1
0

test.c 1.2 MB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503215042150521506215072150821509215102151121512215132151421515215162151721518215192152021521215222152321524215252152621527215282152921530215312153221533215342153521536215372153821539215402154121542215432154421545215462154721548215492155021551215522155321554215552155621557215582155921560215612156221563215642156521566215672156821569215702157121572215732157421575215762157721578215792158021581215822158321584215852158621587215882158921590215912159221593215942159521596215972159821599216002160121602216032160421605216062160721608216092161021611216122161321614216152161621617216182161921620216212162221623216242162521626216272162821629216302163121632216332163421635216362163721638216392164021641216422164321644216452164621647216482164921650216512165221653216542165521656216572165821659216602166121662216632166421665216662166721668216692167021671216722167321674216752167621677216782167921680216812168221683216842168521686216872168821689216902169121692216932169421695216962169721698216992170021701217022170321704217052170621707217082170921710217112171221713217142171521716217172171821719217202172121722217232172421725217262172721728217292173021731217322173321734217352173621737217382173921740217412174221743217442174521746217472174821749217502175121752217532175421755217562175721758217592176021761217622176321764217652176621767217682176921770217712177221773217742177521776217772177821779217802178121782217832178421785217862178721788217892179021791217922179321794217952179621797217982179921800218012180221803218042180521806218072180821809218102181121812218132181421815218162181721818218192182021821218222182321824218252182621827218282182921830218312183221833218342183521836218372183821839218402184121842218432184421845218462184721848218492185021851218522185321854218552185621857218582185921860218612186221863218642186521866218672186821869218702187121872218732187421875218762187721878218792188021881218822188321884218852188621887218882188921890218912189221893218942189521896218972189821899219002190121902219032190421905219062190721908219092191021911219122191321914219152191621917219182191921920219212192221923219242192521926219272192821929219302193121932219332193421935219362193721938219392194021941219422194321944219452194621947219482194921950219512195221953219542195521956219572195821959219602196121962219632196421965219662196721968219692197021971219722197321974219752197621977219782197921980219812198221983219842198521986219872198821989219902199121992219932199421995219962199721998219992200022001220022200322004220052200622007220082200922010220112201222013220142201522016220172201822019220202202122022220232202422025220262202722028220292203022031220322203322034220352203622037220382203922040220412204222043220442204522046220472204822049220502205122052220532205422055220562205722058220592206022061220622206322064220652206622067220682206922070220712207222073220742207522076220772207822079220802208122082220832208422085220862208722088220892209022091220922209322094220952209622097220982209922100221012210222103221042210522106221072210822109221102211122112221132211422115221162211722118221192212022121221222212322124221252212622127221282212922130221312213222133221342213522136221372213822139221402214122142221432214422145221462214722148221492215022151221522215322154221552215622157221582215922160221612216222163221642216522166221672216822169221702217122172221732217422175221762217722178221792218022181221822218322184221852218622187221882218922190221912219222193221942219522196221972219822199222002220122202222032220422205222062220722208222092221022211222122221322214222152221622217222182221922220222212222222223222242222522226222272222822229222302223122232222332223422235222362223722238222392224022241222422224322244222452224622247222482224922250222512225222253222542225522256222572225822259222602226122262222632226422265222662226722268222692227022271222722227322274222752227622277222782227922280222812228222283222842228522286222872228822289222902229122292222932229422295222962229722298222992230022301223022230322304223052230622307223082230922310223112231222313223142231522316223172231822319223202232122322223232232422325223262232722328223292233022331223322233322334223352233622337223382233922340223412234222343223442234522346223472234822349223502235122352223532235422355223562235722358223592236022361223622236322364223652236622367223682236922370223712237222373223742237522376223772237822379223802238122382223832238422385223862238722388223892239022391223922239322394223952239622397223982239922400224012240222403224042240522406224072240822409224102241122412224132241422415224162241722418224192242022421224222242322424224252242622427224282242922430224312243222433224342243522436224372243822439224402244122442224432244422445224462244722448224492245022451224522245322454224552245622457224582245922460224612246222463224642246522466224672246822469224702247122472224732247422475224762247722478224792248022481224822248322484224852248622487224882248922490224912249222493224942249522496224972249822499225002250122502225032250422505225062250722508225092251022511225122251322514225152251622517225182251922520225212252222523225242252522526225272252822529225302253122532225332253422535225362253722538225392254022541225422254322544225452254622547225482254922550225512255222553225542255522556225572255822559225602256122562225632256422565225662256722568225692257022571225722257322574225752257622577225782257922580225812258222583225842258522586225872258822589225902259122592225932259422595225962259722598225992260022601226022260322604226052260622607226082260922610226112261222613226142261522616226172261822619226202262122622226232262422625226262262722628226292263022631226322263322634226352263622637226382263922640226412264222643226442264522646226472264822649226502265122652226532265422655226562265722658226592266022661226622266322664226652266622667226682266922670226712267222673226742267522676226772267822679226802268122682226832268422685226862268722688226892269022691226922269322694226952269622697226982269922700227012270222703227042270522706227072270822709227102271122712227132271422715227162271722718227192272022721227222272322724227252272622727227282272922730227312273222733227342273522736227372273822739227402274122742227432274422745227462274722748227492275022751227522275322754227552275622757227582275922760227612276222763227642276522766227672276822769227702277122772227732277422775227762277722778227792278022781227822278322784227852278622787227882278922790227912279222793227942279522796227972279822799228002280122802228032280422805228062280722808228092281022811228122281322814228152281622817228182281922820228212282222823228242282522826228272282822829228302283122832228332283422835228362283722838228392284022841228422284322844228