
- if (verify != 1)
- ret = -9812;
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userA);
- #endif
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- WC_FREE_VAR(sigRaw, HEAP_HINT);
- WC_FREE_VAR(r, HEAP_HINT);
- WC_FREE_VAR(s, HEAP_HINT);
- #endif
- WC_FREE_VAR(sig, HEAP_HINT);
- return ret;
- }
- static int ecc_test_vector(int keySize)
- {
- int ret;
- eccVector vec;
- XMEMSET(&vec, 0, sizeof(vec));
- vec.keySize = (word32)keySize;
- switch(keySize) {
- #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
- case 14:
- return 0;
- #endif /* HAVE_ECC112 */
- #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
- case 16:
- return 0;
- #endif /* HAVE_ECC128 */
- #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
- case 20:
- return 0;
- #endif /* HAVE_ECC160 */
- #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
- case 24:
- /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
- "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
- "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
- "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
- "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
- "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
- "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
- "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
- vec.msgLen = 128;
- #endif
- vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
- vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
- vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
- vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
- vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
- vec.curveName = "SECP192R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
- "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
- vec.rSz = 24;
- vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
- "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
- vec.sSz = 24;
- #endif
- break;
- #endif /* HAVE_ECC192 */
- #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
- case 28:
- /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
- "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
- "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
- "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
- "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
- "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
- "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
- "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
- vec.msgLen = 128;
- #endif
- vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
- vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
- vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
- vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
- vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
- vec.curveName = "SECP224R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
- "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
- "\xbc\x16\x71\xa7";
- vec.rSz = 28;
- vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
- "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
- "\x6a\xf3\xad\x5b";
- vec.sSz = 28;
- #endif
- break;
- #endif /* HAVE_ECC224 */
- #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
- case 30:
- return 0;
- #endif /* HAVE_ECC239 */
- #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
- case 32:
- /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
- "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
- "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
- "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
- "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
- "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
- "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
- "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
- vec.msgLen = 128;
- #endif
- vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
- vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
- vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
- vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
- vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
- #ifndef NO_ASN
- vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
- "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
- "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
- vec.rSz = 32;
- vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
- "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
- "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
- vec.sSz = 32;
- #endif
- vec.curveName = "SECP256R1";
- break;
- #endif /* !NO_ECC256 */
- #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
- case 40:
- return 0;
- #endif /* HAVE_ECC320 */
- #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
- case 48:
- /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
- "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
- "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
- "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
- "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
- "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
- "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
- "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
- vec.msgLen = 128;
- #endif
- vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
- vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
- vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
- vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
- vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
- vec.curveName = "SECP384R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
- "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
- "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
- "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
- vec.rSz = 48;
- vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
- "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
- "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
- "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
- vec.sSz = 48;
- #endif
- break;
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
- case 64:
- return 0;
- #endif /* HAVE_ECC512 */
- #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
- case 66:
- /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
- "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
- "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
- "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
- "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
- "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
- "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
- "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
- vec.msgLen = 128;
- #endif
- vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
- vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
- vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
- vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
- vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
- vec.curveName = "SECP521R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
- "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
- "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
- "\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6"
- "\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a"
- "\xa3\xbb\x15\x21\xbe";
- vec.rSz = 65;
- vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23"
- "\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5"
- "\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b"
- "\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11"
- "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
- "\x3d\x22\xf2\x48\x0c";
- vec.sSz = 65;
- #endif
- break;
- #endif /* HAVE_ECC521 */
- default:
- return NOT_COMPILED_IN; /* Invalid key size / Not supported */
- }; /* Switch */
- ret = ecc_test_vector_item(&vec);
- if (ret < 0) {
- return ret;
- }
- return 0;
- }
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
- static int ecc_test_deterministic_k(WC_RNG* rng)
- {
- int ret;
- ecc_key key;
- byte sig[72];
- word32 sigSz;
- unsigned char msg[] = "sample";
- unsigned char hash[32];
- const char* dIUT =
- "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
- const char* QIUTx =
- "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
- const char* QIUTy =
- "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
- const byte expSig[] = {
- 0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B,
- 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD,
- 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87,
- 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E,
- 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0x02, 0x21, 0x00,
- 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41,
- 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65,
- 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06,
- 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8
- };
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(&key, 1);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- if (sigSz != sizeof(expSig)) {
- ret = -9830;
- goto done;
- }
- if (XMEMCMP(sig, expSig, sigSz) != 0) {
- ret = -9831;
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- done:
- wc_ecc_free(&key);
- return ret;
- }
- #ifdef WOLFSSL_PUBLIC_MP
- #if defined(HAVE_ECC384)
- /* KAT from RFC6979 */
- static int ecc384_test_deterministic_k(WC_RNG* rng)
- {
- int ret;
- ecc_key key;
- byte sig[72];
- word32 sigSz;
- unsigned char msg[] = "sample";
- unsigned char hash[32];
- const char* dIUT =
- "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
- "96D5724E4C70A825F872C9EA60D2EDF5";
- const char* QIUTx =
- "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64"
- "DEF8F0EA9055866064A254515480BC13";
- const char* QIUTy =
- "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
- "288B231C3AE0D4FE7344FD2533264720";
- const char* expRstr =
- "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
- "BDE1E888E63355D92FA2B3C36D8FB2CD";
- const char* expSstr =
- "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
- "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
- mp_int r,s, expR, expS;
- mp_init_multi(&r, &s, &expR, &expS, NULL, NULL);
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP384R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(&key, 1);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, &key, &r, &s);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- mp_read_radix(&expR, expRstr, MP_RADIX_HEX);
- mp_read_radix(&expS, expSstr, MP_RADIX_HEX);
- if (mp_cmp(&r, &expR) != MP_EQ) {
- ret = -1;
- }
- done:
- wc_ecc_free(&key);
- return ret;
- }
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC521)
- /* KAT from RFC6979 */
- static int ecc521_test_deterministic_k(WC_RNG* rng)
- {
- int ret;
- ecc_key key;
- byte sig[ECC_MAX_SIG_SIZE];
- word32 sigSz;
- unsigned char msg[] = "sample";
- unsigned char hash[32];
- const char* dIUT =
- "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C"
- "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83"
- "538";
- const char* QIUTx =
- "1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3"
- "71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502"
- "3A4";
- const char* QIUTy =
- "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2"
- "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF"
- "CF5";
- const char* expRstr =
- "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
- "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
- "1A7";
- const char* expSstr =
- "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
- "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
- "CFC";
- mp_int r,s, expR, expS;
- mp_init_multi(&r, &s, &expR, &expS, NULL, NULL);
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP521R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
- (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_set_deterministic(&key, 1);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, &key, &r, &s);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- mp_read_radix(&expR, expRstr, MP_RADIX_HEX);
- mp_read_radix(&expS, expSstr, MP_RADIX_HEX);
- if (mp_cmp(&r, &expR) != MP_EQ) {
- ret = -1;
- }
- done:
- wc_ecc_free(&key);
- return ret;
- }
- #endif /* HAVE_ECC521 */
- #endif /* WOLFSSL_PUBLIC_MP */
- #endif
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
- !defined(WOLFSSL_KCAPI_ECC)
- static int ecc_test_sign_vectors(WC_RNG* rng)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = NULL;
- #else
- ecc_key key[1];
- #endif
- int key_inited = 0;
- byte sig[72];
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char hash[32] = "test wolfSSL deterministic sign";
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- WOLFSSL_SMALL_STACK_STATIC const byte k[1] = { 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte expSig[71] = {
- 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18,
- 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03,
- 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2,
- 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc,
- 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8,
- 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53,
- 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f,
- 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf,
- 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return MEMORY_E;
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- goto done;
- }
- key_inited = 1;
- ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0) {
- goto done;
- }
- wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
- ret = wc_ecc_sign_set_k(k, sizeof(k), key);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- if (sigSz != sizeof(expSig)) {
- ret = -9830;
- goto done;
- }
- if (XMEMCMP(sig, expSig, sigSz) != 0) {
- ret = -9831;
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- done:
- if (key_inited)
- wc_ecc_free(key);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif
- #ifdef HAVE_ECC_CDH
- static int ecc_test_cdh_vectors(WC_RNG* rng)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key pub_key[1], priv_key[1];
- #endif
- byte sharedA[32] = {0}, sharedB[32] = {0};
- word32 x, z;
- WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
- WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
- #ifdef WOLFSSL_SMALL_STACK
- if ((pub_key == NULL) ||
- (priv_key == NULL)) {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- XMEMSET(pub_key, 0, sizeof *pub_key);
- XMEMSET(priv_key, 0, sizeof *priv_key);
- /* setup private and public keys */
- ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
- ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0)
- goto done;
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(priv_key, rng);
- if (ret != 0)
- goto done;
- #else
- (void)rng;
- #endif
- /* compute ECC Cofactor shared secret */
- x = sizeof(sharedA);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- /* read in expected Z */
- z = sizeof(sharedB);
- ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
- if (ret != 0)
- goto done;
- /* compare results */
- if (x != z || XMEMCMP(sharedA, sharedB, x)) {
- ERROR_OUT(-9840, done);
- }
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (priv_key) {
- wc_ecc_free(priv_key);
- XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub_key) {
- wc_ecc_free(pub_key);
- XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(priv_key);
- wc_ecc_free(pub_key);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_CDH */
- #endif /* HAVE_ECC_VECTOR_TEST */
- #ifdef HAVE_ECC_KEY_IMPORT
- /* returns 0 on success */
- static int ecc_test_make_pub(WC_RNG* rng)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ecc_key pub[1];
- #endif
- byte exportBuf[ECC_BUFSIZE];
- byte tmp[ECC_BUFSIZE];
- #endif
- const byte* msg = (const byte*)"test wolfSSL ECC public gen";
- word32 x;
- word32 tmpSz;
- int ret = 0;
- ecc_point* pubPoint = NULL;
- #ifdef HAVE_ECC_VERIFY
- int verify = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((key == NULL) ||
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- (pub == NULL) ||
- #endif
- (exportBuf == NULL) ||
- (tmp == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- (void)msg;
- (void)verify;
- (void)exportBuf;
- (void)rng;
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- #ifndef NO_ECC256
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
- tmpSz = (size_t)sizeof_ecc_key_der_256;
- #else
- {
- XFILE file = XFOPEN(eccKeyDerFile, "rb");
- if (!file) {
- ERROR_OUT(-9850, done);
- }
- tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file);
- XFCLOSE(file);
- }
- #endif /* USE_CERT_BUFFERS_256 */
- /* import private only then test with */
- ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
- if (ret == 0) {
- ERROR_OUT(-9851, done);
- }
- ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key);
- if (ret == 0) {
- ERROR_OUT(-9852, done);
- }
- x = 0;
- ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
- if (ret != 0) {
- ERROR_OUT(-9853, done);
- }
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_private_only(key, exportBuf, &x);
- if (ret != 0) {
- ERROR_OUT(-9854, done);
- }
- /* make private only key */
- wc_ecc_free(key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
- if (ret != 0) {
- ERROR_OUT(-9855, done);
- }
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-9856, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- ret = wc_ecc_make_pub(NULL, NULL);
- if (ret == 0) {
- ERROR_OUT(-9857, done);
- }
- TEST_SLEEP();
- #ifndef WOLFSSL_NO_MALLOC
- pubPoint = wc_ecc_new_point_h(HEAP_HINT);
- if (pubPoint == NULL) {
- ERROR_OUT(-9858, done);
- }
- #if !defined(WOLFSSL_CRYPTOCELL)
- ret = wc_ecc_make_pub(key, pubPoint);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-9859, done);
- }
- #endif
- TEST_SLEEP();
- #ifdef HAVE_ECC_KEY_EXPORT
- /* export should still fail, is private only key */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-9860, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* !WOLFSSL_NO_MALLOC */
- #endif /* !NO_ECC256 */
- /* create a new key since above test for loading key is not supported */
- #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
- defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SE050) || \
- defined(WOLFSSL_SECO_CAAM)
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- if (ret != 0) {
- ERROR_OUT(-9861, done);
- }
- #endif
- #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
- (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- tmpSz = ECC_BUFSIZE;
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
- &tmpSz, rng, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- ERROR_OUT(-9862, done);
- }
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- /* try verify with private only key */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
- (word32)XSTRLEN((const char*)msg), &verify, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- ERROR_OUT(-9863, done);
- }
- if (verify != 1) {
- ERROR_OUT(-9864, done);
- }
- TEST_SLEEP();
- #ifdef HAVE_ECC_KEY_EXPORT
- /* exporting the public part should now work */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret != 0) {
- ERROR_OUT(-9865, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- /* now test private only key with creating a shared secret */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_private_only(key, exportBuf, &x);
- if (ret != 0) {
- ERROR_OUT(-9866, done);
- }
- #if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SE050)
- /* make private only key */
- wc_ecc_free(key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
- if (ret != 0) {
- ERROR_OUT(-9867, done);
- }
- /* check that public export fails with private only key */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-9868, done);
- }
- #endif /* WOLFSSL_QNX_CAAM */
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- /* make public key for shared secret */
- wc_ecc_init_ex(pub, HEAP_HINT, devId);
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
- #ifdef HAVE_ECC_CDH
- wc_ecc_set_flags(key, WC_ECC_FLAG_COFACTOR);
- #endif
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-9869, done);
- }
- TEST_SLEEP();
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(key, rng);
- if (ret != 0)
- goto done;
- #endif
- x = ECC_BUFSIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
- }
- } while (ret == WC_PENDING_E);
- wc_ecc_free(pub);
- if (ret != 0) {
- ERROR_OUT(-9870, done);
- }
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- ret = 0;
- done:
- wc_ecc_del_point_h(pubPoint, HEAP_HINT);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- if (pub != NULL)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (exportBuf != NULL)
- XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static int ecc_test_key_decode(WC_RNG* rng, int keySize)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key eccKey[1];
- byte tmpBuf[ECC_BUFSIZE];
- #endif
- word32 tmpSz;
- word32 idx;
- #ifdef WOLFSSL_SMALL_STACK
- if ((eccKey == NULL) || (tmpBuf == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_make_key(rng, keySize, eccKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- goto done;
- }
- tmpSz = ECC_BUFSIZE;
- ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz);
- wc_ecc_free(eccKey);
- if (ret < 0) {
- goto done;
- }
- tmpSz = ret;
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- idx = 0;
- ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
- if (ret != 0) {
- goto done;
- }
- wc_ecc_free(eccKey);
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- idx = 0;
- ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
- if (ret != 0) {
- goto done;
- }
- ret = 0;
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (eccKey != NULL) {
- wc_ecc_free(eccKey);
- XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmpBuf != NULL)
- XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_ecc_free(eccKey);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
- !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static int ecc_test_key_gen(WC_RNG* rng, int keySize)
- {
- int ret = 0;
- int derSz;
- #ifdef HAVE_PKCS8
- word32 pkcs8Sz;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte der[ECC_BUFSIZE];
- ecc_key userA[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((der == NULL) || (userA == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key(rng, keySize, userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- goto done;
- TEST_SLEEP();
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- goto done;
- TEST_SLEEP();
- derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
- ECC_PRIVATEKEY_TYPE, -8347);
- if (ret != 0) {
- goto done;
- }
- /* test export of public key */
- derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- if (derSz == 0) {
- ERROR_OUT(-9890, done);
- }
- #ifdef HAVE_COMP_KEY
- /* test export of compressed public key */
- derSz = wc_EccPublicKeyToDer_ex(userA, der, ECC_BUFSIZE, 1, 1);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- if (derSz == 0) {
- ERROR_OUT(-9890, done);
- }
- #endif
- ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0, -8348);
- if (ret != 0) {
- goto done;
- }
- #ifdef HAVE_PKCS8
- /* test export of PKCS#8 unencrypted private key */
- pkcs8Sz = FOURK_BUF;
- derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- if (derSz == 0) {
- ERROR_OUT(-9891, done);
- }
- ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0, -8349);
- if (ret != 0) {
- goto done;
- }
- #endif /* HAVE_PKCS8 */
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (der != NULL)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userA);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
- int curve_id, const ecc_set_type* dp)
- {
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
- WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- word32 x = 0;
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- word32 y;
- #endif
- #if defined(HAVE_ECC_SIGN) && !defined(WOLFSSL_KCAPI_ECC)
- WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- int i;
- #ifdef HAVE_ECC_VERIFY
- int verify;
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- ecc_key pubKey[1];
- #endif
- #ifndef WC_NO_RNG
- int curveSize;
- #endif
- #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- if (sharedA == NULL || sharedB == NULL)
- ERROR_OUT(-9900, done);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- if (exportBuf == NULL)
- ERROR_OUT(-9901, done);
- #endif
- #if defined(HAVE_ECC_SIGN) && !defined(WOLFSSL_KCAPI_ECC)
- if (sig == NULL || digest == NULL)
- ERROR_OUT(-9902, done);
- #endif
- #endif /* WOLFSSL_SMALL_STACK */
- (void)testVerifyCount;
- (void)dp;
- (void)x;
- #ifdef WOLFSSL_SMALL_STACK
- if ((userA == NULL) ||
- (userB == NULL) ||
- (pubKey == NULL))
- ERROR_OUT(-9903, done);
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- XMEMSET(pubKey, 0, sizeof *pubKey);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-9904, done);
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-9905, done);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-9906, done);
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(userA, dp);
- if (ret != 0)
- ERROR_OUT(-9907, done);
- ret = wc_ecc_set_custom_curve(userB, dp);
- if (ret != 0)
- ERROR_OUT(-9908, done);
- }
- #endif
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #ifdef WOLF_CRYPTO_CB_ONLY_ECC
- if (ret == NO_VALID_DEVID) {
- ret = 0;
- goto done; /* no software case */
- }
- #endif
- if (ret == ECC_CURVE_OID_E)
- goto done; /* catch case, where curve is not supported */
- if (ret != 0)
- ERROR_OUT(-9910, done);
- TEST_SLEEP();
- if (wc_ecc_get_curve_idx(curve_id) != -1) {
- curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
- if (curveSize != userA->dp->size)
- ERROR_OUT(-9911, done);
- }
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- ERROR_OUT(-9912, done);
- TEST_SLEEP();
- /* ATECC508/608 configuration may not support more than one ECDH key */
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-9914, done);
- TEST_SLEEP();
- /* only perform the below tests if the key size matches */
- if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
- ERROR_OUT(ECC_CURVE_OID_E, done);
- #ifdef HAVE_ECC_DHE
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(userA, rng);
- if (ret != 0)
- ERROR_OUT(-9915, done);
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0)
- ERROR_OUT(-9916, done);
- #endif
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- ERROR_OUT(-9917, done);
- }
- TEST_SLEEP();
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9918, done);
- if (y != x)
- ERROR_OUT(-9919, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(-9920, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_ECC_CDH
- /* add cofactor flag */
- wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR);
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9921, done);
- TEST_SLEEP();
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9922, done);
- if (y != x)
- ERROR_OUT(-9923, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(-9924, done);
- TEST_SLEEP();
- /* remove cofactor flag */
- wc_ecc_set_flags(userA, 0);
- wc_ecc_set_flags(userB, 0);
- #endif /* HAVE_ECC_CDH */
- #endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
- if (ret != 0)
- ERROR_OUT(-9925, done);
- #ifdef HAVE_ECC_KEY_IMPORT
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(pubKey, dp);
- if (ret != 0)
- ERROR_OUT(-9926, done);
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(-9927, done);
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9928, done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(-9929, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_COMP_KEY
- /* try compressed export / import too */
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
- if (ret != 0)
- ERROR_OUT(-9930, done);
- wc_ecc_free(pubKey);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-9931, done);
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(pubKey, dp);
- if (ret != 0)
- ERROR_OUT(-9932, done);
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(-9933, done);
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9934, done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(-9935, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #endif /* HAVE_COMP_KEY */
- #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #endif /* HAVE_ECC_KEY_EXPORT */
- /* For KCAPI cannot sign using generated ECDH key */
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
- #ifdef HAVE_ECC_SIGN
- /* ECC w/out Shamir has issue with all 0 digest */
- /* WC_BIGINT doesn't have 0 len well on hardware */
- /* Cryptocell has issues with all 0 digest */
- #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
- !defined(WOLFSSL_CRYPTOCELL)
- /* test DSA sign hash with zeros */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = 0;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
- userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9936, done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
- &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9937, done);
- if (verify != 1)
- ERROR_OUT(-9938, done);
- TEST_SLEEP();
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
- /* test DSA sign hash with sequence (0,1,2,3,4,...) */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = (byte)i;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
- userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9939, done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
- &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9940, done);
- if (verify != 1)
- ERROR_OUT(-9941, done);
- TEST_SLEEP();
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT &&
- * !WC_NO_RNG && !WOLFSSL_KCAPI_ECC) */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_KCAPI_ECC)
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_private_only(userA, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(-9942, done);
- #elif defined(HAVE_ECC_KEY_EXPORT)
- (void)exportBuf;
- #endif /* HAVE_ECC_KEY_EXPORT */
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pubKey != NULL) {
- wc_ecc_free(pubKey);
- XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(pubKey);
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
- WC_FREE_VAR(sharedA, HEAP_HINT);
- WC_FREE_VAR(sharedB, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- WC_FREE_VAR(exportBuf, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_SIGN
- WC_FREE_VAR(sig, HEAP_HINT);
- WC_FREE_VAR(digest, HEAP_HINT);
- #endif
- (void)keySize;
- (void)curve_id;
- (void)rng;
- return ret;
- }
- #undef ECC_TEST_VERIFY_COUNT
- #define ECC_TEST_VERIFY_COUNT 2
- static int ecc_test_curve(WC_RNG* rng, int keySize)
- {
- int ret;
- ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT,
- ECC_CURVE_DEF, NULL);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- /* some curve sizes are only available with:
- HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
- and HAVE_ECC_KOBLITZ */
- }
- else {
- printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret);
- return ret;
- }
- }
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- #ifdef HAVE_ECC_VECTOR_TEST
- ret = ecc_test_vector(keySize);
- if (ret < 0) {
- printf("ecc_test_vector %d failed!: %d\n", keySize, ret);
- return ret;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- ret = ecc_test_key_decode(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_decode %d failed!: %d\n", keySize, ret);
- return ret;
- }
- }
- #endif
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- ret = ecc_test_key_gen(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_gen %d failed!: %d\n", keySize, ret);
- return ret;
- }
- }
- #endif
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- return 0;
- }
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static int ecc_point_test(void)
- {
- int ret;
- ecc_point* point;
- ecc_point* point2;
- #ifdef HAVE_COMP_KEY
- ecc_point* point3;
- ecc_point* point4;
- #endif
- word32 outLen;
- byte out[65];
- byte der[] = { 0x04, /* = Uncompressed */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- byte derComp0[] = { 0x02, /* = Compressed, y even */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- byte derComp1[] = { 0x03, /* = Compressed, y odd */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #endif
- byte altDer[] = { 0x04, /* = Uncompressed */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
- int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
- /* if curve P256 is not enabled then test should not fail */
- if (curve_idx == ECC_CURVE_INVALID)
- return 0;
- outLen = sizeof(out);
- point = wc_ecc_new_point();
- if (point == NULL)
- return -10000;
- point2 = wc_ecc_new_point();
- if (point2 == NULL) {
- wc_ecc_del_point(point);
- return -10001;
- }
- #ifdef HAVE_COMP_KEY
- point3 = wc_ecc_new_point();
- if (point3 == NULL) {
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return -10002;
- }
- point4 = wc_ecc_new_point();
- if (point4 == NULL) {
- wc_ecc_del_point(point3);
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return -10003;
- }
- #endif
- /* Parameter Validation testing. */
- wc_ecc_del_point(NULL);
- ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10004;
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10005;
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10006;
- goto done;
- }
- ret = wc_ecc_export_point_der(-1, point, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10007;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10008;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
- if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
- ret = -10009;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10010;
- goto done;
- }
- outLen = 0;
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != BUFFER_E) {
- ret = -10011;
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10012;
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, point2);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10013;
- goto done;
- }
- ret = wc_ecc_copy_point(point, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10014;
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -10015;
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, point2);
- if (ret != BAD_FUNC_ARG) {
- ret = -10016;
- goto done;
- }
- ret = wc_ecc_cmp_point(point, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -10017;
- goto done;
- }
- /* Use API. */
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
- if (ret != 0) {
- ret = -10018;
- goto done;
- }
- outLen = sizeof(out);
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != 0) {
- ret = -10019;
- goto done;
- }
- if (outLen != sizeof(der)) {
- ret = -10020;
- goto done;
- }
- if (XMEMCMP(out, der, outLen) != 0) {
- ret = -10021;
- goto done;
- }
- ret = wc_ecc_copy_point(point2, point);
- if (ret != MP_OKAY) {
- ret = -10022;
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_EQ) {
- ret = -10023;
- goto done;
- }
- ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
- if (ret != 0) {
- ret = -10024;
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_GT) {
- ret = -10025;
- goto done;
- }
- #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
- if (ret != 0) {
- ret = -10026;
- goto done;
- }
- ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
- if (ret != 0) {
- ret = -10027;
- goto done;
- }
- ret = wc_ecc_cmp_point(point3, point4);
- if (ret != MP_EQ) {
- ret = -10028;
- goto done;
- }
- ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
- if (ret != 0) {
- ret = -10029;
- goto done;
- }
- ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
- if (ret != 0) {
- ret = -10030;
- goto done;
- }
- ret = wc_ecc_cmp_point(point3, point4);
- if (ret != MP_EQ) {
- ret = -10031;
- goto done;
- }
- #endif
- done:
- #ifdef HAVE_COMP_KEY
- wc_ecc_del_point(point4);
- wc_ecc_del_point(point3);
- #endif
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return ret;
- }
- #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static int ecc_sig_test(WC_RNG* rng, ecc_key* key)
- {
- int ret;
- word32 sigSz;
- int size;
- byte out[ECC_MAX_SIG_SIZE];
- byte in[] = TEST_STRING;
- WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- size = wc_ecc_sig_size(key);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
- if (ret != size)
- return -10040;
- sigSz = (word32)ret;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return -10041;
- TEST_SLEEP();
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return -10042;
- TEST_SLEEP();
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return -10043;
- TEST_SLEEP();
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return -10044;
- TEST_SLEEP();
- return 0;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static int ecc_exp_imp_test(ecc_key* key)
- {
- int ret;
- int curve_id;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key keyImp[1];
- #endif
- byte priv[32];
- word32 privLen;
- byte pub[65*2];
- word32 pubLen, pubLenX, pubLenY;
- const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
- "ce46cbc947616d0cbaa82323818a793d";
- const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
- "922f8b30ea6e8811742ac7238fe87308";
- const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
- "2e7a493ec1153b3a95feb8a4873f8d08";
- #ifdef WOLFSSL_SMALL_STACK
- if (keyImp == NULL)
- ERROR_OUT(-10050, done);
- #endif
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- privLen = sizeof(priv);
- ret = wc_ecc_export_private_only(key, priv, &privLen);
- if (ret != 0) {
- ret = -10051;
- goto done;
- }
- pubLen = sizeof(pub);
- ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
- if (ret != 0) {
- ret = -10052;
- goto done;
- }
- ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
- if (ret != 0) {
- ret = -10053;
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
- if (ret != 0) {
- ret = -10054;
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- curve_id = wc_ecc_get_curve_id(key->idx);
- if (curve_id < 0) {
- ret = -10055;
- goto done;
- }
- /* test import private only */
- ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
- curve_id);
- if (ret != 0) {
- ret = -10056;
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- /* test export public raw */
- pubLenX = pubLenY = 32;
- ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
- if (ret != 0) {
- ret = -10057;
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of public */
- ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
- if (ret != 0) {
- ret = -10058;
- goto done;
- }
- #endif
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- /* test export private and public raw */
- pubLenX = pubLenY = privLen = 32;
- ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
- priv, &privLen);
- if (ret != 0) {
- ret = -10059;
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of private and public */
- ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
- if (ret != 0) {
- ret = -10060;
- goto done;
- }
- #endif
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (keyImp != NULL) {
- wc_ecc_free(keyImp);
- XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(keyImp);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static int ecc_mulmod_test(ecc_key* key1)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key2[1];
- ecc_key key3[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((key2 == NULL) || (key3 == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- wc_ecc_init_ex(key2, HEAP_HINT, devId);
- wc_ecc_init_ex(key3, HEAP_HINT, devId);
- /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
- /* Need base point (Gx,Gy) and parameter A - load them as the public and
- * private key in key2.
- */
- ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
- ECC_SECP256R1);
- if (ret != 0)
- goto done;
- /* Need a point (Gx,Gy) and prime - load them as the public and private key
- * in key3.
- */
- ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy,
- key1->dp->prime, ECC_SECP256R1);
- if (ret != 0)
- goto done;
- ret = wc_ecc_mulmod(&key1->k, &key2->pubkey, &key3->pubkey, &key2->k, &key3->k,
- 1);
- if (ret != 0) {
- ret = -10070;
- goto done;
- }
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (key2 != NULL) {
- wc_ecc_free(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key3 != NULL) {
- wc_ecc_free(key3);
- XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key3);
- wc_ecc_free(key2);
- #endif
- return ret;
- }
- #endif
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
- {
- int ret;
- byte out[128];
- word32 outLen = sizeof(out);
- /* Parameter Validation testing. */
- ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -10080;
- ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -10081;
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -10082;
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10083;
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(key, rng);
- if (ret != 0)
- return -10084;
- #else
- (void)rng;
- #endif
- /* Use API. */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- return -10085;
- TEST_SLEEP();
- return 0;
- }
- #endif /* HAVE_ECC_DHE && !WC_NO_RNG */
- static int ecc_def_curve_test(WC_RNG *rng)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- #if (defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
- (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))
- word32 idx = 0;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- /* Use API */
- ret = wc_ecc_set_flags(NULL, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = -10090;
- goto done;
- }
- ret = wc_ecc_set_flags(key, 0);
- if (ret != 0) {
- ret = -10091;
- goto done;
- }
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- goto done;
- }
- #ifndef NO_SIG_WRAPPER
- ret = ecc_sig_test(rng, key);
- if (ret < 0)
- goto done;
- #endif
- TEST_SLEEP();
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ret = ecc_ssh_test(key, rng);
- if (ret < 0)
- goto done;
- #endif
- wc_ecc_free(key);
- #else
- (void)rng;
- #endif /* !WC_NO_RNG */
- #if (defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
- (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))
- /* Use test ECC key - ensure real private "d" exists */
- #ifdef USE_CERT_BUFFERS_256
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
- sizeof_ecc_key_der_256);
- #else
- {
- XFILE file = XFOPEN(eccKeyDerFile, "rb");
- byte der[128];
- word32 derSz;
- if (!file) {
- ERROR_OUT(-10093, done);
- }
- derSz = (word32)XFREAD(der, 1, sizeof(der), file);
- XFCLOSE(file);
- ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
- }
- #endif
- if (ret != 0) {
- goto done;
- }
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
- ret = ecc_exp_imp_test(key);
- if (ret < 0)
- goto done;
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
- !defined(WOLFSSL_CRYPTOCELL)
- ret = ecc_mulmod_test(key);
- if (ret < 0)
- goto done;
- #endif
- #endif
- #else
- (void)rng;
- (void)idx;
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- done:
- wc_ecc_free(key);
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL) {
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- return ret;
- }
- #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
- #if defined(WOLFSSL_CERT_EXT) && \
- (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- static int ecc_decode_test(void)
- {
- int ret;
- word32 inSz;
- word32 inOutIdx;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
- /* This is ecc_clikeypub_der_256. */
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = {
- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
- 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
- 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
- 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
- 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
- 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
- 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
- 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
- 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
- 0xb4 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
- 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
- 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
- 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x00, 0x04, 0x01 };
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- XMEMSET(key, 0, sizeof *key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- inSz = sizeof(good);
- ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -10100;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -10101;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -10102;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = -10103;
- goto done;
- }
- /* Change offset to produce bad input data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10104;
- goto done;
- }
- inOutIdx = 4;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10105;
- goto done;
- }
- /* Bad data. */
- inSz = sizeof(badNoObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
- if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
- ret = -10106;
- goto done;
- }
- inSz = sizeof(badOneObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
- if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
- ret = -10107;
- goto done;
- }
- inSz = sizeof(badObjId1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10108;
- goto done;
- }
- inSz = sizeof(badObj2d1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10109;
- goto done;
- }
- inSz = sizeof(badNotBitStr);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
- if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
- ret = -10110;
- goto done;
- }
- inSz = sizeof(badBitStrLen);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10111;
- goto done;
- }
- inSz = sizeof(badNoBitStrZero);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
- if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
- ret = -10112;
- goto done;
- }
- inSz = sizeof(badPoint);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
- if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
- ret = -10113;
- goto done;
- }
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != 0) {
- ret = -10114;
- goto done;
- }
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_CUSTOM_CURVES
- static const byte eccKeyExplicitCurve[] = {
- 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
- 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
- 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
- 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
- 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
- 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
- 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
- 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
- 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
- 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
- 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
- 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
- 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
- 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
- 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
- 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
- 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
- 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
- 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
- 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
- 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
- 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
- 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
- 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
- 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
- };
- static int ecc_test_custom_curves(WC_RNG* rng)
- {
- int ret;
- word32 inOutIdx;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- /* test use of custom curve - using BRAINPOOLP256R1 for test */
- #if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
- };
- #define ecc_oid_brainpoolp256r1_sz \
- (sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t))
- #else
- #define ecc_oid_brainpoolp256r1 { \
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \
- }
- #define ecc_oid_brainpoolp256r1_sz 9
- #endif
- #define ecc_oid_brainpoolp256r1_sum 104
- WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = {
- 32, /* size/bytes */
- ECC_CURVE_CUSTOM, /* ID */
- "BRAINPOOLP256R1", /* curve name */
- "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
- "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
- "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
- "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
- "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
- "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
- ecc_oid_brainpoolp256r1, /* oid/oidSz */
- ecc_oid_brainpoolp256r1_sz,
- ecc_oid_brainpoolp256r1_sum, /* oid sum */
- 1, /* cofactor */
- };
- #endif /* HAVE_ECC_BRAINPOOL */
- #ifdef WOLFSSL_SMALL_STACK
- if (! key) {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- XMEMSET(key, 0, sizeof *key);
- #if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
- &ecc_dp_brainpool256r1);
- if (ret != 0) {
- printf("ECC test for custom curve failed! %d\n", ret);
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
- {
- int curve_id;
- #ifdef HAVE_ECC_BRAINPOOL
- curve_id = ECC_BRAINPOOLP256R1;
- #else
- curve_id = ECC_SECP256K1;
- #endif
- /* Test and demonstrate use of non-SECP curve */
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
- if (ret < 0) {
- printf("ECC test for curve_id %d failed! %d\n", curve_id, ret);
- goto done;
- }
- }
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ret = -10120;
- goto done;
- }
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
- sizeof(eccKeyExplicitCurve));
- if (ret != 0)
- ret = -10121;
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- (void)rng;
- return ret;
- }
- #endif /* WOLFSSL_CUSTOM_CURVES */
- #ifdef WOLFSSL_CERT_GEN
- /* Make Cert / Sign example for ECC cert and ECC CA */
- static int ecc_test_cert_gen(WC_RNG* rng)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- Cert myCert[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- ecc_key caEccKey[1];
- ecc_key certPubKey[1];
- #endif
- int certSz;
- size_t bytes;
- word32 idx = 0;
- #ifndef USE_CERT_BUFFERS_256
- XFILE file;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- byte* der = NULL;
- #else
- byte der[FOURK_BUF];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((myCert == NULL)
- #ifdef WOLFSSL_TEST_CERT
- || (decode == NULL)
- #endif
- || (caEccKey == NULL) || (certPubKey == NULL))
- ERROR_OUT(MEMORY_E, exit);
- #endif
- XMEMSET(caEccKey, 0, sizeof *caEccKey);
- XMEMSET(certPubKey, 0, sizeof *certPubKey);
- #ifdef WOLFSSL_SMALL_STACK
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-10130, exit);
- }
- #endif
- /* Get cert private key */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Get Cert Key 384 */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
- bytes = sizeof_ca_ecc_key_der_384;
- #else
- file = XFOPEN(eccCaKey384File, "rb");
- if (!file) {
- ERROR_OUT(-10131, exit);
- }
- bytes = XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- (void)eccCaKeyFile;
- #endif /* USE_CERT_BUFFERS_256 */
- #else
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
- bytes = sizeof_ca_ecc_key_der_256;
- #else
- file = XFOPEN(eccCaKeyFile, "rb");
- if (!file) {
- ERROR_OUT(-10132, exit);
- }
- bytes = XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaKey384File;
- #endif
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- /* Get CA Key */
- ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-10133, exit);
- }
- ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-10134, exit);
- }
- /* Make a public key */
- ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-10135, exit);
- }
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-10136, exit);
- }
- TEST_SLEEP();
- /* Setup Certificate */
- if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
- ERROR_OUT(-10137, exit);
- }
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wECDSA;
- #else
- myCert->sigType = CTC_SHAwECDSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey) != 0) {
- ERROR_OUT(-10138, exit);
- }
- /* add AKID from the Public Key */
- if (wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey) != 0) {
- ERROR_OUT(-10139, exit);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
- ERROR_OUT(-10140, exit);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
- sizeof_ca_ecc_cert_der_384);
- #else
- ret = wc_SetIssuer(myCert, eccCaCert384File);
- (void)eccCaCertFile;
- #endif
- #else
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
- sizeof_ca_ecc_cert_der_256);
- #else
- ret = wc_SetIssuer(myCert, eccCaCertFile);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaCert384File;
- #endif
- #endif
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- if (ret < 0) {
- ERROR_OUT(-10141, exit);
- }
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng);
- if (certSz < 0) {
- ERROR_OUT(-10142, exit);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, NULL, caEccKey, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-10143, exit);
- }
- certSz = ret;
- TEST_SLEEP();
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(-10144, exit);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
- CERT_TYPE, -6735);
- if (ret != 0) {
- goto exit;
- }
- exit:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (myCert != NULL)
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (caEccKey != NULL) {
- wc_ecc_free(caEccKey);
- XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (certPubKey != NULL) {
- wc_ecc_free(certPubKey);
- XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(certPubKey);
- wc_ecc_free(caEccKey);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
- static int ecc_test_allocator(WC_RNG* rng)
- {
- int ret = 0;
- ecc_key* key;
- #ifdef WC_NO_RNG
- word32 idx = 0;
- #endif
- key = wc_ecc_key_new(HEAP_HINT);
- if (key == NULL) {
- ERROR_OUT(-10150, exit);
- }
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-10151, exit);
- }
- #else
- /* use test ECC key */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
- (word32)sizeof_ecc_key_der_256);
- (void)rng;
- #endif
- exit:
- wc_ecc_key_free(key);
- return ret;
- }
- #endif
- /* ECC Non-blocking tests for Sign and Verify */
- /* Requires SP math and supports P384 or P256 */
- /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC) && \
- defined(WOLFSSL_PUBLIC_MP)
- /* ECC Private Key "d" */
- static const byte p256PrivKey[] = {
- /* SECP256R1 */
- /* d */
- 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
- 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
- 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
- 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
- };
- #ifdef HAVE_ECC384
- static const byte p384PrivKey[] = {
- /* SECP384R1 */
- /* d */
- 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
- 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
- 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
- 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
- 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
- 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
- };
- #endif /* HAVE_ECC384 */
- #ifdef HAVE_ECC521
- static const byte p521PrivKey[] = {
- /* SECP521R1 */
- /* d */
- 0x01, 0x68, 0x91, 0x33, 0x53, 0xe2, 0x90, 0x68,
- 0x11, 0x8f, 0xaa, 0xa8, 0x76, 0x0c, 0xf7, 0x2a,
- 0x07, 0x1b, 0x92, 0x2a, 0xa7, 0x82, 0x3d, 0xfa,
- 0x83, 0xce, 0x70, 0xc8, 0xc2, 0x60, 0x82, 0xfe,
- 0x18, 0x88, 0x68, 0xda, 0x6a, 0x83, 0x46, 0x78,
- 0xe4, 0xe9, 0xe9, 0xcc, 0x51, 0x7f, 0xed, 0x81,
- 0x02, 0x32, 0xee, 0x26, 0x87, 0xcc, 0xed, 0x63,
- 0x3f, 0x39, 0x27, 0xf0, 0xd7, 0x17, 0x77, 0xa1,
- 0xa4, 0x36
- };
- #endif /* HAVE_ECC521 */
- /* ECC public key Qx/Qy */
- static const byte p256PubKey[] = {
- /* SECP256R1 */
- /* Qx */
- 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
- 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
- 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
- 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
- /* Qy */
- 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
- 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
- 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
- 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
- };
- #ifdef HAVE_ECC384
- static const byte p384PubKey[] = {
- /* SECP384R1 */
- /* Qx */
- 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
- 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
- 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
- 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
- 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
- 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
- /* Qy */
- 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
- 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
- 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
- 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
- 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
- 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
- };
- #endif
- #ifdef HAVE_ECC521
- static const byte p521PubKey[] = {
- /* SECP521R1 */
- /* Qx */
- 0x01, 0x62, 0x6e, 0xf1, 0x00, 0xec, 0xd8, 0x99,
- 0x58, 0x9b, 0x80, 0x6b, 0xfe, 0x2c, 0xf1, 0xb2,
- 0xf0, 0xc8, 0x48, 0xdf, 0xac, 0xd2, 0x3b, 0x71,
- 0x29, 0xab, 0xf0, 0x66, 0x63, 0xd8, 0x8e, 0xb5,
- 0xc8, 0xc2, 0xfc, 0x99, 0x44, 0xe2, 0x45, 0xb1,
- 0x5a, 0x7b, 0xb9, 0x73, 0x01, 0xda, 0x79, 0xec,
- 0x9c, 0x26, 0x27, 0x34, 0x45, 0x26, 0xd5, 0x89,
- 0x4b, 0x44, 0xfe, 0x69, 0x4e, 0x72, 0x14, 0xe3,
- 0x8b, 0xbc,
- /* Qy */
- 0x00, 0x0f, 0x09, 0xa2, 0x03, 0xc3, 0x5a, 0xdc,
- 0x95, 0x82, 0xf6, 0xf9, 0xf6, 0x9c, 0xff, 0xb5,
- 0x6b, 0x75, 0x95, 0x4b, 0xa4, 0x28, 0x5d, 0x9e,
- 0x90, 0x04, 0xd1, 0xc0, 0x1e, 0xd5, 0xfd, 0x43,
- 0x9e, 0x1e, 0x83, 0xc0, 0x11, 0x2b, 0x2b, 0x07,
- 0x6d, 0xa9, 0x7a, 0x10, 0xd7, 0x67, 0xe7, 0x51,
- 0x37, 0x24, 0xd8, 0xbf, 0x03, 0x0d, 0x8b, 0xb5,
- 0x40, 0x5c, 0x4f, 0xd6, 0x13, 0x73, 0x42, 0xbc,
- 0x91, 0xd9
- };
- /* perform verify of signature and hash using public key */
- /* key is public Qx + public Qy */
- /* sig is r + s */
- static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz,
- const uint8_t *hash, uint32_t hashSz, const uint8_t *sig, uint32_t sigSz,
- uint32_t curveSz, int curveId)
- {
- int ret, verify_res = 0, count = 0;
- mp_int r, s;
- ecc_key ecc;
- ecc_nb_ctx_t nb_ctx;
- /* validate arguments */
- if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
- hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
- {
- return BAD_FUNC_ARG;
- }
- /* Setup the ECC key */
- ret = wc_ecc_init(&ecc);
- if (ret < 0) {
- return ret;
- }
- ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return ret;
- }
- /* Setup the signature r/s variables */
- ret = mp_init(&r);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return ret;
- }
- ret = mp_init(&s);
- if (ret != MP_OKAY) {
- mp_clear(&r);
- wc_ecc_free(&ecc);
- return ret;
- }
- /* Import public key x/y */
- ret = wc_ecc_import_unsigned(
- &ecc,
- (byte*)key, /* Public "x" Coordinate */
- (byte*)(key + curveSz), /* Public "y" Coordinate */
- NULL, /* Private "d" (optional) */
- curveId /* ECC Curve Id */
- );
- /* Make sure it was a public key imported */
- if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
- ret = ECC_BAD_ARG_E;
- }
- /* Import signature r/s */
- if (ret == 0) {
- ret = mp_read_unsigned_bin(&r, sig, curveSz);
- }
- if (ret == 0) {
- ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
- }
- /* Verify ECC Signature */
- if (ret == 0) {
- do {
- ret = wc_ecc_verify_hash_ex(
- &r, &s, /* r/s as mp_int */
- hash, hashSz, /* computed hash digest */
- &verify_res, /* verification result 1=success */
- &ecc
- );
- count++;
- /* This is where real-time work could be called */
- } while (ret == FP_WOULDBLOCK);
- #ifdef DEBUG_WOLFSSL
- printf("ECC non-block verify: %d times\n", count);
- #endif
- }
- /* check verify result */
- if (ret == 0 && verify_res == 0) {
- ret = SIG_VERIFY_E;
- }
- mp_clear(&r);
- mp_clear(&s);
- wc_ecc_free(&ecc);
- (void)count;
- return ret;
- }
- /* perform signature operation against hash using private key */
- static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
- const uint8_t *hash, uint32_t hashSz, uint8_t *sig, uint32_t* sigSz,
- uint32_t curveSz, int curveId, WC_RNG* rng)
- {
- int ret, count = 0;
- mp_int r, s;
- ecc_key ecc;
- ecc_nb_ctx_t nb_ctx;
- /* validate arguments */
- if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
- curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
- {
- return BAD_FUNC_ARG;
- }
- /* Initialize signature result */
- memset(sig, 0, curveSz*2);
- /* Setup the ECC key */
- ret = wc_ecc_init(&ecc);
- if (ret < 0) {
- return ret;
- }
- ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return ret;
- }
- /* Setup the signature r/s variables */
- ret = mp_init(&r);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return ret;
- }
- ret = mp_init(&s);
- if (ret != MP_OKAY) {
- mp_clear(&r);
- wc_ecc_free(&ecc);
- return ret;
- }
- /* Import private key "k" */
- ret = wc_ecc_import_private_key_ex(
- key, keySz, /* private key "d" */
- NULL, 0, /* public (optional) */
- &ecc,
- curveId /* ECC Curve Id */
- );
- if (ret == 0) {
- do {
- /* Verify ECC Signature */
- ret = wc_ecc_sign_hash_ex(
- hash, hashSz, /* computed hash digest */
- rng, &ecc, /* random and key context */
- &r, &s /* r/s as mp_int */
- );
- count++;
- /* This is where real-time work could be called */
- } while (ret == FP_WOULDBLOCK);
- #ifdef DEBUG_WOLFSSL
- printf("ECC non-block sign: %d times\n", count);
- #endif
- }
- if (ret == 0) {
- /* export r/s */
- mp_to_unsigned_bin_len(&r, sig, curveSz);
- mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
- }
- mp_clear(&r);
- mp_clear(&s);
- wc_ecc_free(&ecc);
- (void)count;
- return ret;
- }
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- /*
- * This test doesn't work with WOLFSSL_VALIDATE_ECC_KEYGEN defined because we
- * don't have non-blocking versions of the key checking functions, yet.