452284622847228482284922850228512285222853228542285522856228572285822859228602286122862228632286422865228662286722868228692287022871228722287322874228752287622877228782287922880228812288222883228842288522886228872288822889228902289122892228932289422895228962289722898228992290022901229022290322904229052290622907229082290922910229112291222913229142291522916229172291822919229202292122922229232292422925229262292722928229292293022931229322293322934229352293622937229382293922940229412294222943229442294522946229472294822949229502295122952229532295422955229562295722958229592296022961229622296322964229652296622967229682296922970229712297222973229742297522976229772297822979229802298122982229832298422985229862298722988229892299022991229922299322994229952299622997229982299923000230012300223003230042300523006230072300823009230102301123012230132301423015230162301723018230192302023021230222302323024230252302623027230282302923030230312303223033230342303523036230372303823039230402304123042230432304423045230462304723048230492305023051230522305323054230552305623057230582305923060230612306223063230642306523066230672306823069230702307123072230732307423075230762307723078230792308023081230822308323084230852308623087230882308923090230912309223093230942309523096230972309823099231002310123102231032310423105231062310723108231092311023111231122311323114231152311623117231182311923120231212312223123231242312523126231272312823129231302313123132231332313423135231362313723138231392314023141231422314323144231452314623147231482314923150231512315223153231542315523156231572315823159231602316123162231632316423165231662316723168231692317023171231722317323174231752317623177231782317923180231812318223183231842318523186231872318823189231902319123192231932319423195231962319723198231992320023201232022320323204232052320623207232082320923210232112321223213232142321523216232172321823219232202322123222232232322423225232262322723228232292323023231232322323323234232352323623237232382323923240232412324223243232442324523246232472324823249232502325123252232532325423255232562325723258232592326023261232622326323264232652326623267232682326923270232712327223273232742327523276232772327823279232802328123282232832328423285232862328723288232892329023291232922329323294232952329623297232982329923300233012330223303233042330523306233072330823309233102331123312233132331423315233162331723318233192332023321233222332323324233252332623327233282332923330233312333223333233342333523336233372333823339233402334123342233432334423345233462334723348233492335023351233522335323354233552335623357233582335923360233612336223363233642336523366233672336823369233702337123372233732337423375233762337723378233792338023381233822338323384233852338623387233882338923390233912339223393233942339523396233972339823399234002340123402234032340423405234062340723408234092341023411234122341323414234152341623417234182341923420234212342223423234242342523426234272342823429234302343123432234332343423435234362343723438234392344023441234422344323444234452344623447234482344923450234512345223453234542345523456234572345823459234602346123462234632346423465234662346723468234692347023471234722347323474234752347623477234782347923480234812348223483234842348523486234872348823489234902349123492234932349423495234962349723498234992350023501235022350323504235052350623507235082350923510235112351223513235142351523516235172351823519235202352123522235232352423525235262352723528235292353023531235322353323534235352353623537235382353923540235412354223543235442354523546235472354823549235502355123552235532355423555235562355723558235592356023561235622356323564235652356623567235682356923570235712357223573235742357523576235772357823579235802358123582235832358423585235862358723588235892359023591235922359323594235952359623597235982359923600236012360223603236042360523606236072360823609236102361123612236132361423615236162361723618236192362023621236222362323624236252362623627236282362923630236312363223633236342363523636236372363823639236402364123642236432364423645236462364723648236492365023651236522365323654236552365623657236582365923660236612366223663236642366523666236672366823669236702367123672236732367423675236762367723678236792368023681236822368323684236852368623687236882368923690236912369223693236942369523696236972369823699237002370123702237032370423705237062370723708237092371023711237122371323714237152371623717237182371923720237212372223723237242372523726237272372823729237302373123732237332373423735237362373723738237392374023741237422374323744237452374623747237482374923750237512375223753237542375523756237572375823759237602376123762237632376423765237662376723768237692377023771237722377323774237752377623777237782377923780237812378223783237842378523786237872378823789237902379123792237932379423795237962379723798237992380023801238022380323804238052380623807238082380923810238112381223813238142381523816238172381823819238202382123822238232382423825238262382723828238292383023831238322383323834238352383623837238382383923840238412384223843238442384523846238472384823849238502385123852238532385423855238562385723858238592386023861238622386323864238652386623867238682386923870238712387223873238742387523876238772387823879238802388123882238832388423885238862388723888238892389023891238922389323894238952389623897238982389923900239012390223903239042390523906239072390823909239102391123912239132391423915239162391723918239192392023921239222392323924239252392623927239282392923930239312393223933239342393523936239372393823939239402394123942239432394423945239462394723948239492395023951239522395323954239552395623957239582395923960239612396223963239642396523966239672396823969239702397123972239732397423975239762397723978239792398023981239822398323984239852398623987239882398923990239912399223993239942399523996239972399823999240002400124002240032400424005240062400724008240092401024011240122401324014240152401624017240182401924020240212402224023240242402524026240272402824029240302403124032240332403424035240362403724038240392404024041240422404324044240452404624047240482404924050240512405224053240542405524056240572405824059240602406124062240632406424065240662406724068240692407024071240722407324074240752407624077240782407924080240812408224083240842408524086240872408824089240902409124092240932409424095240962409724098240992410024101241022410324104241052410624107241082410924110241112411224113241142411524116241172411824119241202412124122241232412424125241262412724128241292413024131241322413324134241352413624137241382413924140241412414224143241442414524146241472414824149241502415124152241532415424155241562415724158241592416024161241622416324164241652416624167241682416924170241712417224173241742417524176241772417824179241802418124182241832418424185241862418724188241892419024191241922419324194241952419624197241982419924200242