- */
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
- static int ecc_test_nonblock_dhe(int curveId, word32 curveSz,
- const byte* privKey, const byte* pubKey, WC_RNG* rng)
- {
- int ret;
- ecc_key keyA;
- ecc_key keyB;
- ecc_nb_ctx_t nbCtxA;
- ecc_nb_ctx_t nbCtxB;
- byte secretA[ECC_SHARED_SIZE];
- byte secretB[ECC_SHARED_SIZE];
- word32 secretSzA = ECC_SHARED_SIZE;
- word32 secretSzB = ECC_SHARED_SIZE;
- int count = 0;
- ret = wc_ecc_init(&keyA);
- if (ret == 0) {
- ret = wc_ecc_init(&keyB);
- }
- if (ret == 0) {
- ret = wc_ecc_set_nonblock(&keyA, &nbCtxA);
- }
- if (ret == 0) {
- ret = wc_ecc_set_nonblock(&keyB, &nbCtxB);
- }
- if (ret == 0) {
- do {
- ret = wc_ecc_make_key_ex(rng, curveSz, &keyA, curveId);
- count++;
- } while (ret == FP_WOULDBLOCK);
- }
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "ECC non-block key gen: %d times\n", count);
- #endif
- if (ret == 0) {
- ret = wc_ecc_check_key(&keyA);
- }
- if (ret == 0) {
- ret = wc_ecc_import_unsigned(&keyB, pubKey, pubKey + curveSz,
- privKey, curveId);
- }
- count = 0;
- if (ret == 0) {
- do {
- ret = wc_ecc_shared_secret(&keyA, &keyB, secretA, &secretSzA);
- count++;
- } while (ret == FP_WOULDBLOCK);
- }
- #ifdef DEBUG_WOLFSSL
- fprintf(stderr, "ECC non-block shared secret: %d times\n", count);
- #endif
- if (ret == 0) {
- do {
- ret = wc_ecc_shared_secret(&keyB, &keyA, secretB, &secretSzB);
- } while (ret == FP_WOULDBLOCK);
- }
- if (ret == 0) {
- if (secretSzA != secretSzB ||
- XMEMCMP(secretA, secretB, secretSzA) != 0) {
- ret = -1;
- }
- }
- wc_ecc_free(&keyA);
- wc_ecc_free(&keyB);
- return ret;
- }
- #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
- #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- static int ecc_test_nonblock_ecdsa(int curveId, word32 curveSz,
- const byte* privKey, word32 privKeySz, const byte* pubKey, word32 pubKeySz,
- WC_RNG* rng)
- {
- int ret = 0;
- byte* sig = NULL;
- word32 sigSz = curveSz * 2;
- static const byte hash[] = {
- 0x8d, 0x28, 0xa3, 0x8b, 0x0b, 0xa9, 0xfe, 0xd4, 0x0e, 0x54, 0xc4, 0x17,
- 0x3d, 0x54, 0x66, 0x34, 0xbf, 0x5d, 0x6f, 0x46, 0xc2, 0x20, 0xcb, 0xc3,
- 0x22, 0xe9, 0xb0, 0xdf, 0xe7, 0x64, 0x3f, 0xd9
- };
- sig = (byte*)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
- if (sig == NULL) {
- ret = -1;
- }
- if (ret == 0) {
- /* Sign hash using private key */
- /* Note: result of an ECC sign varies for each call even with same
- private key and hash. This is because a new random public key is
- used for each operation. */
- ret = crypto_ecc_sign(privKey, privKeySz, hash, sizeof(hash), sig,
- &sigSz, curveSz, curveId, rng);
- }
- if (ret == 0) {
- /* Verify generated signature is valid */
- ret = crypto_ecc_verify(pubKey, pubKeySz, hash, sizeof(hash), sig,
- sigSz, curveSz, curveId);
- }
- if (sig != NULL) {
- XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
- }
- return ret;
- }
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- static int ecc_test_nonblock(WC_RNG* rng)
- {
- int ret = 0;
- word32 i;
- int curveIds[3] = {0, 0, 0};
- word32 curveSzs[3] = {0, 0, 0};
- const byte* privKeys[3] = {NULL, NULL, NULL};
- word32 privKeySzs[3] = {0, 0, 0};
- const byte* pubKeys[3] = {NULL, NULL, NULL};
- word32 pubKeySzs[3] = {0, 0, 0};
- curveIds[0] = ECC_SECP256R1;
- curveSzs[0] = 32;
- privKeys[0] = p256PrivKey;
- privKeySzs[0] = sizeof(p256PrivKey);
- pubKeys[0] = p256PubKey;
- pubKeySzs[0] = sizeof(p256PubKey);
- #ifdef HAVE_ECC384
- curveIds[1] = ECC_SECP384R1;
- curveSzs[1] = 48;
- privKeys[1] = p384PrivKey;
- privKeySzs[1] = sizeof(p384PrivKey);
- pubKeys[1] = p384PubKey;
- pubKeySzs[1] = sizeof(p384PubKey);
- #endif
- #ifdef HAVE_ECC521
- curveIds[2] = ECC_SECP521R1;
- curveSzs[2] = 66;
- privKeys[2] = p521PrivKey;
- privKeySzs[2] = sizeof(p521PrivKey);
- pubKeys[2] = p521PubKey;
- pubKeySzs[2] = sizeof(p521PubKey);
- #endif
- for (i = 0; ret == 0 && i < sizeof(curveIds) / sizeof(curveIds[0]); ++i) {
- if (curveIds[i] == 0) {
- continue;
- }
- #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- ret = ecc_test_nonblock_ecdsa(curveIds[i], curveSzs[i], privKeys[i],
- privKeySzs[i], pubKeys[i], pubKeySzs[i], rng);
- #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
- if (ret == 0) {
- ret = ecc_test_nonblock_dhe(curveIds[i], curveSzs[i], privKeys[i],
- pubKeys[i], rng);
- }
- #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
- }
- return ret;
- }
- #endif /* WC_ECC_NONBLOCK && WOLFSSL_HAVE_SP_ECC && WOLFSSL_PUBLIC_MP */
- WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
- {
- int ret;
- WC_RNG rng;
- #if defined(WOLFSSL_CERT_EXT) && \
- (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- ret = ecc_decode_test();
- if (ret < 0)
- return ret;
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- #ifndef WC_NO_RNG
- if (ret != 0)
- return -10300;
- #else
- (void)ret;
- #endif
- #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
- ret = ecc_test_curve(&rng, 14);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC112 */
- #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
- ret = ecc_test_curve(&rng, 16);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC128 */
- #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
- ret = ecc_test_curve(&rng, 20);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC160 */
- #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
- ret = ecc_test_curve(&rng, 24);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC192 */
- #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
- ret = ecc_test_curve(&rng, 28);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC224 */
- #if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239
- ret = ecc_test_curve(&rng, 30);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC239 */
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- ret = ecc_test_curve(&rng, 32);
- if (ret < 0) {
- goto done;
- }
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ret = ecc_point_test();
- if (ret < 0) {
- goto done;
- }
- #endif
- ret = ecc_def_curve_test(&rng);
- if (ret < 0) {
- goto done;
- }
- #endif /* !NO_ECC256 */
- #if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320
- ret = ecc_test_curve(&rng, 40);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC320 */
- #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
- ret = ecc_test_curve(&rng, 48);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC384 */
- #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
- ret = ecc_test_curve(&rng, 64);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC512 */
- #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
- ret = ecc_test_curve(&rng, 66);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC521 */
- #if defined(WOLFSSL_CUSTOM_CURVES)
- ret = ecc_test_custom_curves(&rng);
- if (ret != 0) {
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
- ret = ecc_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc_test_deterministic_k failed! %d\n", ret);
- goto done;
- }
- #ifdef WOLFSSL_PUBLIC_MP
- #if defined(HAVE_ECC384)
- ret = ecc384_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc384_test_deterministic_k failed! %d\n", ret);
- goto done;
- }
- #endif
- #if defined(HAVE_ECC521)
- ret = ecc521_test_deterministic_k(&rng);
- if (ret != 0) {
- printf("ecc512_test_deterministic_k failed! %d\n", ret);
- goto done;
- }
- #endif
- #endif
- #endif
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
- !defined(WOLFSSL_KCAPI_ECC)
- ret = ecc_test_sign_vectors(&rng);
- if (ret != 0) {
- printf("ecc_test_sign_vectors failed! %d\n", ret);
- goto done;
- }
- #endif
- #ifdef HAVE_ECC_CDH
- ret = ecc_test_cdh_vectors(&rng);
- if (ret != 0) {
- printf("ecc_test_cdh_vectors failed! %d\n", ret);
- goto done;
- }
- #endif
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ret = ecc_test_make_pub(&rng);
- if (ret != 0) {
- printf("ecc_test_make_pub failed!: %d\n", ret);
- goto done;
- }
- #elif defined(HAVE_ECC_KEY_IMPORT)
- (void)ecc_test_make_pub; /* for compiler warning */
- #endif
- #ifdef WOLFSSL_CERT_GEN
- ret = ecc_test_cert_gen(&rng);
- if (ret != 0) {
- printf("ecc_test_cert_gen failed!: %d\n", ret);
- goto done;
- }
- #endif
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- ret = ecc_test_allocator(&rng);
- if (ret != 0) {
- printf("ecc_test_allocator failed!: %d\n", ret);
- goto done;
- }
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- ret = ecc_test_nonblock(&rng);
- if (ret != 0) {
- printf("ecc_test_nonblock failed!: %d\n", ret);
- goto done;
- }
- #endif
- done:
- wc_FreeRng(&rng);
- return ret;
- }
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
- (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
- /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in
- * wolfFIPS 5.3.
- * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test().
- */
- #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
- ECC_MIN_KEY_SZ <= 256 && defined(WOLFSSL_AES_128)
- static int ecc_encrypt_kat(WC_RNG *rng)
- {
- int ret = 0;
- #ifdef WOLFSSL_ECIES_OLD
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key* userA = NULL;
- #else
- ecc_key userA[1];
- #endif
- int userAInit = 0;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key* userB = NULL;
- #else
- ecc_key userB[1];
- #endif
- int userBInit = 0;
- ecc_key* tmpKey;
- byte plain[48];
- word32 plainSz = sizeof(plain);
- WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = {
- 0x04, 0x80, 0xef, 0x1d, 0xbe, 0x02, 0x0c, 0x20,
- 0x5b, 0xab, 0x80, 0x35, 0x5b, 0x2a, 0x0f, 0x6d,
- 0xd3, 0xb0, 0x7f, 0x7e, 0x7f, 0x86, 0x8a, 0x49,
- 0xee, 0xb4, 0xaa, 0x09, 0x2d, 0x1e, 0x1d, 0x02
- };
- #if defined(WOLFSSL_ECIES_OLD) || defined(WOLFSSL_QNX_CAAM)
- WOLFSSL_SMALL_STACK_STATIC const byte pubKey[] = {
- 0x04,
- /* X */
- 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
- 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
- 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
- 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
- /* X */
- 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
- 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
- 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
- 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28
- };
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte enc_msg[] = {
- #ifdef WOLFSSL_ECIES_OLD
- 0x42, 0x70, 0xbf, 0xf9, 0xf4, 0x7e, 0x4b, 0x9b,
- 0xb5, 0x4c, 0xcc, 0xc5, 0x94, 0xa7, 0xef, 0xaa,
- 0xc3, 0x7c, 0x85, 0xa6, 0x51, 0x6e, 0xd3, 0xfa,
- 0x56, 0xc9, 0x10, 0x4d, 0x14, 0x32, 0x61, 0xb8,
- 0xbb, 0x66, 0x7a, 0xb5, 0xbc, 0x95, 0xf8, 0xca,
- 0xd1, 0x2a, 0x19, 0x51, 0x44, 0xd8, 0x0e, 0x57,
- 0x34, 0xed, 0x45, 0x89, 0x2e, 0x57, 0xbe, 0xd5,
- 0x06, 0x22, 0xd7, 0x13, 0x0a, 0x0e, 0x40, 0x36,
- 0x0d, 0x05, 0x0d, 0xb6, 0xae, 0x61, 0x37, 0x18,
- 0x83, 0x90, 0x0a, 0x27, 0x95, 0x41, 0x8c, 0x45
- #elif defined(WOLFSSL_ECIES_ISO18033)
- 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
- 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
- 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
- 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
- 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
- 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
- 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
- 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
- 0x28, 0xbb, 0x9f, 0xa8, 0x2d, 0xe1, 0xf1, 0x67,
- 0x45, 0x02, 0x19, 0xdc, 0xc8, 0x24, 0x8b, 0x20,
- 0x02, 0xa0, 0x8f, 0x95, 0x12, 0x55, 0x51, 0xf8,
- 0x03, 0xc4, 0x54, 0x13, 0x98, 0x2d, 0xf0, 0x31,
- 0x51, 0x80, 0x45, 0x24, 0xcb, 0x8b, 0x48, 0xa6,
- 0x8b, 0x8e, 0x97, 0x9c, 0x56, 0x4d, 0x70, 0x00,
- 0x53, 0xd3, 0x47, 0x00, 0x5a, 0x23, 0x8c, 0xf9,
- 0xfd, 0xd2, 0x33, 0x2c, 0x43, 0x6e, 0x9e, 0xb2,
- 0xf4, 0x95, 0xd4, 0xcf, 0x30, 0xd6, 0xa2, 0xc5,
- 0x35, 0x96, 0x6a, 0xd4, 0x36, 0x15, 0xa9, 0xbd,
- 0x7f
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- /* EC P-256 point */
- 0x04,
- /* X */
- 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
- 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
- 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
- 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
- /* Y */
- 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
- 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
- 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
- 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28,
- /* IV */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- /* Encrypted Msg */
- 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d, 0x50,
- 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c, 0x1f,
- 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc, 0x44,
- 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca, 0x65,
- 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61, 0xbd,
- 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1, 0xde,
- /* HMAC */
- 0x5a, 0x22, 0xc1, 0x5d, 0x99, 0x66, 0x3f, 0x24,
- 0x35, 0x96, 0xac, 0xf7, 0xf6, 0x28, 0x45, 0x16,
- 0x52, 0x19, 0x0d, 0xe4, 0xb2, 0xca, 0x5b, 0x28,
- 0x4e, 0xbb, 0xf3, 0x98, 0x57, 0xd7, 0x3b, 0xe2
- #else
- 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
- 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
- 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
- 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
- 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
- 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
- 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
- 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
- 0x28, 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d,
- 0x50, 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c,
- 0x1f, 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc,
- 0x44, 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca,
- 0x65, 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61,
- 0xbd, 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1,
- 0xde, 0xc7, 0x3f, 0x6f, 0xce, 0xbe, 0x49, 0x61,
- 0x48, 0x01, 0x77, 0x41, 0xd0, 0xd8, 0x5b, 0x48,
- 0xca, 0x4e, 0x47, 0x3e, 0x47, 0xbf, 0x1d, 0x28,
- 0x4c, 0x18, 0x1a, 0xfb, 0x96, 0x95, 0xda, 0xde,
- 0x55
- #endif
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
- };
- #ifdef WOLFSSL_SMALL_STACK
- userB = (ecc_key *)XMALLOC(sizeof(*userB), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (userB == NULL) {
- ret = -10451;
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (ret == 0) {
- userA = (ecc_key *)XMALLOC(sizeof(*userA), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (userA == NULL) {
- ret = -10450;
- }
- }
- #endif
- #endif
- if (ret == 0) {
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ret = -10453;
- }
- if (ret == 0) {
- userBInit = 1;
- #ifdef WOLFSSL_ECIES_OLD
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ret = -10452;
- }
- if (ret == 0) {
- userAInit = 1;
- tmpKey = userA;
- #else
- tmpKey = NULL;
- #endif
- }
- if (ret == 0) {
- #ifdef WOLFSSL_QNX_CAAM
- ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), pubKey,
- sizeof(pubKey), userB, ECC_SECP256R1);
- #else
- ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), NULL, 0,
- userB, ECC_SECP256R1);
- #endif
- if (ret != 0)
- ret = -10454;
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (ret == 0) {
- ret = wc_ecc_import_x963_ex(pubKey, sizeof(pubKey), userA,
- ECC_SECP256R1);
- if (ret != 0)
- ret = -10455;
- }
- #endif
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- if (ret == 0) {
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0) {
- ret = -10456;
- }
- }
- #else
- (void)rng;
- #endif
- if (ret == 0) {
- ret = wc_ecc_decrypt(userB, tmpKey, enc_msg, sizeof(enc_msg), plain,
- &plainSz, NULL);
- if (ret != 0)
- ret = -10457;
- }
- if (ret == 0) {
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -10458;
- }
- }
- if (userBInit)
- wc_ecc_free(userB);
- #ifdef WOLFSSL_ECIES_OLD
- if (userAInit)
- wc_ecc_free(userA);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (userB != NULL) {
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_ECIES_OLD
- if (userA != NULL) {
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #endif
- return ret;
- }
- #endif
- static int ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB,
- byte encAlgo, byte kdfAlgo, byte macAlgo)
- {
- int ret = 0;
- byte msg[48];
- byte plain[48];
- #ifdef WOLFSSL_ECIES_OLD
- byte out[80];
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- byte out[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
- #else
- byte out[1 + ECC_KEYGEN_SIZE * 2 + 80];
- #endif
- word32 outSz = sizeof(out);
- word32 plainSz = sizeof(plain);
- int i;
- ecEncCtx* cliCtx = NULL;
- ecEncCtx* srvCtx = NULL;
- byte cliSalt[EXCHANGE_SALT_SZ];
- byte srvSalt[EXCHANGE_SALT_SZ];
- const byte* tmpSalt;
- byte msg2[48];
- byte plain2[48];
- #ifdef WOLFSSL_ECIES_OLD
- byte out2[80];
- #elif defined(WOLFSSL_ECIES_GEN_IV)
- byte out2[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
- #else
- byte out2[1 + ECC_KEYGEN_SIZE * 2 + 80];
- #endif
- word32 outSz2 = sizeof(out2);
- word32 plainSz2 = sizeof(plain2);
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof(ecc_key), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key tmpKey[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (tmpKey == NULL) {
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- /* set message to incrementing 0,1,2,etc... */
- for (i = 0; i < (int)sizeof(msg); i++)
- msg[i] = i;
- /* encrypt msg to B */
- ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL);
- if (ret != 0) {
- ret = -10405; goto done;
- }
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = userA->dp;
- ret = wc_ecc_copy_point(&userA->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = -10413; goto done;
- }
- #endif
- /* decrypt msg from A */
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, NULL);
- if (ret != 0) {
- ret = -10406; goto done;
- }
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -10407; goto done;
- }
- #ifndef WOLFSSL_ECIES_OLD
- /* A decrypts msg (response) from B */
- ret = wc_ecc_decrypt(userB, NULL, out, outSz, plain2, &plainSz2, NULL);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -10415; goto done;
- }
- #endif
- /* let's verify message exchange works, A is client, B is server */
- cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
- srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
- if (cliCtx == NULL || srvCtx == NULL) {
- ret = -10408; goto done;
- }
- ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- /* get salt to send to peer */
- tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- if (tmpSalt == NULL) {
- ret = -10409; goto done;
- }
- XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
- tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
- if (tmpSalt == NULL) {
- ret = -10410; goto done;
- }
- XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
- /* in actual use, we'd get the peer's salt over the transport */
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- /* get encrypted msg (request) to send to B */
- outSz = sizeof(out);
- ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx);
- if (ret != 0)
- goto done;
- #ifndef WOLFSSL_ECIES_OLD
- wc_ecc_free(tmpKey);
- #endif
- /* B decrypts msg (request) from A */
- plainSz = sizeof(plain);
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -10411; goto done;
- }
- /* msg2 (response) from B to A */
- for (i = 0; i < (int)sizeof(msg2); i++)
- msg2[i] = i + sizeof(msg2);
- /* get encrypted msg (response) to send to B */
- ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2,
- &outSz2, srvCtx);
- if (ret != 0)
- goto done;
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = userB->dp;
- ret = wc_ecc_copy_point(&userB->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = -10414; goto done;
- }
- #else
- wc_ecc_free(tmpKey);
- #endif
- /* A decrypts msg (response) from B */
- ret = wc_ecc_decrypt(userA, tmpKey, out2, outSz2, plain2, &plainSz2,
- cliCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
- ret = -10412; goto done;
- }
- #if defined(HAVE_COMP_KEY) && \
- (! defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
- /* Create new client and server contexts. */
- wc_ecc_ctx_free(srvCtx);
- wc_ecc_ctx_free(cliCtx);
- /* let's verify message exchange works, A is client, B is server */
- cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
- srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
- if (cliCtx == NULL || srvCtx == NULL) {
- ret = -10416; goto done;
- }
- ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
- if (ret != 0)
- goto done;
- /* get salt to send to peer */
- tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- if (tmpSalt == NULL) {
- ret = -10417; goto done;
- }
- XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
- tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
- if (tmpSalt == NULL) {
- ret = -10418; goto done;
- }
- XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
- /* in actual use, we'd get the peer's salt over the transport */
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 12);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 12);
- if (ret != 0)
- goto done;
- /* get encrypted msg (request) to send to B - compressed public key */
- outSz = sizeof(out);
- ret = wc_ecc_encrypt_ex(userA, userB, msg, sizeof(msg), out, &outSz, cliCtx,
- 1);
- if (ret != 0)
- goto done;
- #ifndef WOLFSSL_ECIES_OLD
- wc_ecc_free(tmpKey);
- #endif
- /* B decrypts msg (request) from A - out has a compressed public key */
- plainSz = sizeof(plain);
- ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -10419; goto done;
- }
- #endif /* HAVE_COMP_KEY && (!FIPS || FIPS>=5.3) */
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
- (ECC_MIN_KEY_SZ <= 256) && defined(WOLFSSL_AES_128)
- ret = ecc_encrypt_kat(rng);
- #endif
- done:
- /* cleanup */
- wc_ecc_ctx_free(srvCtx);
- wc_ecc_ctx_free(cliCtx);
- #ifdef WOLFSSL_SMALL_STACK
- if (tmpKey != NULL) {
- wc_ecc_free(tmpKey);
- XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(tmpKey);
- #endif
- return ret;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
- WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void)
- {
- WC_RNG rng;
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *userA;
- ecc_key *userB;
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -10400;
- #ifdef WOLFSSL_SMALL_STACK
- userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if ((userA == NULL) || (userB == NULL)) {
- ERROR_OUT(MEMORY_E, done);
- }
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = -10401; goto done;
- }
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = -10402; goto done;
- }
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(userA, &rng);
- if (ret != 0) {
- ret = -10403; goto done;
- }
- ret = wc_ecc_set_rng(userB, &rng);
- if (ret != 0) {
- ret = -10404; goto done;
- }
- #endif
- #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CBC, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CBC,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_256_CBC, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #endif
- #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
- #ifdef WOLFSSL_AES_128
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_128_CTR, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #ifdef WOLFSSL_AES_256
- if (ret == 0) {
- ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CTR,
- ecHKDF_SHA256, ecHMAC_SHA256);
- if (ret != 0) {
- printf("ECIES: AES_256_CTR, HKDF_SHA256, HMAC_SHA256\n");
- }
- }
- #endif
- #endif
- #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
- {
- size_t bytes;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof *tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key cliKey[1];
- ecc_key servKey[1];
- ecc_key tmpKey[1];
- #endif
- WC_RNG rng;
- word32 idx = 0;
- int ret;
- /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
- byte in[] = "Everyone gets Friday off. ecc p";
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[256];
- byte plain[256];
- int verify = 0;
- word32 x;
- #ifdef WOLFSSL_SMALL_STACK
- if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-10420, done);
- ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-10421, done);
- ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-10421, done);
- bytes = (size_t)sizeof_ecc_clikey_der_256;
- /* place client key into ecc_key struct cliKey */
- ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey,
- (word32)bytes);
- if (ret != 0)
- ERROR_OUT(-10422, done);
- idx = 0;
- bytes = (size_t)sizeof_ecc_key_der_256;
- /* place server key into ecc_key struct servKey */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey,
- (word32)bytes);
- if (ret != 0)
- ERROR_OUT(-10423, done);
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(-10424, done);
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(cliKey, &rng);
- if (ret != 0) {
- ERROR_OUT(-10425, done);
- }
- ret = wc_ecc_set_rng(servKey, &rng);
- if (ret != 0) {
- ERROR_OUT(-10425, done);
- }
- #endif
- #endif /* !WC_NO_RNG */
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- {
- word32 y;
- /* test encrypt and decrypt if they're available */
- x = sizeof(out);
- ret = wc_ecc_encrypt(cliKey, servKey, in, sizeof(in), out, &x, NULL);
- if (ret < 0)
- ERROR_OUT(-10426, done);
- #ifdef WOLFSSL_ECIES_OLD
- tmpKey->dp = cliKey->dp;
- ret = wc_ecc_copy_point(&cliKey->pubkey, &tmpKey->pubkey);
- if (ret != 0) {
- ret = -10414; goto done;
- }
- #endif
- y = sizeof(plain);
- ret = wc_ecc_decrypt(servKey, tmpKey, out, x, plain, &y, NULL);
- if (ret < 0)
- ERROR_OUT(-10427, done);
- if (XMEMCMP(plain, in, inLen))
- ERROR_OUT(-10428, done);
- }
- #endif
- x = sizeof(out);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(-10429, done);
- TEST_SLEEP();
- XMEMSET(plain, 0, sizeof(plain));
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
- cliKey);
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(-10430, done);
- if (verify != 1)
- ERROR_OUT(-10431, done);
- TEST_SLEEP();
- #ifdef WOLFSSL_CERT_EXT
- idx = 0;
- bytes = sizeof_ecc_clikeypub_der_256;
- ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey,
- (word32) bytes);
- if (ret != 0)
- ERROR_OUT(-10432, done);
- #endif
- ret = 0;
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (cliKey != NULL) {
- wc_ecc_free(cliKey);
- XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (servKey != NULL) {
- wc_ecc_free(servKey);
- XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmpKey != NULL) {
- wc_ecc_free(tmpKey);
- XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(cliKey);
- wc_ecc_free(servKey);
- wc_ecc_free(tmpKey);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */
- #endif /* HAVE_ECC */
- #ifdef HAVE_CURVE25519
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- #define X25519_TEST_CNT 5
- #else
- #define X25519_TEST_CNT 1
- #endif
- static int curve25519_overflow_test(void)
- {
- /* secret key for party a */
- byte sa[X25519_TEST_CNT][32] = {
- {
- 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
- 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
- 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
- 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
- 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
- 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
- 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- }
- #endif
- };
- /* public key for party b */
- byte pb[X25519_TEST_CNT][32] = {
- {
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- /* 0xff first byte in original - invalid! */
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- {
- 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
- 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
- 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
- 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
- },
- {
- 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
- 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
- 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
- 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
- },
- {
- 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
- 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
- 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
- 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
- }
- #endif
- };
- /* expected shared key */
- byte ss[X25519_TEST_CNT][32] = {
- {
- 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
- 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
- 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
- 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
- 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
- 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
- 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
- }
- #endif
- };
- int ret = 0;
- int i;
- word32 y;
- byte shared[32];
- curve25519_key userA;
- wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
- for (i = 0; i < X25519_TEST_CNT; i++) {
- if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
- sizeof(pb[i]), &userA) != 0) {
- ret = -10500 - i; break;
- }
- /* test against known test vector */
- XMEMSET(shared, 0, sizeof(shared));
- y = sizeof(shared);
- if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) {
- ret = -10510 - i; break;
- }
- if (XMEMCMP(ss[i], shared, y)) {
- ret = -10520 - i; break;
- }
- }
- wc_curve25519_free(&userA);
- return ret;
- }
- /* Test the wc_curve25519_check_public API.
- *
- * returns 0 on success and -ve on failure.