012420224203242042420524206242072420824209242102421124212242132421424215242162421724218242192422024221242222422324224242252422624227242282422924230242312423224233242342423524236242372423824239242402424124242242432424424245242462424724248242492425024251242522425324254242552425624257242582425924260242612426224263242642426524266242672426824269242702427124272242732427424275242762427724278242792428024281242822428324284242852428624287242882428924290242912429224293242942429524296242972429824299243002430124302243032430424305243062430724308243092431024311243122431324314243152431624317243182431924320243212432224323243242432524326243272432824329243302433124332243332433424335243362433724338243392434024341243422434324344243452434624347243482434924350243512435224353243542435524356243572435824359243602436124362243632436424365243662436724368243692437024371243722437324374243752437624377243782437924380243812438224383243842438524386243872438824389243902439124392243932439424395243962439724398243992440024401244022440324404244052440624407244082440924410244112441224413244142441524416244172441824419244202442124422244232442424425244262442724428244292443024431244322443324434244352443624437244382443924440244412444224443244442444524446244472444824449244502445124452244532445424455244562445724458244592446024461244622446324464244652446624467244682446924470244712447224473244742447524476244772447824479244802448124482244832448424485244862448724488244892449024491244922449324494244952449624497244982449924500245012450224503245042450524506245072450824509245102451124512245132451424515245162451724518245192452024521245222452324524245252452624527245282452924530245312453224533245342453524536245372453824539245402454124542245432454424545245462454724548245492455024551245522455324554245552455624557245582455924560245612456224563245642456524566245672456824569245702457124572245732457424575245762457724578245792458024581245822458324584245852458624587245882458924590245912459224593245942459524596245972459824599246002460124602246032460424605246062460724608246092461024611246122461324614246152461624617246182461924620246212462224623246242462524626246272462824629246302463124632246332463424635246362463724638246392464024641246422464324644246452464624647246482464924650246512465224653246542465524656246572465824659246602466124662246632466424665246662466724668246692467024671246722467324674246752467624677246782467924680246812468224683246842468524686246872468824689246902469124692246932469424695246962469724698246992470024701247022470324704247052470624707247082470924710247112471224713247142471524716247172471824719247202472124722247232472424725247262472724728247292473024731247322473324734247352473624737247382473924740247412474224743247442474524746247472474824749247502475124752247532475424755247562475724758247592476024761247622476324764247652476624767247682476924770247712477224773247742477524776247772477824779247802478124782247832478424785247862478724788247892479024791247922479324794247952479624797247982479924800248012480224803248042480524806248072480824809248102481124812248132481424815248162481724818248192482024821248222482324824248252482624827248282482924830248312483224833248342483524836248372483824839248402484124842248432484424845248462484724848248492485024851248522485324854248552485624857248582485924860248612486224863248642486524866248672486824869248702487124872248732487424875248762487724878248792488024881248822488324884248852488624887248882488924890248912489224893248942489524896248972489824899249002490124902249032490424905249062490724908249092491024911249122491324914249152491624917249182491924920249212492224923249242492524926249272492824929249302493124932249332493424935249362493724938249392494024941249422494324944249452494624947249482494924950249512495224953249542495524956249572495824959249602496124962249632496424965249662496724968249692497024971249722497324974249752497624977249782497924980249812498224983249842498524986249872498824989249902499124992249932499424995249962499724998249992500025001250022500325004250052500625007250082500925010250112501225013250142501525016250172501825019250202502125022250232502425025250262502725028250292503025031250322503325034250352503625037250382503925040250412504225043250442504525046250472504825049250502505125052250532505425055250562505725058250592506025061250622506325064250652506625067250682506925070250712507225073250742507525076250772507825079250802508125082250832508425085250862508725088250892509025091250922509325094250952509625097250982509925100251012510225103251042510525106251072510825109251102511125112251132511425115251162511725118251192512025121251222512325124251252512625127251282512925130251312513225133251342513525136251372513825139251402514125142251432514425145251462514725148251492515025151251522515325154251552515625157251582515925160251612516225163251642516525166251672516825169251702517125172251732517425175251762517725178251792518025181251822518325184251852518625187251882518925190251912519225193251942519525196251972519825199252002520125202252032520425205252062520725208252092521025211252122521325214252152521625217252182521925220252212522225223252242522525226252272522825229252302523125232252332523425235252362523725238252392524025241252422524325244252452524625247252482524925250252512525225253252542525525256252572525825259252602526125262252632526425265252662526725268252692527025271252722527325274252752527625277252782527925280252812528225283252842528525286252872528825289252902529125292252932529425295252962529725298252992530025301253022530325304253052530625307253082530925310253112531225313253142531525316253172531825319253202532125322253232532425325253262532725328253292533025331253322533325334253352533625337253382533925340253412534225343253442534525346253472534825349253502535125352253532535425355253562535725358253592536025361253622536325364253652536625367253682536925370253712537225373253742537525376253772537825379253802538125382253832538425385253862538725388253892539025391253922539325394253952539625397253982539925400254012540225403254042540525406254072540825409254102541125412254132541425415254162541725418254192542025421254222542325424254252542625427254282542925430254312543225433254342543525436254372543825439254402544125442254432544425445254462544725448254492545025451254522545325454254552545625457254582545925460254612546225463254642546525466254672546825469254702547125472254732547425475254762547725478254792548025481254822548325484254852548625487254882548925490254912549225493254942549525496254972549825499255002550125502255032550425505255062550725508255092551025511255122551325514255152551625517255182551925520255212552225523255242552525526255272552825529255302553125532255332553425535255362553725538255392554025541255422554325544255452554625547255482554925550255512555225553255542555525556255572555825559255602556125562255632556425565255662556725568255692557025571255722557325574255752557625577255782557925580255812558225583255842558525586255872558825589255902559125592255932559425595255962559725598255992560025601256022560325604256052560625607256082560925610256112561225613256142561525616256172561825619256202562125622256232562425625256262562725628256292563025631256322563325634256352563625637256382563925640256412564225643256442564525646256472564825649256502565125652256532565425655256562565725658256592566025661256622566325664256652566625667256682566925670256712567225673256742567525676256772567825679256802568125682256832568425685256862568725688256892569025691256922569325694256952569625697256982569925700257012570225703257042570525706257072570825709257102571125712257132571425715257162571725718257192572025721257222572325724257252572625727257282572925730257312573225733257342573525736257372573825739257402574125742257432574425745257462574725748257492575025751257522575325754257552575625757257582575925760257612576225763257642576525766257672576825769257702577125772257732577425775257762577725778257792578025781257822578325784257852578625787257882578925790257912579225793257942579525796257972579825799258002580125802258032580425805258062580725808258092581025811258122581325814258152581625817258182581925820258212582225823258242582525826258272582825829258302583125832258332583425835258362583725838258392584025841258422584325844258452584625847258482584925850258512585225853258542585525856258572585825859258602586125862258632586425865258662586725868258692587025871258722587325874258752587625877258782587925880258812588225883258842588525886258872588825889258902589125892258932589425895258962589725898258992590025901259022590325904259052590625907259082590925910259112591225913259142591525916259172591825919259202592125922259232592425925259262592725928259292593025931259322593325934259352593625937259382593925940259412594225943259442594525946259472594825949259502595125952259532595425955259562595725958259592596025961259622596325964259652596625967259682596925970259712597225973259742597525976259772597825979259802598125982259832598425985259862598725988259892599025991259922599325994259952599625997259982599926000260012600226003260042600526006260072600826009260102601126012260132601426015260162601726018260192602026021260222602326024260252602626027260282602926030260312603226033260342603526036260372603826039260402604126042260432604426045260462604726048260492605026051260522605326054260552605626057260582605926060260612606226063260642606526066260672606826069260702607126072260732607426075260762607726078260792608026081260822608326084260852608626087260882608926090260912609226093260942609526096260972609826099261002610126102261032610426105261062610726108261092611026111261122611326114261152611626117261182611926120261212612226123261242612526126261272612826129261302613126132261332613426135261362613726138261392614026141261422614326144261452614626147261482614926150261512615226153261542615526156261572615826159261602616126162261632616426165261662616726168261692617026171261722617326174261752617626177261782617926180261812618226183261842618526186261872618826189261902619126192261932619426195261962619726198261992620026201262022620326204262052620626207262082620926210262112621226213262142621526216262172621826219262202622126222262232622426225262262622726228262292623026231262322623326234262352623626237262382623926240262412624226243262442624526246262472624826249262502625126252262532625426255262562625726258262592626026261262622626326264262652626626267262682626926270262712627226273262742627526276262772627826279262802628126282262832628426285262862628726288262892629026291262922629326294262952629626297262982629926300263012630226303263042630526306263072630826309263102631126312263132631426315263162631726318263192632026321263222632326324263252632626327263282632926330263312633226333263342633526336263372633826339263402634126342263432634426345263462634726348263492635026351263522635326354263552635626357263582635926360263612636226363263642636526366263672636826369263702637126372263732637426375263762637726378263792638026381263822638326384263852638626387263882638926390263912639226393263942639526396263972639826399264002640126402264032640426405264062640726408264092641026411264122641326414264152641626417264182641926420264212642226423264242642526426264272642826429264302643126432264332643426435264362643726438264392644026441264422644326444264452644626447264482644926450264512645226453264542645526456264572645826459264602646126462264632646426465264662646726468264692647026471264722647326474264752647626477264782647926480264812648226483264842648526486264872648826489264902649126492264932649426495264962649726498264992650026501265022650326504265052650626507265082650926510265112651226513265142651526516265172651826519265202652126522265232652426525265262652726528265292653026531265322653326534265352653626537265382653926540265412654226543265442654526546265472654826549265502655126552265532655426555265562655726558265592656026561265622656326564265652656626567265682656926570265712657226573265742657526576265772657826579265802658126582265832658426585265862658726588265892659026591265922659326594265952659626597265982659926600266012660226603266042660526606266072660826609266102661126612266132661426615266162661726618266192662026621266222662326624266252662626627266282662926630266312663226633266342663526636266372663826639266402664126642266432664426645266462664726648266492665026651266522665326654266552665626657266582665926660266612666226663266642666526666266672666826669266702667126672266732667426675266762667726678266792668026681266822668326684266852668626687266882668926690266912669226693266942669526696266972669826699267002670126702267032670426705267062670726708267092671026711267122671326714267152671626717267182671926720267212672226723267242672526726267272672826729267302673126732267332673426735267362673726738267392674026741267422674326744267452674626747267482674926750267512675226753267542675526756267572675826759267602676126762267632676426765267662676726768267692677026771267722677326774267752677626777267782677926780267812678226783267842678526786267872678826789267902679126792267932679426795267962679726798267992680026801268022680326804268052680626807268082680926810268112681226813268142681526816268172681826819268202682126822268232682426825268262682726828268292683026831268322683326834268352683626837268382683926840268412684226843268442684526846268472684826849268502685126852268532685426855268562685726858268592686026861268622686326864268652686626867268682686926870268712687226873268742687526876268772687826879268802688126882268832688426885268862688726888268892689026891268922689326894268952689626897268982689926900269012690226903269042690526906269072690826909269102691126912269132