- */
- static int curve25519_check_public_test(void)
- {
- /* Little-endian values that will fail */
- byte fail_le[][CURVE25519_KEYSIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81
- },
- };
- /* Big-endian values that will fail */
- byte fail_be[][CURVE25519_KEYSIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- {
- 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- };
- /* Good or valid public value */
- byte good[CURVE25519_KEYSIZE] = {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- int i;
- /* Parameter checks */
- /* NULL pointer */
- if (wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN) !=
- BAD_FUNC_ARG) {
- return -10600;
- }
- if (wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN) !=
- BAD_FUNC_ARG) {
- return -10601;
- }
- /* Length of 0 treated differently to other invalid lengths for TLS */
- if (wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN) != BUFFER_E)
- return -10602;
- if (wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN) != BUFFER_E)
- return -10603;
- /* Length not CURVE25519_KEYSIZE */
- for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
- if (i == CURVE25519_KEYSIZE)
- continue;
- if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return -10604 - i;
- }
- if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return -10614 - i;
- }
- }
- /* Little-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
- if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
- EC25519_LITTLE_ENDIAN) == 0) {
- return -10624 - i;
- }
- }
- /* Big-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
- if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
- EC25519_BIG_ENDIAN) == 0) {
- return -10634 - i;
- }
- }
- /* Check a valid public value works! */
- if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
- EC25519_LITTLE_ENDIAN) != 0) {
- return -10644;
- }
- if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
- EC25519_BIG_ENDIAN) != 0) {
- return -10645;
- }
- return 0;
- }
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- static int curve255519_der_test(void)
- {
- int ret = 0;
- /* certs/statickeys/x25519.der */
- const byte kCurve25519PrivDer[] = {
- 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E,
- 0x04, 0x22, 0x04, 0x20, 0x78, 0x8E, 0x31, 0x5C, 0x33, 0xA9, 0x19, 0xC0,
- 0x5E, 0x36, 0x70, 0x1B, 0xA4, 0xE8, 0xEF, 0xC1, 0x89, 0x8C, 0xB3, 0x15,
- 0xC6, 0x79, 0xD3, 0xAC, 0x22, 0x00, 0xAE, 0xFA, 0xB3, 0xB7, 0x0F, 0x78
- };
- /* certs/statickeys/x25519-pub.der */
- const byte kCurve25519PubDer[] = {
- 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00,
- 0x09, 0xBC, 0x8C, 0xC7, 0x45, 0x0D, 0xC1, 0xC2, 0x02, 0x57, 0x9A, 0x68,
- 0x3A, 0xFD, 0x7A, 0xA8, 0xA5, 0x2F, 0xF0, 0x99, 0x39, 0x98, 0xEA, 0x26,
- 0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26
- };
- curve25519_key key;
- byte output[128];
- word32 outputSz = 128;
- word32 idx;
- if (wc_curve25519_init_ex(&key, HEAP_HINT, devId) != 0) {
- return -10723;
- }
- /* Test decode / encode of Curve25519 private key only */
- if (ret == 0) {
- idx = 0;
- ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, &key,
- (word32)sizeof(kCurve25519PrivDer));
- }
- if (ret == 0) {
- outputSz = (word32)sizeof(output);
- ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
- if (ret >= 0) {
- outputSz = ret;
- ret = 0;
- }
- else {
- ret = -10724;
- }
- }
- if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
- XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
- ret = -10725;
- }
- /* Test decode / encode of Curve25519 public key only */
- if (ret == 0) {
- idx = 0;
- ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, &key,
- (word32)sizeof(kCurve25519PubDer));
- }
- if (ret == 0) {
- outputSz = (word32)sizeof(output);
- ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
- if (ret >= 0) {
- outputSz = ret;
- ret = 0;
- }
- else {
- ret = -10726;
- }
- }
- if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
- XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
- ret = -10727;
- }
- wc_curve25519_free(&key);
- return ret;
- }
- #endif /* !NO_ASN && HAVE_CURVE25519_KEY_EXPORT && HAVE_CURVE25519_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE int curve25519_test(void)
- {
- WC_RNG rng;
- int ret;
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- byte sharedA[32];
- byte sharedB[32];
- word32 y;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- byte exportBuf[32];
- #endif
- word32 x = 0;
- curve25519_key userA, userB, pubKey;
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
- */
- /* secret key for party a */
- byte sa[] = {
- 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
- 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
- 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
- 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
- };
- /* public key for party a */
- byte pa[] = {
- 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
- 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
- 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
- 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
- };
- /* secret key for party b */
- byte sb[] = {
- 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
- 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
- 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
- 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
- };
- /* public key for party b */
- byte pb[] = {
- 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
- 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
- 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
- 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
- };
- /* expected shared key */
- byte ss[] = {
- 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
- 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
- 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
- 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
- };
- #endif /* HAVE_CURVE25519_SHARED_SECRET */
- (void)x;
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -10700;
- wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
- wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
- wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
- /* make curve25519 keys */
- if (wc_curve25519_make_key(&rng, 32, &userA) != 0)
- return -10701;
- if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
- return -10702;
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) {
- printf("wc_curve25519_shared_secret 1 %d\n", ret);
- return -10703;
- }
- y = sizeof(sharedB);
- if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) {
- printf("wc_curve25519_shared_secret 2 %d\n", ret);
- return -10704;
- }
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -10705;
- if (XMEMCMP(sharedA, sharedB, x))
- return -10706;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0)
- return -10707;
- #ifdef HAVE_CURVE25519_KEY_IMPORT
- if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0)
- return -10708;
- #endif
- #endif
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
- return -10709;
- if (XMEMCMP(sharedA, sharedB, y))
- return -10710;
- /* import RFC test vectors and compare shared key */
- if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -10711;
- if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
- != 0)
- return -10712;
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0)
- return -10713;
- if (XMEMCMP(ss, sharedB, y))
- return -10714;
- /* test swapping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -10715;
- if (XMEMCMP(ss, sharedB, y))
- return -10716;
- /* test with 1 generated key and 1 from known test vector */
- if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -10717;
- wc_curve25519_free(&userB);
- wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
- if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
- return -10718;
- x = sizeof(sharedA);
- if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -10719;
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -10720;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -10721;
- if (XMEMCMP(sharedA, sharedB, x))
- return -10722;
- ret = curve25519_overflow_test();
- if (ret != 0)
- return ret;
- ret = curve25519_check_public_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- ret = curve255519_der_test();
- if (ret != 0)
- return ret;
- #endif
- /* clean up keys when done */
- wc_curve25519_free(&pubKey);
- wc_curve25519_free(&userB);
- wc_curve25519_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE25519 */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static int ed25519_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED25519_VERIFY
- ed25519_key key;
- ed25519_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- int ret;
- byte* tmp;
- size_t bytes;
- XFILE file;
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-10730, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
- bytes = sizeof_ca_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(caEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-10731, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-10732, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-10733, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
- bytes = sizeof_server_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(serverEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-10734, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-10735, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-10736, done);
- }
- #ifdef HAVE_ED25519_VERIFY
- ret = wc_ed25519_init(&key);
- if (ret < 0) {
- ERROR_OUT(-10737, done);
- }
- pubKey = &key;
- ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
- pubKey);
- if (ret < 0) {
- ERROR_OUT(-10738, done);
- }
- if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey) < 0 || verify != 1) {
- ERROR_OUT(-10739, done);
- }
- #endif /* HAVE_ED25519_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED25519_VERIFY
- wc_ed25519_free(pubKey);
- #endif /* HAVE_ED25519_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static int ed25519_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed25519_key key;
- ed25519_key* privKey = NULL;
- int ret = 0;
- byte* tmp = NULL;
- wc_InitCert_ex(&cert, HEAP_HINT, devId);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -10750;
- wc_ed25519_init(&key);
- privKey = &key;
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0) {
- ERROR_OUT(-10751, done);
- }
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-10752, done);
- }
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-10753, done);
- }
- #endif
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-10754, done);
- }
- cert.sigType = CTC_ED25519;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-10755, done);
- }
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
- ED25519_TYPE, privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-10756, done);
- }
- InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0) {
- ERROR_OUT(-10757, done);
- }
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed25519_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- static int ed25519ctx_test(void)
- {
- int ret;
- byte out[ED25519_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify = 0;
- #endif /* HAVE_ED25519_VERIFY */
- ed25519_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
- 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f,
- 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57,
- 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95,
- 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
- 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f,
- 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae,
- 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb,
- 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = {
- 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04,
- 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b,
- 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76,
- 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a,
- 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22,
- 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5,
- 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2,
- 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = {
- 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3,
- 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a,
- 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5,
- 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4,
- 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d,
- 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54,
- 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68,
- 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
- 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49,
- 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return 10800;
- ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
- sizeof(pKeyCtx), &key);
- if (ret == 0)
- ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- contextCtx, sizeof(contextCtx));
- if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0)
- ret = -10801;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
- &verify, &key, contextCtx, sizeof(contextCtx));
- if (ret == 0 && verify != 1)
- ret = -10802;
- #endif
- if (ret == 0)
- ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0)
- ret = -10803;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = -10804;
- #endif
- wc_ed25519_free(&key);
- return ret;
- }
- static int ed25519ph_test(void)
- {
- int ret = 0;
- byte out[ED25519_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify = 0;
- #endif /* HAVE_ED25519_VERIFY */
- ed25519_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
- 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
- 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
- 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
- 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
- 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
- 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
- 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
- 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
- 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a,
- 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80,
- 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76,
- 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41,
- 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35,
- 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa,
- 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a,
- 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
- 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6,
- 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29,
- 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34,
- 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08,
- 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5,
- 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6,
- 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4,
- 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
- 0x61,0x62,0x63
- };
- /* SHA-512 hash of msgPh */
- WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
- 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
- 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
- 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
- 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
- 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
- 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
- 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
- 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0)
- return -10900;
- ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
- sizeof(pKeyPh), &key);
- if (ret == 0)
- ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
- ret = -10901;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = -10902;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
- ret = -10903;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (ret == 0)
- ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
- &key, contextPh2, sizeof(contextPh2));
- if (ret == 0 && verify != 1)
- ret = -10904;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- NULL, 0);
- if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
- ret = -10905;
- #if defined(HAVE_ED25519_VERIFY)
- if (ret == 0)
- ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh),
- &verify, &key, NULL, 0);
- if (ret == 0 && verify != 1)
- ret = -10906;
- #endif
- if (ret == 0)
- ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2));
- if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
- ret = -10907;
- #if defined(HAVE_ED25519_VERIFY)
- if (ret == 0)
- ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, contextPh2, sizeof(contextPh2));
- if (ret == 0 && verify != 1)
- ret = -10908;
- #endif
- wc_ed25519_free(&key);
- return ret;
- }
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
- {
- int ret;
- WC_RNG rng;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- byte out[ED25519_SIG_SIZE];
- byte exportPKey[ED25519_KEY_SIZE];
- byte exportSKey[ED25519_KEY_SIZE];
- word32 exportPSz;
- word32 exportSSz;
- int i;
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
- int j;
- #endif
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- word32 keySz, sigSz;
- ed25519_key key;
- ed25519_key key2;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
- */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
- 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
- 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
- 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
- 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
- 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
- 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
- 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
- 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- /* compressed prefix test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
- 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
- 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
- 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
- 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
- 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
- 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
- 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
- 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
- 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
- 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
- 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
- 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
- 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
- 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
- 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
- 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
- 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
- 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
- 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
- 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
- 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
- 0xd7
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
- 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
- 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
- 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
- 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
- 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
- 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
- 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
- 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
- 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
- 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
- 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
- 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
- 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
- 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
- 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
- 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
- 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
- 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
- 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
- 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
- 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
- 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
- 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
- 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
- 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
- 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
- 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
- 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
- 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72};
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82};
- /* test of a 1024 byte long message */
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
- 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
- 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
- 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
- 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
- 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
- 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
- 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
- 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
- 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
- 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
- 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
- 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
- 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
- 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
- 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
- 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
- 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
- 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
- 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
- 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
- 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
- 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
- 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
- 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
- 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
- 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
- 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
- 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
- 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
- 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
- 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
- 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
- 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
- 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
- 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
- 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
- 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
- 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
- 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
- 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
- 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
- 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
- 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
- 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
- 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
- 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
- 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
- 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
- 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
- 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
- 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
- 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
- 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
- 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
- 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
- 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
- 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
- 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
- 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
- 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
- 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
- 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
- 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
- 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
- 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
- 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
- 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
- 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
- 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
- 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
- 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
- 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
- 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
- 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
- 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
- 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
- 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
- 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
- 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
- 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
- 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
- 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
- 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
- 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
- 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
- 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
- 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
- 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
- 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
- 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
- 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
- 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
- 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
- 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
- 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
- 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
- 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
- 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
- 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
- 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
- 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
- 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
- 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
- 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
- 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
- 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
- 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
- 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
- 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
- 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
- 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
- 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
- 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
- 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
- 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
- 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
- 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
- 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
- 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
- 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
- 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
- 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
- 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
- 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
- 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
- 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
- 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
- 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static byte privateEd25519[] = {
- 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- static byte badPrivateEd25519[] = {
- 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
- 0xa1,0x22,0x04,0x21,0xd7,0x5a,0x98,0x01, /* octet len 0x20 -> 0x21 */
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a,
- 0x00 /* add additional bytes to make the pubkey bigger */
- };
- static byte publicEd25519[] = {
- 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
- 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a
- };
- /* size has been altered to catch if sanity check is done */
- static byte badPublicEd25519[] = {
- 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
- 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a,
- 0x00 /* add an additional byte to make the pubkey appear bigger */
- };
- static byte privPubEd25519[] = {
- 0x30,0x50,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
- 0x81,0x20,0xd7,0x5a,0x98,0x01,0x82,0xb1,
- 0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64,
- 0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6,
- 0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07,
- 0x51,0x1a
- };
- word32 idx;
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
- ed25519_key key3;
- #endif
- /* create ed25519 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -11000;
- wc_ed25519_init_ex(&key, HEAP_HINT, devId);
- wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
- #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
- wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
- #endif
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
- /* helper functions for signature and key size */
- keySz = wc_ed25519_size(&key);
- sigSz = wc_ed25519_sig_size(&key);
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
- pKeySz[i], &key) != 0)
- return -11001 - i;
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
- return -11011 - i;
- if (XMEMCMP(out, sigs[i], 64))
- return -11021 - i;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) != 0 || verify != 1)
- return -11031 - i;
- #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
- /* test verify on good msg using streaming interface directly */
- if (wc_ed25519_verify_msg_init(out, outlen,
- &key, (byte)Ed25519, NULL, 0) != 0)
- return -11211 - i;
- for (j = 0; j < msgSz[i]; j += i) {
- if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0)
- return -11221 - i;
- }
- if (wc_ed25519_verify_msg_final(out, outlen, &verify,
- &key) != 0 || verify != 1)
- return -11231 - i;
- #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
- /* test verify on bad msg */
- out[outlen-1] = out[outlen-1] + 1;
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) == 0 || verify == 1)
- return -11041 - i;
- #endif /* HAVE_ED25519_VERIFY */
- /* test api for import/exporting keys */
- exportPSz = sizeof(exportPKey);
- exportSSz = sizeof(exportSKey);
- if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
- return -11051 - i;
- if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0)
- return -11061 - i;
- if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
- return -11071 - i;
- if (wc_ed25519_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, &key2) != 0)
- return -11081 - i;
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
- return -11091 - i;
- #if defined(HAVE_ED25519_VERIFY)
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key2) != 0 || verify != 1)
- return -11101 - i;
- if (XMEMCMP(out, sigs[i], 64))
- return -11111 - i;
- #endif /* HAVE_ED25519_VERIFY */
- }
- ret = ed25519ctx_test();
- if (ret != 0)
- return ret;
- ret = ed25519ph_test();
- if (ret != 0)
- return ret;
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
- sizeof(privateEd25519)) != 0)
- return -11121;
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3,
- sizeof(badPrivateEd25519)) == 0)
- return -11122;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3)
- != BAD_FUNC_ARG)
- return -11131;
- /* try with a buffer size that is too large */
- idx = 0;
- if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
- sizeof(badPublicEd25519)) == 0)
- return -11140;
- idx = 0;
- if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
- sizeof(publicEd25519)) != 0)
- return -11141;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
- return -11151;
- if (XMEMCMP(out, sigs[0], 64))
- return -11161;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3)
- != 0 || verify != 1)
- return -11171;
- #endif /* HAVE_ED25519_VERIFY */
- wc_ed25519_free(&key3);
- wc_ed25519_init(&key3);
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
- sizeof(privPubEd25519)) != 0)
- return -11181;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
- return -11191;
- if (XMEMCMP(out, sigs[0], 64))
- return -11201;
- wc_ed25519_free(&key3);
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- /* clean up keys when done */
- wc_ed25519_free(&key);
- wc_ed25519_free(&key2);
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed25519_test_cert();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_CERT_GEN
- ret = ed25519_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_CURVE448
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* Test the wc_curve448_check_public API.
- *
- * returns 0 on success and -ve on failure.
- */
- static int curve448_check_public_test(void)
- {
- /* Little-endian values that will fail */
- byte fail_le[][CURVE448_KEY_SIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- };
- /* Big-endian values that will fail */
- byte fail_be[][CURVE448_KEY_SIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- };
- /* Good or valid public value */
- byte good[CURVE448_KEY_SIZE] = {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- int i;
- /* Parameter checks */
- /* NULL pointer */
- if (wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN) !=
- BAD_FUNC_ARG) {
- return -11300;
- }
- if (wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN) != BAD_FUNC_ARG) {
- return -11301;
- }
- /* Length of 0 treated differently to other invalid lengths for TLS */
- if (wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN) != BUFFER_E)
- return -11302;
- if (wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN) != BUFFER_E)
- return -11303;
- /* Length not CURVE448_KEY_SIZE */
- for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
- if (i == CURVE448_KEY_SIZE)
- continue;
- if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return -11304 - i;
- }
- if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return -11314 - i;
- }
- }
- /* Little-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
- if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE,
- EC448_LITTLE_ENDIAN) == 0) {
- return -11324 - i;
- }
- }
- /* Big-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
- if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE,
- EC448_BIG_ENDIAN) == 0) {
- return -11334 - i;
- }
- }
- /* Check a valid public value works! */
- if (wc_curve448_check_public(good, CURVE448_KEY_SIZE,
- EC448_LITTLE_ENDIAN) != 0) {
- return -11344;
- }
- if (wc_curve448_check_public(good, CURVE448_KEY_SIZE,
- EC448_BIG_ENDIAN) != 0) {
- return -11345;
- }
- return 0;
- }
- #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE int curve448_test(void)
- {
- WC_RNG rng;
- int ret;
- #ifdef HAVE_CURVE448_SHARED_SECRET
- byte sharedA[CURVE448_KEY_SIZE];
- byte sharedB[CURVE448_KEY_SIZE];
- word32 y;
- #endif
- #ifdef HAVE_CURVE448_KEY_EXPORT
- byte exportBuf[CURVE448_KEY_SIZE];
- #endif
- word32 x;
- curve448_key userA, userB, pubKey;
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* test vectors from
- https://www.rfc-editor.org/rfc/rfc7748.html
- */
- /* secret key for party a */
- byte sa[] = {
- 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a,
- 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00,
- 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74,
- 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4,
- 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee,
- 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75,
- 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a,
- };
- /* public key for party a */
- byte pa[] = {
- 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17,
- 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c,
- 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8,
- 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa,
- 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27,
- 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d,
- 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b,
- };
- /* secret key for party b */
- byte sb[] = {
- 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36,
- 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37,
- 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb,
- 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f,
- 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6,
- 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99,
- 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c,
- };
- /* public key for party b */
- byte pb[] = {
- 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07,
- 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7,
- 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc,
- 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3,
- 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d,
- 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc,
- 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e,
- };
- /* expected shared key */
- byte ss[] = {
- 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44,
- 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52,
- 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd,
- 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28,
- 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d,
- 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec,
- 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07,
- };
- #endif /* HAVE_CURVE448_SHARED_SECRET */
- (void)x;
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -11400;
- wc_curve448_init(&userA);
- wc_curve448_init(&userB);
- wc_curve448_init(&pubKey);
- /* make curve448 keys */
- if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA) != 0)
- return -11401;
- if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB) != 0)
- return -11402;
- #ifdef HAVE_CURVE448_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -11403;
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -11404;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -11405;
- if (XMEMCMP(sharedA, sharedB, x))
- return -11406;
- #endif
- #ifdef HAVE_CURVE448_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- if (wc_curve448_export_public(&userA, exportBuf, &x) != 0)
- return -11407;
- #ifdef HAVE_CURVE448_KEY_IMPORT
- if (wc_curve448_import_public(exportBuf, x, &pubKey) != 0)
- return -11408;
- #endif
- #endif
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
- return -11409;
- if (XMEMCMP(sharedA, sharedB, y))
- return -11410;
- /* import RFC test vectors and compare shared key */
- if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -11411;
- if (wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
- != 0)
- return -11412;
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userA, &userB, sharedB, &y) != 0)
- return -11413;
- if (XMEMCMP(ss, sharedB, y))
- return -11414;
- /* test swapping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -11415;
- if (XMEMCMP(ss, sharedB, y))
- return -11416;
- /* test with 1 generated key and 1 from known test vector */
- if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -11417;
- if (wc_curve448_make_key(&rng, 56, &userB) != 0)
- return -11418;
- x = sizeof(sharedA);
- if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -11419;
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -11420;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -11421;
- if (XMEMCMP(sharedA, sharedB, x))
- return -11422;
- ret = curve448_check_public_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
- /* clean up keys when done */
- wc_curve448_free(&pubKey);
- wc_curve448_free(&userB);
- wc_curve448_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE448 */
- #ifdef HAVE_ED448
- #ifdef WOLFSSL_TEST_CERT
- static int ed448_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED448_VERIFY
- ed448_key key;
- ed448_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- int ret;
- byte* tmp;
- size_t bytes;
- XFILE file;
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-11430, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert);
- bytes = sizeof_ca_ed448_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(caEd448Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-11431, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-11432, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-11433, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert);
- bytes = sizeof_server_ed448_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(serverEd448Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-11434, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-11435, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-11436, done);
- }
- #ifdef HAVE_ED448_VERIFY
- ret = wc_ed448_init(&key);
- if (ret < 0) {
- ERROR_OUT(-11437, done);
- }
- pubKey = &key;
- ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey);
- if (ret < 0) {
- ERROR_OUT(-11438, done);
- }
- if (wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey, NULL, 0) < 0 || verify != 1) {
- ERROR_OUT(-11439, done);
- }
- #endif /* HAVE_ED448_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED448_VERIFY
- wc_ed448_free(pubKey);
- #endif /* HAVE_ED448_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static int ed448_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed448_key key;
- ed448_key* privKey = NULL;
- int ret = 0;
- byte* tmp = NULL;
- wc_InitCert_ex(&cert, HEAP_HINT, devId);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -11450;
- wc_ed448_init(&key);
- privKey = &key;
- wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0) {
- ERROR_OUT(-11451, done);
- }
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-11452, done);
- }
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-11453, done);
- }
- #endif
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-11454, done);
- }
- cert.sigType = CTC_ED448;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-11455, done);
- }
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE,
- privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-11456, done);
- }
- InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0) {
- ERROR_OUT(-11457, done);
- }
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed448_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(HAVE_ED448_KEY_IMPORT)
- static int ed448_ctx_test(void)
- {
- byte out[ED448_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- ed448_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
- 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
- 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
- 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
- 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
- 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
- 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
- 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
- 0x4e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
- 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
- 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
- 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
- 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
- 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
- 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
- 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = {
- 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46,
- 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55,
- 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab,
- 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2,
- 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2,
- 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21,
- 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea,
- 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda,
- 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d,
- 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24,
- 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f,
- 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d,
- 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98,
- 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c,
- 0x3c, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
- 0x03
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_init_ex(&key, HEAP_HINT, devId) != 0)
- return -11500;
- if (wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx,
- sizeof(pKeyCtx), &key) != 0)
- return -11501;
- if (wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- contextCtx, sizeof(contextCtx)) != 0)
- return -11502;
- if (XMEMCMP(out, sigCtx, sizeof(sigCtx)))
- return -11503;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key,
- contextCtx, sizeof(contextCtx)) != 0 || verify != 1)
- return -11504;
- #endif
- wc_ed448_free(&key);
- return 0;
- }
- static int ed448ph_test(void)
- {
- byte out[ED448_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- ed448_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
- 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
- 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
- 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
- 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42,
- 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27,
- 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3,
- 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c,
- 0x49
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
- 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77,
- 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31,
- 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde,
- 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43,
- 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5,
- 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76,
- 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
- 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d,
- 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69,
- 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56,
- 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38,
- 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15,
- 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd,
- 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b,
- 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd,
- 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94,
- 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5,
- 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94,
- 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3,
- 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60,
- 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9,
- 0x0f, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
- 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02,
- 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9,
- 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49,
- 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48,
- 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92,
- 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda,
- 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2,
- 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3,
- 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23,
- 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30,
- 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb,
- 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28,
- 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a,
- 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13,
- 0x21, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
- 0x61,0x62,0x63
- };
- /* SHA-512 hash of msgPh */
- WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
- 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
- 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
- 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
- 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
- 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
- 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
- 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f,
- 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_init_ex(&key, HEAP_HINT, devId) != 0)
- return -11600;
- if (wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh,
- sizeof(pKeyPh), &key) != 0) {
- return -11601;
- }
- if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
- 0) != 0) {
- return -11602;
- }
- if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
- return -11603;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
- NULL, 0) != 0 || verify != 1) {
- return -11604;
- }
- #endif
- if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2)) != 0) {
- return -11605;
- }
- if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
- return -11606;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
- contextPh2, sizeof(contextPh2)) != 0 ||
- verify != 1) {
- return -11607;
- }
- #endif
- if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
- 0) != 0) {
- return -11608;
- }
- if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
- return -11609;
- #if defined(HAVE_ED448_VERIFY)
- if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, NULL, 0) != 0 || verify != 1) {
- return -11610;
- }
- #endif
- if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2)) != 0) {
- return -11611;
- }
- if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
- return -11612;
- #if defined(HAVE_ED448_VERIFY)
- if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, contextPh2, sizeof(contextPh2)) != 0 ||
- verify != 1) {
- return -11613;
- }
- #endif
- wc_ed448_free(&key);
- return 0;
- }
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
- {
- int ret;
- WC_RNG rng;
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
- defined(HAVE_ED448_KEY_IMPORT)
- byte out[ED448_SIG_SIZE];
- int i;
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- #ifdef WOLFSSL_ED448_STREAMING_VERIFY
- int j;
- #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- word32 keySz, sigSz;
- #ifdef WOLFSSL_SMALL_STACK
- ed448_key *key = NULL;
- ed448_key *key2 = NULL;
- #else
- ed448_key key[1];
- ed448_key key2[1];
- #endif
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(HAVE_ED448_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/rfc8032
- */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
- 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
- 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
- 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
- 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
- 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
- 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
- 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
- 0x4e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
- 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
- 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
- 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
- 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
- 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
- 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
- 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
- 0x1b
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- /* compressed prefix test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
- 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73,
- 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8,
- 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83,
- 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec,
- 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea,
- 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19,
- 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c,
- 0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
- 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
- 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
- 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
- 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
- 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
- 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
- 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
- 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
- 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
- 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
- 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
- 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
- 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
- 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
- 0x80
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
- 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94,
- 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb,
- 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14,
- 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d,
- 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c,
- 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd,
- 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4,
- 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
- 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89,
- 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77,
- 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35,
- 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35,
- 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7,
- 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33,
- 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79,
- 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb,
- 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36,
- 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36,
- 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29,
- 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f,
- 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf,
- 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0,
- 0x3a, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
- 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
- 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
- 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
- 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
- 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
- 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
- 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
- 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
- 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
- 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
- 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
- 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
- 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
- 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
- 0x3c, 0x00
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
- 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d,
- 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75,
- 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2,
- 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd,
- 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63,
- 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a,
- 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97,
- 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d,
- 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c,
- 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29,
- 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d,
- 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57,
- 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17,
- 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e,
- 0x1a, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- #define SIGSZ sizeof(sig1)
- PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
- 0x66, 0x81, 0x1e, 0x29, 0x15 };
- /* test of a 1023 byte long message */
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
- 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86,
- 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35,
- 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c,
- 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12,
- 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51,
- 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50,
- 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4,
- 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd,
- 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6,
- 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa,
- 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36,
- 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc,
- 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc,
- 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76,
- 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf,
- 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9,
- 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69,
- 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e,
- 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23,
- 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9,
- 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47,
- 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60,
- 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6,
- 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21,
- 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad,
- 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77,
- 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17,
- 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17,
- 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78,
- 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e,
- 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3,
- 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13,
- 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93,
- 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25,
- 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5,
- 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0,
- 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb,
- 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b,
- 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed,
- 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20,
- 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97,
- 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73,
- 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22,
- 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1,
- 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5,
- 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9,
- 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c,
- 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98,
- 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25,
- 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1,
- 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6,
- 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee,
- 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13,
- 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7,
- 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d,
- 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6,
- 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f,
- 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42,
- 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8,
- 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4,
- 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6,
- 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68,
- 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00,
- 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9,
- 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c,
- 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40,
- 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6,
- 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41,
- 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c,
- 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84,
- 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2,
- 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56,
- 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63,
- 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa,
- 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99,
- 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab,
- 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c,
- 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2,
- 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42,
- 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3,
- 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17,
- 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26,
- 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20,
- 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35,
- 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e,
- 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72,
- 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a,
- 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14,
- 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53,
- 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc,
- 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c,
- 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67,
- 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01,
- 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa,
- 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65,
- 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05,
- 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde,
- 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37,
- 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07,
- 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63,
- 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd,
- 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64,
- 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a,
- 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d,
- 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6,
- 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c,
- 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2,
- 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c,
- 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7,
- 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56,
- 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1,
- 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e,
- 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9,
- 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15,
- 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd,
- 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd,
- 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d,
- 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b,
- 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56,
- 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4,
- 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b,
- 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69,
- 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4,
- 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95,
- 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff,
- 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e,
- 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1,
- 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static const byte privateEd448[] = {
- 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
- 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39,
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- static const byte publicEd448[] = {
- 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
- 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b,
- 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
- 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
- 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
- 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
- 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
- 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
- 0xaf, 0xe8, 0x25, 0x61, 0x80
- };
- static const byte privPubEd448[] = {
- 0x30, 0x81, 0x82, 0x02, 0x01, 0x00, 0x30, 0x05,
- 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04,
- 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d,
- 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e,
- 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c,
- 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48,
- 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04,
- 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f,
- 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98,
- 0xf9, 0x5b, 0x81, 0x39, 0x5f, 0xd7, 0x44, 0x9b,
- 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
- 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
- 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
- 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
- 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
- 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
- 0xaf, 0xe8, 0x25, 0x61, 0x80
- };
- word32 idx;
- #endif /* NO_ASN */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- #ifdef WOLFSSL_SMALL_STACK
- ed448_key *key3 = NULL;
- #else
- ed448_key key3[1];
- #endif
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- key2 = (ed448_key *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- key3 = (ed448_key *)XMALLOC(sizeof(*key3), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- /* create ed448 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- XMEMSET(&rng, 0, sizeof(rng));
- ERROR_OUT(-11700, out);
- }
- if (wc_ed448_init(key) < 0)
- ERROR_OUT(-11903, out);
- if (wc_ed448_init(key2) < 0)
- ERROR_OUT(-11904, out);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- if (wc_ed448_init(key3) < 0)
- ERROR_OUT(-11905, out);
- #endif
- if (wc_ed448_make_key(&rng, ED448_KEY_SIZE, key) < 0)
- ERROR_OUT(-11906, out);
- if (wc_ed448_make_key(&rng, ED448_KEY_SIZE, key2) < 0)
- ERROR_OUT(-11907, out);
- /* helper functions for signature and key size */
- keySz = wc_ed448_size(key);
- sigSz = wc_ed448_sig_size(key);
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
- defined(HAVE_ED448_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i],
- pKeySz[i], key) != 0)
- ERROR_OUT(-11701 - i, out);
- if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key, NULL,
- 0) != 0)
- ERROR_OUT(-11711 - i, out);
- if (XMEMCMP(out, sigs[i], 114))
- ERROR_OUT(-11721 - i, out);
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
- NULL, 0) != 0 || verify != 1)
- ERROR_OUT(-11731 - i, out);
- #ifdef WOLFSSL_ED448_STREAMING_VERIFY
- /* test verify on good msg using streaming interface directly */
- if (wc_ed448_verify_msg_init(out, outlen,
- key, (byte)Ed448, NULL, 0) != 0)
- ERROR_OUT(-11911 - i, out);
- for (j = 0; j < msgSz[i]; j += i) {
- if (wc_ed448_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
- ERROR_OUT(-11921 - i, out);
- }
- if (wc_ed448_verify_msg_final(out, outlen, &verify,
- key) != 0 || verify != 1)
- ERROR_OUT(-11931 - i, out);
- #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
- /* test verify on bad msg */
- out[outlen-2] = out[outlen-2] + 1;
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
- NULL, 0) == 0 || verify == 1)
- ERROR_OUT(-11741 - i, out);
- #endif /* HAVE_ED448_VERIFY */
- /* test api for import/exporting keys */
- {
- byte *exportPKey = NULL;
- byte *exportSKey = NULL;
- word32 exportPSz = ED448_KEY_SIZE;
- word32 exportSSz = ED448_KEY_SIZE;
- exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((exportPKey == NULL) || (exportSKey == NULL))
- ERROR_OUT(-11902, out);
- ret = 0;
- do {
- if (wc_ed448_export_public(key, exportPKey, &exportPSz) != 0) {
- ret = -11751 - i;
- break;
- }
- if (wc_ed448_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) {
- ret = -11761 - i;
- break;
- }
- if (wc_ed448_export_private_only(key, exportSKey, &exportSSz) != 0) {
- ret = -11771 - i;
- break;
- }
- if (wc_ed448_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, key2) != 0) {
- ret = -11781 - i;
- break;
- }
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key2, NULL,
- 0) != 0) {
- ret = -11791 - i;
- break;
- }
- } while(0);
- XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (ret != 0)
- goto out;
- }
- #if defined(HAVE_ED448_VERIFY)
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2,
- NULL, 0) != 0 || verify != 1)
- ERROR_OUT(-11801 - i, out);
- if (XMEMCMP(out, sigs[i], SIGSZ))
- ERROR_OUT(-11811 - i, out);
- #endif /* HAVE_ED448_VERIFY */
- }
- ret = ed448_ctx_test();
- if (ret != 0)
- goto out;
- ret = ed448ph_test();
- if (ret != 0)
- goto out;
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, key3,
- sizeof(privateEd448)) != 0)
- ERROR_OUT(-11821, out);
- if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0)
- != BAD_FUNC_ARG)
- ERROR_OUT(-11831, out);
- idx = 0;
- if (wc_Ed448PublicKeyDecode(publicEd448, &idx, key3,
- sizeof(publicEd448)) != 0)
- ERROR_OUT(-11841, out);
- if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0) != 0)
- ERROR_OUT(-11851, out);
- if (XMEMCMP(out, sigs[0], SIGSZ))
- ERROR_OUT(-11861, out);
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3,
- NULL, 0) != 0 || verify != 1)
- ERROR_OUT(-11871, out);
- #endif /* HAVE_ED448_VERIFY */
- wc_ed448_free(key3);
- if (wc_ed448_init(key3) < 0)
- ERROR_OUT(-11908, out);
- idx = 0;
- if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, key3,
- sizeof(privPubEd448)) != 0)
- ERROR_OUT(-11881, out);
- if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0) != 0)
- ERROR_OUT(-11891, out);
- if (XMEMCMP(out, sigs[0], SIGSZ))
- ERROR_OUT(-11901, out);
- #endif /* NO_ASN */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- ret = 0;
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- wc_ed448_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_ed448_free(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- if (key3) {
- wc_ed448_free(key3);
- XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else
- wc_ed448_free(key);
- wc_ed448_free(key2);
- #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
- wc_ed448_free(key3);
- #endif
- #endif
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- if (ret < 0)
- return ret;
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed448_test_cert();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_CERT_GEN
- ret = ed448_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED448 */
- #ifdef WOLFCRYPT_HAVE_ECCSI
- static int eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
- ecc_point* pvt)
- {
- int ret;
- byte id[1] = { 0x00 };
- int valid;
- word32 sz;
- byte data[256];
- byte hash[WC_MAX_DIGEST_SIZE];
- byte hashSz;
- byte sig[257];
- word32 sigSz;
- ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10023;
- ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10024;
- ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10025;
- ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10026;
- wc_FreeEccsiKey(NULL);
- /* Create a valid key. */
- ret = wc_InitEccsiKey(key, NULL, INVALID_DEVID);
- if (ret != 0)
- return -10027;
- ret = wc_MakeEccsiKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10028;
- ret = wc_MakeEccsiKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10029;
- ret = wc_MakeEccsiKey(NULL, rng);
- if (ret != BAD_FUNC_ARG)
- return -10030;
- ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return -10031;
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10032;
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10033;
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10034;
- ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10035;
- ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10036;
- /* No key set */
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_STATE_E)
- return -10037;
- ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return -10038;
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return -10039;
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10040;
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10041;
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10042;
- ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10043;
- /* No key set */
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- &valid);
- if (ret != BAD_STATE_E)
- return -10044;
- ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10045;
- ret = wc_ValidateEccsiPvt(key, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10046;
- ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10047;
- ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
- if (ret != BAD_FUNC_ARG)
- return -10048;
- ret = wc_ValidateEccsiPvt(key, pvt, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10049;
- ret = wc_ValidateEccsiPvt(key, NULL, &valid);
- if (ret != BAD_FUNC_ARG)
- return -10050;
- ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
- if (ret != BAD_FUNC_ARG)
- return -10051;
- ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10052;
- ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10053;
- ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10054;
- ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10055;
- ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10056;
- /* No key created so no curve information. */
- ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10057;
- ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10058;
- ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10059;
- ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10060;
- ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10061;
- ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10058;
- ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10059;
- ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10060;
- ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10061;
- ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10062;
- ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10063;
- ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10064;
- ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10065;
- ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10066;
- ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10067;
- ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10068;
- ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
- if (ret != BAD_FUNC_ARG)
- return -10069;
- ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
- if (ret != BAD_FUNC_ARG)
- return -10070;
- ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10067;
- ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10068;
- ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10069;
- ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10070;
- ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10067;
- ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10068;
- ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10069;
- ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10070;
- ret = wc_ExportEccsiKey(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10071;
- ret = wc_ExportEccsiKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10072;
- ret = wc_ExportEccsiKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10073;
- /* No key to export */
- ret = wc_ExportEccsiKey(key, NULL, &sz);
- if (ret != BAD_STATE_E)
- return -10074;
- ret = wc_ImportEccsiKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -10075;
- ret = wc_ImportEccsiKey(key, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -10076;
- ret = wc_ImportEccsiKey(NULL, data, 0);
- if (ret != BAD_FUNC_ARG)
- return -10077;
- ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10071;
- ret = wc_ExportEccsiPrivateKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10072;
- ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10073;
- /* No key to export */
- ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
- if (ret != BAD_STATE_E)
- return -10074;
- ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -10075;
- ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -10076;
- ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
- if (ret != BAD_FUNC_ARG)
- return -10077;
- ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10078;
- ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10079;
- ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10080;
- /* No key to export */
- ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
- if (ret != BAD_STATE_E)
- return -10081;
- ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return -10082;
- ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return -10083;
- ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return -10084;
- ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10085;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10086;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return -10087;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return -10088;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
- &hashSz);
- if (ret != BAD_FUNC_ARG)
- return -10089;
- ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
- if (ret != BAD_STATE_E)
- return -10091;
- ret = wc_SetEccsiHash(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiHash(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiHash(NULL, hash, 1);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(key, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(NULL, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(NULL, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(key, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(key, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(NULL, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10092;
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10093;
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return -10096;
- ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return -10098;
- ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return -10099;
- /* Key not set. */
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
- &sigSz);
- if (ret != BAD_STATE_E)
- return -10100;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10102;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10103;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10104;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10106;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
- &valid);
- if (ret != BAD_STATE_E)
- return -10106;
- ret = wc_SetEccsiPair(key, ssk, pvt);
- if (ret != 0)
- return -10107;
- /* Identity hash not set. */
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
- &sigSz);
- if (ret != BAD_STATE_E)
- return -10108;
- wc_FreeEccsiKey(key);
- return 0;
- }
- /* RFC 6507: Appendix A */
- static int eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt)
- {
- int ret;
- int verified;
- const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 };
- word32 msgSz = sizeof(msg);
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashSz = WC_SHA256_DIGEST_SIZE;
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- word32 idSz = sizeof(id);
- static const byte sig[] = {
- 0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74,
- 0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D,
- 0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93,
- 0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81,
- 0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF,
- 0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC,
- 0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67,
- 0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD,
- 0x04,
- 0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8,
- 0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75,
- 0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3,
- 0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9,
- 0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3,
- 0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74,
- 0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52,
- 0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79
- };
- word32 sigSz = sizeof(sig);
- static const byte pubData[] = {
- 0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F,
- 0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A,
- 0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8,
- 0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93,
- 0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B,
- 0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A,
- 0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03,
- 0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4
- };
- static const byte expHash[] = {
- 0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f,
- 0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79,
- 0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38,
- 0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1
- };
- ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return -10108;
- ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt);
- if (ret != 0)
- return -10109;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash,
- &hashSz);
- if (ret != 0)
- return -10112;
- if (hashSz != sizeof(expHash))
- return -10113;
- if (XMEMCMP(hash, expHash, hashSz) != 0)
- return -10114;
- ret = wc_SetEccsiHash(key, hash, hashSz);
- if (ret != 0)
- return -10112;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10115;
- if (!verified)
- return -10116;
- return 0;
- }
- static int eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
- {
- int ret;
- byte data[32 * 3];
- word32 sz;
- ecc_point* decPvt = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *decSsk = (mp_int *)XMALLOC(sizeof(*decSsk), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (decSsk == NULL)
- return -10173;
- #else
- mp_int decSsk[1];
- #endif
- ret = mp_init(decSsk);
- if (ret != 0)
- ERROR_OUT(-10117, out);
- decPvt = wc_ecc_new_point();
- if (decPvt == NULL)
- ERROR_OUT(-10118, out);
- ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(-10119, out);
- if (sz != 32 * 3)
- ERROR_OUT(-10120, out);
- ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz);
- if (ret != 0)
- ERROR_OUT(-10121, out);
- if (sz != 32* 3)
- ERROR_OUT(-10122, out);
- ret = wc_DecodeEccsiPair(priv, data, sz, decSsk, decPvt);
- if (ret != 0)
- ERROR_OUT(-10123, out);
- if (mp_cmp(ssk, decSsk) != MP_EQ)
- ERROR_OUT(-10124, out);
- if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
- ERROR_OUT(-10125, out);
- ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(-10119, out);
- if (sz != 32)
- ERROR_OUT(-10120, out);
- ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz);
- if (ret != 0)
- ERROR_OUT(-10121, out);
- if (sz != 32)
- ERROR_OUT(-10122, out);
- ret = wc_DecodeEccsiSsk(priv, data, sz, decSsk);
- if (ret != 0)
- ERROR_OUT(-10123, out);
- if (mp_cmp(ssk, decSsk) != MP_EQ)
- ERROR_OUT(-10124, out);
- ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- ERROR_OUT(-10126, out);
- if (sz != 32 * 2)
- ERROR_OUT(-10127, out);
- ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1);
- if (ret != 0)
- ERROR_OUT(-10128, out);
- if (sz != 32 * 2)
- ERROR_OUT(-10129, out);
- ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
- if (ret != 0)
- ERROR_OUT(-10130, out);
- if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
- ERROR_OUT(-10131, out);
- sz = sizeof(data);
- ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0);
- if (ret != 0)
- ERROR_OUT(-10128, out);
- if (sz != 32 * 2 + 1)
- ERROR_OUT(-10129, out);
- ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
- if (ret != 0)
- ERROR_OUT(-10130, out);
- if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
- ERROR_OUT(-10131, out);
- wc_ecc_del_point(decPvt);
- out:
- mp_free(decSsk);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(decSsk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- static int eccsi_imp_exp_key_test(EccsiKey* priv)
- {
- int ret;
- byte data[32 * 3];
- byte out[32 * 3];
- word32 sz;
- ret = wc_ExportEccsiKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10132;
- if (sz != 32 * 3)
- return -10133;
- ret = wc_ExportEccsiKey(priv, data, &sz);
- if (ret != 0)
- return -10134;
- ret = wc_ImportEccsiKey(priv, data, sz);
- if (ret != 0)
- return -10135;
- ret = wc_ExportEccsiKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10132;
- if (sz != 32 * 3)
- return -10143;
- ret = wc_ExportEccsiKey(priv, out, &sz);
- if (ret != 0)
- return -10144;
- if (sz != 32 * 3)
- return -10145;
- if (XMEMCMP(data, out, sz) != 0)
- return -10146;
- ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10156;
- if (sz != 32)
- return -10157;
- ret = wc_ExportEccsiPrivateKey(priv, data, &sz);
- if (ret != 0)
- return -10158;
- ret = wc_ImportEccsiPrivateKey(priv, data, sz);
- if (ret != 0)
- return -10159;
- ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10152;
- if (sz != 32)
- return -10163;
- ret = wc_ExportEccsiPrivateKey(priv, out, &sz);
- if (ret != 0)
- return -10164;
- if (sz != 32)
- return -10165;
- if (XMEMCMP(data, out, sz) != 0)
- return -10166;
- return 0;
- }
- static int eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
- {
- int ret;
- byte data[32 * 2 + 1];
- byte pubData[32 * 2 + 1];
- word32 sz;
- ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return -10136;
- if (sz != 32 * 2)
- return -10137;
- ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1);
- if (ret != 0)
- return -10138;
- ret = wc_ImportEccsiPublicKey(key2, data, sz, 1);
- if (ret != 0)
- return -10139;
- sz = sizeof(pubData);
- ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1);
- if (ret != 0)
- return -10140;
- if (sz != 32 * 2)
- return -10141;
- if (XMEMCMP(data, pubData, sz) != 0)
- return -10142;
- sz = sizeof(pubData);
- ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0);
- if (ret != 0)
- return -10140;
- if (sz != 32 * 2 + 1)
- return -10141;
- if (pubData[0] != 0x04)
- return -10140;
- if (XMEMCMP(pubData + 1, data, sz - 1) != 0)
- return -10142;
- ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0);
- if (ret != 0)
- return -10139;
- return 0;
- }
- static int eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
- mp_int* ssk, ecc_point* pvt)
- {
- int ret;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32) XSTRLEN(mail);
- int valid;
- ret = wc_MakeEccsiKey(priv, rng);
- if (ret != 0)
- return -10143;
- ret = eccsi_imp_exp_key_test(priv);
- if (ret < 0)
- return ret;
- ret = eccsi_imp_exp_pubkey_test(priv, pub);
- if (ret < 0)
- return ret;
- ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt);
- if (ret != 0)
- return -10144;
- ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
- &valid);
- if (ret != 0)
- return -10145;
- if (!valid)
- return -10146;
- ret = eccsi_enc_dec_pair_test(priv, ssk, pvt);
- if (ret != 0)
- return ret;
- return 0;
- }
- static int eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
- mp_int* ssk, ecc_point* pvt)
- {
- int ret;
- byte hashPriv[WC_MAX_DIGEST_SIZE];
- byte hashPub[WC_MAX_DIGEST_SIZE];
- byte hashSz;
- byte sig[144];
- word32 sigSz;
- int verified, valid;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32) XSTRLEN(mail);
- byte msg[] = { 0x00 };
- word32 msgSz = sizeof(msg);
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
- &hashSz);
- if (ret != 0)
- return -10147;
- if (hashSz != 32)
- return -10148;
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub,
- &hashSz);
- if (ret != 0)
- return -10149;
- if (hashSz != 32)
- return -10150;
- if (XMEMCMP(hashPriv, hashPub, hashSz) != 0)
- return -10151;
- ret = wc_SetEccsiHash(priv, hashPriv, hashSz);
- if (ret != 0)
- return -10149;
- ret = wc_SetEccsiPair(priv, ssk, pvt);
- if (ret != 0)
- return -10149;
- ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
- &sigSz);
- if (ret != LENGTH_ONLY_E)
- return -10152;
- if (sigSz != 129)
- return -10153;
- ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig,
- &sigSz);
- if (ret != 0)
- return -10154;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return -10149;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10155;
- if (!verified)
- return -10156;
- /* Check that changing HS results in verification failure. */
- hashPub[0] ^= 0x80;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return -10149;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10157;
- if (verified)
- return -10158;
- hashPub[0] ^= 0x80;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return -10149;
- /* Check that changing msg results in verification failure. */
- msg[0] ^= 0x80;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10159;
- if (verified)
- return -10160;
- msg[0] ^= 0x80;
- /* Check that changing signature results in verification failure. */
- sig[0] ^= 0x80;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10161;
- if (verified)
- return -10162;
- sig[0] ^= 0x80;
- /* Check that key state hasn't been invalidated. */
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10163;
- if (!verified)
- return -10164;
- /* Check that verifying with the private key works. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10165;
- if (!verified)
- return -10166;
- /* Check that the KPAK is converted from montgomery form. */
- ret = eccsi_imp_exp_key_test(priv);
- if (ret != 0)
- return ret;
- /* Check that KPAK can converted to Montgomery form again. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10167;
- if (!verified)
- return -10168;
- /* Check that the KPAK is converted from montgomery form. */
- ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
- &valid);
- if (ret != 0)
- return -10169;
- if (!valid)
- return -10170;
- /* Check that KPAK can converted to Montgomery form again. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10171;
- if (!verified)
- return -10172;
- /* Check that the KPAK is converted from montgomery form. */
- ret = eccsi_imp_exp_pubkey_test(priv, pub);
- if (ret != 0)
- return ret;
- return 0;
- }
- int eccsi_test(void)
- {
- int ret = 0;
- WC_RNG rng;
- int rng_inited = 0;
- EccsiKey* priv = NULL;
- EccsiKey* pub = NULL;
- mp_int* ssk = NULL;
- ecc_point* pvt = NULL;
- priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL)
- ret = -10205;
- else
- XMEMSET(priv, 0, sizeof(*priv));
- if (ret == 0) {
- pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- ret = -10206;
- else
- XMEMSET(pub, 0, sizeof(*pub));
- }
- if (ret == 0) {
- ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ssk == NULL)
- ret = -10207;
- else
- XMEMSET(ssk, 0, sizeof(*ssk));
- }
- if (ret == 0) {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ret = -10200;
- else
- rng_inited = 1;
- }
- if (ret == 0) {
- pvt = wc_ecc_new_point();
- if (pvt == NULL)
- ret = -10201;
- }
- if (ret == 0) {
- ret = mp_init(ssk);
- if (ret != 0)
- ret = -10202;
- }
- if (ret == 0) {
- ret = eccsi_api_test(&rng, priv, ssk, pvt);
- }
- if (ret == 0) {
- ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = -10203;
- }
- if (ret == 0) {
- ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = -10204;
- }
- if (ret == 0) {
- ret = eccsi_kat_verify_test(pub, pvt);
- }
- if (ret == 0) {
- ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
- }
- if (ret == 0) {
- ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
- }
- if (pvt != NULL)
- wc_ecc_del_point(pvt);
- if (rng_inited)
- wc_FreeRng(&rng);
- if (ssk != NULL) {
- mp_free(ssk);
- XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub != NULL) {
- wc_FreeEccsiKey(pub);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (priv != NULL) {
- wc_FreeEccsiKey(priv);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_ECCSI */
- #ifdef WOLFCRYPT_HAVE_SAKKE
- static int sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
- {
- int ret;
- byte id[1] = { 0x00 };
- int valid;
- byte data[256];
- word32 sz;
- byte auth[257];
- word16 authSz;
- byte ssv[256];
- word16 ssvSz;
- word32 len;
- ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10205;
- ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10206;
- wc_FreeSakkeKey(NULL);
- XMEMSET(key, 0, sizeof(*key));
- wc_FreeSakkeKey(key);
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- return -10207;
- ret = wc_MakeSakkeKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10208;
- ret = wc_MakeSakkeKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10209;
- ret = wc_MakeSakkeKey(NULL, rng);
- if (ret != BAD_FUNC_ARG)
- return -10210;
- ret = wc_MakeSakkePublicKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10211;
- ret = wc_MakeSakkePublicKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10212;
- ret = wc_MakeSakkePublicKey(NULL, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10213;
- ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10214;
- ret = wc_MakeSakkeRsk(key, id, 1, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10215;
- ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10216;
- ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10217;
- ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10218;
- ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10219;
- ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
- if (ret != BAD_FUNC_ARG)
- return -10220;
- ret = wc_ExportSakkeKey(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10221;
- ret = wc_ExportSakkeKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10222;
- ret = wc_ExportSakkeKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10223;
- ret = wc_ImportSakkeKey(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10224;
- ret = wc_ImportSakkeKey(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10225;
- ret = wc_ImportSakkeKey(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10226;
- ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10227;
- ret = wc_ExportSakkePrivateKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10228;
- ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10229;
- ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10230;
- ret = wc_ImportSakkePrivateKey(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10231;
- ret = wc_ImportSakkePrivateKey(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10232;
- sz = sizeof(data);
- ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10233;
- ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10234;
- ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10235;
- ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10236;
- ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10237;
- ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10238;
- ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10239;
- ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10240;
- ret = wc_ImportSakkeRsk(NULL, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10237;
- ret = wc_ImportSakkeRsk(key, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10237;
- ret = wc_ImportSakkeRsk(NULL, data, sz);
- if (ret != BAD_FUNC_ARG)
- return -10237;
- ret = wc_ImportSakkeRsk(key, data, 1);
- if (ret != BUFFER_E)
- return -10237;
- ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10241;
- ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10242;
- ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10243;
- ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return -10244;
- ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10245;
- ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return -10246;
- ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
- if (ret != BAD_FUNC_ARG)
- return -10247;
- ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -10248;
- len--;
- ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
- if (ret != BUFFER_E)
- return -10249;
- ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10250;
- ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10251;
- ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10252;
- ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10253;
- ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10254;
- ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10255;
- ret = wc_GetSakkeAuthSize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10256;
- ret = wc_GetSakkeAuthSize(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10257;
- ret = wc_GetSakkeAuthSize(NULL, &authSz);
- if (ret != BAD_FUNC_ARG)
- return -10258;
- ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return -10259;
- ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return -10260;
- ret = wc_MakeSakkePointI(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return -10261;
- ret = wc_MakeSakkePointI(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10262;
- ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return -10263;
- ret = wc_MakeSakkePointI(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10264;
- ret = wc_MakeSakkePointI(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return -10265;
- ret = wc_GenerateSakkePointITable(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10266;
- ret = wc_GenerateSakkePointITable(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10267;
- ret = wc_GenerateSakkePointITable(NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return -10268;
- ret = wc_GenerateSakkePointITable(key, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -10269;
- len--;
- ret = wc_GenerateSakkePointITable(key, data, &len);
- if (ret != BUFFER_E)
- return -10270;
- ret = wc_SetSakkePointITable(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10271;
- ret = wc_SetSakkePointITable(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10272;
- ret = wc_SetSakkePointITable(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10273;
- ret = wc_SetSakkePointITable(key, data, 1);
- if (ret != BUFFER_E)
- return -10274;
- ret = wc_ClearSakkePointITable(NULL);
- if (ret != BAD_FUNC_ARG)
- return -10275;
- ret = wc_GetSakkePointI(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10276;
- ret = wc_GetSakkePointI(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10277;
- ret = wc_GetSakkePointI(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10278;
- sz = 1;
- ret = wc_GetSakkePointI(key, data, &sz);
- if (ret != BUFFER_E)
- return -10279;
- sz = 256;
- ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10280;
- ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10281;
- ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10282;
- ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return -10283;
- ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10284;
- ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return -10285;
- ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
- if (ret != BUFFER_E)
- return -10287;
- ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
- if (ret != BUFFER_E)
- return -10288;
- ret = wc_SetSakkeIdentity(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkeIdentity(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkeIdentity(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ssvSz = sizeof(ssv);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10289;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10290;
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10291;
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return -10292;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10293;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return -10294;
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return -10295;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != BAD_STATE_E)
- return -10295;
- ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10296;
- ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10297;
- ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
- if (ret != BAD_FUNC_ARG)
- return -10298;
- ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
- if (ret != BAD_FUNC_ARG)
- return -10299;
- ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkeRsk(key, NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ssvSz = sizeof(ssv);
- authSz = sizeof(auth);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return -10300;
- ret = wc_SetSakkeIdentity(key, id, 1);
- if (ret != 0)
- return -10286;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return -10300;
- ret = wc_SetSakkeIdentity(key, id, 0);
- if (ret != 0)
- return -10286;
- ret = wc_SetSakkeRsk(key, rsk, data, 1);
- if (ret != 0)
- return -10286;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return -10300;
- wc_FreeSakkeKey(key);
- return 0;
- }
- static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte pubData[] = {
- 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
- 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
- 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
- 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
- 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
- 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
- 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
- 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
- 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
- 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
- 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
- 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
- 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
- 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
- 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
- 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
- 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
- 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
- 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
- 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
- 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
- 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
- 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
- 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
- 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
- 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
- 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
- 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
- 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
- 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
- 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
- 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
- };
- WOLFSSL_SMALL_STACK_STATIC const byte rskData[] = {
- 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
- 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
- 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
- 0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C,
- 0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62,
- 0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C,
- 0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA,
- 0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93,
- 0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79,
- 0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C,
- 0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0,
- 0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94,
- 0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93,
- 0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78,
- 0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53,
- 0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B,
- 0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0,
- 0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A,
- 0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03,
- 0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D,
- 0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18,
- 0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C,
- 0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C,
- 0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F,
- 0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB,
- 0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D,
- 0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A,
- 0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B,
- 0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA,
- 0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40,
- 0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C,
- 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
- };
- WOLFSSL_SMALL_STACK_STATIC const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ssv[] = {
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte auth[] = {
- 0x04,
- 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
- 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
- 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
- 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
- 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
- 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
- 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
- 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
- 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
- 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
- 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
- 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
- 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
- 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
- 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
- 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
- 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
- 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
- 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
- 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
- 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
- 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
- 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
- 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
- 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
- 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
- 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
- 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
- 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
- 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
- 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
- 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
- };
- WOLFSSL_SMALL_STACK_STATIC const byte encSsv[] = {
- 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
- 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
- };
- int ret;
- int valid;
- byte pubKey[sizeof(pubData) + 1];
- word32 sz = sizeof(pubKey);
- byte tmpSsv[sizeof(encSsv)];
- byte* iTable = NULL;
- word32 iTableLen;
- byte* table = NULL;
- word32 len;
- ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return -10315;
- ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk);
- if (ret != 0)
- return -10316;
- ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid);
- if (ret != 0)
- return -10317;
- if (valid != 1)
- return -10318;
- ret = wc_SetSakkeRsk(key, rsk, NULL, 0);
- if (ret != 0)
- return -10319;
- ret = wc_SetSakkeIdentity(key, id, sizeof(id));
- if (ret != 0)
- return -10319;
- XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
- auth, sizeof(auth));
- if (ret != 0)
- return -10322;
- if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
- return -10320;
- ret = wc_MakeSakkePointI(key, id, sizeof(id));
- if (ret != 0)
- return -10321;
- iTableLen = 0;
- ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
- if (ret != LENGTH_ONLY_E)
- return -10322;
- if (iTableLen != 0) {
- iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (iTable == NULL)
- return -10323;
- ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
- if (ret != 0)
- return -10324;
- }
- len = 0;
- ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -10325;
- if (len > 0) {
- table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (table == NULL)
- return -10326;
- ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
- if (ret != 0)
- return -10327;
- }
- ret = wc_SetSakkeRsk(key, rsk, table, len);
- if (ret != 0)
- return -10319;
- XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
- auth, sizeof(auth));
- if (ret != 0)
- return -10328;
- if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
- return -10329;
- /* Don't reference table that is about to be freed. */
- ret = wc_ClearSakkePointITable(key);
- if (ret != 0)
- return -10330;
- /* Dispose of tables */
- if (iTable != NULL)
- XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (table != NULL)
- XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- /* Make sure the key public key is exportable - convert to Montgomery form
- * in Validation.