691426915269162691726918269192692026921269222692326924269252692626927269282692926930269312693226933269342693526936269372693826939269402694126942269432694426945269462694726948269492695026951269522695326954269552695626957269582695926960269612696226963269642696526966269672696826969269702697126972269732697426975269762697726978269792698026981269822698326984269852698626987269882698926990269912699226993269942699526996269972699826999270002700127002270032700427005270062700727008270092701027011270122701327014270152701627017270182701927020270212702227023270242702527026270272702827029270302703127032270332703427035270362703727038270392704027041270422704327044270452704627047270482704927050270512705227053270542705527056270572705827059270602706127062270632706427065270662706727068270692707027071270722707327074270752707627077270782707927080270812708227083270842708527086270872708827089270902709127092270932709427095270962709727098270992710027101271022710327104271052710627107271082710927110271112711227113271142711527116271172711827119271202712127122271232712427125271262712727128271292713027131271322713327134271352713627137271382713927140271412714227143271442714527146271472714827149271502715127152271532715427155271562715727158271592716027161271622716327164271652716627167271682716927170271712717227173271742717527176271772717827179271802718127182271832718427185271862718727188271892719027191271922719327194271952719627197271982719927200272012720227203272042720527206272072720827209272102721127212272132721427215272162721727218272192722027221272222722327224272252722627227272282722927230272312723227233272342723527236272372723827239272402724127242272432724427245272462724727248272492725027251272522725327254272552725627257272582725927260272612726227263272642726527266272672726827269272702727127272272732727427275272762727727278272792728027281272822728327284272852728627287272882728927290272912729227293272942729527296272972729827299273002730127302273032730427305273062730727308273092731027311273122731327314273152731627317273182731927320273212732227323273242732527326273272732827329273302733127332273332733427335273362733727338273392734027341273422734327344273452734627347273482734927350273512735227353273542735527356273572735827359273602736127362273632736427365273662736727368273692737027371273722737327374273752737627377273782737927380273812738227383273842738527386273872738827389273902739127392273932739427395273962739727398273992740027401274022740327404274052740627407274082740927410274112741227413274142741527416274172741827419274202742127422274232742427425274262742727428274292743027431274322743327434274352743627437274382743927440274412744227443274442744527446274472744827449274502745127452274532745427455274562745727458274592746027461274622746327464274652746627467274682746927470274712747227473274742747527476274772747827479274802748127482274832748427485274862748727488274892749027491274922749327494274952749627497274982749927500275012750227503275042750527506275072750827509275102751127512275132751427515275162751727518275192752027521275222752327524275252752627527275282752927530275312753227533275342753527536275372753827539275402754127542275432754427545275462754727548275492755027551275522755327554275552755627557275582755927560275612756227563275642756527566275672756827569275702757127572275732757427575275762757727578275792758027581275822758327584275852758627587275882758927590275912759227593275942759527596275972759827599276002760127602276032760427605276062760727608276092761027611276122761327614276152761627617276182761927620276212762227623276242762527626276272762827629276302763127632276332763427635276362763727638276392764027641276422764327644276452764627647276482764927650276512765227653276542765527656276572765827659276602766127662276632766427665276662766727668276692767027671276722767327674276752767627677276782767927680276812768227683276842768527686276872768827689276902769127692276932769427695276962769727698276992770027701277022770327704277052770627707277082770927710277112771227713277142771527716277172771827719277202772127722277232772427725277262772727728277292773027731277322773327734277352773627737277382773927740277412774227743277442774527746277472774827749277502775127752277532775427755277562775727758277592776027761277622776327764277652776627767277682776927770277712777227773277742777527776277772777827779277802778127782277832778427785277862778727788277892779027791277922779327794277952779627797277982779927800278012780227803278042780527806278072780827809278102781127812278132781427815278162781727818278192782027821278222782327824278252782627827278282782927830278312783227833278342783527836278372783827839278402784127842278432784427845278462784727848278492785027851278522785327854278552785627857278582785927860278612786227863278642786527866278672786827869278702787127872278732787427875278762787727878278792788027881278822788327884278852788627887278882788927890278912789227893278942789527896278972789827899279002790127902279032790427905279062790727908279092791027911279122791327914279152791627917279182791927920279212792227923279242792527926279272792827929279302793127932279332793427935279362793727938279392794027941279422794327944279452794627947279482794927950279512795227953279542795527956279572795827959279602796127962279632796427965279662796727968279692797027971279722797327974279752797627977279782797927980279812798227983279842798527986279872798827989279902799127992279932799427995279962799727998279992800028001280022800328004280052800628007280082800928010280112801228013280142801528016280172801828019280202802128022280232802428025280262802728028280292803028031280322803328034280352803628037280382803928040280412804228043280442804528046280472804828049280502805128052280532805428055280562805728058280592806028061280622806328064280652806628067280682806928070280712807228073280742807528076280772807828079280802808128082280832808428085280862808728088280892809028091280922809328094280952809628097280982809928100281012810228103281042810528106281072810828109281102811128112281132811428115281162811728118281192812028121281222812328124281252812628127281282812928130281312813228133281342813528136281372813828139281402814128142281432814428145281462814728148281492815028151281522815328154281552815628157281582815928160281612816228163281642816528166281672816828169281702817128172281732817428175281762817728178281792818028181281822818328184281852818628187281882818928190281912819228193281942819528196281972819828199282002820128202282032820428205282062820728208282092821028211282122821328214282152821628217282182821928220282212822228223282242822528226282272822828229282302823128232282332823428235282362823728238282392824028241282422824328244282452824628247282482824928250282512825228253282542825528256282572825828259282602826128262282632826428265282662826728268282692