- */
- ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1);
- if (ret != 0)
- return -10331;
- if (sz != sizeof(pubData))
- return -10332;
- if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0)
- return -10333;
- sz = sizeof(pubData) + 1;
- ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0);
- if (ret != 0)
- return -10334;
- if (sz != sizeof(pubData) + 1)
- return -10335;
- if (pubKey[0] != 0x04)
- return -10336;
- if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0)
- return -10337;
- return 0;
- }
- static int sakke_kat_encapsulate_test(SakkeKey* key)
- {
- static const byte pubData[] = {
- 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
- 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
- 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
- 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
- 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
- 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
- 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
- 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
- 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
- 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
- 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
- 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
- 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
- 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
- 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
- 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
- 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
- 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
- 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
- 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
- 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
- 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
- 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
- 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
- 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
- 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
- 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
- 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
- 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
- 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
- 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
- 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
- };
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- static word32 idSz = sizeof(id);
- byte ssv[] = {
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
- };
- static word16 ssvSz = sizeof(ssv);
- static const byte expAuth[] = {
- 0x04,
- 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
- 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
- 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
- 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
- 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
- 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
- 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
- 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
- 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
- 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
- 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
- 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
- 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
- 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
- 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
- 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
- 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
- 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
- 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
- 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
- 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
- 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
- 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
- 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
- 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
- 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
- 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
- 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
- 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
- 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
- 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
- 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
- };
- static const byte encSsv[] = {
- 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
- 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
- };
- int ret;
- byte auth[257];
- word16 authSz = sizeof(auth);
- ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return -10334;
- ret = wc_SetSakkeIdentity(key, id, idSz);
- if (ret != 0)
- return -10335;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return -10336;
- if (authSz != 257)
- return -10337;
- if (XMEMCMP(ssv, encSsv, ssvSz) != 0)
- return -10338;
- if (XMEMCMP(auth, expAuth, authSz) != 0)
- return -10339;
- return 0;
- }
- static int sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key,
- WC_RNG* rng, ecc_point* rsk)
- {
- int ret;
- byte data[440];
- byte pubData[257];
- word32 sz;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32)XSTRLEN(mail);
- int valid;
- ecc_point* pubKey = rsk;
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != 0)
- return -10339;
- ret = wc_MakeSakkeKey(priv, rng);
- if (ret != 0)
- return -10340;
- ret = wc_ExportSakkeKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10341;
- if (sz != 384)
- return -10342;
- sz--;
- ret = wc_ExportSakkeKey(priv, data, &sz);
- if (ret == 0)
- return -10343;
- sz++;
- ret = wc_ExportSakkeKey(priv, data, &sz);
- if (ret != 0)
- return -10344;
- if (sz != 384)
- return -10345;
- ret = wc_ImportSakkeKey(key, data, sz - 1);
- if (ret == 0)
- return -10346;
- ret = wc_ImportSakkeKey(key, data, sz);
- if (ret != 0)
- return -10347;
- wc_FreeSakkeKey(key);
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != 0)
- return -10348;
- ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10349;
- if (sz != 128)
- return -10350;
- sz--;
- ret = wc_ExportSakkePrivateKey(priv, data, &sz);
- if (ret == 0)
- return -10351;
- sz++;
- ret = wc_ExportSakkePrivateKey(priv, data, &sz);
- if (ret != 0)
- return -10352;
- if (sz != 128)
- return -10353;
- ret = wc_ImportSakkePrivateKey(key, data, sz - 1);
- if (ret == 0)
- return -10354;
- ret = wc_ImportSakkePrivateKey(key, data, sz);
- if (ret != 0)
- return -10355;
- ret = wc_MakeSakkePublicKey(key, pubKey);
- if (ret != 0)
- return -10356;
- ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return -10357;
- if (sz != 256)
- return -10358;
- sz--;
- ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
- if (ret == 0)
- return -10359;
- sz++;
- ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
- if (ret != 0)
- return -10360;
- if (sz != 256)
- return -10361;
- ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1);
- if (ret == 0)
- return -10362;
- ret = wc_ImportSakkePublicKey(pub, data, sz, 1);
- if (ret != 0)
- return -10363;
- ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1);
- if (ret != 0)
- return -10364;
- if (sz != 256)
- return -10365;
- if (XMEMCMP(data, pubData, sz) != 0)
- return -10366;
- ret = wc_MakeSakkeRsk(priv, id, idSz, rsk);
- if (ret != 0)
- return -10367;
- ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid);
- if (ret != 0)
- return -10368;
- if (valid != 1)
- return -10369;
- ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid);
- if (ret != 0)
- return -10370;
- if (valid != 1)
- return -10371;
- sz = sizeof(data);
- ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1);
- if (ret != 0)
- return -10372;
- if (sz != 256)
- return -10373;
- ret = wc_DecodeSakkeRsk(priv, data, sz, rsk);
- if (ret != 0)
- return -10374;
- sz = sizeof(pubData);
- ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0);
- if (ret != 0)
- return -10375;
- if (sz != sizeof(pubData))
- return -10376;
- ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk);
- if (ret != 0)
- return -10377;
- wc_FreeSakkeKey(key);
- return 0;
- }
- static int sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
- ecc_point* rsk)
- {
- int ret;
- byte ssv[16];
- word16 ssvSz;
- byte auth[257];
- word16 authSz;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32)XSTRLEN(mail);
- byte pointI[256];
- word32 sz;
- ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
- if (ret != LENGTH_ONLY_E)
- return -10375;
- if (ssvSz != 16)
- return -10376;
- ssvSz += 128;
- ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
- if (ret == 0)
- return -10377;
- ssvSz -= 128;
- ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
- if (ret != 0)
- return -10378;
- if (ssvSz != 16)
- return -10379;
- ret = wc_GetSakkeAuthSize(pub, &authSz);
- if (ret != 0)
- return -10380;
- ret = wc_SetSakkeIdentity(pub, id, idSz);
- if (ret != 0)
- return -10380;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- NULL, &authSz);
- if (ret != LENGTH_ONLY_E)
- return -10381;
- if (authSz != 257)
- return -10382;
- authSz--;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret == 0)
- return -10383;
- authSz++;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return -10384;
- if (authSz != 257)
- return -10385;
- ret = wc_GetSakkePointI(pub, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10386;
- if (sz != 256)
- return -10387;
- ret = wc_GetSakkePointI(pub, pointI, &sz);
- if (ret != 0)
- return -10388;
- if (sz != 256)
- return -10389;
- /* Bogus identity - make it check and regenerate I. */
- ret = wc_MakeSakkePointI(pub, ssv, ssvSz);
- if (ret != 0)
- return -10391;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return -10392;
- if (authSz != 257)
- return -10393;
- ret = wc_SetSakkeRsk(priv, rsk, NULL, 0);
- if (ret != 0)
- return -10392;
- ret = wc_SetSakkeIdentity(priv, id, idSz);
- if (ret != 0)
- return -10392;
- authSz--;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret == 0)
- return -10394;
- authSz++;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != 0)
- return -10395;
- ssv[0] ^= 0x80;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != SAKKE_VERIFY_FAIL_E)
- return -10396;
- ssv[0] ^= 0x80;
- /* Bogus identity - make it check and regenerate I. */
- ret = wc_MakeSakkePointI(pub, ssv, idSz);
- if (ret != 0)
- return -10397;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != 0)
- return -10398;
- return 0;
- }
- int sakke_test(void)
- {
- int ret = 0;
- WC_RNG rng;
- int rng_inited = 0;
- SakkeKey* priv = NULL;
- SakkeKey* pub = NULL;
- SakkeKey* key = NULL;
- ecc_point* rsk = NULL;
- priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL)
- ret = -10404;
- else
- XMEMSET(priv, 0, sizeof(*priv));
- if (ret == 0) {
- pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL)
- ret = -10405;
- else
- XMEMSET(pub, 0, sizeof(*pub));
- }
- if (ret == 0) {
- key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL)
- ret = -10406;
- else
- XMEMSET(key, 0, sizeof(*key));
- }
- if (ret == 0) {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret == 0)
- rng_inited = 1;
- else
- ret = -10400;
- }
- if (ret == 0) {
- rsk = wc_ecc_new_point();
- if (rsk == NULL)
- ret = -10401;
- }
- if (ret == 0) {
- ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = -10402;
- }
- if (ret == 0) {
- ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = -10403;
- }
- if (ret == 0) {
- ret = sakke_api_test(&rng, key, rsk);
- }
- if (ret == 0) {
- ret = sakke_kat_derive_test(pub, rsk);
- }
- if (ret == 0) {
- ret = sakke_kat_encapsulate_test(pub);
- }
- if (ret == 0) {
- ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
- }
- if (ret == 0) {
- ret = sakke_op_test(priv, pub, &rng, rsk);
- }
- if (rsk != NULL) {
- wc_ecc_forcezero_point(rsk);
- wc_ecc_del_point(rsk);
- }
- if (rng_inited)
- wc_FreeRng(&rng);
- if (key != NULL)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub != NULL) {
- wc_FreeSakkeKey(pub);
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (priv != NULL) {
- wc_FreeSakkeKey(priv);
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_SAKKE */
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- typedef struct CMAC_Test_Case {
- int type;
- int partial;
- const byte* m;
- word32 mSz;
- const byte* k;
- word32 kSz;
- const byte* t;
- word32 tSz;
- } CMAC_Test_Case;
- WOLFSSL_TEST_SUBROUTINE int cmac_test(void)
- {
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte k128[] =
- {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- #define KLEN_128 (sizeof(k128))
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte k192[] =
- {
- 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
- 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
- 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
- };
- #define KLEN_192 (sizeof(k192))
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte k256[] =
- {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
- };
- #define KLEN_256 (sizeof(k256))
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte m[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
- };
- #define MLEN_0 (0)
- #define MLEN_128 (128/8)
- #define MLEN_320 (320/8)
- #define MLEN_319 (MLEN_320 - 1)
- #define MLEN_512 (512/8)
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] =
- {
- 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
- 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] =
- {
- 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
- 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] =
- {
- 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
- 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] =
- {
- 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
- 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] =
- {
- 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
- 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
- };
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] =
- {
- 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
- 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] =
- {
- 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
- 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] =
- {
- 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
- 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] =
- {
- 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
- 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] =
- {
- 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
- 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] =
- {
- 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
- 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] =
- {
- 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
- 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] =
- {
- 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
- 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
- };
- #endif
- const CMAC_Test_Case testCases[] =
- {
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_192
- {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_256
- {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
- #endif
- };
- #ifdef WOLFSSL_SMALL_STACK
- Cmac *cmac;
- #else
- Cmac cmac[1];
- #endif
- byte tag[AES_BLOCK_SIZE];
- const CMAC_Test_Case* tc;
- word32 i, tagSz;
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
- ERROR_OUT(-12009, out);
- #endif
- for (i = 0, tc = testCases;
- i < sizeof(testCases)/sizeof(CMAC_Test_Case);
- i++, tc++) {
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = AES_BLOCK_SIZE;
- #if !defined(HAVE_FIPS) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
- if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0)
- #else
- if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
- #endif
- {
- ERROR_OUT(-12000, out);
- }
- if (tc->partial) {
- if (wc_CmacUpdate(cmac, tc->m,
- tc->mSz/2 - tc->partial) != 0)
- ERROR_OUT(-12001, out);
- if (wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial,
- tc->mSz/2 + tc->partial) != 0)
- ERROR_OUT(-12002, out);
- }
- else {
- if (wc_CmacUpdate(cmac, tc->m, tc->mSz) != 0)
- ERROR_OUT(-12003, out);
- }
- if (wc_CmacFinal(cmac, tag, &tagSz) != 0)
- ERROR_OUT(-12004, out);
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-12005, out);
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = sizeof(tag);
- if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
- tc->k, tc->kSz) != 0)
- ERROR_OUT(-12006, out);
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-12007, out);
- if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
- tc->k, tc->kSz) != 0)
- ERROR_OUT(-12008, out);
- }
- ret = 0;
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (cmac)
- XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
- #endif
- return ret;
- }
- #endif /* NO_AES && WOLFSSL_CMAC */
- #if defined(WOLFSSL_SIPHASH)
- #if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
- /* Test vectors from:
- * https://github.com/veorq/SipHash/blob/master/vectors.h
- */
- static const unsigned char siphash_key[SIPHASH_KEY_SIZE] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- static const unsigned char siphash_msg[64] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
- };
- static const unsigned char siphash_r8[64][SIPHASH_MAC_SIZE_8] = {
- { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
- { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
- { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
- { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
- { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
- { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
- { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
- { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
- { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
- { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
- { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
- { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
- { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
- { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
- { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
- { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
- { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
- { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
- { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
- { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
- { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
- { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
- { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
- { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
- { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
- { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
- { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
- { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
- { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
- { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
- { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
- { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
- { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
- { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
- { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
- { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
- { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
- { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
- { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
- { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
- { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
- { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
- { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
- { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
- { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
- { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
- { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
- { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
- { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
- { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
- { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
- { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
- { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
- { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
- { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
- { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
- { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
- { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
- { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
- { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
- { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
- { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
- { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
- { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, },
- };
- static const unsigned char siphash_r16[64][SIPHASH_MAC_SIZE_16] = {
- { 0xa3, 0x81, 0x7f, 0x04, 0xba, 0x25, 0xa8, 0xe6,
- 0x6d, 0xf6, 0x72, 0x14, 0xc7, 0x55, 0x02, 0x93, },
- { 0xda, 0x87, 0xc1, 0xd8, 0x6b, 0x99, 0xaf, 0x44,
- 0x34, 0x76, 0x59, 0x11, 0x9b, 0x22, 0xfc, 0x45, },
- { 0x81, 0x77, 0x22, 0x8d, 0xa4, 0xa4, 0x5d, 0xc7,
- 0xfc, 0xa3, 0x8b, 0xde, 0xf6, 0x0a, 0xff, 0xe4, },
- { 0x9c, 0x70, 0xb6, 0x0c, 0x52, 0x67, 0xa9, 0x4e,
- 0x5f, 0x33, 0xb6, 0xb0, 0x29, 0x85, 0xed, 0x51, },
- { 0xf8, 0x81, 0x64, 0xc1, 0x2d, 0x9c, 0x8f, 0xaf,
- 0x7d, 0x0f, 0x6e, 0x7c, 0x7b, 0xcd, 0x55, 0x79, },
- { 0x13, 0x68, 0x87, 0x59, 0x80, 0x77, 0x6f, 0x88,
- 0x54, 0x52, 0x7a, 0x07, 0x69, 0x0e, 0x96, 0x27, },
- { 0x14, 0xee, 0xca, 0x33, 0x8b, 0x20, 0x86, 0x13,
- 0x48, 0x5e, 0xa0, 0x30, 0x8f, 0xd7, 0xa1, 0x5e, },
- { 0xa1, 0xf1, 0xeb, 0xbe, 0xd8, 0xdb, 0xc1, 0x53,
- 0xc0, 0xb8, 0x4a, 0xa6, 0x1f, 0xf0, 0x82, 0x39, },
- { 0x3b, 0x62, 0xa9, 0xba, 0x62, 0x58, 0xf5, 0x61,
- 0x0f, 0x83, 0xe2, 0x64, 0xf3, 0x14, 0x97, 0xb4, },
- { 0x26, 0x44, 0x99, 0x06, 0x0a, 0xd9, 0xba, 0xab,
- 0xc4, 0x7f, 0x8b, 0x02, 0xbb, 0x6d, 0x71, 0xed, },
- { 0x00, 0x11, 0x0d, 0xc3, 0x78, 0x14, 0x69, 0x56,
- 0xc9, 0x54, 0x47, 0xd3, 0xf3, 0xd0, 0xfb, 0xba, },
- { 0x01, 0x51, 0xc5, 0x68, 0x38, 0x6b, 0x66, 0x77,
- 0xa2, 0xb4, 0xdc, 0x6f, 0x81, 0xe5, 0xdc, 0x18, },
- { 0xd6, 0x26, 0xb2, 0x66, 0x90, 0x5e, 0xf3, 0x58,
- 0x82, 0x63, 0x4d, 0xf6, 0x85, 0x32, 0xc1, 0x25, },
- { 0x98, 0x69, 0xe2, 0x47, 0xe9, 0xc0, 0x8b, 0x10,
- 0xd0, 0x29, 0x93, 0x4f, 0xc4, 0xb9, 0x52, 0xf7, },
- { 0x31, 0xfc, 0xef, 0xac, 0x66, 0xd7, 0xde, 0x9c,
- 0x7e, 0xc7, 0x48, 0x5f, 0xe4, 0x49, 0x49, 0x02, },
- { 0x54, 0x93, 0xe9, 0x99, 0x33, 0xb0, 0xa8, 0x11,
- 0x7e, 0x08, 0xec, 0x0f, 0x97, 0xcf, 0xc3, 0xd9, },
- { 0x6e, 0xe2, 0xa4, 0xca, 0x67, 0xb0, 0x54, 0xbb,
- 0xfd, 0x33, 0x15, 0xbf, 0x85, 0x23, 0x05, 0x77, },
- { 0x47, 0x3d, 0x06, 0xe8, 0x73, 0x8d, 0xb8, 0x98,
- 0x54, 0xc0, 0x66, 0xc4, 0x7a, 0xe4, 0x77, 0x40, },
- { 0xa4, 0x26, 0xe5, 0xe4, 0x23, 0xbf, 0x48, 0x85,
- 0x29, 0x4d, 0xa4, 0x81, 0xfe, 0xae, 0xf7, 0x23, },
- { 0x78, 0x01, 0x77, 0x31, 0xcf, 0x65, 0xfa, 0xb0,
- 0x74, 0xd5, 0x20, 0x89, 0x52, 0x51, 0x2e, 0xb1, },
- { 0x9e, 0x25, 0xfc, 0x83, 0x3f, 0x22, 0x90, 0x73,
- 0x3e, 0x93, 0x44, 0xa5, 0xe8, 0x38, 0x39, 0xeb, },
- { 0x56, 0x8e, 0x49, 0x5a, 0xbe, 0x52, 0x5a, 0x21,
- 0x8a, 0x22, 0x14, 0xcd, 0x3e, 0x07, 0x1d, 0x12, },
- { 0x4a, 0x29, 0xb5, 0x45, 0x52, 0xd1, 0x6b, 0x9a,
- 0x46, 0x9c, 0x10, 0x52, 0x8e, 0xff, 0x0a, 0xae, },
- { 0xc9, 0xd1, 0x84, 0xdd, 0xd5, 0xa9, 0xf5, 0xe0,
- 0xcf, 0x8c, 0xe2, 0x9a, 0x9a, 0xbf, 0x69, 0x1c, },
- { 0x2d, 0xb4, 0x79, 0xae, 0x78, 0xbd, 0x50, 0xd8,
- 0x88, 0x2a, 0x8a, 0x17, 0x8a, 0x61, 0x32, 0xad, },
- { 0x8e, 0xce, 0x5f, 0x04, 0x2d, 0x5e, 0x44, 0x7b,
- 0x50, 0x51, 0xb9, 0xea, 0xcb, 0x8d, 0x8f, 0x6f, },
- { 0x9c, 0x0b, 0x53, 0xb4, 0xb3, 0xc3, 0x07, 0xe8,
- 0x7e, 0xae, 0xe0, 0x86, 0x78, 0x14, 0x1f, 0x66, },
- { 0xab, 0xf2, 0x48, 0xaf, 0x69, 0xa6, 0xea, 0xe4,
- 0xbf, 0xd3, 0xeb, 0x2f, 0x12, 0x9e, 0xeb, 0x94, },
- { 0x06, 0x64, 0xda, 0x16, 0x68, 0x57, 0x4b, 0x88,
- 0xb9, 0x35, 0xf3, 0x02, 0x73, 0x58, 0xae, 0xf4, },
- { 0xaa, 0x4b, 0x9d, 0xc4, 0xbf, 0x33, 0x7d, 0xe9,
- 0x0c, 0xd4, 0xfd, 0x3c, 0x46, 0x7c, 0x6a, 0xb7, },
- { 0xea, 0x5c, 0x7f, 0x47, 0x1f, 0xaf, 0x6b, 0xde,
- 0x2b, 0x1a, 0xd7, 0xd4, 0x68, 0x6d, 0x22, 0x87, },
- { 0x29, 0x39, 0xb0, 0x18, 0x32, 0x23, 0xfa, 0xfc,
- 0x17, 0x23, 0xde, 0x4f, 0x52, 0xc4, 0x3d, 0x35, },
- { 0x7c, 0x39, 0x56, 0xca, 0x5e, 0xea, 0xfc, 0x3e,
- 0x36, 0x3e, 0x9d, 0x55, 0x65, 0x46, 0xeb, 0x68, },
- { 0x77, 0xc6, 0x07, 0x71, 0x46, 0xf0, 0x1c, 0x32,
- 0xb6, 0xb6, 0x9d, 0x5f, 0x4e, 0xa9, 0xff, 0xcf, },
- { 0x37, 0xa6, 0x98, 0x6c, 0xb8, 0x84, 0x7e, 0xdf,
- 0x09, 0x25, 0xf0, 0xf1, 0x30, 0x9b, 0x54, 0xde, },
- { 0xa7, 0x05, 0xf0, 0xe6, 0x9d, 0xa9, 0xa8, 0xf9,
- 0x07, 0x24, 0x1a, 0x2e, 0x92, 0x3c, 0x8c, 0xc8, },
- { 0x3d, 0xc4, 0x7d, 0x1f, 0x29, 0xc4, 0x48, 0x46,
- 0x1e, 0x9e, 0x76, 0xed, 0x90, 0x4f, 0x67, 0x11, },
- { 0x0d, 0x62, 0xbf, 0x01, 0xe6, 0xfc, 0x0e, 0x1a,
- 0x0d, 0x3c, 0x47, 0x51, 0xc5, 0xd3, 0x69, 0x2b, },
- { 0x8c, 0x03, 0x46, 0x8b, 0xca, 0x7c, 0x66, 0x9e,
- 0xe4, 0xfd, 0x5e, 0x08, 0x4b, 0xbe, 0xe7, 0xb5, },
- { 0x52, 0x8a, 0x5b, 0xb9, 0x3b, 0xaf, 0x2c, 0x9c,
- 0x44, 0x73, 0xcc, 0xe5, 0xd0, 0xd2, 0x2b, 0xd9, },
- { 0xdf, 0x6a, 0x30, 0x1e, 0x95, 0xc9, 0x5d, 0xad,
- 0x97, 0xae, 0x0c, 0xc8, 0xc6, 0x91, 0x3b, 0xd8, },
- { 0x80, 0x11, 0x89, 0x90, 0x2c, 0x85, 0x7f, 0x39,
- 0xe7, 0x35, 0x91, 0x28, 0x5e, 0x70, 0xb6, 0xdb, },
- { 0xe6, 0x17, 0x34, 0x6a, 0xc9, 0xc2, 0x31, 0xbb,
- 0x36, 0x50, 0xae, 0x34, 0xcc, 0xca, 0x0c, 0x5b, },
- { 0x27, 0xd9, 0x34, 0x37, 0xef, 0xb7, 0x21, 0xaa,
- 0x40, 0x18, 0x21, 0xdc, 0xec, 0x5a, 0xdf, 0x89, },
- { 0x89, 0x23, 0x7d, 0x9d, 0xed, 0x9c, 0x5e, 0x78,
- 0xd8, 0xb1, 0xc9, 0xb1, 0x66, 0xcc, 0x73, 0x42, },
- { 0x4a, 0x6d, 0x80, 0x91, 0xbf, 0x5e, 0x7d, 0x65,
- 0x11, 0x89, 0xfa, 0x94, 0xa2, 0x50, 0xb1, 0x4c, },
- { 0x0e, 0x33, 0xf9, 0x60, 0x55, 0xe7, 0xae, 0x89,
- 0x3f, 0xfc, 0x0e, 0x3d, 0xcf, 0x49, 0x29, 0x02, },
- { 0xe6, 0x1c, 0x43, 0x2b, 0x72, 0x0b, 0x19, 0xd1,
- 0x8e, 0xc8, 0xd8, 0x4b, 0xdc, 0x63, 0x15, 0x1b, },
- { 0xf7, 0xe5, 0xae, 0xf5, 0x49, 0xf7, 0x82, 0xcf,
- 0x37, 0x90, 0x55, 0xa6, 0x08, 0x26, 0x9b, 0x16, },
- { 0x43, 0x8d, 0x03, 0x0f, 0xd0, 0xb7, 0xa5, 0x4f,
- 0xa8, 0x37, 0xf2, 0xad, 0x20, 0x1a, 0x64, 0x03, },
- { 0xa5, 0x90, 0xd3, 0xee, 0x4f, 0xbf, 0x04, 0xe3,
- 0x24, 0x7e, 0x0d, 0x27, 0xf2, 0x86, 0x42, 0x3f, },
- { 0x5f, 0xe2, 0xc1, 0xa1, 0x72, 0xfe, 0x93, 0xc4,
- 0xb1, 0x5c, 0xd3, 0x7c, 0xae, 0xf9, 0xf5, 0x38, },
- { 0x2c, 0x97, 0x32, 0x5c, 0xbd, 0x06, 0xb3, 0x6e,
- 0xb2, 0x13, 0x3d, 0xd0, 0x8b, 0x3a, 0x01, 0x7c, },
- { 0x92, 0xc8, 0x14, 0x22, 0x7a, 0x6b, 0xca, 0x94,
- 0x9f, 0xf0, 0x65, 0x9f, 0x00, 0x2a, 0xd3, 0x9e, },
- { 0xdc, 0xe8, 0x50, 0x11, 0x0b, 0xd8, 0x32, 0x8c,
- 0xfb, 0xd5, 0x08, 0x41, 0xd6, 0x91, 0x1d, 0x87, },
- { 0x67, 0xf1, 0x49, 0x84, 0xc7, 0xda, 0x79, 0x12,
- 0x48, 0xe3, 0x2b, 0xb5, 0x92, 0x25, 0x83, 0xda, },
- { 0x19, 0x38, 0xf2, 0xcf, 0x72, 0xd5, 0x4e, 0xe9,
- 0x7e, 0x94, 0x16, 0x6f, 0xa9, 0x1d, 0x2a, 0x36, },
- { 0x74, 0x48, 0x1e, 0x96, 0x46, 0xed, 0x49, 0xfe,
- 0x0f, 0x62, 0x24, 0x30, 0x16, 0x04, 0x69, 0x8e, },
- { 0x57, 0xfc, 0xa5, 0xde, 0x98, 0xa9, 0xd6, 0xd8,
- 0x00, 0x64, 0x38, 0xd0, 0x58, 0x3d, 0x8a, 0x1d, },
- { 0x9f, 0xec, 0xde, 0x1c, 0xef, 0xdc, 0x1c, 0xbe,
- 0xd4, 0x76, 0x36, 0x74, 0xd9, 0x57, 0x53, 0x59, },
- { 0xe3, 0x04, 0x0c, 0x00, 0xeb, 0x28, 0xf1, 0x53,
- 0x66, 0xca, 0x73, 0xcb, 0xd8, 0x72, 0xe7, 0x40, },
- { 0x76, 0x97, 0x00, 0x9a, 0x6a, 0x83, 0x1d, 0xfe,
- 0xcc, 0xa9, 0x1c, 0x59, 0x93, 0x67, 0x0f, 0x7a, },
- { 0x58, 0x53, 0x54, 0x23, 0x21, 0xf5, 0x67, 0xa0,
- 0x05, 0xd5, 0x47, 0xa4, 0xf0, 0x47, 0x59, 0xbd, },
- { 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a,
- 0x50, 0x3e, 0x06, 0x9a, 0x97, 0x3f, 0xbd, 0x7c, },
- };
- #endif
- WOLFSSL_TEST_SUBROUTINE int siphash_test(void)
- {
- int ret = 0;
- int i;
- #if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
- unsigned char res[SIPHASH_MAC_SIZE_16];
- SipHash siphash;
- for (i = 0; i < 64; i++) {
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return -12100 - i;
- ret = wc_SipHashUpdate(&siphash, siphash_msg, i);
- if (ret != 0)
- return -12200 - i;
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return -12300 - i;
- if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
- return -12400 - i;
- ret = wc_SipHash(siphash_key, siphash_msg, i, res, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return -12500 - i;
- if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
- return -12600 - i;
- }
- for (i = 0; i < 64; i++) {
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return -12700 - i;
- ret = wc_SipHashUpdate(&siphash, siphash_msg, i);
- if (ret != 0)
- return -12800 - i;
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return -12900 - i;
- if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
- return -13000 - i;
- ret = wc_SipHash(siphash_key, siphash_msg, i, res, SIPHASH_MAC_SIZE_16);
- if (ret != 0)
- return -13100 - i;
- if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
- return -13200 - i;
- }
- #endif
- /* Testing bad parameters. */
- ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return -13300;
- ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return -13301;
- ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return -13302;
- ret = wc_InitSipHash(&siphash, siphash_key, 7);
- if (ret != BAD_FUNC_ARG)
- return -13303;
- ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
- if (ret != 0)
- return -13304;
- ret = wc_SipHashUpdate(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -13305;
- ret = wc_SipHashUpdate(&siphash, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -13306;
- ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return -13307;
- ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return -13308;
- ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8);
- if (ret != BAD_FUNC_ARG)
- return -13309;
- ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return -13310;
- ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return -13311;
- ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return -13312;
- ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return -13313;
- ret = wc_SipHash(siphash_key, NULL, 0, res, 15);
- if (ret != BAD_FUNC_ARG)
- return -13314;
- ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16);
- if (ret != BAD_FUNC_ARG)
- return -13315;
- return 0;
- }
- #endif /* WOLFSSL_SIPHASH */
- #ifdef HAVE_LIBZ
- static const byte sample_text[] =
- "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
- "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
- "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
- "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
- "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
- "small batch meggings kogi dolore food truck bespoke gastropub.\n"
- "\n"
- "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
- "four loko you probably haven't heard of them high life. Messenger bag\n"
- "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
- "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
- "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
- "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
- "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
- "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
- "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
- "four loko whatever street art yr farm-to-table.\n"
- "\n"
- "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
- "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
- "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
- "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
- "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
- "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
- "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
- "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
- "locavore.\n"
- "\n"
- "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
- "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
- "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
- "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
- "small batch american apparel. Put a bird on it cosby sweater before they\n"
- "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
- "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
- "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
- "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
- "neutra PBR selvage.\n"
- "\n"
- "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
- "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
- "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
- "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
- "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
- "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
- "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
- "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
- "mollit magna, sriracha sartorial helvetica.\n"
- "\n"
- "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
- "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
- "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
- "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
- "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
- "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
- "Veniam sunt food truck leggings, sint vinyl fap.\n"
- "\n"
- "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
- "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
- "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
- "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
- "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
- "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
- "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
- "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
- "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
- "\n"
- "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
- "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
- "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
- "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
- "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
- "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
- "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
- "bag dolor terry richardson sapiente.\n";
- static const byte sample_text_gz[] = {
- 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70,
- 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D,
- 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9,
- 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0,
- 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE,
- 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78,
- 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69,
- 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A,
- 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64,
- 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72,
- 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B,
- 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37,
- 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C,
- 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68,
- 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5,
- 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE,
- 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC,
- 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF,
- 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF,
- 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F,
- 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A,
- 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2,
- 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F,
- 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD,
- 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F,
- 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF,
- 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88,
- 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB,
- 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD,
- 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4,
- 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B,
- 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F,
- 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD,
- 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39,
- 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E,
- 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E,
- 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B,
- 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF,
- 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30,
- 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D,
- 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9,
- 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34,
- 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02,
- 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00,
- 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96,
- 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F,
- 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38,
- 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20,
- 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4,
- 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99,
- 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6,
- 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74,
- 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3,
- 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20,
- 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79,
- 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A,
- 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29,
- 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4,
- 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3,
- 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7,
- 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58,
- 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4,
- 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58,
- 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86,
- 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39,
- 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47,
- 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97,
- 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3,
- 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8,
- 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71,
- 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84,
- 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29,
- 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A,
- 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6,
- 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A,
- 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD,
- 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A,
- 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46,
- 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3,
- 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D,
- 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03,
- 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E,
- 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6,
- 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73,
- 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52,
- 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2,
- 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1,
- 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B,
- 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1,
- 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24,
- 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A,
- 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3,
- 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E,
- 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C,
- 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D,
- 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15,
- 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F,
- 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5,
- 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F,
- 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35,
- 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD,
- 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C,
- 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56,
- 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD,
- 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88,
- 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B,
- 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48,
- 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44,
- 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D,
- 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE,
- 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C,
- 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10,
- 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84,
- 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA,
- 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41,
- 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96,
- 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49,
- 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09,
- 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20,
- 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C,
- 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46,
- 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95,
- 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13,
- 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26,
- 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB,
- 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28,
- 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E,
- 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA,
- 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0,
- 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7,
- 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0,
- 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34,
- 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2,
- 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4,
- 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C,
- 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43,
- 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53,
- 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0,
- 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D,
- 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F,
- 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73,
- 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD,
- 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59,
- 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C,
- 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B,
- 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15,
- 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39,
- 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92,
- 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF,
- 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00
- };
- WOLFSSL_TEST_SUBROUTINE int compress_test(void)
- {
- int ret = 0;
- word32 dSz = sizeof(sample_text);
- word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
- byte *c;
- byte *d;
- c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (c == NULL || d == NULL) {
- ERROR_OUT(-12100, exit);
- }
- /* follow calloc and initialize to 0 */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
- ERROR_OUT(-12101, exit);
- }
- cSz = (word32)ret;
- if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
- ERROR_OUT(-12102, exit);
- }
- dSz = (word32)ret;
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(-12103, exit);
- }
- /* GZIP tests */
- cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP);
- if (ret < 0) {
- ERROR_OUT(-12104, exit);
- }
- cSz = (word32)ret;
- ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP);
- if (ret < 0) {
- ERROR_OUT(-12105, exit);
- }
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(-12106, exit);
- }
- /* Try with gzip generated output */
- XMEMSET(d, 0, dSz);
- ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz),
- LIBZ_WINBITS_GZIP);
- if (ret < 0) {
- ERROR_OUT(-12107, exit);
- }
- dSz = (word32)ret;
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(-12108, exit);
- }
- ret = 0; /* success */
- exit:
- if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_LIBZ */
- #ifdef HAVE_PKCS7
- /* External Debugging/Testing Note:
- *
- * PKCS#7 test functions can output generated PKCS#7/CMS bundles for
- * additional testing. To dump bundles to files DER encoded files, please
- * define:
- *
- * #define PKCS7_OUTPUT_TEST_BUNDLES
- */
- /* Loads certs and keys for use with PKCS7 tests, from either files
- * or buffers.
- *
- * rsaClientCertBuf - output buffer for RSA client cert
- * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert
- * rsaClientPrivKeyBuf - output buffer for RSA client private key
- * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key
- *
- * rsaServerCertBuf - output buffer for RSA server cert
- * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert
- * rsaServerPrivKeyBuf - output buffer for RSA server private key
- * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key
- *
- * rsaCaCertBuf - output buffer for RSA CA cert
- * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert
- * rsaCaPrivKeyBuf - output buffer for RSA CA private key
- * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key
- *
- * eccClientCertBuf - output buffer for ECC cert
- * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert
- * eccClientPrivKeyBuf - output buffer for ECC private key
- * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key
- *
- * Returns 0 on success, negative on error
- */
- static int pkcs7_load_certs_keys(
- byte* rsaClientCertBuf, word32* rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32* rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32* rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32* eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz)
- {
- #ifndef NO_FILESYSTEM
- XFILE certFile;
- XFILE keyFile;
- (void)certFile;
- (void)keyFile;
- #endif
- #ifndef NO_RSA
- if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL ||
- rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL)
- return BAD_FUNC_ARG;
- #endif
- #ifdef HAVE_ECC
- if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL ||
- eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL)
- return BAD_FUNC_ARG;
- #endif
- /* RSA */
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024)
- return -12110;
- XMEMCPY(rsaClientCertBuf, client_cert_der_1024,
- sizeof_client_cert_der_1024);
- *rsaClientCertBufSz = sizeof_client_cert_der_1024;
- if (rsaServerCertBuf != NULL) {
- if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024)
- return -12111;
- XMEMCPY(rsaServerCertBuf, server_cert_der_1024,
- sizeof_server_cert_der_1024);
- *rsaServerCertBufSz = sizeof_server_cert_der_1024;
- }
- if (rsaCaCertBuf != NULL) {
- if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024)
- return -12112;
- XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- *rsaCaCertBufSz = sizeof_ca_cert_der_1024;
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048)
- return -12113;
- XMEMCPY(rsaClientCertBuf, client_cert_der_2048,
- sizeof_client_cert_der_2048);
- *rsaClientCertBufSz = sizeof_client_cert_der_2048;
- if (rsaServerCertBuf != NULL) {
- if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048)
- return -12114;
- XMEMCPY(rsaServerCertBuf, server_cert_der_2048,
- sizeof_server_cert_der_2048);
- *rsaServerCertBufSz = sizeof_server_cert_der_2048;
- }
- if (rsaCaCertBuf != NULL) {
- if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048)
- return -12115;
- XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- *rsaCaCertBufSz = sizeof_ca_cert_der_2048;
- }
- #else
- certFile = XFOPEN(clientCert, "rb");
- if (!certFile)
- return -12116;
- *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1,
- *rsaClientCertBufSz, certFile);
- XFCLOSE(certFile);
- if (rsaServerCertBuf != NULL) {
- certFile = XFOPEN(rsaServerCertDerFile, "rb");
- if (!certFile)
- return -12117;
- *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1,
- *rsaServerCertBufSz, certFile);
- XFCLOSE(certFile);
- }
- if (rsaCaCertBuf != NULL) {
- certFile = XFOPEN(rsaCaCertDerFile, "rb");
- if (!certFile)
- return -12118;
- *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz,
- certFile);
- XFCLOSE(certFile);
- }
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024)
- return -12119;
- XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024,
- sizeof_client_key_der_1024);
- *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024;
- if (rsaServerPrivKeyBuf != NULL) {
- if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024)
- return -12120;
- XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024,
- sizeof_server_key_der_1024);
- *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024)
- return -12121;
- XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024);
- *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024;
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048)
- return -12122;
- XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048,
- sizeof_client_key_der_2048);
- *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048;
- if (rsaServerPrivKeyBuf != NULL) {
- if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048)
- return -12123;
- XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048,
- sizeof_server_key_der_2048);
- *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048)
- return -12124;
- XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048);
- *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048;
- }
- #else
- keyFile = XFOPEN(clientKey, "rb");
- if (!keyFile)
- return -12125;
- *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1,
- *rsaClientPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (rsaServerPrivKeyBuf != NULL) {
- keyFile = XFOPEN(rsaServerKeyDerFile, "rb");
- if (!keyFile)
- return -12126;
- *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1,
- *rsaServerPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- }
- if (rsaCaPrivKeyBuf != NULL) {
- keyFile = XFOPEN(rsaCaKeyFile, "rb");
- if (!keyFile)
- return -12127;
- *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1,
- *rsaCaPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- }
- #endif /* USE_CERT_BUFFERS */
- #endif /* NO_RSA */
- /* ECC */
- #ifdef HAVE_ECC
- #ifdef USE_CERT_BUFFERS_256
- if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256)
- return -12128;
- XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- *eccClientCertBufSz = sizeof_cliecc_cert_der_256;
- #else
- certFile = XFOPEN(eccClientCert, "rb");
- if (!certFile)
- return -12129;
- *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1,
- *eccClientCertBufSz, certFile);
- XFCLOSE(certFile);
- #endif /* USE_CERT_BUFFERS_256 */
- #ifdef USE_CERT_BUFFERS_256
- if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256)
- return -12130;
- XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256;
- #else
- keyFile = XFOPEN(eccClientKey, "rb");
- if (!keyFile)
- return -12131;
- *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1,
- *eccClientPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* HAVE_ECC */
- #ifdef NO_RSA
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- #endif
- #ifndef HAVE_ECC
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- #endif
- #ifndef NO_FILESYSTEM
- (void)certFile;
- (void)keyFile;
- #endif
- return 0;
- }
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- byte* optionalUkm;
- word32 optionalUkmSz;
- int ktriOptions; /* KTRI options flags */
- int kariOptions; /* KARI options flags */
- /* KEKRI specific */
- const byte* secretKey; /* key, only for kekri RecipientInfo types */
- word32 secretKeySz; /* size of secretKey, bytes */
- const byte* secretKeyId; /* key identifier */
- word32 secretKeyIdSz; /* size of key identifier, bytes */
- void* timePtr; /* time_t pointer */
- byte* otherAttrOID; /* OPTIONAL, other attribute OID */
- word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
- byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
- word32 otherAttrSz; /* size of otherAttr, bytes */
- int kekriOptions; /* KEKRI options flags */
- /* PWRI specific */
- const char* password;
- word32 passwordSz;
- const byte* salt;
- word32 saltSz;
- int kdfOID;
- int hashOID;
- int kdfIterations;
- int pwriOptions; /* PWRI options flags */
- /* ORI specific */
- int isOri;
- int oriOptions; /* ORI options flags */
- const char* outFileName;
- } pkcs7EnvelopedVector;
- static const byte asnDataOid[] = {
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
- };
- /* ORI encrypt callback, responsible for encrypting content-encryption key (CEK)
- * and giving wolfCrypt the value for oriOID and oriValue to place in
- * OtherRecipientInfo.
- *
- * Returns 0 on success, negative upon error. */
- static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
- word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
- void* ctx)
- {
- int i;
- /* make sure buffers are large enough */
- if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType)))
- return -12140;
- /* our simple encryption algorithm will be take the bitwise complement */
- oriValue[0] = 0x04; /*ASN OCTET STRING */
- oriValue[1] = (byte)cekSz; /* length */
- for (i = 0; i < (int)cekSz; i++) {
- oriValue[2 + i] = ~cek[i];
- }
- *oriValueSz = 2 + cekSz;
- /* set oriType to ASN.1 encoded data OID */
- XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid));
- *oriTypeSz = sizeof(asnDataOid);
- (void)pkcs7;
- (void)ctx;
- return 0;
- }
- /* ORI decrypt callback, responsible for providing a decrypted content
- * encryption key (CEK) placed into decryptedKey and size placed into
- * decryptedKeySz. oriOID and oriValue are given to the callback to help
- * in decrypting the encrypted CEK.
- *
- * Returns 0 on success, negative upon error. */
- static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
- byte* oriValue, word32 oriValueSz, byte* decryptedKey,
- word32* decryptedKeySz, void* ctx)
- {
- int i;
- /* make sure oriType matches what we expect */
- if (oriTypeSz != sizeof(asnDataOid))
- return -12150;
- if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0)
- return -12151;
- /* make sure decrypted buffer is large enough */
- if (*decryptedKeySz < oriValueSz)
- return -12152;
- /* decrypt encrypted CEK using simple bitwise complement,
- only for example */
- for (i = 0; i < (int)oriValueSz - 2; i++) {
- decryptedKey[i] = ~oriValue[2 + i];
- }
- *decryptedKeySz = oriValueSz - 2;
- (void)pkcs7;
- (void)ctx;
- return 0;
- }
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- /* returns 0 on success */
- static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
- byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
- byte* in, int inSz, byte* out, void* usrCtx)
- {
- int keyId = -1, ret, keySz;
- word32 keyIdSz = 8;
- const byte* key;
- byte keyIdRaw[8];
- #ifdef WOLFSSL_SMALL_STACK
- Aes *aes;
- #else
- Aes aes[1];
- #endif
- /* looking for KEY ID
- * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37
- */
- WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = {
- /* 0x06, 0x0B do not pass in tag and length */
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x25
- };
- WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- /* test user context passed in */
- if (usrCtx == NULL || *(int*)usrCtx != 1) {
- return -12160;
- }
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return -12164;
- #endif
- /* if needing to find keyIdSz can call with NULL */
- ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
- &keyIdSz);
- if (ret != LENGTH_ONLY_E) {
- printf("Unexpected error %d when getting keyIdSz\n", ret);
- printf("Possibly no KEY ID attribute set\n");
- ERROR_OUT(-12161, out);
- }
- else {
- XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw));
- ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw,
- &keyIdSz);
- if (ret < 0) {
- goto out;
- }
- if (keyIdSz < 3) {
- printf("keyIdSz is smaller than expected\n");
- ERROR_OUT(-12162, out);
- }
- if (keyIdSz > 2 + sizeof(int)) {
- printf("example case was only expecting a keyId of int size\n");
- ERROR_OUT(-12163, out);
- }
- /* keyIdRaw[0] OCTET TAG */
- /* keyIdRaw[1] Length */
- #ifdef BIG_ENDIAN_ORDER
- if (keyIdRaw[1] == 0x01) {
- keyId = 1;
- }
- #else
- XMEMCPY(&keyId, keyIdRaw + 2, sizeof(keyId));
- #endif
- }
- /* Use keyID here if found to select key and decrypt in HSM or in this
- * example just select key and do software decryption */
- if (keyId == 1) {
- key = altKey;
- keySz = sizeof(altKey);
- }
- else {
- key = defKey;
- keySz = sizeof(defKey);
- }
- switch (encryptOID) {
- #ifdef WOLFSSL_AES_256
- case AES256CBCb:
- if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
- ERROR_OUT(BAD_FUNC_ARG, out);
- break;
- #endif
- #ifdef WOLFSSL_AES_128
- case AES128CBCb:
- if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
- ERROR_OUT(BAD_FUNC_ARG, out);
- break;
- #endif
- default:
- printf("Unsupported content cipher type for example");
- ERROR_OUT(ALGO_ID_E, out);
- };
- ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID);
- if (ret == 0) {
- ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
- if (ret == 0)
- ret = wc_AesCbcDecrypt(aes, out, in, inSz);
- wc_AesFree(aes);
- }
- out:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- (void)aad;
- (void)aadSz;
- (void)authTag;
- (void)authTagSz;
- return ret;
- }
- #endif /* !NO_AES && HAVE_AES_CBC */
- #define PKCS7_BUF_SIZE 2048
- static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- int ret = 0, testSz = 0, i;
- int envelopedSz, decodedSz;
- byte *enveloped = NULL;
- byte *decoded = NULL;
- PKCS7* pkcs7 = NULL;
- #ifdef ECC_TIMING_RESISTANT
- WC_RNG rng;
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
- defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
- byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
- !defined(NO_SHA)
- /* encryption key for kekri recipient types */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- /* encryption key identifier */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
- 0x02,0x02,0x03,0x04
- };
- #endif
- #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
- !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */
- #else
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
- 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
- };
- #endif
- #define MAX_TESTVECTORS_LEN 13
- #define ADD_PKCS7ENVELOPEDVECTOR(...) { \
- pkcs7EnvelopedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = -12534; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
- }
- pkcs7EnvelopedVector *testVectors = NULL;
- #ifdef ECC_TIMING_RESISTANT
- XMEMSET(&rng, 0, sizeof(rng));
- #endif
- testVectors = (pkcs7EnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = -12534;
- goto out;
- }
- {
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #ifndef NO_DES3
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataDES3.der");
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC.der");
- #endif
- #ifdef WOLFSSL_AES_192
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES192CBC.der");
- #endif
- #ifdef WOLFSSL_AES_256
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC.der");
- /* explicitly using SKID for SubjectKeyIdentifier */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL,
- NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_SKID.der");
- /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
- 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der");
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der");
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der");
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der");
- /* with optional user keying material (ukm) */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der");
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* !NO_AES && HAVE_AES_CBC */
- #endif
- /* kekri (KEKRecipientInfo) recipient types */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
- secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC_KEKRI.der");
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- /* pwri (PasswordRecipientInfo) recipient types */
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
- (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
- 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der");
- #endif
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
- /* ori (OtherRecipientInfo) recipient types */
- ADD_PKCS7ENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
- NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
- NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der");
- #endif
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7ENVELOPEDVECTOR
- enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enveloped) || (! decoded)) {
- ERROR_OUT(-12170, out);
- }
- #ifdef ECC_TIMING_RESISTANT
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-12171, out);
- }
- #endif
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL) {
- ERROR_OUT(-12172, out);
- }
- if (testVectors[i].secretKey != NULL) {
- /* KEKRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12173, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
- (byte *)testVectors[i].secretKey, testVectors[i].secretKeySz,
- (byte *)testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
- testVectors[i].timePtr, testVectors[i].otherAttrOID,
- testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
- testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12174, out);
- }
- /* set key, for decryption */
- ret = wc_PKCS7_SetKey(pkcs7, (byte *)testVectors[i].secretKey,
- testVectors[i].secretKeySz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12175, out);
- }
- } else if (testVectors[i].password != NULL) {
- #if !defined(NO_PWDBASED) && !defined(NO_SHA)
- /* PWRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12176, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
- (byte *)testVectors[i].password, testVectors[i].passwordSz,
- (byte *)testVectors[i].salt, testVectors[i].saltSz,
- testVectors[i].kdfOID,
- testVectors[i].hashOID, testVectors[i].kdfIterations,
- testVectors[i].encryptOID, testVectors[i].pwriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12177, out);
- }
- /* set password, for decryption */
- ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
- testVectors[i].passwordSz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12178, out);
- }
- #endif /* ! NO_PWDBASED && ! NO_SHA */
- } else if (testVectors[i].isOri == 1) {
- /* ORI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12179, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
- testVectors[i].oriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12180, out);
- }
- /* set decrypt callback for decryption */
- ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12181, out);
- }
- } else {
- /* KTRI or KARI recipient types */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12182, out);
- }
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12183, out);
- }
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- /* set SubjectIdentifier type for KTRI types */
- if (testVectors[i].ktriOptions & CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12184, out);
- }
- } else if (testVectors[i].ktriOptions &
- CMS_ISSUER_AND_SERIAL_NUMBER) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
- CMS_ISSUER_AND_SERIAL_NUMBER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12185, out);
- }
- }
- }
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
- PKCS7_BUF_SIZE);
- if (envelopedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12186, out);
- }
- /* decode envelopedData */
- pkcs7->contentOID = 0;
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
- decoded, PKCS7_BUF_SIZE);
- if (pkcs7->contentOID != testVectors[i].contentOID ||
- decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12187, out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12188, out);
- }
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < envelopedSz; z++) {
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(-12189, out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read compare failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12190, out);
- }
- }
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12191, out);
- }
- ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12192, out);
- } else {
- /* reset ret to 0 for success */
- ret = 0;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- #ifdef ECC_TIMING_RESISTANT
- wc_FreeRng(&rng);
- #endif
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- out:
- if (testVectors)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (enveloped)
- XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int pkcs7enveloped_test(void)
- {
- int ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return -12200;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12201;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -12202;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12203;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -12204;
- }
- ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- PKCS7Attrib* authAttribs;
- word32 authAttribsSz;
- PKCS7Attrib* unauthAttribs;
- word32 unauthAttribsSz;
- /* KARI / KTRI specific */
- byte* optionalUkm;
- word32 optionalUkmSz;
- int ktriOptions; /* KTRI options flags */
- int kariOptions; /* KARI options flags */
- /* KEKRI specific */
- byte* secretKey; /* key, only for kekri RecipientInfo types */
- word32 secretKeySz; /* size of secretKey, bytes */
- byte* secretKeyId; /* key identifier */
- word32 secretKeyIdSz; /* size of key identifier, bytes */
- void* timePtr; /* time_t pointer */
- byte* otherAttrOID; /* OPTIONAL, other attribute OID */
- word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
- byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
- word32 otherAttrSz; /* size of otherAttr, bytes */
- int kekriOptions; /* KEKRI options flags */
- /* PWRI specific */
- char* password; /* password */
- word32 passwordSz; /* password size, bytes */
- byte* salt; /* KDF salt */
- word32 saltSz; /* KDF salt size, bytes */
- int kdfOID; /* KDF OID */
- int hashOID; /* KDF hash algorithm OID */
- int kdfIterations; /* KDF iterations */
- int kekEncryptOID; /* KEK encryption algorithm OID */
- int pwriOptions; /* PWRI options flags */
- /* ORI specific */
- int isOri;
- int oriOptions; /* ORI options flags */
- const char* outFileName;
- } pkcs7AuthEnvelopedVector;
- static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- int ret = 0, testSz = 0, i;
- int envelopedSz, decodedSz;
- byte *enveloped = NULL;
- byte *decoded = NULL;
- WC_RNG rng;
- PKCS7* pkcs7;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- byte senderNonce[PKCS7_NONCE_SZ + 2];
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- PKCS7Attrib attribs[] =
- {
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- #endif
- #endif
- #endif
- #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
- defined(WOLFSSL_SHA512)
- WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- /* encryption key for kekri recipient types */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- /* encryption key identifier */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
- 0x02,0x02,0x03,0x04
- };
- #endif
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
- #else
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
- 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
- };
- #endif
- #define MAX_TESTVECTORS_LEN 20
- #define ADD_PKCS7AUTHENVELOPEDVECTOR(...) { \
- pkcs7AuthEnvelopedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = -12534; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
- }
- pkcs7AuthEnvelopedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7AuthEnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = -12534;
- goto out;
- }
- {
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_AES_128
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES128GCM.der");
- #endif
- #ifdef WOLFSSL_AES_192
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES192GCM.der");
- #endif
- #ifdef WOLFSSL_AES_256
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES256GCM.der");
- /* test with contentType set to FirmwarePkgData */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0,
- rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL,
- 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL,
- 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der");
- /* explicitly using SKID for SubjectKeyIdentifier */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
- 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der");
- /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0,
- CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
- NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_IANDS.der");
- #endif
- #endif /* NO_AES */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der");
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der");
- /* with authenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
- 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der");
- /* with unauthenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, attribs,
- (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
- 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der");
- /* with authenticated AND unauthenticated attributes */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der");
- /* with authenticated AND unauthenticated attributes AND
- * contentType of FirmwarePkgData */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der");
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL,
- NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der");
- /* with optional user keying material (ukm) */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0,
- 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* NO_AES */
- #endif
- /* kekri (KEKRecipientInfo) recipient types */
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0,
- (byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId),
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES128GCM_KEKRI.der");
- #endif
- #endif
- /* pwri (PasswordRecipientInfo) recipient types */
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password,
- (word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
- AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der");
- #endif
- #endif
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_AES_128
- /* ori (OtherRecipientInfo) recipient types */
- ADD_PKCS7AUTHENVELOPEDVECTOR(
- data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
- NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
- "pkcs7authEnvelopedDataAES128GCM_ORI.der");
- #endif
- #endif
- }
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7AUTHENVELOPEDVECTOR
- enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enveloped) || (! decoded)) {
- ERROR_OUT(-12210, out);
- }
- /* generate senderNonce */
- {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-12211, out);
- }
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0) {
- wc_FreeRng(&rng);
- ERROR_OUT(-12212, out);
- }
- }
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL) {
- ERROR_OUT(-12213, out);
- }
- if (testVectors[i].secretKey != NULL) {
- /* KEKRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12214, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
- testVectors[i].secretKey, testVectors[i].secretKeySz,
- testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
- testVectors[i].timePtr, testVectors[i].otherAttrOID,
- testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
- testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12215, out);
- }
- /* set key, for decryption */
- ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
- testVectors[i].secretKeySz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12216, out);
- }
- } else if (testVectors[i].password != NULL) {
- #if !defined(NO_PWDBASED) && !defined(NO_SHA)
- /* PWRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12217, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
- (byte*)testVectors[i].password,
- testVectors[i].passwordSz, testVectors[i].salt,
- testVectors[i].saltSz, testVectors[i].kdfOID,
- testVectors[i].hashOID, testVectors[i].kdfIterations,
- testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12218, out);
- }
- /* set password, for decryption */
- ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
- testVectors[i].passwordSz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12219, out);
- }
- #endif /* ! NO_PWDBASED && ! NO_SHA */
- } else if (testVectors[i].isOri == 1) {
- /* ORI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12220, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
- testVectors[i].oriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12221, out);
- }
- /* set decrypt callback for decryption */
- ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12222, out);
- }
- } else {
- /* KTRI or KARI recipient types */
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12223, out);
- }
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- /* set SubjectIdentifier type for KTRI types */
- if (testVectors[i].ktriOptions & CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12224, out);
- }
- } else if (testVectors[i].ktriOptions &
- CMS_ISSUER_AND_SERIAL_NUMBER) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
- CMS_ISSUER_AND_SERIAL_NUMBER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12225, out);
- }
- }
- }
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
- PKCS7_BUF_SIZE);
- if (envelopedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12226, out);
- }
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < envelopedSz; z++) {
- decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
- enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(-12227, out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read compare failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12228, out);
- }
- }
- #endif
- /* decode envelopedData */
- decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
- envelopedSz, decoded,
- PKCS7_BUF_SIZE);
- if (decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12229, out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12230, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12231, out);
- }
- ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12232, out);
- } else {
- /* reset ret to 0 for success */
- ret = 0;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- wc_FreeRng(&rng);
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- (void)secretKey;
- (void)secretKeyId;
- #endif
- #ifdef NO_RSA
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif
- out:
- if (testVectors)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (enveloped)
- XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void)
- {
- int ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return -12300;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12301;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -12302;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12303;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -12304;
- }
- ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_AESGCM || HAVE_AESCCM */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- static const byte p7DefKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static const byte p7AltKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
- word32 keyIdSz, byte* orginKey, word32 orginKeySz,
- byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
- {
- int ret;
- if (cek == NULL || out == NULL)
- return BAD_FUNC_ARG;
- /* test case sanity checks */
- if (keyIdSz != 1) {
- return -12310;
- }
- if (keyId[0] != 0x00) {
- return -12311;
- }
- if (type != (int)PKCS7_KEKRI) {
- return -12312;
- }
- switch (keyWrapAlgo) {
- case AES256_WRAP:
- ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz,
- out, outSz, NULL);
- if (ret <= 0)
- return ret;
- break;
- default:
- WOLFSSL_MSG("Unsupported key wrap algorithm in example");
- return BAD_KEYWRAP_ALG_E;
- };
- (void)pkcs7;
- (void)direction;
- (void)orginKey; /* used with KAKRI */
- (void)orginKeySz;
- return ret;
- }
- /* returns key size on success */
- static int getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
- {
- int ret;
- word32 atrSz;
- byte atr[256];
- /* Additionally can look for fwWrappedFirmwareKey
- * 1.2.840.113529.1.9.16.1.16 */
- const unsigned char fwWrappedFirmwareKey[] = {
- /* 0x06, 0x0B */
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x27
- };
- /* find keyID in fwWrappedFirmwareKey */
- ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
- sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
- if (ret == LENGTH_ONLY_E) {
- XMEMSET(atr, 0, sizeof(atr));
- ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
- sizeof(fwWrappedFirmwareKey), atr, &atrSz);
- /* keyIdRaw[0] OCTET TAG */
- /* keyIdRaw[1] Length */
- if (ret > 0) {
- PKCS7* envPkcs7;
- envPkcs7 = wc_PKCS7_New(NULL, 0);
- if (envPkcs7 == NULL) {
- return MEMORY_E;
- }
- wc_PKCS7_Init(envPkcs7, NULL, 0);
- ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc);
- if (ret == 0) {
- /* expecting FIRMWARE_PKG_DATA content */
- envPkcs7->contentOID = FIRMWARE_PKG_DATA;
- ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
- key, keySz);
- if (envPkcs7->contentOID != FIRMWARE_PKG_DATA) {
- /* the contentOID should have been set to the inner
- * FIRMWARE_PKG_DATA content */
- ret = BAD_STATE_E;
- }
- }
- wc_PKCS7_Free(envPkcs7);
- }
- }
- return ret;
- }
- /* create a KEKRI enveloped data
- * return size on success */
- static int envelopedData_encrypt(byte* in, word32 inSz, byte* out,
- word32 outSz)
- {
- int ret;
- PKCS7* pkcs7;
- WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
- pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
- if (pkcs7 == NULL)
- return -12330;
- pkcs7->content = in;
- pkcs7->contentSz = inSz;
- pkcs7->contentOID = FIRMWARE_PKG_DATA;
- pkcs7->encryptOID = AES256CBCb;
- pkcs7->ukm = NULL;
- pkcs7->ukmSz = 0;
- /* add recipient (KEKRI type) */
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey,
- sizeof(p7DefKey), (byte*)keyId,
- sizeof(keyId), NULL, NULL, 0, NULL, 0, 0);
- if (ret < 0) {
- printf("wc_PKCS7_AddRecipient_KEKRI() failed, ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return -12331;
- }
- /* encode envelopedData, returns size */
- ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz);
- if (ret <= 0) {
- printf("wc_PKCS7_EncodeEnvelopedData() failed, ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return -12332;
- }
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /*
- * keyHint is the KeyID to be set in the fwDecryptKeyID attribute
- * returns size of buffer output on success
- */
- static int generateBundle(byte* out, word32 *outSz, const byte* encryptKey,
- word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz,
- byte* key, word32 keySz)
- {
- int ret, attribNum = 1;
- PKCS7* pkcs7;
- /* KEY ID
- * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
- */
- const unsigned char fwDecryptKeyID[] = {
- 0x06, 0x0B,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x25
- };
- /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */
- const unsigned char fwWrappedFirmwareKey[] = {
- 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x27
- };
- byte keyID[] = { 0x04, 0x01, 0x00 };
- byte env[256];
- char data[] = "Test of wolfSSL PKCS7 decrypt callback";
- PKCS7Attrib attribs[] =
- {
- { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) },
- { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 }
- };
- keyID[2] = keyHint;
- /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */
- if (keyHint == 0) {
- ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env,
- sizeof(env));
- if (ret <= 0) {
- return ret;
- }
- attribs[1].valueSz = ret;
- attribNum++;
- }
- /* init PKCS7 */
- pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
- if (pkcs7 == NULL)
- return -12340;
- ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
- if (ret != 0) {
- printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return -12341;
- }
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return -12342;
- }
- /* encode Signed Encrypted FirmwarePkgData */
- if (encryptKeySz == 16) {
- ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
- encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
- (byte*)data, sizeof(data), NULL, 0,
- attribs, attribNum, out, *outSz);
- }
- else {
- ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
- encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
- (byte*)data, sizeof(data), NULL, 0,
- attribs, attribNum, out, *outSz);
- }
- if (ret <= 0) {
- printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
- "ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return -12343;
- } else {
- *outSz = ret;
- }
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /* test verification and decryption of PKCS7 bundle
- * return 0 on success
- */
- static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
- {
- int ret = 0;
- int usrCtx = 1; /* test value to pass as user context to callback */
- PKCS7* pkcs7 = NULL;
- byte* sid = NULL;
- word32 sidSz;
- byte key[256];
- word32 keySz = sizeof(key);
- byte *decoded = NULL;
- int decodedSz = FOURK_BUF/2;
- WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
- #ifdef USE_CERT_BUFFERS_1024
- 0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34,
- 0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75,
- 0x10, 0x69, 0x59, 0xec,
- #else
- 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
- 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
- 0xD7, 0x85, 0x65, 0xC0
- #endif
- };
- decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
- if (pkcs7 == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- /* Test verify */
- ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz);
- if (ret != 0)
- goto out;
- /* Get size of SID and print it out */
- ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
- if (ret != LENGTH_ONLY_E)
- goto out;
- sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (sid == NULL) {
- ret = MEMORY_E;
- goto out;
- }
- ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz);
- if (ret != 0)
- goto out;
- ret = XMEMCMP(sid, expectedSid, sidSz);
- if (ret != 0) {
- ret = PKCS7_NO_SIGNER_E; /* close enough */
- goto out;
- }
- /* get expected fwWrappedFirmwareKey */
- if (keyHint == 0) {
- ret = getFirmwareKey(pkcs7, key, keySz);
- if (ret < 0)
- goto out;
- pkcs7->encryptionKey = key;
- pkcs7->encryptionKeySz = ret;
- }
- else {
- decodedSz = PKCS7_BUF_SIZE;
- ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc);
- if (ret != 0)
- goto out;
- ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx);
- if (ret != 0)
- goto out;
- }
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, decoded, decodedSz);
- if (decodedSz < 0) {
- ret = decodedSz;
- goto out;
- }
- ret = 0;
- out:
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- if (sid)
- XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz)
- {
- int ret = 0;
- word32 derSz;
- byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (! derBuf)
- ERROR_OUT(-12360, out);
- /* Doing default generation and verify */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert,
- certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(-12361, out);
- }
- ret = verifyBundle(derBuf, derSz, 0);
- if (ret != 0) {
- ERROR_OUT(-12362, out);
- }
- /* test choosing other key with keyID */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1,
- cert, certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(-12363, out);
- }
- ret = verifyBundle(derBuf, derSz, 1);
- if (ret != 0) {
- ERROR_OUT(-12364, out);
- }
- /* test fail case with wrong keyID */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1,
- cert, certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(-12365, out);
- }
- ret = verifyBundle(derBuf, derSz, 1);
- if (ret == 0) {
- ERROR_OUT(-12366, out);
- }
- ret = 0;
- out:
- if (derBuf)
- XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* !NO_AES && HAVE_AES_CBC */
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- byte* encryptionKey;
- word32 encryptionKeySz;
- PKCS7Attrib* attribs;
- word32 attribsSz;
- const char* outFileName;
- } pkcs7EncryptedVector;
- WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
- {
- int ret = 0;
- int i, testSz;
- int encryptedSz, decodedSz, attribIdx;
- PKCS7* pkcs7;
- byte *encrypted;
- byte *decoded;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- PKCS7Attrib* expectedAttrib;
- PKCS7DecodedAttrib* decodedAttrib;
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_DES3
- byte desKey[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- byte des3Key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- #endif
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- byte aes128Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte aes192Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Attribute example from RFC 4134, Section 7.2
- * OID = 1.2.5555
- * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
- static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
- static byte genAttr[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
- static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
- static byte genAttr2[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
- PKCS7Attrib attribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
- };
- PKCS7Attrib multiAttribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
- { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
- };
- #endif
- #endif /* NO_AES */
- const pkcs7EncryptedVector testVectors[] =
- {
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
- NULL, 0, "pkcs7encryptedDataDES3.der"},
- {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
- NULL, 0, "pkcs7encryptedDataDES.der"},
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && defined(HAVE_AES_CBC)
- #ifdef WOLFSSL_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
- sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
- sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
- /* test with optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_attribs.der"},
- /* test with multiple optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), multiAttribs,
- (sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_multi_attribs.der"},
- /* test with contentType set to FirmwarePkgData */
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0,
- "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
- #endif
- #endif /* !NO_AES && HAVE_AES_CBC */
- };
- encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! encrypted) || (! decoded)) {
- ERROR_OUT(MEMORY_E, out);
- }
- testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL) {
- ERROR_OUT(-12400, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->encryptionKey = testVectors[i].encryptionKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
- pkcs7->unprotectedAttribs = testVectors[i].attribs;
- pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
- /* encode encryptedData */
- encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- PKCS7_BUF_SIZE);
- if (encryptedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12401, out);
- }
- /* decode encryptedData */
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < encryptedSz; z++) {
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(-12402, out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12403, out);
- }
- }
- #endif
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12404, out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12405, out);