827028271282722827328274282752827628277282782827928280282812828228283282842828528286282872828828289282902829128292282932829428295282962829728298282992830028301283022830328304283052830628307283082830928310283112831228313283142831528316283172831828319283202832128322283232832428325283262832728328283292833028331283322833328334283352833628337283382833928340283412834228343283442834528346283472834828349283502835128352283532835428355283562835728358283592836028361283622836328364283652836628367283682836928370283712837228373283742837528376283772837828379283802838128382283832838428385283862838728388283892839028391283922839328394283952839628397283982839928400284012840228403284042840528406284072840828409284102841128412284132841428415284162841728418284192842028421284222842328424284252842628427284282842928430284312843228433284342843528436284372843828439284402844128442284432844428445284462844728448284492845028451284522845328454284552845628457284582845928460284612846228463284642846528466284672846828469284702847128472284732847428475284762847728478284792848028481284822848328484284852848628487284882848928490284912849228493284942849528496284972849828499285002850128502285032850428505285062850728508285092851028511285122851328514285152851628517285182851928520285212852228523285242852528526285272852828529285302853128532285332853428535285362853728538285392854028541285422854328544285452854628547285482854928550285512855228553285542855528556285572855828559285602856128562285632856428565285662856728568285692857028571285722857328574285752857628577285782857928580285812858228583285842858528586285872858828589285902859128592285932859428595285962859728598285992860028601286022860328604286052860628607286082860928610286112861228613286142861528616286172861828619286202862128622286232862428625286262862728628286292863028631286322863328634286352863628637286382863928640286412864228643286442864528646286472864828649286502865128652286532865428655286562865728658286592866028661286622866328664286652866628667286682866928670286712867228673286742867528676286772867828679286802868128682286832868428685286862868728688286892869028691286922869328694286952869628697286982869928700287012870228703287042870528706287072870828709287102871128712287132871428715287162871728718287192872028721287222872328724287252872628727287282872928730287312873228733287342873528736287372873828739287402874128742287432874428745287462874728748287492875028751287522875328754287552875628757287582875928760287612876228763287642876528766287672876828769287702877128772287732877428775287762877728778287792878028781287822878328784287852878628787287882878928790287912879228793287942879528796287972879828799288002880128802288032880428805288062880728808288092881028811288122881328814288152881628817288182881928820288212882228823288242882528826288272882828829288302883128832288332883428835288362883728838288392884028841288422884328844288452884628847288482884928850288512885228853288542885528856288572885828859288602886128862288632886428865288662886728868288692887028871288722887328874288752887628877288782887928880288812888228883288842888528886288872888828889288902889128892288932889428895288962889728898288992890028901289022890328904289052890628907289082890928910289112891228913289142891528916289172891828919289202892128922289232892428925289262892728928289292893028931289322893328934289352893628937289382893928940289412894228943289442894528946289472894828949289502895128952289532895428955289562895728958289592896028961289622896328964289652896628967289682896928970289712897228973289742897528976289772897828979289802898128982289832898428985289862898728988289892899028991289922899328994289952899628997289982899929000290012900229003290042900529006290072900829009290102901129012290132901429015290162901729018290192902029021290222902329024290252902629027290282902929030290312903229033290342903529036290372903829039290402904129042290432904429045290462904729048290492905029051290522905329054290552905629057290582905929060290612906229063290642906529066290672906829069290702907129072290732907429075290762907729078290792908029081290822908329084290852908629087290882908929090290912909229093290942909529096290972909829099291002910129102291032910429105291062910729108291092911029111291122911329114291152911629117291182911929120291212912229123291242912529126291272912829129291302913129132291332913429135291362913729138291392914029141291422914329144291452914629147291482914929150291512915229153291542915529156291572915829159291602916129162291632916429165291662916729168291692917029171291722917329174291752917629177291782917929180291812918229183291842918529186291872918829189291902919129192291932919429195291962919729198291992920029201292022920329204292052920629207292082920929210292112921229213292142921529216292172921829219292202922129222292232922429225292262922729228292292923029231292322923329234292352923629237292382923929240292412924229243292442924529246292472924829249292502925129252292532925429255292562925729258292592926029261292622926329264292652926629267292682926929270292712927229273292742927529276292772927829279292802928129282292832928429285292862928729288292892929029291292922929329294292952929629297292982929929300293012930229303293042930529306293072930829309293102931129312293132931429315293162931729318293192932029321293222932329324293252932629327293282932929330293312933229333293342933529336293372933829339293402934129342293432934429345293462934729348293492935029351293522935329354293552935629357293582935929360293612936229363293642936529366293672936829369293702937129372293732937429375293762937729378293792938029381293822938329384293852938629387293882938929390293912939229393293942939529396293972939829399294002940129402294032940429405294062940729408294092941029411294122941329414294152941629417294182941929420294212942229423294242942529426294272942829429294302943129432294332943429435294362943729438294392944029441294422944329444294452944629447294482944929450294512945229453294542945529456294572945829459294602946129462294632946429465294662946729468294692947029471294722947329474294752947629477294782947929480294812948229483294842948529486294872948829489294902949129492294932949429495294962949729498294992950029501295022950329504295052950629507295082950929510295112951229513295142951529516295172951829519295202952129522295232952429525295262952729528295292953029531295322953329534295352953629537295382953929540295412954229543295442954529546295472954829549295502955129552295532955429555295562955729558295592956029561295622956329564295652956629567295682956929570295712957229573295742957529576295772957829579295802958129582295832958429585295862958729588295892959029591295922959329594295952959629597295982959929600296012960229603296042960529606296072960829609296102961129612296132961429615296162961729618296192962029621296222962329624296252962