- }
- /* verify decoded unprotected attributes */
- if (pkcs7->decodedAttrib != NULL) {
- decodedAttrib = pkcs7->decodedAttrib;
- attribIdx = 1;
- while (decodedAttrib != NULL) {
- /* expected attribute, stored list is reversed */
- expectedAttrib = &(pkcs7->unprotectedAttribs
- [pkcs7->unprotectedAttribsSz - attribIdx]);
- /* verify oid */
- if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
- decodedAttrib->oidSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12406, out);
- }
- /* verify value */
- if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
- decodedAttrib->valueSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12407, out);
- }
- decodedAttrib = decodedAttrib->next;
- attribIdx++;
- }
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12408, out);
- }
- ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret > 0)
- ret = 0;
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- out:
- if (encrypted)
- XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- const char* outFileName;
- } pkcs7CompressedVector;
- WOLFSSL_TEST_SUBROUTINE int pkcs7compressed_test(void)
- {
- int ret = 0;
- int i, testSz;
- int compressedSz, decodedSz;
- PKCS7* pkcs7;
- #ifdef WOLFSSL_SMALL_STACK
- byte *compressed;
- byte *decoded;
- #else
- byte compressed[PKCS7_BUF_SIZE];
- byte decoded[PKCS7_BUF_SIZE];
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- const pkcs7CompressedVector testVectors[] =
- {
- {data, (word32)sizeof(data), DATA,
- "pkcs7compressedData_data_zlib.der"},
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA,
- "pkcs7compressedData_firmwarePkgData_zlib.der"},
- };
- #ifdef WOLFSSL_SMALL_STACK
- compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! compressed) || (! decoded)) {
- ERROR_OUT(MEMORY_E, out);
- }
- #endif
- testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL) {
- ERROR_OUT(-12500, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- /* encode compressedData */
- compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed,
- PKCS7_BUF_SIZE);
- if (compressedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12501, out);
- }
- /* decode compressedData */
- decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed,
- compressedSz, decoded,
- PKCS7_BUF_SIZE);
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12502, out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, testVectors[i].content,
- testVectors[i].contentSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12503, out);
- }
- /* make sure content type is the same */
- if (testVectors[i].contentOID != pkcs7->contentOID) {
- ERROR_OUT(-12504, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 compressedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12505, out);
- }
- ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret > 0)
- ret = 0;
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (compressed)
- XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- } /* pkcs7compressed_test() */
- #undef PKCS7_BUF_SIZE
- #endif /* HAVE_LIBZ */
- typedef struct {
- const byte* content;
- word32 contentSz;
- int hashOID;
- int signOID;
- byte* privateKey;
- word32 privateKeySz;
- byte* cert;
- size_t certSz;
- byte* caCert;
- size_t caCertSz;
- PKCS7Attrib* signedAttribs;
- word32 signedAttribsSz;
- const char* outFileName;
- int contentOID;
- byte* contentType;
- word32 contentTypeSz;
- int sidType;
- int encryptOID; /* for single-shot encrypt alg OID */
- int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
- byte* encryptKey; /* for single-shot, encryptedData */
- word32 encryptKeySz; /* for single-shot, encryptedData */
- PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
- word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
- word16 detachedSignature; /* generate detached signature (0:1) */
- } pkcs7SignedVector;
- static int pkcs7signed_run_vectors(
- byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32 eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
- {
- int ret, testSz = 0, i;
- int encodedSz;
- byte* out = NULL;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7 = NULL;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE file;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- static byte transIdOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x07 };
- static byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- #ifndef NO_SHA
- static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- static byte messageType[] = { 0x13, 2, '1', '9' };
- static byte senderNonce[PKCS7_NONCE_SZ + 2];
- static PKCS7Attrib attribs[] =
- {
- { transIdOid, sizeof(transIdOid), transId,
- sizeof(transId) - 1 }, /* take off the null */
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- /* for testing custom contentType, FirmwarePkgData */
- static byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
- 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x01, 0x10 };
- #define MAX_TESTVECTORS_LEN 20
- #define ADD_PKCS7SIGNEDVECTOR(...) { \
- pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = -12534; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
- }
- pkcs7SignedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = -12567;
- goto out;
- }
- {
- #ifndef NO_RSA
- #ifndef NO_SHA
- /* RSA with SHA */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
- 0, 0);
- /* RSA with SHA, no signed attributes */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
- NULL, 0, NULL, 0,
- "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA224
- /* RSA with SHA224 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifndef NO_SHA256
- /* RSA with SHA256 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* RSA with SHA256, detached signature */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 1);
- /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* RSA with SHA256 and custom contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
- customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* RSA with SHA256 and FirmwarePkgData contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
- FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* RSA with SHA256 using server cert and ca cert */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
- rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
- rsaCaCertBuf, rsaCaCertBufSz,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 0);
- #endif
- #if defined(WOLFSSL_SHA384)
- /* RSA with SHA384 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #if defined(WOLFSSL_SHA512)
- /* RSA with SHA512 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- /* ECDSA with SHA */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA, no signed attributes */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
- NULL, 0, NULL, 0,
- "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA224
- /* ECDSA with SHA224 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifndef NO_SHA256
- /* ECDSA with SHA256 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* ECDSA with SHA256 and custom contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
- customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- /* ECDSA with SHA256 and FirmwarePkgData contentType */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
- FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA384
- /* ECDSA with SHA384 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #ifdef WOLFSSL_SHA512
- /* ECDSA with SHA512 */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0);
- #endif
- #endif /* HAVE_ECC */
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7SIGNEDVECTOR
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- ERROR_OUT(-12510, out);
- XMEMSET(out, 0, outSz);
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0)
- ERROR_OUT(-12511, out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(-12512, out);
- for (i = 0; i < testSz; i++) {
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(-12513, out);
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0)
- ERROR_OUT(-12514, out);
- /* load CA certificate, if present */
- if (testVectors[i].caCert != NULL) {
- ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
- (word32)testVectors[i].caCertSz);
- if (ret != 0)
- ERROR_OUT(-12515, out);
- }
- pkcs7->rng = &rng;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->hashOID = testVectors[i].hashOID;
- pkcs7->encryptOID = testVectors[i].signOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->signedAttribs = testVectors[i].signedAttribs;
- pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
- /* optional custom contentType, default is DATA,
- overrides contentOID if set */
- if (testVectors[i].contentType != NULL) {
- ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType,
- testVectors[i].contentTypeSz);
- if (ret != 0)
- ERROR_OUT(-12516, out);
- }
- /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
- default is IssuerAndSerialNumber */
- if (testVectors[i].sidType == CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0)
- ERROR_OUT(-12517, out);
- }
- /* generate senderNonce */
- {
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0)
- ERROR_OUT(-12518, out);
- }
- /* generate transactionID (used with SCEP) */
- {
- #ifndef NO_SHA
- wc_Sha sha;
- byte digest[WC_SHA_DIGEST_SIZE];
- #else
- wc_Sha256 sha;
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- int j,k;
- transId[0] = 0x13;
- transId[1] = sizeof(digest) * 2;
- #ifndef NO_SHA
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-12519, out);
- wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_ShaFinal(&sha, digest);
- wc_ShaFree(&sha);
- #else
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-12520, out);
- wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_Sha256Final(&sha, digest);
- wc_Sha256Free(&sha);
- #endif
- for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
- #if defined(WOLF_C89)
- XSPRINTF((char*)&transId[k], "%02x", digest[j]);
- #else
- (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
- #endif
- }
- }
- /* enable detached signature generation, if set */
- if (testVectors[i].detachedSignature == 1) {
- ret = wc_PKCS7_SetDetached(pkcs7, 1);
- if (ret != 0)
- ERROR_OUT(-12521, out);
- }
- encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
- if (encodedSz < 0)
- ERROR_OUT(-12522, out);
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = XFOPEN(testVectors[i].outFileName, "wb");
- if (!file) {
- ERROR_OUT(-12523, out);
- }
- ret = (int)XFWRITE(out, 1, encodedSz, file);
- XFCLOSE(file);
- if (ret != (int)encodedSz)
- ERROR_OUT(-12524, out);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(-12525, out);
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- if (testVectors[i].detachedSignature == 1) {
- /* set content for verifying detached signatures */
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- }
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0)
- ERROR_OUT(-12526, out);
- /* verify contentType extracted successfully for custom content types */
- if (testVectors[i].contentTypeSz > 0) {
- if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
- ERROR_OUT(-12527, out);
- } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
- pkcs7->contentTypeSz) != 0) {
- ERROR_OUT(-12528, out);
- }
- }
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
- ERROR_OUT(-12529, out);
- {
- /* check getting signed attributes */
- #ifndef NO_SHA
- byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- byte* oidPt = transIdOid + 2; /* skip object id tag and size */
- int oidSz = (int)sizeof(transIdOid) - 2;
- int bufSz = 0;
- if (testVectors[i].signedAttribs != NULL &&
- wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
- NULL, (word32*)&bufSz) != LENGTH_ONLY_E)
- ERROR_OUT(-12530, out);
- if (bufSz > (int)sizeof(buf))
- ERROR_OUT(-12531, out);
- bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
- buf, (word32*)&bufSz);
- if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
- (testVectors[i].signedAttribs == NULL && bufSz > 0))
- ERROR_OUT(-12532, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- file = XFOPEN("./pkcs7cert.der", "wb");
- if (!file)
- ERROR_OUT(-12533, out);
- ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
- XFCLOSE(file);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- }
- out:
- if (pkcs7 != NULL)
- wc_PKCS7_Free(pkcs7);
- if (out != NULL)
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors != NULL)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- return ret;
- }
- static int pkcs7signed_run_SingleShotVectors(
- byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32 eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
- {
- int ret, testSz = 0, i;
- int encodedSz;
- byte* out = NULL;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7 = NULL;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE file;
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
- !defined(NO_PKCS7_ENCRYPTED_DATA)
- byte* encryptedTmp = NULL;
- int encryptedTmpSz;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- static byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- static byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static byte messageType[] = { 0x13, 2, '1', '9' };
- PKCS7Attrib attribs[] =
- {
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- };
- #define MAX_TESTVECTORS_LEN 19
- #define ADD_PKCS7SIGNEDVECTOR(...) { \
- pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
- if (testSz == MAX_TESTVECTORS_LEN) { \
- ret = -12568; \
- goto out; \
- } \
- XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
- }
- pkcs7SignedVector *testVectors = NULL;
- XMEMSET(&rng, 0, sizeof(rng));
- testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (testVectors == NULL) {
- ret = -12567;
- goto out;
- }
- {
- #ifndef NO_RSA
- #ifndef NO_SHA256
- /* Signed FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
- 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, RSA, SHA256, attrs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
- 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
- rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
- rsaCaCertBuf, rsaCaCertBufSz,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
- NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
- /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
- NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
- NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
- NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
- no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
- 0, 0);
- /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
- attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* !NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- #endif /* NO_SHA256 */
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA256
- /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
- /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
- 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
- #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
- defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
- /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
- /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
- no attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
- 0, 0);
- /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
- attribs */
- ADD_PKCS7SIGNEDVECTOR(
- data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
- #endif /* !NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- #endif /* NO_SHA256 */
- #endif /* HAVE_ECC */
- };
- #undef MAX_TESTVECTORS_LEN
- #undef ADD_PKCS7SIGNEDVECTOR
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- ERROR_OUT(-12540, out);
- XMEMSET(out, 0, outSz);
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0)
- ERROR_OUT(-12541, out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(-12542, out);
- for (i = 0; i < testSz; i++) {
- if (pkcs7)
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(-12543, out);
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0)
- ERROR_OUT(-12544, out);
- /* load CA certificate, if present */
- if (testVectors[i].caCert != NULL) {
- ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
- (word32)testVectors[i].caCertSz);
- if (ret != 0)
- ERROR_OUT(-12545, out);
- }
- /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
- default is IssuerAndSerialNumber */
- if (testVectors[i].sidType == CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0)
- ERROR_OUT(-12546, out);
- }
- if (testVectors[i].encCompFlag == 0) {
- /* encode Signed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].signOID, testVectors[i].hashOID,
- (byte*)testVectors[i].content, testVectors[i].contentSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz < 0)
- ERROR_OUT(-12547, out);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- } else if (testVectors[i].encCompFlag == 1) {
- /* encode Signed Encrypted FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
- testVectors[i].encryptKey, testVectors[i].encryptKeySz,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].encryptOID, testVectors[i].signOID,
- testVectors[i].hashOID, (byte*)testVectors[i].content,
- testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
- testVectors[i].unprotectedAttribsSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(-12548, out);
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- } else if (testVectors[i].encCompFlag == 2) {
- /* encode Signed Compressed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].signOID, testVectors[i].hashOID,
- (byte*)testVectors[i].content, testVectors[i].contentSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(-12549, out);
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- } else if (testVectors[i].encCompFlag == 3) {
- /* encode Signed Encrypted Compressed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
- testVectors[i].encryptKey, testVectors[i].encryptKeySz,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].encryptOID, testVectors[i].signOID,
- testVectors[i].hashOID, (byte*)testVectors[i].content,
- testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
- testVectors[i].unprotectedAttribsSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0)
- ERROR_OUT(-12550, out);
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- } else {
- /* unsupported SignedData single-shot combination */
- ERROR_OUT(-12551, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = XFOPEN(testVectors[i].outFileName, "wb");
- if (!file)
- ERROR_OUT(-12552, out);
- ret = (int)XFWRITE(out, 1, encodedSz, file);
- XFCLOSE(file);
- file = NULL;
- if (ret != (int)encodedSz)
- ERROR_OUT(-12553, out);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- ERROR_OUT(-12554, out);
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0)
- ERROR_OUT(-12555, out);
- #ifndef NO_PKCS7_STREAM
- {
- word32 z;
- for (z = 0; z < outSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
- if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", ret);
- ERROR_OUT(-12556, out);
- }
- }
- }
- #endif
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
- ERROR_OUT(-12557, out);
- if (testVectors[i].encCompFlag == 0) {
- /* verify decoded content matches expected */
- if ((pkcs7->contentSz != testVectors[i].contentSz) ||
- XMEMCMP(pkcs7->content, testVectors[i].content,
- pkcs7->contentSz)) {
- ERROR_OUT(-12558, out);
- }
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- else if (testVectors[i].encCompFlag == 1) {
- /* decrypt inner encryptedData */
- pkcs7->encryptionKey = testVectors[i].encryptKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
- ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(-12559, out);
- /* compare decrypted to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(-12560, out);
- }
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- else if (testVectors[i].encCompFlag == 2) {
- /* decompress inner compressedData */
- ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(-12561, out);
- /* compare decompressed to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(-12562, out);
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- else if (testVectors[i].encCompFlag == 3) {
- encryptedTmpSz = FOURK_BUF;
- encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encryptedTmp == NULL)
- ERROR_OUT(-12563, out);
- XMEMSET(encryptedTmp, 0, encryptedTmpSz);
- /* decrypt inner encryptedData */
- pkcs7->encryptionKey = testVectors[i].encryptKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
- encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, encryptedTmp,
- encryptedTmpSz);
- if (encryptedTmpSz < 0 || pkcs7->contentOID != COMPRESSED_DATA)
- ERROR_OUT(-12564, out);
- /* decompress inner compressedData */
- ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp,
- encryptedTmpSz, out, outSz);
- if (ret < 0)
- ERROR_OUT(-12565, out);
- /* compare decompressed to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret))
- ERROR_OUT(-12566, out);
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- }
- out:
- if (pkcs7 != NULL)
- wc_PKCS7_Free(pkcs7);
- if (out != NULL)
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
- !defined(NO_PKCS7_ENCRYPTED_DATA)
- if (encryptedTmp != NULL)
- XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (testVectors != NULL)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void)
- {
- int ret = 0;
- byte* rsaClientCertBuf = NULL;
- byte* rsaServerCertBuf = NULL;
- byte* rsaCaCertBuf = NULL;
- byte* eccClientCertBuf = NULL;
- byte* rsaClientPrivKeyBuf = NULL;
- byte* rsaServerPrivKeyBuf = NULL;
- byte* rsaCaPrivKeyBuf = NULL;
- byte* eccClientPrivKeyBuf = NULL;
- word32 rsaClientCertBufSz = 0;
- word32 rsaServerCertBufSz = 0;
- word32 rsaCaCertBufSz = 0;
- word32 eccClientCertBufSz = 0;
- word32 rsaClientPrivKeyBufSz = 0;
- word32 rsaServerPrivKeyBufSz = 0;
- word32 rsaCaPrivKeyBufSz = 0;
- word32 eccClientPrivKeyBufSz = 0;
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaClientCertBuf == NULL)
- ret = -12600;
- rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaClientPrivKeyBuf == NULL) {
- ret = -12601;
- }
- rsaClientCertBufSz = FOURK_BUF;
- rsaClientPrivKeyBufSz = FOURK_BUF;
- /* read server RSA cert and key in DER format */
- rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaServerCertBuf == NULL)
- ret = -12602;
- rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaServerPrivKeyBuf == NULL) {
- ret = -12603;
- }
- rsaServerCertBufSz = FOURK_BUF;
- rsaServerPrivKeyBufSz = FOURK_BUF;
- /* read CA RSA cert and key in DER format, for use with server cert */
- rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaCaCertBuf == NULL)
- ret = -12604;
- rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaCaPrivKeyBuf == NULL) {
- ret = -12605;
- }
- rsaCaCertBufSz = FOURK_BUF;
- rsaCaPrivKeyBufSz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && eccClientCertBuf == NULL) {
- ret = -12606;
- }
- eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && eccClientPrivKeyBuf == NULL) {
- ret = -12607;
- }
- eccClientCertBufSz = FOURK_BUF;
- eccClientPrivKeyBufSz = FOURK_BUF;
- #endif /* HAVE_ECC */
- if (ret >= 0)
- ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz,
- rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz,
- rsaServerCertBuf, &rsaServerCertBufSz,
- rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz,
- rsaCaCertBuf, &rsaCaCertBufSz,
- rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz,
- eccClientCertBuf, &eccClientCertBufSz,
- eccClientPrivKeyBuf, &eccClientPrivKeyBufSz);
- if (ret < 0) {
- ret = -12608;
- }
- if (ret >= 0)
- ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
- rsaServerCertBuf, (word32)rsaServerCertBufSz,
- rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
- rsaCaCertBuf, (word32)rsaCaCertBufSz,
- rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
- eccClientCertBuf, (word32)eccClientCertBufSz,
- eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
- if (ret >= 0)
- ret = pkcs7signed_run_SingleShotVectors(
- rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
- rsaServerCertBuf, (word32)rsaServerCertBufSz,
- rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
- rsaCaCertBuf, (word32)rsaCaCertBufSz,
- rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
- eccClientCertBuf, (word32)eccClientCertBufSz,
- eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
- #if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC)
- if (ret >= 0)
- ret = pkcs7callback_test(
- rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz);
- #endif
- XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_PKCS7 */
- #ifdef HAVE_VALGRIND
- /* Need a static build to have access to symbols. */
- /* Maximum number of bytes in a number to test. */
- #define MP_MAX_TEST_BYTE_LEN 32
- static int randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
- {
- byte d[MP_MAX_TEST_BYTE_LEN];
- int ret;
- (void)heap;
- do {
- ret = wc_RNG_GenerateBlock(rng, d, len);
- if (ret != 0)
- return ret;
- ret = mp_read_unsigned_bin(n, d, len);
- if (ret != 0)
- return ret;
- } while (mp_iszero(n));
- return 0;
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
- static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- int i, j;
- mp_digit rem;
- mp_digit rem2;
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- for (i = 0; i < 10; i++) {
- for (j = 1; j < 10; j++) {
- if (randNum(a, j, rng, NULL) != 0)
- return -12620;
- if (mp_div_3(a, r, &rem) != 0)
- return -12621;
- if (mp_mul_d(r, 3, r) != 0)
- return -12622;
- if (mp_add_d(r, rem, r) != 0)
- return -12623;
- if (mp_cmp(r, a) != MP_EQ)
- return -12624;
- }
- }
- if (mp_div_3(a, r, &rem) != 0)
- return -12625;
- if (mp_div_3(a, a, NULL) != 0)
- return -12626;
- if (mp_cmp(r, a) != MP_EQ)
- return -12627;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL)
- if (mp_div_d(a, 10, r, &rem) != 0)
- return -12628;
- if (mp_div_d(a, 10, a, NULL) != 0)
- return -12629;
- if (mp_cmp(r, a) != MP_EQ)
- return -12630;
- if (mp_div_d(a, 12, r, &rem) != 0)
- return -12631;
- if (mp_div_d(a, 12, a, NULL) != 0)
- return -12632;
- if (mp_cmp(r, a) != MP_EQ)
- return -12633;
- if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem) != 0)
- return -12634;
- if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2) != 0)
- return -12635;
- if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL) != 0)
- return -12636;
- if (mp_cmp(r, a) != MP_EQ)
- return -12637;
- if (rem != rem2)
- return -12638;
- #endif
- (void)a;
- (void)r;
- (void)rng;
- (void)i;
- (void)j;
- (void)rem;
- (void)rem2;
- return 0;
- }
- #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
- (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
- static int mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- int ret;
- int i, j;
- int size;
- char str[30];
- WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr3 = " ";
- WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
- WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
- for (i = 0; i < 10; i++) {
- for (j = 2; j < 12; j++) {
- if (randNum(a, j, rng, NULL) != 0)
- return -12640;
- if (mp_radix_size(a, MP_RADIX_DEC, &size) != MP_OKAY)
- return -12641;
- if (mp_toradix(a, str, MP_RADIX_DEC) != MP_OKAY)
- return -12660;
- if ((int)XSTRLEN(str) != size - 1)
- return -12642;
- if (mp_read_radix(r, str, MP_RADIX_DEC) != MP_OKAY)
- return -12661;
- if (mp_cmp(a, r) != MP_EQ)
- return -12643;
- }
- }
- if (mp_read_radix(r, badStr1, MP_RADIX_DEC) != MP_VAL)
- return -12644;
- if (mp_read_radix(r, badStr2, MP_RADIX_DEC) != MP_VAL)
- return -12645;
- if (mp_read_radix(r, badStr3, MP_RADIX_DEC) != MP_VAL)
- return -12646;
- if (mp_read_radix(r, zeros, MP_RADIX_DEC) != MP_OKAY)
- return -12647;
- if (!mp_iszero(r))
- return -12648;
- mp_set(r, 1);
- if (mp_read_radix(r, empty, MP_RADIX_DEC) != MP_OKAY)
- return -12649;
- if (!mp_iszero(r))
- return -12650;
- mp_zero(a);
- ret = mp_radix_size(a, MP_RADIX_DEC, &size);
- if (ret != 0)
- return -12651;
- if (size != 2)
- return -12652;
- ret = mp_toradix(a, str, MP_RADIX_DEC);
- if (ret != 0)
- return -12653;
- if ((int)XSTRLEN(str) != size - 1)
- return -12654;
- ret = mp_read_radix(r, str, MP_RADIX_DEC);
- if (ret != 0)
- return -12655;
- if (!mp_iszero(r))
- return -12656;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
- defined(HAVE_ECC))
- static int mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- int ret;
- int i, j;
- int size;
- char str[30];
- #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
- static char longStr[2 * sizeof(a->dp) + 2];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = " ";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
- WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
- for (i = 0; i < 10; i++) {
- for (j = 2; j < 12; j++) {
- if (randNum(a, j, rng, NULL) != 0)
- return -12660;
- mp_radix_size(a, MP_RADIX_HEX, &size);
- mp_toradix(a, str, MP_RADIX_HEX);
- if ((int)XSTRLEN(str) != size - 1)
- return -12661;
- mp_read_radix(r, str, MP_RADIX_HEX);
- if (mp_cmp(a, r) != MP_EQ)
- return -12662;
- }
- }
- if (mp_read_radix(r, badStr1, MP_RADIX_HEX) != MP_VAL)
- return -12663;
- if (mp_read_radix(r, badStr2, MP_RADIX_HEX) != MP_VAL)
- return -12664;
- mp_set(r, 1);
- if (mp_read_radix(r, empty, MP_RADIX_HEX) != MP_OKAY)
- return -12665;
- if (!mp_iszero(r))
- return -12666;
- #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
- /* Fixed MP data size - string can be too long. */
- longStr[0] = '8';
- XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
- longStr[sizeof(longStr)-1] = '\0';
- if (mp_read_radix(r, longStr, MP_RADIX_HEX) != MP_VAL)
- return -12667;
- #endif
- mp_zero(a);
- ret = mp_radix_size(a, MP_RADIX_HEX, &size);
- if (ret != 0)
- return -12668;
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- if (size != 3)
- #else
- if (size != 2)
- #endif
- return -12669;
- ret = mp_toradix(a, str, MP_RADIX_HEX);
- if (ret != 0)
- return -12670;
- if ((int)XSTRLEN(str) != size - 1)
- return -12671;
- ret = mp_read_radix(r, str, MP_RADIX_HEX);
- if (ret != 0)
- return -12672;
- if (!mp_iszero(r))
- return -12673;
- #ifdef WOLFSSL_SP_MATH
- ret = mp_toradix(a, str, 8);
- if (ret != MP_VAL)
- return -12674;
- ret = mp_radix_size(a, 8, &size);
- if (ret != MP_VAL)
- return -12675;
- #endif
- return 0;
- }
- #endif
- static int mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
- {
- int i;
- if (randNum(a, 4, rng, NULL) != 0)
- return -12680;
- for (i = 0; i < 4; i++) {
- mp_copy(r1, a);
- if (mp_lshd(r1, i) != MP_OKAY)
- return -12681;
- mp_rshd(r1, i);
- if (mp_cmp(a, r1) != MP_EQ)
- return -12682;
- }
- #ifndef WOLFSSL_SP_MATH
- for (i = 0; i < DIGIT_BIT+1; i++) {
- if (mp_mul_2d(a, i, r1) != MP_OKAY)
- return -12683;
- mp_rshb(r1, i);
- if (mp_cmp(a, r1) != MP_EQ)
- return -12684;
- }
- #endif
- return 0;
- }
- static int mp_test_add_sub_d(mp_int* a, mp_int* r1)
- {
- int i, j;
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- mp_zero(a);
- mp_set_bit(a, i);
- if (a->used != (i + DIGIT_BIT) / DIGIT_BIT)
- return -12690;
- for (j = 0; j < i && j < DIGIT_BIT; j++) {
- mp_zero(r1);
- mp_set_bit(r1, i);
- if (mp_sub_d(r1, (mp_digit)1 << j, r1) != MP_OKAY)
- return -12691;
- if (mp_add_d(r1, (mp_digit)1 << j, r1) != MP_OKAY)
- return -12692;
- if (mp_cmp(a, r1) != MP_EQ)
- return -12693;
- }
- }
- mp_zero(r1);
- if (mp_add_d(r1, 1, r1) != MP_OKAY)
- return -12694;
- if (r1->used != 1)
- return -12695;
- if (mp_sub_d(r1, 1, r1) != MP_OKAY)
- return -12696;
- if (r1->used != 0)
- return -12697;
- return 0;
- }
- static int mp_test_read_to_bin(mp_int* a)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte in[16] = {
- 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08,
- 0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09
- };
- byte out[24];
- int i, j, k;
- const byte* p;
- int ret;
- for (i = 0; i < (int)sizeof(in); i++) {
- p = in + sizeof(in) - i;
- ret = mp_read_unsigned_bin(a, p, i);
- if (ret != 0)
- return -12710;
- for (j = i; j < (int)sizeof(out); j++) {
- XMEMSET(out, 0xff, sizeof(out));
- ret = mp_to_unsigned_bin_len(a, out, j);
- if (ret != 0)
- return -12711;
- for (k = 0; k < j - i; k++) {
- if (out[k] != 0)
- return -12712;
- }
- for (; k < j; k++) {
- if (out[k] != p[k - (j - i)])
- return -12713;
- }
- }
- }
- ret = mp_read_unsigned_bin(a, NULL, 0);
- if (ret != 0)
- return -12714;
- if (!mp_iszero(a))
- return -12715;
- return 0;
- }
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_set_int(mp_int* a)
- {
- #if SP_ULONG_BITS == 64
- unsigned long n = 0xfedcba9876543210UL;
- byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
- byte out[8] = { 0 };
- #elif SP_ULONG_BITS == 32
- unsigned long n = 0xfedcba98UL;
- byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 };
- byte out[4] = { 0 };
- #elif SP_ULONG_BITS == 16
- unsigned long n = 0xfedc;
- byte exp[2] = { 0xfe, 0xdc };
- byte out[2] = { 0 };
- #elif SP_ULONG_BITS == 8
- unsigned long n = 0xfe;
- byte exp[1] = { 0xfe };
- byte out[1] = { 0 };
- #endif
- int ret;
- ret = mp_set_int(a, n);
- if (ret != 0)
- return -12720;
- ret = mp_unsigned_bin_size(a);
- if (ret != sizeof(exp))
- return -12721;
- ret = mp_to_unsigned_bin(a, out);
- if (ret != 0)
- return -12722;
- if (XMEMCMP(exp, out, sizeof(exp)) != 0)
- return -12723;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
- {
- byte buffer[16];
- #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
- char hexStr[] = "abcdef0123456789";
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- char negStr[] = "-1234";
- #endif
- #endif
- #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_COMP_KEY)
- char decStr[] = "0987654321";
- #endif
- int ret;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_digit rho;
- int size;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- int result;
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- mp_digit rd;
- #endif
- (void)rng;
- (void)r;
- ret = mp_init(NULL);
- if (ret != MP_VAL)
- return -12730;
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
- ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL);
- if (ret != MP_OKAY)
- return -12731;
- #endif
- mp_free(NULL);
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = mp_grow(NULL, 1);
- if (ret != MP_VAL)
- return -12732;
- #ifdef WOLFSSL_SP_MATH
- ret = mp_grow(a, SP_INT_DIGITS + 1);
- if (ret != MP_MEM)
- return -12733;
- #endif
- #endif
- mp_clear(NULL);
- ret = mp_abs(NULL, NULL);
- if (ret != MP_VAL)
- return -12734;
- ret = mp_abs(a, NULL);
- if (ret != MP_VAL)
- return -12735;
- ret = mp_abs(NULL, b);
- if (ret != MP_VAL)
- return -12736;
- ret = mp_unsigned_bin_size(NULL);
- if (ret != 0)
- return -12737;
- ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
- if (ret != MP_VAL)
- return -12738;
- ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
- if (ret != MP_VAL)
- return -12739;
- ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
- if (ret != MP_VAL)
- return -12740;
- ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
- if (ret != MP_VAL)
- return -12741;
- #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_read_radix(NULL, NULL, 16);
- if (ret != MP_VAL)
- return -12742;
- ret = mp_read_radix(a, NULL, 16);
- if (ret != MP_VAL)
- return -12743;
- ret = mp_read_radix(NULL, hexStr, 16);
- if (ret != MP_VAL)
- return -12744;
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- ret = mp_read_radix(a, negStr, 16);
- if (ret != MP_VAL)
- return -12745;
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_read_radix(a, negStr, 10);
- if (ret != MP_VAL)
- return -12746;
- #endif /* WOLFSSL_SP_MATH_ALL */
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- #endif
- #ifndef WOLFSSL_SP_MATH_ALL
- /* Radix 10 only supported with ALL. */
- ret = mp_read_radix(a, decStr, 10);
- if (ret != MP_VAL)
- return -12747;
- #endif
- /* Radix 8 not supported SP_INT. */
- ret = mp_read_radix(a, "0123", 8);
- if (ret != MP_VAL)
- return -12748;
- ret = mp_count_bits(NULL);
- if (ret != 0)
- return -12749;
- ret = mp_is_bit_set(NULL, 0);
- if (ret != 0)
- return -12750;
- ret = mp_leading_bit(NULL);
- if (ret != 0)
- return -12751;
- mp_zero(a);
- ret = mp_leading_bit(a);
- if (ret != 0)
- return -12752;
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- !defined(NO_RSA)
- ret = mp_set_bit(NULL, 1);
- if (ret != MP_VAL)
- return -12753;
- #endif
- #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_to_unsigned_bin(NULL, NULL);
- if (ret != MP_VAL)
- return -12754;
- ret = mp_to_unsigned_bin(a, NULL);
- if (ret != MP_VAL)
- return -12755;
- ret = mp_to_unsigned_bin(NULL, buffer);
- if (ret != MP_VAL)
- return -12756;
- #endif
- ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
- if (ret != MP_VAL)
- return -12757;
- ret = mp_to_unsigned_bin_len(a, NULL, 1);
- if (ret != MP_VAL)
- return -12758;
- ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
- if (ret != MP_VAL)
- return -12759;
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
- if (ret != MP_VAL)
- return -12760;
- ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
- if (ret != MP_VAL)
- return -12761;
- ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
- if (ret != MP_VAL)
- return -12762;
- ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
- if (ret != MP_OKAY)
- return -12763;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
- ret = mp_copy(NULL, NULL);
- if (ret != MP_VAL)
- return -12764;
- ret = mp_copy(a, NULL);
- if (ret != MP_VAL)
- return -12765;
- ret = mp_copy(NULL, b);
- if (ret != MP_VAL)
- return -12766;
- #endif
- #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
- ret = sp_2expt(NULL, 1);
- if (ret != MP_VAL)
- return -12767;
- #endif
- ret = mp_set(NULL, 0);
- if (ret != MP_VAL)
- return -12768;
- ret = mp_cmp_d(NULL, 0);
- if (ret != MP_LT)
- return -12769;
- ret = mp_cmp(NULL, NULL);
- if (ret != MP_EQ)
- return -12770;
- ret = mp_cmp(a, NULL);
- if (ret != MP_GT)
- return -12771;
- ret = mp_cmp(NULL, b);
- if (ret != MP_LT)
- return -12772;
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- mp_rshd(NULL, 1);
- #endif
- mp_zero(NULL);
- #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_lshd(NULL, 0);
- if (ret != MP_VAL)
- return -12773;
- ret = mp_lshd(a, SP_INT_DIGITS + 1);
- if (ret != MP_VAL)
- return -12774;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_div(NULL, NULL, a, b);
- if (ret != MP_VAL)
- return -12775;
- ret = mp_div(a, NULL, a, b);
- if (ret != MP_VAL)
- return -12776;
- ret = mp_div(NULL, b, a, b);
- if (ret != MP_VAL)
- return -12777;
- ret = mp_div(a, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12778;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_mod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12779;
- ret = mp_mod(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12780;
- ret = mp_mod(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12781;
- ret = mp_mod(NULL, NULL, r);
- if (ret != MP_VAL)
- return -12782;
- ret = mp_mod(a, b, NULL);
- if (ret != MP_VAL)
- return -12783;
- ret = mp_mod(a, NULL, r);
- if (ret != MP_VAL)
- return -12784;
- ret = mp_mod(NULL, b, r);
- if (ret != MP_VAL)
- return -12785;
- #endif
- #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_set_int(NULL, 0);
- if (ret != MP_VAL)
- return -12786;
- #endif
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return 9950;
- ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return 9951;
- ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
- if (ret != MP_VAL)
- return 9952;
- ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
- if (ret != MP_VAL)
- return 9953;
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
- if (ret != MP_VAL)
- return 9954;
- ret = mp_exptmod_ex(a, a, 1, a, NULL);
- if (ret != MP_VAL)
- return 9955;
- ret = mp_exptmod_ex(a, a, 1, NULL, a);
- if (ret != MP_VAL)
- return 9956;
- ret = mp_exptmod_ex(a, NULL, 1, a, a);
- if (ret != MP_VAL)
- return 9957;
- ret = mp_exptmod_ex(NULL, a, 1, a, a);
- if (ret != MP_VAL)
- return 9958;
- ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return 9960;
- ret = mp_exptmod_nct(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return 9961;
- ret = mp_exptmod_nct(NULL, a, NULL, NULL);
- if (ret != MP_VAL)
- return 9962;
- ret = mp_exptmod_nct(NULL, NULL, a, NULL);
- if (ret != MP_VAL)
- return 9963;
- ret = mp_exptmod_nct(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return 9964;
- ret = mp_exptmod_nct(a, a, a, NULL);
- if (ret != MP_VAL)
- return 9965;
- ret = mp_exptmod_nct(a, a, NULL, a);
- if (ret != MP_VAL)
- return 9966;
- ret = mp_exptmod_nct(a, NULL, a, a);
- if (ret != MP_VAL)
- return 9967;
- ret = mp_exptmod_nct(NULL, a, a, a);
- if (ret != MP_VAL)
- return 9968;
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- ret = mp_rand_prime(NULL, 32, NULL, NULL);
- if (ret != MP_VAL)
- return -12787;
- ret = mp_rand_prime(a, 32, NULL, NULL);
- if (ret != MP_VAL)
- return -12788;
- ret = mp_rand_prime(NULL, 32, rng, NULL);
- if (ret != MP_VAL)
- return -12789;
- ret = mp_rand_prime(a, 0, rng, NULL);
- if (ret != MP_VAL)
- return -9969;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_mul(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12790;
- ret = mp_mul(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12791;
- ret = mp_mul(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12792;
- ret = mp_mul(NULL, NULL, r);
- if (ret != MP_VAL)
- return -12793;
- ret = mp_mul(a, b, NULL);
- if (ret != MP_VAL)
- return -12794;
- ret = mp_mul(a, NULL, r);
- if (ret != MP_VAL)
- return -12795;
- ret = mp_mul(NULL, b, r);
- if (ret != MP_VAL)
- return -12796;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_sqr(NULL, NULL);
- if (ret != MP_VAL)
- return -12797;
- ret = mp_sqr(a, NULL);
- if (ret != MP_VAL)
- return -12798;
- ret = mp_sqr(NULL, r);
- if (ret != MP_VAL)
- return -12799;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_sqrmod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12800;
- ret = mp_sqrmod(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12801;
- ret = mp_sqrmod(NULL, a, NULL);
- if (ret != MP_VAL)
- return -12802;
- ret = mp_sqrmod(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12803;
- ret = mp_sqrmod(a, b, NULL);
- if (ret != MP_VAL)
- return -12804;
- ret = mp_sqrmod(a, NULL, b);
- if (ret != MP_VAL)
- return -12805;
- ret = mp_sqrmod(NULL, a, b);
- if (ret != MP_VAL)
- return -12806;
- ret = mp_mulmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12807;
- ret = mp_mulmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12808;
- ret = mp_mulmod(NULL, a, NULL, NULL);
- if (ret != MP_VAL)
- return -12809;
- ret = mp_mulmod(NULL, NULL, a, NULL);
- if (ret != MP_VAL)
- return -12810;
- ret = mp_mulmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12811;
- ret = mp_mulmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12812;
- ret = mp_mulmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12813;
- ret = mp_mulmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12814;
- ret = mp_mulmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12815;
- #endif
- #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
- !defined(NO_RSA) || !defined(NO_DSA)
- ret = mp_add_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12816;
- ret = mp_add_d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12817;
- ret = mp_add_d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12818;
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
- ret = mp_sub_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12819;
- ret = mp_sub_d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12820;
- ret = mp_sub_d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12821;
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- ret = mp_div_d(NULL, 0, NULL, NULL);
- if (ret != MP_VAL)
- return -12822;
- ret = mp_div_d(a, 0, NULL, NULL);
- if (ret != MP_VAL)
- return -12823;
- ret = mp_div_d(NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12824;
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- ret = mp_mod_d(NULL, 0, NULL);
- if (ret != MP_VAL)
- return -12825;
- ret = mp_mod_d(a, 0, NULL);
- if (ret != MP_VAL)
- return -12826;
- ret = mp_mod_d(NULL, 0, &rd);
- if (ret != MP_VAL)
- return -12827;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- ret = mp_gcd(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12828;
- ret = mp_gcd(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12829;
- ret = mp_gcd(NULL, a, NULL);
- if (ret != MP_VAL)
- return -12830;
- ret = mp_gcd(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12831;
- ret = mp_gcd(a, b, NULL);
- if (ret != MP_VAL)
- return -12832;
- ret = mp_gcd(a, NULL, b);
- if (ret != MP_VAL)
- return -12833;
- ret = mp_gcd(NULL, a, b);
- if (ret != MP_VAL)
- return -12834;
- #endif
- #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
- ret = mp_div_2_mod_ct(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12835;
- ret = mp_div_2_mod_ct(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12836;
- ret = mp_div_2_mod_ct(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12837;
- ret = mp_div_2_mod_ct(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12838;
- ret = mp_div_2_mod_ct(a, b, NULL);
- if (ret != MP_VAL)
- return -12839;
- ret = mp_div_2_mod_ct(a, b, NULL);
- if (ret != MP_VAL)
- return -12840;
- ret = mp_div_2_mod_ct(NULL, b, a);
- if (ret != MP_VAL)
- return -12841;
- ret = mp_div_2(NULL, NULL);
- if (ret != MP_VAL)
- return -12842;
- ret = mp_div_2(a, NULL);
- if (ret != MP_VAL)
- return -12843;
- ret = mp_div_2(NULL, a);
- if (ret != MP_VAL)
- return -12844;
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
- ret = mp_invmod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12845;
- ret = mp_invmod(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12846;
- ret = mp_invmod(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12847;
- ret = mp_invmod(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12848;
- ret = mp_invmod(a, b, NULL);
- if (ret != MP_VAL)
- return -12849;
- ret = mp_invmod(a, NULL, a);
- if (ret != MP_VAL)
- return -12850;
- ret = mp_invmod(NULL, b, a);
- if (ret != MP_VAL)
- return -12851;
- #endif
- #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
- ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
- if (ret != MP_VAL)
- return -12852;
- ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
- if (ret != MP_VAL)
- return -12853;
- ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
- if (ret != MP_VAL)
- return -12854;
- ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
- if (ret != MP_VAL)
- return -12855;
- ret = mp_invmod_mont_ct(a, b, NULL, 1);
- if (ret != MP_VAL)
- return -12856;
- ret = mp_invmod_mont_ct(a, NULL, a, 1);
- if (ret != MP_VAL)
- return -12857;
- ret = mp_invmod_mont_ct(NULL, b, a, 1);
- if (ret != MP_VAL)
- return -12858;
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- ret = mp_lcm(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12859;
- ret = mp_lcm(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12860;
- ret = mp_lcm(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12861;
- ret = mp_lcm(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12862;
- ret = mp_lcm(a, b, NULL);
- if (ret != MP_VAL)
- return -12863;
- ret = mp_lcm(a, NULL, a);
- if (ret != MP_VAL)
- return -12864;
- ret = mp_lcm(NULL, b, a);
- if (ret != MP_VAL)
- return -12865;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12866;
- ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12867;
- ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12868;
- ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
- if (ret != MP_VAL)
- return -12869;
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
- if (ret != MP_VAL)
- return -12870;
- ret = mp_exptmod_ex(a, b, 1, b, NULL);
- if (ret != MP_VAL)
- return -12871;
- ret = mp_exptmod_ex(a, b, 1, NULL, a);
- if (ret != MP_VAL)
- return -12872;
- ret = mp_exptmod_ex(a, NULL, 1, b, a);
- if (ret != MP_VAL)
- return -12873;
- ret = mp_exptmod_ex(NULL, b, 1, b, a);
- if (ret != MP_VAL)
- return -12874;
- ret = mp_exptmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12875;
- ret = mp_exptmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12876;
- ret = mp_exptmod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12877;
- ret = mp_exptmod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return -12878;
- ret = mp_exptmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12879;
- ret = mp_exptmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12880;
- ret = mp_exptmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12881;
- ret = mp_exptmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12882;
- ret = mp_exptmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12883;
- ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12884;
- ret = mp_exptmod_nct(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12885;
- ret = mp_exptmod_nct(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12886;
- ret = mp_exptmod_nct(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return -12887;
- ret = mp_exptmod_nct(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12888;
- ret = mp_exptmod_nct(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12889;
- ret = mp_exptmod_nct(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12890;
- ret = mp_exptmod_nct(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12891;
- ret = mp_exptmod_nct(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12892;
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
- ret = mp_cnt_lsb(NULL);
- if (ret != 0)
- return -12893;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- ret = mp_prime_is_prime(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12894;
- ret = mp_prime_is_prime(a, 1, NULL);
- if (ret != MP_VAL)
- return -12895;
- ret = mp_prime_is_prime(NULL, 1, &result);
- if (ret != MP_VAL)
- return -12896;
- ret = mp_prime_is_prime(a, 0, &result);
- if (ret != MP_VAL)
- return -12897;
- ret = mp_prime_is_prime(a, 1024, &result);
- if (ret != MP_VAL)
- return -12898;
- ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12899;
- ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12900;
- ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
- if (ret != MP_VAL)
- return -12901;
- ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
- if (ret != MP_VAL)
- return -12902;
- ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
- if (ret != MP_VAL)
- return -12903;
- ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
- if (ret != MP_VAL)
- return -12904;
- ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
- if (ret != MP_VAL)
- return -12905;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
- ret = mp_exch(NULL, NULL);
- if (ret != MP_VAL)
- return -12906;
- ret = mp_exch(a, NULL);
- if (ret != MP_VAL)
- return -12907;
- ret = mp_exch(NULL, b);
- if (ret != MP_VAL)
- return -12908;
- #endif
- #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_mul_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12909;
- ret = mp_mul_d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12910;
- ret = mp_mul_d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12911;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_add(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12912;
- ret = mp_add(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12913;
- ret = mp_add(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12914;
- ret = mp_add(NULL, NULL, r);
- if (ret != MP_VAL)
- return -12915;
- ret = mp_add(a, b, NULL);
- if (ret != MP_VAL)
- return -12916;
- ret = mp_add(a, NULL, r);
- if (ret != MP_VAL)
- return -12917;
- ret = mp_add(NULL, b, r);
- if (ret != MP_VAL)
- return -12918;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_sub(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12919;
- ret = mp_sub(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12920;
- ret = mp_sub(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12921;
- ret = mp_sub(NULL, NULL, r);
- if (ret != MP_VAL)
- return -12922;
- ret = mp_sub(a, b, NULL);
- if (ret != MP_VAL)
- return -12923;
- ret = mp_sub(a, NULL, r);
- if (ret != MP_VAL)
- return -12924;
- ret = mp_sub(NULL, b, r);
- if (ret != MP_VAL)
- return -12925;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
- defined(WOLFSSL_CUSTOM_CURVES))
- ret = mp_addmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12926;
- ret = mp_addmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12927;
- ret = mp_addmod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12928;
- ret = mp_addmod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return -12929;
- ret = mp_addmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12930;
- ret = mp_addmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12931;
- ret = mp_addmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12932;
- ret = mp_addmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12933;
- ret = mp_addmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12934;
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_submod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12935;
- ret = mp_submod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12936;
- ret = mp_submod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12937;
- ret = mp_submod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return -12938;
- ret = mp_submod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12939;
- ret = mp_submod(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12940;
- ret = mp_submod(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12941;
- ret = mp_submod(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12942;
- ret = mp_submod(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12943;
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_div_2d(NULL, 1, a, b);
- if (ret != MP_VAL)
- return -12944;
- ret = mp_mod_2d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12945;
- ret = mp_mod_2d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12946;
- ret = mp_mod_2d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12947;
- ret = mp_mul_2d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12948;
- ret = mp_mul_2d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12949;
- ret = mp_mul_2d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12950;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_montgomery_reduce(NULL, NULL, 1);
- if (ret != MP_VAL)
- return -12951;
- ret = mp_montgomery_reduce(a, NULL, 1);
- if (ret != MP_VAL)
- return -12952;
- ret = mp_montgomery_reduce(NULL, b, 1);
- if (ret != MP_VAL)
- return -12953;
- mp_zero(b);
- ret = mp_montgomery_reduce(a, b, 1);
- if (ret != MP_VAL)
- return -12954;
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_montgomery_setup(NULL, NULL);
- if (ret != MP_VAL)
- return -12955;
- ret = mp_montgomery_setup(a, NULL);
- if (ret != MP_VAL)
- return -12956;
- ret = mp_montgomery_setup(NULL, &rho);
- if (ret != MP_VAL)
- return -12957;
- ret = mp_montgomery_calc_normalization(NULL, NULL);
- if (ret != MP_VAL)
- return -12958;
- ret = mp_montgomery_calc_normalization(a, NULL);
- if (ret != MP_VAL)
- return -12959;
- ret = mp_montgomery_calc_normalization(NULL, b);
- if (ret != MP_VAL)
- return -12960;
- #endif
- ret = mp_unsigned_bin_size(NULL);
- if (ret != 0)
- return -12961;
- #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_tohex(NULL, NULL);
- if (ret != MP_VAL)
- return -12962;
- ret = mp_tohex(a, NULL);
- if (ret != MP_VAL)
- return -12963;
- ret = mp_tohex(NULL, hexStr);
- if (ret != MP_VAL)
- return -12964;
- #endif
- #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- ret = mp_todecimal(NULL, NULL);
- if (ret != MP_VAL)
- return -12965;
- ret = mp_todecimal(a, NULL);
- if (ret != MP_VAL)
- return -12966;
- ret = mp_todecimal(NULL, decStr);
- if (ret != MP_VAL)
- return -12967;
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return -12968;
- ret = mp_toradix(a, NULL, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return -12969;
- ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return -12970;
- ret = mp_toradix(a, hexStr, 3);
- if (ret != MP_VAL)
- return -12971;
- ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
- if (ret != MP_VAL)
- return -12972;
- ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
- if (ret != MP_VAL)
- return -12973;
- ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
- if (ret != MP_VAL)
- return -12974;
- ret = mp_radix_size(a, 3, &size);
- if (ret != MP_VAL)
- return -12975;
- #endif
- return 0;
- }
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_set_is_bit(mp_int* a)
- {
- int i, j;
- mp_zero(a);
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- if (mp_is_bit_set(a, i))
- return -12980;
- for (j = 0; j < i; j++) {
- if (!mp_is_bit_set(a, j))
- return -12981;
- }
- if (mp_set_bit(a, i) != 0)
- return -12982;
- if (!mp_is_bit_set(a, i))
- return -12983;
- }
- mp_zero(a);
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- if (mp_is_bit_set(a, i))
- return -12984;
- }
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- mp_zero(a);
- if (mp_set_bit(a, i) != 0)
- return -12985;
- for (j = 0; j < i; j++) {
- if (mp_is_bit_set(a, j))
- return -12986;
- }
- if (!mp_is_bit_set(a, i))
- return -12987;
- }
- #ifdef WOLFSSL_KEY_GEN
- for (i = 0; i < DIGIT_BIT * 2; i++) {
- mp_set(a, 1);
- if (mp_2expt(a, i) != 0)
- return -12988;
- for (j = 0; j < i; j++) {
- if (mp_is_bit_set(a, j))
- return -12989;
- }
- if (!mp_is_bit_set(a, i))
- return -12990;
- }
- #endif
- #ifdef WOLFSSL_SP_MATH
- mp_zero(a);
- for (j = 1; j <= 3; j++) {
- i = SP_INT_MAX_BITS - j;
- if (mp_is_bit_set(a, i))
- return -12991;
- if (mp_set_bit(a, i) != 0)
- return -12992;
- if (!mp_is_bit_set(a, i))
- return -12993;
- #ifdef WOLFSSL_KEY_GEN
- if (mp_2expt(a, i) != 0)
- return -12994;
- if (!mp_is_bit_set(a, i))
- return -12995;
- #endif
- }
- mp_zero(a);
- for (j = 0; j <= 3; j++) {
- i = SP_INT_MAX_BITS + j;
- if (mp_is_bit_set(a, i))
- return -12996;
- if (mp_set_bit(a, i) != MP_VAL)
- return -12997;
- #ifdef WOLFSSL_KEY_GEN
- if (mp_2expt(a, i) != MP_VAL)
- return -12998;
- #endif
- }
- #endif
- return 0;
- }
- #endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
- static int mp_test_cmp(mp_int* a, mp_int* b)
- {
- int ret;
- mp_zero(a);
- mp_zero(b);
- ret = mp_cmp_d(a, 0);
- if (ret != MP_EQ)
- return -13000;
- ret = mp_cmp_d(a, 1);
- if (ret != MP_LT)
- return -13001;
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return -13002;
- mp_set(a, 1);
- ret = mp_cmp_d(a, 0);
- if (ret != MP_GT)
- return -13003;
- ret = mp_cmp_d(a, 1);
- if (ret != MP_EQ)
- return -13004;
- ret = mp_cmp_d(a, 2);
- if (ret != MP_LT)
- return -13005;
- ret = mp_cmp(a, b);
- if (ret != MP_GT)
- return -13006;
- mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
- ret = mp_cmp_d(b, -1);
- if (ret != MP_GT)
- return -13007;
- ret = mp_cmp(a, b);
- if (ret != MP_LT)
- return -13008;
- ret = mp_cmp(b, a);
- if (ret != MP_GT)
- return -13009;
- ret = mp_cmp(b, b);
- if (ret != MP_EQ)
- return -13010;
- #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
- defined(WOLFSSL_SP_INT_NEGATIVE)
- mp_read_radix(a, "-1", MP_RADIX_HEX);
- mp_read_radix(a, "1", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_LT)
- return -13011;
- ret = mp_cmp(b, a);
- if (ret != MP_GT)
- return -13012;
- mp_read_radix(b, "-2", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_GT)
- return -13013;
- ret = mp_cmp(b, a);
- if (ret != MP_LT)
- return -13014;
- mp_read_radix(a, "-2", MP_RADIX_HEX);
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return -13015;
- #endif
- return 0;
- }
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
- {
- int ret;
- int i, j, k;
- #ifndef WOLFSSL_SP_MATH
- for (i = 0; i < 10; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != MP_OKAY)
- return -13020;
- mp_copy(a, b);
- for (k = 0; k <= DIGIT_BIT * 2; k++) {
- ret = mp_mul_2d(a, k, a);
- if (ret != MP_OKAY)
- return -13021;
- mp_rshb(a, k);
- if (mp_cmp(a, b) != MP_EQ)
- return -13022;
- }
- }
- }
- #endif
- for (i = 0; i < 10; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != MP_OKAY)
- return -13023;
- mp_copy(a, b);
- for (k = 0; k < 10; k++) {
- ret = mp_lshd(a, k);
- if (ret != MP_OKAY)
- return -13024;
- mp_rshd(a, k);
- if (mp_cmp(a, b) != MP_EQ)
- return -13025;
- }
- }
- }
- mp_zero(a);
- mp_rshd(a, 1);
- if (!mp_iszero(a))
- return -13026;
- mp_set(a, 1);
- mp_rshd(a, 1);
- if (!mp_iszero(a))
- return -13027;
- mp_set(a, 1);
- mp_rshd(a, 2);
- if (!mp_iszero(a))
- return -13028;
- return 0;
- }
- #endif
- #if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
- WC_RNG* rng)
- {
- int ret;
- int i, j, k;
- mp_zero(a);
- mp_zero(d);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_VAL)
- return -13030;
- mp_set(d, 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13031;
- if (!mp_iszero(r))
- return -13032;
- if (!mp_iszero(rem))
- return -13033;
- mp_set(a, 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13034;
- if (!mp_isone(r))
- return -13035;
- if (!mp_iszero(rem))
- return -13036;
- for (i = 0; i < 100; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) {
- ret = randNum(d, j, rng, NULL);
- if (ret != MP_OKAY)
- return -13037;
- for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) {
- ret = randNum(a, k, rng, NULL);
- if (ret != MP_OKAY)
- return -13038;
- ret = mp_div(a, d, NULL, rem);
- if (ret != MP_OKAY)
- return -13039;
- ret = mp_div(a, d, r, NULL);
- if (ret != MP_OKAY)
- return -13040;
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13041;
- mp_mul(r, d, r);
- mp_add(r, rem, r);
- if (mp_cmp(r, a) != MP_EQ)
- return -13042;
- }
- }
- }
- ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL);
- if (ret != MP_OKAY)
- return -13043;
- mp_add(d, d, a);
- mp_set(rem, 1);
- mp_div(a, d, NULL, rem);
- if (ret != MP_OKAY)
- return -13044;
- if (!mp_iszero(rem))
- return -13045;
- mp_set(r, 1);
- mp_div(a, d, r, NULL);
- if (ret != MP_OKAY)
- return -13046;
- if (mp_cmp_d(r, 2) != MP_EQ)
- return -13047;
- mp_set(r, 1);
- mp_set(rem, 1);
- mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13048;
- if (mp_cmp_d(r, 2) != MP_EQ)
- return -13049;
- if (!mp_iszero(rem))
- return -13050;
- mp_set(a, 0xfe);
- mp_lshd(a, 3);
- mp_add_d(a, 0xff, a);
- mp_set(d, 0xfe);
- mp_lshd(d, 2);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13051;
- mp_mul(r, d, d);
- mp_add(rem, d, d);
- if (mp_cmp(a, d) != MP_EQ)
- return -13052;
- /* Force (hi | lo) / d to be (d | 0) / d which will would not fit in
- * a digit. So mp_div must detect and handle.
- * For example: 0x800000 / 0x8001, DIGIT_BIT = 8
- */
- mp_set(a, 1);
- mp_mul_2d(a, DIGIT_BIT * 3 - 1, a);
- mp_set(d, 1);
- mp_mul_2d(d, DIGIT_BIT * 2 - 1, d);
- mp_add_d(d, 1, d);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13053;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- static int mp_test_prime(mp_int* a, WC_RNG* rng)
- {
- int ret;
- int res;
- ret = mp_rand_prime(a, 1, rng, NULL);
- #if defined(WOLFSSL_SP_MATH_ALL)
- if (ret != 0)
- return -13060;
- #else
- if (ret != MP_VAL)
- return -13060;
- #endif
- #ifndef WOLFSSL_SP_MATH
- ret = mp_rand_prime(a, -5, rng, NULL);
- if (ret != 0)
- return -13061;
- #endif
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13062;
- #ifndef WOLFSSL_SP_MATH
- if (res != MP_YES)
- return -13063;
- #else
- if (res != MP_NO)
- return -13063;
- #endif
- ret = mp_prime_is_prime(a, 0, &res);
- if (ret != MP_VAL)
- return -13064;
- ret = mp_prime_is_prime(a, -1, &res);
- if (ret != MP_VAL)
- return -13065;
- ret = mp_prime_is_prime(a, 257, &res);
- if (ret != MP_VAL)
- return -13066;
- mp_set(a, 1);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13067;
- if (res != MP_NO)
- return -13068;
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return -13069;
- if (res != MP_NO)
- return -13070;
- mp_set(a, 2);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13071;
- if (res != MP_YES)
- return -13072;
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return -13073;
- if (res != MP_YES)
- return -13074;
- mp_set(a, 0xfb);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13075;
- if (res != MP_YES)
- return -13076;
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return -13077;
- if (res != MP_YES)
- return -13078;
- mp_set(a, 0x6);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13079;
- if (res != MP_NO)
- return -13080;
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return -13081;
- if (res != MP_NO)
- return -13082;
- mp_set_int(a, 0x655 * 0x65b);
- ret = mp_prime_is_prime(a, 10, &res);
- if (ret != MP_OKAY)
- return -13083;
- if (res != MP_NO)
- return -13084;
- ret = mp_prime_is_prime_ex(a, 10, &res, rng);
- if (ret != MP_OKAY)
- return -13085;
- if (res != MP_NO)
- return -13086;
- return 0;
- }
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- static int mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
- WC_RNG* rng)
- {
- int ret;
- int i;
- WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = {
- { 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 },
- { 12, 56, 168 }, { 56, 12, 168 }
- };
- (void)exp;
- mp_set(a, 0);
- mp_set(b, 1);
- ret = mp_lcm(a, a, r);
- if (ret != MP_VAL)
- return -13090;
- ret = mp_lcm(a, b, r);
- if (ret != MP_VAL)
- return -13091;
- ret = mp_lcm(b, a, r);
- if (ret != MP_VAL)
- return -13092;
- for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
- mp_set(a, kat[i][0]);
- mp_set(b, kat[i][1]);
- ret = mp_lcm(a, b, r);
- if (ret != MP_OKAY)
- return -13093;
- mp_set(exp, kat[i][2]);
- if (mp_cmp(r, exp) != MP_EQ)
- return -13094;
- }
- (void)rng;
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- if (mp_rand_prime(a, 20, rng, NULL) != MP_OKAY)
- return -13095;
- if (mp_rand_prime(b, 20, rng, NULL) != MP_OKAY)
- return -13096;
- if (mp_mul(a, b, exp) != MP_OKAY)
- return -13097;
- ret = mp_lcm(a, b, r);
- if (ret != MP_OKAY)
- return -13098;
- if (mp_cmp(r, exp) != MP_EQ)
- return -13099;
- ret = mp_lcm(b, a, r);
- if (ret != MP_OKAY)
- return -13100;
- if (mp_cmp(r, exp) != MP_EQ)
- return -13101;
- #endif
- mp_set(a, 11);
- mp_zero(b);
- ret = mp_gcd(a, b, r);
- if (ret != MP_OKAY)
- return -13102;
- if (mp_cmp_d(r, 11) != MP_EQ)
- return -13103;
- ret = mp_gcd(b, a, r);
- if (ret != MP_OKAY)
- return -13104;
- if (mp_cmp_d(r, 11) != MP_EQ)
- return -13105;
- ret = mp_gcd(b, b, r);
- if (ret != MP_VAL)
- return -13106;
- return 0;
- }
- #endif
- #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng)
- {
- int ret;
- int i;
- int j;
- mp_set(a, 10);
- ret = mp_mod_2d(a, 0, r);
- if (ret != MP_OKAY)
- return -13110;
- if (!mp_iszero(r))
- return -13111;
- ret = mp_mod_2d(a, 1, r);
- if (ret != MP_OKAY)
- return -13112;
- if (!mp_iszero(r))
- return -13113;
- ret = mp_mod_2d(a, 2, r);
- if (ret != MP_OKAY)
- return -13114;
- if (mp_cmp_d(r, 2))
- return -13115;
- for (i = 2; i < 20; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != 0)
- return -13116;
- for (j = 1; j <= mp_count_bits(a); j++) {
- /* Get top part */
- ret = mp_div_2d(a, j, t, NULL);
- if (ret != 0)
- return -13117;
- ret = mp_mul_2d(t, j, t);
- if (ret != 0)
- return -13118;
- /* Get bottom part */
- ret = mp_mod_2d(a, j, r);
- if (ret != 0)
- return -13119;
- /* Reassemble */
- ret = mp_add(t, r, r);
- if (ret != 0)
- return -13120;
- if (mp_cmp(a, r) != MP_EQ)
- return -13121;
- }
- }
- #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_INT_NEGATIVE)
- /* Test negative value being moded. */
- for (j = 0; j < 20; j++) {
- ret = randNum(a, 2, rng, NULL);
- if (ret != 0)
- return -13122;
- a->sign = MP_NEG;
- for (i = 1; i < DIGIT_BIT * 3 + 1; i++) {
- ret = mp_mod_2d(a, i, r);
- if (ret != 0)
- return -13124;
- mp_zero(t);
- ret = mp_set_bit(t, i);
- if (ret != 0)
- return -13125;
- ret = mp_mod(a, t, t);
- if (ret != 0)
- return -13126;
- if (mp_cmp(r, t) != MP_EQ)
- return -13127;
- }
- }
- #endif
- return 0;
- }
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- static int mp_test_mod_d(mp_int* a)
- {
- int ret;
- mp_digit r;
- if (mp_set(a, 1) != MP_OKAY)
- return -13130;
- ret = mp_mod_d(a, 0, &r);
- if (ret != MP_VAL)
- return -13131;
- mp_zero(a);
- ret = mp_mod_d(a, 1, &r);
- if (ret != MP_OKAY)
- return -13132;
- ret = mp_mod_d(a, 3, &r);
- if (ret != MP_OKAY)
- return -13133;
- ret = mp_mod_d(a, 5, &r);
- if (ret != MP_OKAY)
- return -13134;
- return 0;
- }
- #endif
- static int mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
- WC_RNG* rng)
- {
- int ret;
- int i;
- for (i = 1; i < 16; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != 0)
- return -13140;
- ret = mp_mul(a, a, r1);
- if (ret != 0)
- return -13141;
- ret = mp_sqr(a, r2);
- if (ret != 0)
- return -13142;
- if (mp_cmp(r1, r2) != MP_EQ)
- return -13143;
- }
- ret = mp_set(b, 0);
- if (ret != MP_OKAY)
- return -13144;
- ret = mp_mul(a, b, r1);
- if (ret != MP_OKAY)
- return -13145;
- if (!mp_iszero(r1))
- return -13146;
- ret = mp_sqr(b, r1);
- if (ret != MP_OKAY)
- return -13147;
- if (!mp_iszero(r1))
- return -13148;
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_set(a, 1);
- if (ret != MP_OKAY)
- return -13149;
- i = (SP_INT_DIGITS / 2) + 1;
- ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a);
- if (ret != MP_OKAY)
- return -13150;
- ret = mp_set(b, 1);
- if (ret != MP_OKAY)
- return -13151;
- ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b);
- if (ret != MP_OKAY)
- return -13152;
- ret = mp_mul(a, b, r1);
- if (ret != MP_OKAY)
- return -13153;
- ret = mp_mul(a, a, r1);
- if (ret == MP_OKAY)
- return -13154;
- ret = mp_sqr(a, r1);
- if (ret == MP_OKAY)
- return -13155;
- ret = mp_sqr(b, r1);
- if (ret != MP_OKAY)
- return -13156;
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- (defined(HAVE_ECC) && defined(FP_ECC))
- ret = mp_mulmod(a, b, b, r1);
- if (ret != MP_OKAY)
- return -13157;
- ret = mp_mulmod(a, a, b, r1);
- if (ret == MP_OKAY)
- return -13158;
- #if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC))
- ret = mp_sqrmod(a, b, r1);
- if (ret == MP_OKAY)
- return -13159;
- ret = mp_sqrmod(b, a, r1);
- if (ret != MP_OKAY)
- return -13160;
- #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
- #endif /* WOLFSSL_SP_MATH_ALL */
- return 0;
- }
- #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA)
- static int mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
- {
- int ret;
- mp_set(a, 0);
- mp_set(m, 1);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return -13170;
- ret = mp_invmod(m, a, r);
- if (ret != MP_VAL)
- return -13171;
- mp_set(a, 2);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return -13172;
- mp_set(a, 1);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13173;
- if (!mp_isone(r))
- return -13174;
- mp_set(a, 3);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13175;
- if (mp_cmp_d(r, 3))
- return -13176;
- mp_set(a, 3);
- mp_set(m, 5);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13177;
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- /* Maximum 'a' */
- mp_set(a, 0);
- mp_set_bit(a, (r->size / 2)* SP_WORD_SIZE - 1);
- mp_sub_d(a, 1, a);
- /* Modulus too big. */
- mp_set(m, 0);
- mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return -13178;
- /* Maximum modulus - even. */
- mp_set(m, 0);
- mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE - 1);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13179;
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
- mp_read_radix(a, "-3", 16);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13180;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- mp_set(a, 0);
- mp_set(m, 3);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return -13190;
- mp_set(a, 1);
- mp_set(m, 0);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return -13191;
- mp_set(a, 1);
- mp_set(m, 1);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return -13192;
- mp_set(a, 1);
- mp_set(m, 2);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return -13193;
- mp_set(a, 1);
- mp_set(m, 3);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_OKAY)
- return -13194;
- #endif
- return 0;
- }
- #endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
- {
- int ret;
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x0);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_VAL)
- return -13190;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_VAL)
- return -13191;
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x1);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13192;
- if (!mp_iszero(r))
- return -13193;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13194;
- if (!mp_iszero(r))
- return -13195;
- mp_set(b, 0x2);
- mp_set(e, 0x0);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13196;
- if (!mp_isone(r))
- return -13197;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13198;
- if (!mp_isone(r))
- return -13199;
- mp_set(b, 0x0);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13200;
- if (!mp_iszero(r))
- return -13201;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13202;
- if (!mp_iszero(r))
- return -13203;
- mp_set(b, 0x10);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13204;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13205;
- mp_set(b, 0x7);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13206;
- if (!mp_iszero(r))
- return -13207;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13208;
- if (!mp_iszero(r))
- return -13209;
- #ifndef WOLFSSL_SP_MATH
- mp_set(b, 0x01);
- mp_mul_2d(b, DIGIT_BIT, b);
- mp_add_d(b, 1, b);
- mp_set(e, 0x3);
- mp_copy(b, m);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13210;
- if (!mp_iszero(r))
- return -13211;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13212;
- if (!mp_iszero(r))
- return -13213;
- #endif
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13214;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13215;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x01);
- mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
- mp_add_d(m, 0x01, m);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_VAL)
- return -13216;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_VAL)
- return -13217;
- #endif
- return 0;
- }
- #endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) ||
- * OPENSSL_EXTRA */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- static int mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng)
- {
- int ret;
- mp_digit mp;
- static int exp[] = { 7, 8, 16, 27, 32, 64,
- 127, 128, 255, 256,
- #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
- 383, 384, 2033, 2048
- #endif
- };
- static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b,
- 0x01, 0x9f, 0x13, 0xbd,
- #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
- 0x1f, 0x13d, 0x45, 0x615
- #endif
- };
- int bits[] = { 256, 384,
- #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 4096
- 2048,
- #endif
- #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 6144
- 3072
- #endif
- };
- int i;
- int j;
- for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) {
- if (exp[i] >= DIGIT_BIT)
- continue;
- mp_zero(m);
- ret = mp_set_bit(m, exp[i]);
- if (ret != MP_OKAY)
- return -13220;
- ret = mp_sub_d(m, sub[i], m);
- if (ret != MP_OKAY)
- return -13221;
- ret = mp_montgomery_setup(m, &mp);
- if (ret != MP_OKAY)
- return -13222;
- ret = mp_montgomery_calc_normalization(n, m);
- if (ret != MP_OKAY)
- return -13223;
- for (j = 0; j < 10; j++) {
- ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL);
- if (ret != 0)
- return -13224;
- ret = mp_mod(a, m, a);
- if (ret != 0)
- return -13225;
- /* r = a * a */
- ret = mp_sqrmod(a, m, r);
- if (ret != MP_OKAY)
- return -13226;
- /* Convert to Montgomery form = a*n */
- ret = mp_mulmod(a, n, m, a);
- if (ret != MP_OKAY)
- return -13227;
- /* a*a mod m == ((a*n) * (a*n)) / n / n */
- ret = mp_sqr(a, a);
- if (ret != MP_OKAY)
- return -13228;
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return -13229;
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return -13230;
- if (mp_cmp(a, r) != MP_EQ)
- return -13231;
- }
- }
- /* Force carries. */
- for (i = 0; i < (int)(sizeof(bits) / sizeof(*bits)); i++) {
- /* a = 2^(bits*2) - 1 */
- mp_zero(a);
- mp_set_bit(a, bits[i] * 2);
- mp_sub_d(a, 1, a);
- /* m = 2^(bits) - 1 */
- mp_zero(m);
- mp_set_bit(m, bits[i]);
- mp_sub_d(m, 1, m);
- mp = 1;
- /* result = r = 2^(bits) - 1 */
- mp_zero(r);
- mp_set_bit(r, bits[i]);
- mp_sub_d(r, 1, r);
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return -13240;
- /* Result is m or 0 if reduced to range of modulus. */
- if (mp_cmp(a, r) != MP_EQ && mp_iszero(a) != MP_YES)
- return -13241;
- }
- return 0;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE int mp_test(void)
- {
- WC_RNG rng;
- int ret;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- int i, j;
- #ifndef WOLFSSL_SP_MATH
- int k;
- #endif
- mp_digit d;
- #endif
- mp_int a, b, r1, r2, p;
- ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL);
- if (ret != 0)
- return -13300;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_init_copy(&p, &a);
- #else
- ret = mp_init(&p);
- if (ret != 0)
- return -13301;
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- goto done;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- mp_set_int(&a, 0);
- if (a.used != 0 || a.dp[0] != 0)
- return -13302;
- for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
- for (i = 0; i < 4 * j; i++) {
- /* New values to use. */
- ret = randNum(&p, j, &rng, NULL);
- if (ret != 0)
- return -13303;
- ret = randNum(&a, j, &rng, NULL);
- if (ret != 0)
- return -13304;
- ret = randNum(&b, j, &rng, NULL);
- if (ret != 0)
- return -13305;
- ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
- if (ret != 0)
- return -13306;
- d &= MP_MASK;
- #if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \
- (defined(ECC_SHAMIR) || defined(FP_ECC)))
- /* Ensure sqrmod produce same result as mulmod. */
- ret = mp_sqrmod(&a, &p, &r1);
- if (ret != 0)
- return -13307;
- ret = mp_mulmod(&a, &a, &p, &r2);
- if (ret != 0)
- return -13308;
- if (mp_cmp(&r1, &r2) != 0)
- return -13309;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
- !defined(WOLFSSL_SP_INT_NEGATIVE))
- ret = mp_addmod(&a, &b, &p, &r1);
- if (ret != 0)
- return -13310;
- ret = mp_submod(&r1, &b, &p, &r2);
- if (ret != 0)
- return -13311;
- ret = mp_mod(&a, &p, &r1);
- if (ret != 0)
- return -13312;
- if (mp_cmp(&r1, &r2) != MP_EQ)
- return -13313;
- #else
- /* Ensure add with mod produce same result as sub with mod. */
- ret = mp_addmod(&a, &b, &p, &r1);
- if (ret != 0)
- return -13314;
- b.sign ^= 1;
- ret = mp_submod(&a, &b, &p, &r2);
- if (ret != 0)
- return -13315;
- if (mp_cmp(&r1, &r2) != 0)
- return -13316;
- #endif
- #endif
- /* Ensure add digit produce same result as sub digit. */
- ret = mp_add_d(&a, d, &r1);
- if (ret != 0)
- return -13317;
- ret = mp_sub_d(&r1, d, &r2);
- if (ret != 0)
- return -13318;
- if (mp_cmp(&a, &r2) != 0)
- return -13319;
- /* Invert - if p is even it will use the slow impl.
- * - if p and a are even it will fail.
- */
- ret = mp_invmod(&a, &p, &r1);
- if (ret != 0 && ret != MP_VAL)
- return -13320;
- ret = 0;
- #ifndef WOLFSSL_SP_MATH
- /* Shift up and down number all bits in a digit. */
- for (k = 0; k < DIGIT_BIT; k++) {
- mp_mul_2d(&a, k, &r1);
- mp_div_2d(&r1, k, &r2, &p);
- if (mp_cmp(&a, &r2) != 0)
- return -13321;
- if (!mp_iszero(&p))
- return -13322;
- mp_rshb(&r1, k);
- if (mp_cmp(&a, &r1) != 0)
- return -13323;
- }
- #endif
- }
- }
- #if DIGIT_BIT >= 32
- /* Check that setting a 32-bit digit works. */
- d &= 0xffffffffU;
- mp_set_int(&a, d);
- if (a.used != 1 || a.dp[0] != d)
- return -13324;
- #endif
- /* Check setting a bit and testing a bit works. */
- for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
- mp_zero(&a);
- mp_set_bit(&a, i);
- if (!mp_is_bit_set(&a, i))
- return -13325;
- }
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
- mp_zero(&a);
- i = mp_cnt_lsb(&a);
- if (i != 0)
- return -13326;
- mp_set(&a, 1);
- i = mp_cnt_lsb(&a);
- if (i != 0)
- return -13327;
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_param(&a, &b, &r1, &rng)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
- if ((ret = mp_test_div_3(&a, &r1, &rng)) != 0)
- return ret;
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
- (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
- if ((ret = mp_test_radix_10(&a, &r1, &rng)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
- defined(HAVE_ECC))
- if ((ret = mp_test_radix_16(&a, &r1, &rng)) != 0)
- return ret;
- #endif
- if ((ret = mp_test_shift(&a, &r1, &rng)) != 0)
- return ret;
- if ((ret = mp_test_add_sub_d(&a, &r1)) != 0)
- return ret;
- if ((ret = mp_test_read_to_bin(&a)) != 0)
- return ret;
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_set_int(&a)) != 0)
- return ret;
- #endif
- if ((ret = mp_test_cmp(&a, &r1)) != 0)
- return ret;
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- if ((ret = mp_test_shbd(&a, &b, &rng)) != 0)
- return ret;
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_set_is_bit(&a)) != 0)
- return ret;
- #endif
- #if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_div(&a, &b, &r1, &r2, &rng)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- if ((ret = mp_test_prime(&a, &rng)) != 0)
- return ret;
- #endif
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
- if ((ret = mp_test_lcm_gcd(&a, &b, &r1, &r2, &rng)) != 0)
- return ret;
- #endif
- #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_mod_2d(&a, &r1, &p, &rng)) != 0)
- return ret;
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- if ((ret = mp_test_mod_d(&a)) != 0)
- return ret;
- #endif
- if ((ret = mp_test_mul_sqr(&a, &b, &r1, &r2, &rng)) != 0)
- return ret;
- #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA)
- if ((ret = mp_test_invmod(&a, &b, &r1)) != 0)
- return ret;
- #endif
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- if ((ret = mp_test_exptmod(&a, &b, &r1, &r2)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- if ((ret = mp_test_mont(&a, &b, &r1, &r2, &rng)) != 0)
- return ret;
- #endif
- done:
- mp_clear(&p);
- mp_clear(&r2);
- mp_clear(&r1);
- mp_clear(&b);
- mp_clear(&a);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- typedef struct pairs_t {
- const unsigned char* coeff;
- int coeffSz;
- int exp;
- } pairs_t;
- /*
- n =p1p2p3, where pi = ki(p1-1)+1 with (k2,k3) = (173,293)
- p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
- + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
- */
- static const unsigned char c192a[] =
- {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
- 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
- 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
- };
- static const unsigned char c0a[] =
- {
- 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
- 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
- 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
- };
- static const pairs_t ecPairsA[] =
- {
- {c192a, sizeof(c192a), 192},
- {c0a, sizeof(c0a), 0}
- };
- static const int kA[] = {173, 293};
- static const unsigned char controlPrime[] = {
- 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
- 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
- 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
- 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
- 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
- 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
- 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
- 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
- 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
- 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
- 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
- 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
- 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
- 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
- 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
- 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
- };
- static const unsigned char testOne[] = { 1 };
- static int GenerateNextP(mp_int* p1, mp_int* p2, int k)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (ki == NULL)
- return MEMORY_E;
- #else
- mp_int ki[1];
- #endif
- ret = mp_init(ki);
- if (ret == 0)
- ret = mp_set(ki, k);
- if (ret == 0)
- ret = mp_sub_d(p1, 1, p2);
- if (ret == 0)
- ret = mp_mul(p2, ki, p2);
- if (ret == 0)
- ret = mp_add_d(p2, 1, p2);
- mp_clear(ki);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
- const pairs_t* ecPairs, int ecPairsSz,
- const int* k)
- {
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *x = NULL, *y = NULL;
- #else
- mp_int x[1], y[1];
- #endif
- int ret, i;
- #ifdef WOLFSSL_SMALL_STACK
- if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) ||
- ((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
- ret = MEMORY_E;
- goto out;
- }
- #endif
- ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL);
- if (ret != 0) {
- ret = MP_MEM;
- goto out;
- }
- for (i = 0; ret == 0 && i < ecPairsSz; i++) {
- ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, ecPairs[i].coeffSz);
- /* p1 = 2^exp */
- if (ret == 0)
- ret = mp_2expt(y, ecPairs[i].exp);
- /* p1 = p1 * m */
- if (ret == 0)
- ret = mp_mul(x, y, x);
- /* p1 += */
- if (ret == 0)
- ret = mp_add(p1, x, p1);
- mp_zero(x);
- mp_zero(y);
- }
- if (ret == 0)
- ret = GenerateNextP(p1, p2, k[0]);
- if (ret == 0)
- ret = GenerateNextP(p1, p3, k[1]);
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (x != NULL) {
- mp_clear(x);
- XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (y != NULL) {
- mp_clear(y);
- XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(x);
- mp_clear(y);
- #endif
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int prime_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- mp_int n[1],
- p1[1],
- p2[1],
- p3[1];
- #endif
- int ret, isPrime = 0;
- WC_RNG rng;
- #ifdef WOLFSSL_SMALL_STACK
- if ((n == NULL) ||
- (p1 == NULL) ||
- (p2 == NULL) ||
- (p3 == NULL))
- ERROR_OUT(MEMORY_E, out);
- #endif
- ret = wc_InitRng(&rng);
- if (ret == 0)
- ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
- if (ret == 0)
- ret = GenerateP(p1, p2, p3,
- ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
- if (ret == 0)
- ret = mp_mul(p1, p2, n);
- if (ret == 0)
- ret = mp_mul(n, p3, n);
- if (ret != 0)
- ERROR_OUT(-13400, out);
- /* Check the old prime test using the number that false positives.