629627296282962929630296312963229633296342963529636296372963829639296402964129642296432964429645296462964729648296492965029651296522965329654296552965629657296582965929660296612966229663296642966529666296672966829669296702967129672296732967429675296762967729678296792968029681296822968329684296852968629687296882968929690296912969229693296942969529696296972969829699297002970129702297032970429705297062970729708297092971029711297122971329714297152971629717297182971929720297212972229723297242972529726297272972829729297302973129732297332973429735297362973729738297392974029741297422974329744297452974629747297482974929750297512975229753297542975529756297572975829759297602976129762297632976429765297662976729768297692977029771297722977329774297752977629777297782977929780297812978229783297842978529786297872978829789297902979129792297932979429795297962979729798297992980029801298022980329804298052980629807298082980929810298112981229813298142981529816298172981829819298202982129822298232982429825298262982729828298292983029831298322983329834298352983629837298382983929840298412984229843298442984529846298472984829849298502985129852298532985429855298562985729858298592986029861298622986329864298652986629867298682986929870298712987229873298742987529876298772987829879298802988129882298832988429885298862988729888298892989029891298922989329894298952989629897298982989929900299012990229903299042990529906299072990829909299102991129912299132991429915299162991729918299192992029921299222992329924299252992629927299282992929930299312993229933299342993529936299372993829939299402994129942299432994429945299462994729948299492995029951299522995329954299552995629957299582995929960299612996229963299642996529966299672996829969299702997129972299732997429975299762997729978299792998029981299822998329984299852998629987299882998929990299912999229993299942999529996299972999829999300003000130002300033000430005300063000730008300093001030011300123001330014300153001630017300183001930020300213002230023300243002530026300273002830029300303003130032300333003430035300363003730038300393004030041300423004330044300453004630047300483004930050300513005230053300543005530056300573005830059300603006130062300633006430065300663006730068300693007030071300723007330074300753007630077300783007930080300813008230083300843008530086300873008830089300903009130092300933009430095300963009730098300993010030101301023010330104301053010630107301083010930110301113011230113301143011530116301173011830119301203012130122301233012430125301263012730128301293013030131301323013330134301353013630137301383013930140301413014230143301443014530146301473014830149301503015130152301533015430155301563015730158301593016030161301623016330164301653016630167301683016930170301713017230173301743017530176301773017830179301803018130182301833018430185301863018730188301893019030191301923019330194301953019630197301983019930200302013020230203302043020530206302073020830209302103021130212302133021430215302163021730218302193022030221302223022330224302253022630227302283022930230302313023230233302343023530236302373023830239302403024130242302433024430245302463024730248302493025030251302523025330254302553025630257302583025930260302613026230263302643026530266302673026830269302703027130272302733027430275302763027730278302793028030281302823028330284302853028630287302883028930290302913029230293302943029530296302973029830299303003030130302303033030430305303063030730308303093031030311303123031330314303153031630317303183031930320303213032230323303243032530326303273032830329303303033130332303333033430335303363033730338303393034030341303423034330344303453034630347303483034930350303513035230353303543035530356303573035830359303603036130362303633036430365303663036730368303693037030371303723037330374303753037630377303783037930380303813038230383303843038530386303873038830389303903039130392303933039430395303963039730398303993040030401304023040330404304053040630407304083040930410304113041230413304143041530416304173041830419304203042130422304233042430425304263042730428304293043030431304323043330434304353043630437304383043930440304413044230443304443044530446304473044830449304503045130452304533045430455304563045730458304593046030461304623046330464304653046630467304683046930470304713047230473304743047530476304773047830479304803048130482304833048430485304863048730488304893049030491304923049330494304953049630497304983049930500305013050230503305043050530506305073050830509305103051130512305133051430515305163051730518305193052030521305223052330524305253052630527305283052930530305313053230533305343053530536305373053830539305403054130542305433054430545305463054730548305493055030551305523055330554305553055630557305583055930560305613056230563305643056530566305673056830569305703057130572305733057430575305763057730578305793058030581305823058330584305853058630587305883058930590305913059230593305943059530596305973059830599306003060130602306033060430605306063060730608306093061030611306123061330614306153061630617306183061930620306213062230623306243062530626306273062830629306303063130632306333063430635306363063730638306393064030641306423064330644306453064630647306483064930650306513065230653306543065530656306573065830659306603066130662306633066430665306663066730668306693067030671306723067330674306753067630677306783067930680306813068230683306843068530686306873068830689306903069130692306933069430695306963069730698306993070030701307023070330704307053070630707307083070930710307113071230713307143071530716307173071830719307203072130722307233072430725307263072730728307293073030731307323073330734307353073630737307383073930740307413074230743307443074530746307473074830749307503075130752307533075430755307563075730758307593076030761307623076330764307653076630767307683076930770307713077230773307743077530776307773077830779307803078130782307833078430785307863078730788307893079030791307923079330794307953079630797307983079930800308013080230803308043080530806308073080830809308103081130812308133081430815308163081730818308193082030821308223082330824308253082630827308283082930830308313083230833308343083530836308373083830839308403084130842308433084430845308463084730848308493085030851308523085330854308553085630857308583085930860308613086230863308643086530866308673086830869308703087130872308733087430875308763087730878308793088030881308823088330884308853088630887308883088930890308913089230893308943089530896308973089830899309003090130902309033090430905309063090730908309093091030911309123091330914309153091630917309183091930920309213092230923309243092530926309273092830929309303093130932309333093430935309363093730938309393094030941309423094330944309453094630947309483094930950309513095230953309543095530956309573095830959309603096130962309633096430965309663096730968309693097030971309723097330974309753097630977309783097930980309813098