- * This test result should indicate as not prime. */
- ret = mp_prime_is_prime(n, 40, &isPrime);
- if (ret != 0)
- ERROR_OUT(-13401, out);
- if (isPrime)
- ERROR_OUT(-13402, out);
- /* This test result should fail. It should indicate the value as prime. */
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(-13403, out);
- if (!isPrime)
- ERROR_OUT(-13404, out);
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(-13405, out);
- if (isPrime)
- ERROR_OUT(-13406, out);
- ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime));
- if (ret != 0)
- ERROR_OUT(-13407, out);
- /* This test result should indicate the value as prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(-13408, out);
- if (!isPrime)
- ERROR_OUT(-13409, out);
- /* This test result should indicate the value as prime. */
- isPrime = -1;
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(-13410, out);
- if (!isPrime)
- ERROR_OUT(-13411, out);
- ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne));
- if (ret != 0)
- ERROR_OUT(-13412, out);
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(-13413, out);
- if (isPrime)
- ERROR_OUT(-13414, out);
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(-13415, out);
- if (isPrime)
- ERROR_OUT(-13416, out);
- ret = 0;
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (n != NULL) {
- mp_clear(n);
- XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p1 != NULL) {
- mp_clear(p1);
- XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p2 != NULL) {
- mp_clear(p2);
- XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p3 != NULL) {
- mp_clear(p3);
- XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(p3);
- mp_clear(p2);
- mp_clear(p1);
- mp_clear(n);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_PUBLIC_MP */
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
- typedef struct berDerTestData {
- const byte *in;
- word32 inSz;
- const byte *out;
- word32 outSz;
- } berDerTestData;
- WOLFSSL_TEST_SUBROUTINE int berder_test(void)
- {
- int ret;
- int i;
- word32 len = 0, l;
- byte out[32];
- WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
- 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
- 0x30, 0x80,
- 0x02, 0x01, 0x01,
- 0x30, 0x80,
- 0x24, 0x80,
- 0x04, 0x01, 0x01,
- 0x04, 0x02, 0x02, 0x03,
- 0x00, 0x00,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x31, 0x80,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x00, 0x00,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
- 0x30, 0x12,
- 0x02, 0x01, 0x01,
- 0x30, 0x08,
- 0x04, 0x03, 0x01, 0x02, 0x03,
- 0x06, 0x01, 0x01,
- 0x31, 0x03,
- 0x06, 0x01, 0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- berDerTestData testData[] = {
- { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
- { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
- { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
- { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
- { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
- };
- for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -13500 - i;
- if (len != testData[i].outSz)
- return -13510 - i;
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
- if (ret != 0)
- return -13520 - i;
- if (XMEMCMP(out, testData[i].out, len) != 0)
- return -13530 - i;
- for (l = 1; l < testData[i].inSz; l++) {
- ret = wc_BerToDer(testData[i].in, l, NULL, &len);
- if (ret != ASN_PARSE_E)
- return -13540;
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, l, out, &len);
- if (ret != ASN_PARSE_E)
- return -13541;
- }
- for (l = 0; l < testData[i].outSz-1; l++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
- if (ret != BUFFER_E)
- return -13542;
- }
- }
- ret = wc_BerToDer(NULL, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -13543;
- ret = wc_BerToDer(out, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -13544;
- ret = wc_BerToDer(NULL, 4, NULL, &len);
- if (ret != BAD_FUNC_ARG)
- return -13545;
- ret = wc_BerToDer(NULL, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -13546;
- ret = wc_BerToDer(out, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -13547;
- ret = wc_BerToDer(NULL, 4, out, &len);
- if (ret != BAD_FUNC_ARG)
- return -13548;
- for (l = 1; l < sizeof(good4_out); l++) {
- len = l;
- ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
- if (ret != BUFFER_E)
- return -13549;
- }
- return 0;
- }
- #endif
- #ifdef DEBUG_WOLFSSL
- static THREAD_LS_T int log_cnt = 0;
- static void my_Logging_cb(const int logLevel, const char *const logMessage)
- {
- (void)logLevel;
- (void)logMessage;
- log_cnt++;
- }
- #endif /* DEBUG_WOLFSSL */
- WOLFSSL_TEST_SUBROUTINE int logging_test(void)
- {
- #ifdef DEBUG_WOLFSSL
- const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
- byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
- byte b[256];
- int i;
- for (i = 0; i < (int)sizeof(b); i++)
- b[i] = i;
- if (wolfSSL_Debugging_ON() != 0)
- return -13600;
- if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0)
- return -13601;
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* turn off logs */
- wolfSSL_Debugging_OFF();
- /* capture log count */
- i = log_cnt;
- /* validate no logs are output when disabled */
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* check the logs were disabled */
- if (i != log_cnt)
- return -13602;
- /* restore callback and leave logging enabled */
- wolfSSL_SetLoggingCb(NULL);
- wolfSSL_Debugging_ON();
- /* suppress unused args */
- (void)a;
- (void)b;
- #else
- if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN)
- return -13603;
- wolfSSL_Debugging_OFF();
- if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN)
- return -13604;
- #endif /* DEBUG_WOLFSSL */
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int mutex_test(void)
- {
- #ifdef WOLFSSL_PTHREADS
- wolfSSL_Mutex m;
- #endif
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
- wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
- if (mm == NULL)
- return -13700;
- wc_FreeMutex(mm);
- XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
- #endif
- /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */
- #ifdef WOLFSSL_PTHREADS
- if (wc_InitMutex(&m) != 0)
- return -13701;
- if (wc_LockMutex(&m) != 0)
- return -13702;
- #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
- /* trying to free a locked mutex is not portable behavior with pthread */
- /* Attempting to destroy a locked mutex results in undefined behavior */
- if (wc_FreeMutex(&m) != BAD_MUTEX_E)
- return -13703;
- #endif
- if (wc_UnLockMutex(&m) != 0)
- return -13704;
- if (wc_FreeMutex(&m) != 0)
- return -13705;
- #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
- /* Trying to use a pthread after free'ing is not portable behavior */
- if (wc_LockMutex(&m) != BAD_MUTEX_E)
- return -13706;
- if (wc_UnLockMutex(&m) != BAD_MUTEX_E)
- return -13707;
- #endif
- #endif
- return 0;
- }
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- static int malloc_cnt = 0;
- static int realloc_cnt = 0;
- static int free_cnt = 0;
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void *my_Malloc_cb(size_t size, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void *my_Malloc_cb(size_t size)
- {
- #endif
- malloc_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- return malloc(size);
- #else
- WOLFSSL_MSG("No malloc available");
- (void)size;
- return NULL;
- #endif
- }
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void my_Free_cb(void *ptr, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void my_Free_cb(void *ptr)
- {
- #endif
- free_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- free(ptr);
- #else
- WOLFSSL_MSG("No free available");
- (void)ptr;
- #endif
- }
- #ifdef WOLFSSL_DEBUG_MEMORY
- static void *my_Realloc_cb(void *ptr, size_t size, const char* func, unsigned int line)
- {
- (void) func;
- (void) line;
- #else
- static void *my_Realloc_cb(void *ptr, size_t size)
- {
- #endif
- realloc_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- return realloc(ptr, size);
- #else
- WOLFSSL_MSG("No realloc available");
- (void)ptr;
- (void)size;
- return NULL;
- #endif
- }
- #endif /* !WOLFSSL_NO_MALLOC */
- WOLFSSL_TEST_SUBROUTINE int memcb_test(void)
- {
- int ret = 0;
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- byte* b = NULL;
- #endif
- wolfSSL_Malloc_cb mc;
- wolfSSL_Free_cb fc;
- wolfSSL_Realloc_cb rc;
- /* Save existing memory callbacks */
- if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0)
- return -13800;
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- /* test realloc */
- b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- ERROR_OUT(-13801, exit_memcb);
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- b = NULL;
- /* Use API. */
- if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)my_Malloc_cb,
- (wolfSSL_Free_cb)my_Free_cb,
- (wolfSSL_Realloc_cb)my_Realloc_cb) != 0) {
- ERROR_OUT(-13802, exit_memcb);
- }
- b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef WOLFSSL_STATIC_MEMORY
- #ifndef WOLFSSL_CHECK_MEM_ZERO
- if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
- #else
- /* Checking zeroized memory means realloc is a malloc and free. */
- if (malloc_cnt != 2 || free_cnt != 2 || realloc_cnt != 0)
- #endif
- #else
- if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
- #endif
- ret = -13803;
- #endif /* !WOLFSSL_NO_MALLOC */
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
- !defined(WOLFSSL_STATIC_MEMORY)
- exit_memcb:
- /* reset malloc/free/realloc counts */
- malloc_cnt = 0;
- free_cnt = 0;
- realloc_cnt = 0;
- #endif
- /* restore memory callbacks */
- wolfSSL_SetAllocators(mc, fc, rc);
- return ret;
- }
- #endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- WOLFSSL_TEST_SUBROUTINE int blob_test(void)
- {
- int ret = 0;
- byte out[112];
- byte blob[112];
- word32 outSz;
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte text[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- XMEMSET(blob, 0, sizeof(blob));
- XMEMSET(out, 0, sizeof(out));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13900, exit_blob);
- }
- blob[outSz - 2] += 1;
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret == 0) { /* should fail with altered blob */
- ERROR_OUT(-13901, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13902, exit_blob);
- }
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13903, exit_blob);
- }
- if (XMEMCMP(out, iv, sizeof(iv))) {
- ERROR_OUT(-13904, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13905, exit_blob);
- }
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13906, exit_blob);
- }
- if (XMEMCMP(out, text, sizeof(text))) {
- ERROR_OUT(-13907, exit_blob);
- }
- exit_blob:
- return ret;
- }
- #endif /* WOLFSSL_IMX6_CAAM_BLOB */
- #ifdef WOLF_CRYPTO_CB
- /* Example custom context for crypto callback */
- typedef struct {
- int exampleVar; /* flag for testing if only crypt is enabled. */
- } myCryptoDevCtx;
- #ifdef WOLF_CRYPTO_CB_ONLY_RSA
- /* Testing rsa cb when CB_ONLY_RSA is enabled
- * When CB_ONLY_RSA is enabled, software imple. is not available.
- *
- * ctx callback ctx
- * returen 0 on success, otherwise return -8000 - -8007
- */
- static int rsa_onlycb_test(myCryptoDevCtx *ctx)
- {
- int ret = 0;
- #if !defined(NO_RSA)
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *key = (RsaKey *)XMALLOC(sizeof *key,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte* tmp = NULL;
- #else
- RsaKey key[1];
- byte tmp[FOURK_BUF];
- #endif
- size_t bytes;
- const word32 inLen = (word32)TEST_STRING_SZ;
- word32 idx = 0;
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
- byte out[RSA_TEST_BYTES];
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- #ifdef WOLFSSL_KEY_GEN
- WC_RNG rng;
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- bytes = (size_t)sizeof_client_key_der_3072;
- if (bytes < (size_t)sizeof_client_cert_der_3072)
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- bytes = (size_t)sizeof_client_key_der_4096;
- if (bytes < (size_t)sizeof_client_cert_der_4096)
- bytes = (size_t)sizeof_client_cert_der_4096;
- #else
- bytes = FOURK_BUF;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- ERROR_OUT(-8000, exit_onlycb);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-8001, exit_onlycb);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #endif
- #ifdef WOLFSSL_KEY_GEN
- /* wc_CryptoCb_MakeRsaKey cb test, no actual making key
- * wc_MakeRsaKey() -> rsa cb ->
- * myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID)
- * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return 0(success)
- */
- ctx->exampleVar = 99;
- ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
- if (ret != 0) {
- ERROR_OUT(-8002, exit_onlycb);
- }
- /* wc_MakeRsaKey() -> rsa cb ->
- * myCryptoDevCb -> wc_MakeRsaKey(INVALID_DEVID)
- * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return NO_VALID_DEVID(failure)
- */
- ctx->exampleVar = 1;
- ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(-8003, exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- #endif
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8004, exit_onlycb);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-8005, exit_onlycb);
- }
- sigSz = (word32)wc_RsaEncryptSize(key);
- /* wc_CryptoCb_Rsa cb test, no actual rsa operation */
- if (ret == 0) {
- /* wc_SignatureGenerate() -> rsa cb ->
- * myCryptoDevCb -> wc_RsaFunction(CBONLY_TEST_DEVID)
- * wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success)
- */
- ctx->exampleVar = 99;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- in, inLen, out, &sigSz, key, sizeof(*key), NULL);
- if (ret != 0) {
- ERROR_OUT(-8006, exit_onlycb);
- }
- }
- if (ret == 0) {
- /* wc_SignatureGenerate() -> rsa cb ->
- * myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID)
- * wc_SignatureGenerate(INVALID_DEVID) expects to
- * return NO_VALID_DEVID(failure)
- */
- ctx->exampleVar = 1;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- in, inLen, out, &sigSz, key, sizeof(*key), NULL);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(-8007, exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- }
- exit_onlycb:
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL) {
- wc_FreeRsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_FreeRsaKey(key);
- #endif
- #endif
- return ret;
- }
- #endif
- #ifdef WOLF_CRYPTO_CB_ONLY_ECC
- /* Testing rsa cb when CB_ONLY_ECC is enabled
- * When CB_ONLY_ECC is enabled, software imple. is not available.
- *
- * ctx callback ctx
- * returen 0 on success, otherwise return -8008 - -8018
- */
- static int ecc_onlycb_test(myCryptoDevCtx *ctx)
- {
- int ret = 0;
- #if defined(HAVE_ECC)
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key* key = (ecc_key *)XMALLOC(sizeof *key,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub,
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte* out = (byte*)XMALLOC(sizeof(byte),
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef OPENSSL_EXTRA
- byte* check = (byte*)XMALLOC(sizeof(byte)*(256), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- ecc_key key[1];
- ecc_key pub[1];
- byte out[256];
- #ifdef OPENSSL_EXTRA
- unsigned char check[256];
- #endif
- #endif
- #ifdef OPENSSL_EXTRA
- EVP_PKEY* privKey = NULL;
- EVP_PKEY* pubKey = NULL;
- ecc_key* pkey;
- EVP_MD_CTX mdCtx;
- const char testData[] = "Hi There";
- size_t checkSz = -1;
- const unsigned char* cp;
- const unsigned char* p;
- const unsigned char check_v[256] = {
- 0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09,
- 0x74,0x65,0xa1,0x04,0x76,0x3a,0xce,0xcc,0xe5,0x34,
- 0x5e,0x89,0xed,0x40,0x1e,0x5a,0xb1,0x53,0xb4,0xff,
- 0xc7,0x18,0xfe,0x0f,0xc7,0xa6,0x02,0x21,0x00,0xe5,
- 0x70,0x21,0xfc,0xf9,0x63,0x36,0xfd,0x16,0x18,0x08,
- 0x9a,0x63,0x61,0x0f,0xe7,0x7c,0xa3,0xc9,0x14,0xa3,
- 0x30,0x87,0xf7,0xf5,0x70,0x19,0xaf,0x56,0x96,0x9b,
- 0xd8,0x64,0xcd,0xd9,0xff,0x7b,0x2a,0x55,0x52,0xca,
- 0x41,0xb2,0xa6,0xa4,0x8a,0x3b,0x02,0x20,0x8c,0xc5,
- 0xf9,0xc1,0x7d,0x2a,0x65,0x6c,0xe6,0x5a,0xe3,0x76,
- 0x9b,0xab,0x0b,0x9f,0xaf,0x62,0x5d,0xb2,0x60,0xd7,
- 0xeb,0xb4,0x1b,0x73,0xdc,0x01,0x7d,0x7b,0xab,0xc1,
- 0x0c,0x74,0x96,0x41,0xe6,0x3f,0xc5,0x86,0xe6,0x7d,
- 0x2b,0x9d,0x54,0x6b,0xcd,0x31,0x35,0x1f,0xdb,0x49,
- 0x1f,0x32,0x34,0xf8,0x57,0x12,0x86,0x5c,0x0e,0x80,
- 0x55,0x8d,0xff,0xd8,0xbd,0xdf,0x32,0x26,0x62,0x42,
- 0x09,0xda,0xf7,0x74,0xf2,0x3f,0xe6,0xf1,0x77,0x82,
- 0xce,0xe4,0xbb,0x61,0xa6,0xc0,0x17,0x0c,0x6c,0x47,
- 0x2a,0x40,0x1c,0x2b,0xe0,0x98,0x3b,0xbf,0xc6,0xf8,
- 0x6d,0xfd,0xd0,0xfa,0xc1,0x02,0xfb,0x5f,0xfb,0xb0,
- 0xcb,0xd9,0xa3,0x59,0x94,0xe9,0x0f,0x74,0xbb,0x3f,
- 0x64,0xa3,0x83,0xc4,0x2b,0xf7,0xd2,0x97,0xbf,0x3b,
- 0xcf,0xbb,0x60,0x81,0x33,0x94,0xfa,0x0d,0x35,0xd2,
- 0x3d,0xb9,0x99,0xe3,0x12,0xf8,0xf4,0xa3,0x74,0xf4,
- 0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48,
- 0xef,0x8c,0x94,0x6f,0xdd,0x62,
- };
- #endif
- WC_RNG rng;
- EncryptedInfo encInfo;
- int keyFormat = 0;
- word32 keyIdx = 0;
- byte in[] = "Everyone gets Friday off. ecc p";
- word32 inLen = (word32)XSTRLEN((char*)in);
- word32 outLen;
- int verify;
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL || pub == NULL) {
- ERROR_OUT(-8008, exit_onlycb);
- }
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8009, exit_onlycb);
- }
- /* wc_CryptoCb_MakeEccKey cb test, , no actual testing */
- ctx->exampleVar = 99;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
- if (ret != 0) {
- ERROR_OUT(-8010, exit_onlycb);
- }
- ctx->exampleVar = 1;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(-8011, exit_onlycb);
- } else
- /* reset return code */
- ret = 0;
- #ifdef USE_CERT_BUFFERS_256
- if (ret == 0) {
- /* load ECC private key and perform private transform */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &keyIdx,
- key, sizeof_ecc_key_der_256);
- }
- if (ret != 0) {
- ERROR_OUT(-8012, exit_onlycb);
- }
- /* wc_CryptoCb_EccSign cb test, no actual testing */
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
- }
- if (ret != 0) {
- ERROR_OUT(-8013, exit_onlycb);
- }
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(-8014, exit_onlycb);
- }
- else
- ret = 0;
- /* wc_CryptoCb_EccVerify cb test, no actual testing */
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
- }
- if (ret != 0) {
- ERROR_OUT(-8015, exit_onlycb);
- }
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(-8016, exit_onlycb);
- }
- else
- ret = 0;
- /* wc_CryptoCb_Ecdh cb test, no actual testing */
- /* make public key for shared secret */
- wc_ecc_init_ex(pub, HEAP_HINT, devId);
- ctx->exampleVar = 99;
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, out, &outLen);
- }
- if (ret != 0) {
- ERROR_OUT(-8017, exit_onlycb);
- }
- ctx->exampleVar = 1;
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, out, &outLen);
- }
- if (ret != NO_VALID_DEVID) {
- ERROR_OUT(-8018, exit_onlycb);
- }
- else
- ret = 0;
- #ifdef OPENSSL_EXTRA
- (void)pkey;
- cp = ecc_clikey_der_256;
- privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
- sizeof_ecc_clikey_der_256);
- if (privKey == NULL) {
- ERROR_OUT(-8019, exit_onlycb);
- }
- pkey = (ecc_key*)privKey->ecc->internal;
- pkey->devId = devId;
- p = ecc_clikeypub_der_256;
- pubKey = d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256);
- if (pubKey == NULL) {
- ERROR_OUT(-8020, exit_onlycb);
- }
- pkey = (ecc_key*)pubKey->ecc->internal;
- pkey->devId = devId;
- /* sign */
- EVP_MD_CTX_init(&mdCtx);
- ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey);
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(-8021, exit_onlycb);
- }
- ret = EVP_DigestSignUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData));
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(-8022, exit_onlycb);
- }
- ret = EVP_DigestSignFinal(&mdCtx, NULL, &checkSz);
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(-8023, exit_onlycb);
- }
- ctx->exampleVar = 99;
- ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0) {
- ERROR_OUT(-8024, exit_onlycb);
- }
- ctx->exampleVar = 1;
- ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0) {
- ERROR_OUT(-8025, exit_onlycb);
- }
- /* restore checkSz for verify */
- checkSz = 71;
- ret = EVP_MD_CTX_cleanup(&mdCtx);
- if (ret != SSL_SUCCESS) {
- ERROR_OUT(-8026, exit_onlycb);
- }
- /* verify */
- EVP_MD_CTX_init(&mdCtx);
- if (ret == SSL_SUCCESS) {
- ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey);
- }
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(-8027, exit_onlycb);
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestVerifyUpdate(&mdCtx, testData,
- (unsigned int)XSTRLEN(testData));
- }
- if (ret != WOLFSSL_SUCCESS) {
- ERROR_OUT(-8028, exit_onlycb);
- }
- ctx->exampleVar = 99;
- ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestSignFinal returns 0 internally.
- */
- if (ret != 0) {
- ERROR_OUT(-8029, exit_onlycb);
- }
- ctx->exampleVar = 1;
- ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
- /* just called crypt callback as dummy
- * EVP_DigestVerifyFinal returns -1 internally rather than NO_VALID_DEVID.
- */
- if (ret != -1) {
- ERROR_OUT(-8030, exit_onlycb);
- }
- ret = EVP_MD_CTX_cleanup(&mdCtx);
- if (ret != SSL_SUCCESS) {
- ERROR_OUT(-8031, exit_onlycb);
- } else
- ret = 0;
- #endif
- #else
- (void)verify;
- (void)outLen;
- (void)inLen;
- (void)out;
- (void)pub;
- #ifdef OPENSSL_EXTRA
- (void)privKey;
- (void)pubKey;
- (void)mdCtx;
- (void)check;
- (void)checkSz;
- (void)p;
- #endif
- #endif
- (void)keyFormat;
- (void)encInfo;
- exit_onlycb:
- #if defined(WOLFSSL_SMALL_STACK)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub != NULL) {
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (out != NULL) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef OPENSSL_EXTRA
- if (check) {
- FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else
- wc_ecc_free(key);
- #ifdef OPENSSL_EXTRA
- if (privKey)
- EVP_PKEY_free(privKey);
- if (pubKey)
- EVP_PKEY_free(pubKey);
- #endif
- #endif
- #endif /* HAVE_ECC */
- return ret;
- }
- #endif
- /* Example crypto dev callback function that calls software version */
- static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
- {
- int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
- myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
- if (info == NULL)
- return BAD_FUNC_ARG;
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: Algo Type %d\n", info->algo_type);
- #endif
- if (info->algo_type == WC_ALGO_TYPE_RNG) {
- #ifndef WC_NO_RNG
- /* set devId to invalid, so software is used */
- info->rng.rng->devId = INVALID_DEVID;
- ret = wc_RNG_GenerateBlock(info->rng.rng,
- info->rng.out, info->rng.sz);
- /* reset devId */
- info->rng.rng->devId = devIdArg;
- #endif
- }
- else if (info->algo_type == WC_ALGO_TYPE_SEED) {
- #ifndef WC_NO_RNG
- ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
- word32* seedWord32 = (word32*)seed;
- word32 len;
- /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
- while (info->seed.sz > 0) {
- len = (word32)sizeof(seed);
- if (info->seed.sz < len)
- len = info->seed.sz;
- XMEMCPY(info->seed.seed, seed, sizeof(seed));
- info->seed.seed += len;
- info->seed.sz -= len;
- (*seedWord32)++;
- }
- ret = 0;
- #endif
- }
- else if (info->algo_type == WC_ALGO_TYPE_PK) {
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
- #endif
- #ifndef NO_RSA
- if (info->pk.type == WC_PK_TYPE_RSA) {
- /* set devId to invalid, so software is used */
- info->pk.rsa.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.rsa.key->devId = devIdArg;
- return 0;
- }
- #endif
- switch (info->pk.rsa.type) {
- case RSA_PUBLIC_ENCRYPT:
- case RSA_PUBLIC_DECRYPT:
- /* perform software based RSA public op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- case RSA_PRIVATE_ENCRYPT:
- case RSA_PRIVATE_DECRYPT:
- /* perform software based RSA private op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- }
- /* reset devId */
- info->pk.rsa.key->devId = devIdArg;
- }
- #ifdef WOLFSSL_KEY_GEN
- else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
- info->pk.rsakg.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.rsakg.key->devId = devIdArg;
- return 0;
- }
- #endif
- #ifdef HAVE_FIPS
- for (;;) {
- #endif
- ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
- info->pk.rsakg.e, info->pk.rsakg.rng);
- #ifdef HAVE_FIPS
- if (ret == PRIME_GEN_E)
- continue;
- break;
- }
- #endif
- /* reset devId */
- info->pk.rsakg.key->devId = devIdArg;
- }
- #endif
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.eckg.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eckg.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
- info->pk.eckg.key, info->pk.eckg.curveId);
- /* reset devId */
- info->pk.eckg.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
- /* set devId to invalid, so software is used */
- info->pk.eccsign.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eccsign.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_sign_hash(
- info->pk.eccsign.in, info->pk.eccsign.inlen,
- info->pk.eccsign.out, info->pk.eccsign.outlen,
- info->pk.eccsign.rng, info->pk.eccsign.key);
- /* reset devId */
- info->pk.eccsign.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
- /* set devId to invalid, so software is used */
- info->pk.eccverify.key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.eccverify.key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_verify_hash(
- info->pk.eccverify.sig, info->pk.eccverify.siglen,
- info->pk.eccverify.hash, info->pk.eccverify.hashlen,
- info->pk.eccverify.res, info->pk.eccverify.key);
- /* reset devId */
- info->pk.eccverify.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDH) {
- /* set devId to invalid, so software is used */
- info->pk.ecdh.private_key->devId = INVALID_DEVID;
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
- #endif
- if (myCtx->exampleVar == 99) {
- info->pk.ecdh.private_key->devId = devIdArg;
- return 0;
- }
- #endif
- ret = wc_ecc_shared_secret(
- info->pk.ecdh.private_key, info->pk.ecdh.public_key,
- info->pk.ecdh.out, info->pk.ecdh.outlen);
- /* reset devId */
- info->pk.ecdh.private_key->devId = devIdArg;
- }
- #endif /* HAVE_ECC */
- #ifdef HAVE_CURVE25519
- if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.curve25519kg.key->devId = INVALID_DEVID;
- ret = wc_curve25519_make_key(info->pk.curve25519kg.rng,
- info->pk.curve25519kg.size, info->pk.curve25519kg.key);
- /* reset devId */
- info->pk.curve25519kg.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_CURVE25519) {
- /* set devId to invalid, so software is used */
- info->pk.curve25519.private_key->devId = INVALID_DEVID;
- ret = wc_curve25519_shared_secret_ex(
- info->pk.curve25519.private_key, info->pk.curve25519.public_key,
- info->pk.curve25519.out, info->pk.curve25519.outlen,
- info->pk.curve25519.endian);
- /* reset devId */
- info->pk.curve25519.private_key->devId = devIdArg;
- }
- #endif /* HAVE_CURVE25519 */
- #ifdef HAVE_ED25519
- if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519kg.key->devId = INVALID_DEVID;
- ret = wc_ed25519_make_key(info->pk.ed25519kg.rng,
- info->pk.ed25519kg.size, info->pk.ed25519kg.key);
- /* reset devId */
- info->pk.ed25519kg.key->devId = devIdArg;
- }
- #ifdef HAVE_ED25519_SIGN
- else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519sign.key->devId = INVALID_DEVID;
- ret = wc_ed25519_sign_msg_ex(
- info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
- info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
- info->pk.ed25519sign.key, info->pk.ed25519sign.type,
- info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen);
- /* reset devId */
- info->pk.ed25519sign.key->devId = devIdArg;
- }
- #endif
- #ifdef HAVE_ED25519_VERIFY
- else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) {
- /* set devId to invalid, so software is used */
- info->pk.ed25519verify.key->devId = INVALID_DEVID;
- ret = wc_ed25519_verify_msg_ex(
- info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen,
- info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen,
- info->pk.ed25519verify.res, info->pk.ed25519verify.key,
- info->pk.ed25519verify.type, info->pk.ed25519verify.context,
- info->pk.ed25519verify.contextLen);
- /* reset devId */
- info->pk.ed25519verify.key->devId = devIdArg;
- }
- #endif
- #endif /* HAVE_ED25519 */
- }
- else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
- #if !defined(NO_AES) || !defined(NO_DES3)
- #ifdef HAVE_AESGCM
- if (info->cipher.type == WC_CIPHER_AES_GCM) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
- ret = wc_AesGcmEncrypt(
- info->cipher.aesgcm_enc.aes,
- info->cipher.aesgcm_enc.out,
- info->cipher.aesgcm_enc.in,
- info->cipher.aesgcm_enc.sz,
- info->cipher.aesgcm_enc.iv,
- info->cipher.aesgcm_enc.ivSz,
- info->cipher.aesgcm_enc.authTag,
- info->cipher.aesgcm_enc.authTagSz,
- info->cipher.aesgcm_enc.authIn,
- info->cipher.aesgcm_enc.authInSz);
- /* reset devId */
- info->cipher.aesgcm_enc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
- ret = wc_AesGcmDecrypt(
- info->cipher.aesgcm_dec.aes,
- info->cipher.aesgcm_dec.out,
- info->cipher.aesgcm_dec.in,
- info->cipher.aesgcm_dec.sz,
- info->cipher.aesgcm_dec.iv,
- info->cipher.aesgcm_dec.ivSz,
- info->cipher.aesgcm_dec.authTag,
- info->cipher.aesgcm_dec.authTagSz,
- info->cipher.aesgcm_dec.authIn,
- info->cipher.aesgcm_dec.authInSz);
- /* reset devId */
- info->cipher.aesgcm_dec.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AESGCM */
- #ifdef HAVE_AES_CBC
- if (info->cipher.type == WC_CIPHER_AES_CBC) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aescbc.aes->devId = INVALID_DEVID;
- ret = wc_AesCbcEncrypt(
- info->cipher.aescbc.aes,
- info->cipher.aescbc.out,
- info->cipher.aescbc.in,
- info->cipher.aescbc.sz);
- /* reset devId */
- info->cipher.aescbc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aescbc.aes->devId = INVALID_DEVID;
- ret = wc_AesCbcDecrypt(
- info->cipher.aescbc.aes,
- info->cipher.aescbc.out,
- info->cipher.aescbc.in,
- info->cipher.aescbc.sz);
- /* reset devId */
- info->cipher.aescbc.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- if (info->cipher.type == WC_CIPHER_AES_ECB) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesecb.aes->devId = INVALID_DEVID;
- ret = wc_AesEcbEncrypt(
- info->cipher.aesecb.aes,
- info->cipher.aesecb.out,
- info->cipher.aesecb.in,
- info->cipher.aesecb.sz);
- /* reset devId */
- info->cipher.aesecb.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesecb.aes->devId = INVALID_DEVID;
- ret = wc_AesEcbDecrypt(
- info->cipher.aesecb.aes,
- info->cipher.aesecb.out,
- info->cipher.aesecb.in,
- info->cipher.aesecb.sz);
- /* reset devId */
- info->cipher.aesecb.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AES_ECB */
- #if defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_FIPS) && \
- !defined(HAVE_SELFTEST)
- if (info->cipher.type == WC_CIPHER_AES_CTR) {
- /* set devId to invalid, so software is used */
- info->cipher.aesctr.aes->devId = INVALID_DEVID;
- ret = wc_AesCtrEncrypt(
- info->cipher.aesctr.aes,
- info->cipher.aesctr.out,
- info->cipher.aesctr.in,
- info->cipher.aesctr.sz);
- /* reset devId */
- info->cipher.aesctr.aes->devId = devIdArg;
- }
- #endif /* WOLFSSL_AES_COUNTER */
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if (info->cipher.type == WC_CIPHER_AES_CCM) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesccm_enc.aes->devId = INVALID_DEVID;
- ret = wc_AesCcmEncrypt(
- info->cipher.aesccm_enc.aes,
- info->cipher.aesccm_enc.out,
- info->cipher.aesccm_enc.in,
- info->cipher.aesccm_enc.sz,
- info->cipher.aesccm_enc.nonce,
- info->cipher.aesccm_enc.nonceSz,
- info->cipher.aesccm_enc.authTag,
- info->cipher.aesccm_enc.authTagSz,
- info->cipher.aesccm_enc.authIn,
- info->cipher.aesccm_enc.authInSz);
- /* reset devId */
- info->cipher.aesccm_enc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesccm_dec.aes->devId = INVALID_DEVID;
- ret = wc_AesCcmDecrypt(
- info->cipher.aesccm_dec.aes,
- info->cipher.aesccm_dec.out,
- info->cipher.aesccm_dec.in,
- info->cipher.aesccm_dec.sz,
- info->cipher.aesccm_dec.nonce,
- info->cipher.aesccm_dec.nonceSz,
- info->cipher.aesccm_dec.authTag,
- info->cipher.aesccm_dec.authTagSz,
- info->cipher.aesccm_dec.authIn,
- info->cipher.aesccm_dec.authInSz);
- /* reset devId */
- info->cipher.aesccm_dec.aes->devId = devIdArg;
- }
- }
- #endif
- #ifndef NO_DES3
- if (info->cipher.type == WC_CIPHER_DES3) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.des3.des->devId = INVALID_DEVID;
- ret = wc_Des3_CbcEncrypt(
- info->cipher.des3.des,
- info->cipher.des3.out,
- info->cipher.des3.in,
- info->cipher.des3.sz);
- /* reset devId */
- info->cipher.des3.des->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.des3.des->devId = INVALID_DEVID;
- ret = wc_Des3_CbcDecrypt(
- info->cipher.des3.des,
- info->cipher.des3.out,
- info->cipher.des3.in,
- info->cipher.des3.sz);
- /* reset devId */
- info->cipher.des3.des->devId = devIdArg;
- }
- }
- #endif /* !NO_DES3 */
- #endif /* !NO_AES || !NO_DES3 */
- }
- #if !defined(NO_SHA) || !defined(NO_SHA256) || \
- defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
- else if (info->algo_type == WC_ALGO_TYPE_HASH) {
- #if !defined(NO_SHA)
- if (info->hash.type == WC_HASH_TYPE_SHA) {
- if (info->hash.sha1 == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hash.sha1->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_ShaUpdate(
- info->hash.sha1,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_ShaFinal(
- info->hash.sha1,
- info->hash.digest);
- }
- /* reset devId */
- info->hash.sha1->devId = devIdArg;
- }
- else
- #endif
- #if !defined(NO_SHA256)
- if (info->hash.type == WC_HASH_TYPE_SHA256) {
- if (info->hash.sha256 == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hash.sha256->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_Sha256Update(
- info->hash.sha256,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha256Final(
- info->hash.sha256,
- info->hash.digest);
- }
- /* reset devId */
- info->hash.sha256->devId = devIdArg;
- }
- else
- #endif
- #ifdef WOLFSSL_SHA384
- if (info->hash.type == WC_HASH_TYPE_SHA384) {
- if (info->hash.sha384 == NULL)
- return NOT_COMPILED_IN;
- #ifndef NO_SHA2_CRYPTO_CB
- /* set devId to invalid, so software is used */
- info->hash.sha384->devId = INVALID_DEVID;
- #endif
- if (info->hash.in != NULL) {
- ret = wc_Sha384Update(
- info->hash.sha384,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha384Final(
- info->hash.sha384,
- info->hash.digest);
- }
- #ifndef NO_SHA2_CRYPTO_CB
- /* reset devId */
- info->hash.sha384->devId = devIdArg;
- #endif
- }
- else
- #endif
- #ifdef WOLFSSL_SHA512
- if (info->hash.type == WC_HASH_TYPE_SHA512) {
- if (info->hash.sha512 == NULL)
- return NOT_COMPILED_IN;
- #ifndef NO_SHA2_CRYPTO_CB
- /* set devId to invalid, so software is used */
- info->hash.sha512->devId = INVALID_DEVID;
- #endif
- if (info->hash.in != NULL) {
- ret = wc_Sha512Update(
- info->hash.sha512,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha512Final(
- info->hash.sha512,
- info->hash.digest);
- }
- #ifndef NO_SHA2_CRYPTO_CB
- /* reset devId */
- info->hash.sha512->devId = devIdArg;
- #endif
- }
- else
- #endif
- {
- }
- }
- #endif /* !NO_SHA || !NO_SHA256 */
- #ifndef NO_HMAC
- else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
- if (info->hmac.hmac == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hmac.hmac->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_HmacUpdate(
- info->hmac.hmac,
- info->hmac.in,
- info->hmac.inSz);
- }
- else if (info->hash.digest != NULL) {
- ret = wc_HmacFinal(
- info->hmac.hmac,
- info->hmac.digest);
- }
- /* reset devId */
- info->hmac.hmac->devId = devIdArg;
- }
- #endif
- (void)devIdArg;
- (void)myCtx;
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
- {
- int ret = 0;
- myCryptoDevCtx myCtx;
- /* example data for callback */
- myCtx.exampleVar = 1;
- /* set devId to something other than INVALID_DEVID */
- devId = 1;
- ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
- #ifndef WC_NO_RNG
- if (ret == 0)
- ret = random_test();
- #endif /* WC_NO_RNG */
- #if !defined(NO_RSA)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = rsa_test();
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = rsa_onlycb_test(&myCtx);
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(HAVE_ECC)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = ecc_test();
- PRIVATE_KEY_LOCK();
- #endif
- #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
- PRIVATE_KEY_UNLOCK();
- if (ret == 0)
- ret = ecc_onlycb_test(&myCtx);
- PRIVATE_KEY_LOCK();
- #endif
- #ifdef HAVE_ED25519
- if (ret == 0)
- ret = ed25519_test();
- #endif
- #ifdef HAVE_CURVE25519
- if (ret == 0)
- ret = curve25519_test();
- #endif
- #ifndef NO_AES
- #ifdef HAVE_AESGCM
- if (ret == 0)
- ret = aesgcm_test();
- #endif
- #ifdef HAVE_AES_CBC
- if (ret == 0)
- ret = aes_test();
- #endif
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if (ret == 0)
- ret = aesccm_test();
- #endif
- #endif /* !NO_AES */
- #ifndef NO_DES3
- if (ret == 0)
- ret = des3_test();
- #endif /* !NO_DES3 */
- #ifndef NO_SHA
- if (ret == 0)
- ret = sha_test();
- #endif
- #ifndef NO_SHA256
- if (ret == 0)
- ret = sha256_test();
- #endif
- #ifdef WOLFSSL_SHA384
- if (ret == 0)
- ret = sha384_test();
- #endif
- #ifdef WOLFSSL_SHA512
- if (ret == 0)
- ret = sha512_test();
- #endif
- #ifndef NO_HMAC
- #ifndef NO_SHA
- if (ret == 0)
- ret = hmac_sha_test();
- #endif
- #ifndef NO_SHA256
- if (ret == 0)
- ret = hmac_sha256_test();
- #endif
- #endif
- #ifndef NO_PWDBASED
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
- if (ret == 0)
- ret = pbkdf2_test();
- #endif
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if (ret == 0)
- ret = cmac_test();
- #endif
- /* reset devId */
- devId = INVALID_DEVID;
- return ret;
- }
- #endif /* WOLF_CRYPTO_CB */
- #ifdef WOLFSSL_CERT_PIV
- WOLFSSL_TEST_SUBROUTINE int certpiv_test(void)
- {
- int ret;
- wc_CertPIV piv;
- /* Template for Identiv PIV cert, nonce and signature */
- WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
- 0x0A, 0x0B,
- 0x53, 0x09, /* NIST PIV Cert */
- 0x70, 0x02, /* Certificate */
- 0x30, 0x00,
- 0x71, 0x01, 0x05, /* Cert Info */
- 0xFE, 0x00, /* Error Detection */
- 0x0B, 0x01, 0x00, /* Nonce */
- 0x0C, 0x01, 0x00, /* Signed Nonce */
- };
- /* PIV certificate data including certificate, info and error dectection. */
- WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
- 0x53, 0x09, /* NIST PIV Cert */
- 0x70, 0x02, /* Certificate */
- 0x30, 0x00,
- 0x71, 0x01, 0x04, /* Cert Info */
- 0xFE, 0x00, /* Error Detection */
- };
- XMEMSET(&piv, 0, sizeof(piv));
- /* Test with Identiv 0x0A, 0x0B and 0x0C markers */
- ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
- if (ret != 0) {
- return -14000;
- }
- if (!piv.isIdentiv) {
- return -14001;
- }
- if ((piv.cert == NULL) || (piv.certSz != 2)) {
- return -14002;
- }
- if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
- return -14003;
- }
- if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
- return -14004;
- }
- if (!piv.isX509) {
- return -14005;
- }
- if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
- return -14006;
- }
- if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
- return -14007;
- }
- XMEMSET(&piv, 0, sizeof(piv));
- /* Test with NIST PIV format */
- ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
- if (ret != 0) {
- return -14010;
- }
- if (piv.isIdentiv) {
- return -14011;
- }
- if ((piv.cert == NULL) || (piv.certSz != 2)) {
- return -14012;
- }
- if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
- return -14013;
- }
- if ((piv.compression != 0)) {
- return -14014;
- }
- if (!piv.isX509) {
- return -14015;
- }
- return ret;
- }
- #endif /* WOLFSSL_CERT_PIV */
- #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
- static time_t time_cb(time_t* t)
- {
- if (t != NULL) {
- *t = 99;
- }
- return 99;
- }
- WOLFSSL_TEST_SUBROUTINE int time_test(void)
- {
- time_t t;
- if (wc_SetTimeCb(time_cb) != 0)
- return -15000;
- t = wc_Time(NULL);
- if (t != 99)
- return -15001;
- if (wc_GetTime(&t, sizeof(time_t)) != 0)
- return -15002;
- if (t != 99)
- return -15003;
- if (wc_SetTimeCb(NULL) != 0)
- return -15004;
- return 0;
- }
- #endif
- #ifdef WOLFSSL_AES_SIV
- typedef struct {
- const byte key[33];
- word32 keySz;
- const byte nonce[49];
- word32 nonceSz;
- const byte assoc[81];
- word32 assocSz;
- const byte plaintext[83];
- word32 plaintextSz;
- const byte siv[AES_BLOCK_SIZE+1];
- const byte ciphertext[82];
- word32 ciphertextSz;
- } AesSivTestVector;
- #define AES_SIV_TEST_VECTORS 7
- WOLFSSL_TEST_SUBROUTINE int aes_siv_test(void)
- {
- /* These test vectors come from chrony 4.1's SIV unit tests. */
- WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = {
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "", 0,
- "", 0,
- "\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21",
- "", 0
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "", 0,
- "\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef",
- "", 0
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "", 0,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1",
- "\x14\xff\xb3\x97\x34\x5c\xcb\xe4\x4a\xa4\xde\xac\xd9\x36\x90\x46", 16
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15,
- "\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03",
- "\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16,
- "\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb",
- "\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\xd5", 17,
- "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b"
- "\xa0", 17,
- "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7"
- "\x08", 17,
- "\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49",
- "\xa5\x11\xcd\xb6\x08\xf3\x76\xa0\xb6\xfa\x15\x82\xf3\x95\xe1\xeb"
- "\xbd", 17
- },
- { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
- "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
- "\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c"
- "\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09"
- "\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48,
- "\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06"
- "\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27"
- "\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27"
- "\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe"
- "\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79,
- "\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2"
- "\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2"
- "\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99"
- "\xae\x81\xa1\xca\x5b\x5f\x45\xa6\x6f\x0c\x8a\xf3\xd4\x67\x40\x81"
- "\x26\xe2\x01\x86\xe8\x5a\xd5\xf8\x58\x80\x9f\x56\xaa\x76\x96\xbf"
- "\x31", 81,
- "\x9a\x06\x33\xe0\xee\x00\x6a\x9b\xc8\x20\xd5\xe2\xc2\xed\xb5\x75",
- "\xfa\x9e\x42\x2a\x31\x6b\xda\xca\xaa\x7d\x31\x8b\x84\x7a\xb8\xd7"
- "\x8a\x81\x25\x64\xed\x41\x9b\xa9\x77\x10\xbd\x05\x0c\x4e\xc5\x31"
- "\x0c\xa2\x86\xec\x8a\x94\xc8\x24\x23\x3c\x13\xee\xa5\x51\xc9\xdf"
- "\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17"
- "\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c"
- "\xa1", 81
- }};
- int i;
- byte computedCiphertext[82];
- byte computedPlaintext[82];
- byte siv[AES_BLOCK_SIZE];
- int rc = 0;
- for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
- rc = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
- testVectors[i].assoc, testVectors[i].assocSz,
- testVectors[i].nonce, testVectors[i].nonceSz,
- testVectors[i].plaintext,
- testVectors[i].plaintextSz, siv,
- computedCiphertext);
- if (rc != 0) {
- return -16000;
- }
- rc = XMEMCMP(siv, testVectors[i].siv, AES_BLOCK_SIZE);
- if (rc != 0) {
- return -16001;
- }
- rc = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
- testVectors[i].ciphertextSz);
- if (rc != 0) {
- return -16002;
- }
- rc = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz,
- testVectors[i].assoc, testVectors[i].assocSz,
- testVectors[i].nonce, testVectors[i].nonceSz,
- computedCiphertext, testVectors[i].plaintextSz,
- siv, computedPlaintext);
- if (rc != 0) {
- return -16003;
- }
- rc = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
- testVectors[i].plaintextSz);
- if (rc != 0) {
- return -16004;
- }
- }
- return 0;
- }
- #endif
- #undef ERROR_OUT
- #else
- #ifndef NO_MAIN_DRIVER
- int main() { return 0; }
- #endif
- #endif /* NO_CRYPT_TEST */
|