230983309843098530986309873098830989309903099130992309933099430995309963099730998309993100031001310023100331004310053100631007310083100931010310113101231013310143101531016310173101831019310203102131022310233102431025310263102731028310293103031031310323103331034310353103631037310383103931040310413104231043310443104531046310473104831049310503105131052310533105431055310563105731058310593106031061310623106331064310653106631067310683106931070310713107231073310743107531076310773107831079310803108131082310833108431085310863108731088310893109031091310923109331094310953109631097310983109931100311013110231103311043110531106311073110831109311103111131112311133111431115311163111731118311193112031121311223112331124311253112631127311283112931130311313113231133311343113531136311373113831139311403114131142311433114431145311463114731148311493115031151311523115331154311553115631157311583115931160311613116231163311643116531166311673116831169311703117131172311733117431175311763117731178311793118031181311823118331184311853118631187311883118931190311913119231193311943119531196311973119831199312003120131202312033120431205312063120731208312093121031211312123121331214312153121631217312183121931220312213122231223312243122531226312273122831229312303123131232312333123431235312363123731238312393124031241312423124331244312453124631247312483124931250312513125231253312543125531256312573125831259312603126131262312633126431265312663126731268312693127031271312723127331274312753127631277312783127931280312813128231283312843128531286312873128831289312903129131292312933129431295312963129731298312993130031301313023130331304313053130631307313083130931310313113131231313313143131531316313173131831319313203132131322313233132431325313263132731328313293133031331313323133331334313353133631337313383133931340313413134231343313443134531346313473134831349313503135131352313533135431355313563135731358313593136031361313623136331364313653136631367313683136931370313713137231373313743137531376313773137831379313803138131382313833138431385313863138731388313893139031391313923139331394313953139631397313983139931400314013140231403314043140531406314073140831409314103141131412314133141431415314163141731418314193142031421314223142331424314253142631427314283142931430314313143231433314343143531436314373143831439314403144131442314433144431445314463144731448314493145031451314523145331454314553145631457314583145931460314613146231463314643146531466314673146831469314703147131472314733147431475314763147731478314793148031481314823148331484314853148631487314883148931490314913149231493314943149531496314973149831499315003150131502315033150431505315063150731508315093151031511315123151331514315153151631517315183151931520315213152231523315243152531526315273152831529315303153131532315333153431535315363153731538315393154031541315423154331544315453154631547315483154931550315513155231553315543155531556315573155831559315603156131562315633156431565315663156731568315693157031571315723157331574315753157631577315783157931580315813158231583315843158531586315873158831589315903159131592315933159431595315963159731598315993160031601316023160331604316053160631607316083160931610316113161231613316143161531616316173161831619316203162131622316233162431625316263162731628316293163031631316323163331634316353163631637316383163931640316413164231643316443164531646316473164831649316503165131652316533165431655316563165731658316593166031661316623166331664316653166631667316683166931670316713167231673316743167531676316773167831679316803168131682316833168431685316863168731688316893169031691316923169331694316953169631697316983169931700317013170231703317043170531706317073170831709317103171131712317133171431715317163171731718317193172031721317223172331724317253172631727317283172931730317313173231733317343173531736317373173831739317403174131742317433174431745317463174731748317493175031751317523175331754317553175631757317583175931760317613176231763317643176531766317673176831769317703177131772317733177431775317763177731778317793178031781317823178331784317853178631787317883178931790317913179231793317943179531796317973179831799318003180131802318033180431805318063180731808318093181031811318123181331814318153181631817318183181931820318213182231823318243182531826318273182831829318303183131832318333183431835318363183731838318393184031841318423184331844318453184631847318483184931850318513185231853318543185531856318573185831859318603186131862318633186431865318663186731868318693187031871318723187331874318753187631877318783187931880318813188231883318843188531886318873188831889318903189131892318933189431895318963189731898318993190031901319023190331904319053190631907319083190931910319113191231913319143191531916319173191831919319203192131922319233192431925319263192731928319293193031931319323193331934319353193631937319383193931940319413194231943319443194531946319473194831949319503195131952319533195431955319563195731958319593196031961319623196331964319653196631967319683196931970319713197231973319743197531976319773197831979319803198131982319833198431985319863198731988319893199031991319923199331994319953199631997319983199932000320013200232003320043200532006320073200832009320103201132012320133201432015320163201732018320193202032021320223202332024320253202632027320283202932030320313203232033320343203532036320373203832039320403204132042320433204432045320463204732048320493205032051320523205332054320553205632057320583205932060320613206232063320643206532066320673206832069320703207132072320733207432075320763207732078320793208032081320823208332084320853208632087320883208932090320913209232093320943209532096320973209832099321003210132102321033210432105321063210732108321093211032111321123211332114321153211632117321183211932120321213212232123321243212532126321273212832129321303213132132321333213432135321363213732138321393214032141321423214332144321453214632147321483214932150321513215232153321543215532156321573215832159321603216132162321633216432165321663216732168321693217032171321723217332174321753217632177321783217932180321813218232183321843218532186321873218832189321903219132192321933219432195321963219732198321993220032201322023220332204322053220632207322083220932210322113221232213322143221532216322173221832219322203222132222322233222432225322263222732228322293223032231322323223332234322353223632237322383223932240322413224232243322443224532246322473224832249322503225132252322533225432255322563225732258322593226032261322623226332264322653226632267322683226932270322713227232273322743227532276322773227832279322803228132282322833228432285322863228732288322893229032291322923229332294322953229632297322983229932300323013230232303323043230532306323073230832309323103231132312323133231432315323163231732318323193232032321323223232332324323253232632327323283232932330323313233232333323343233532336323373233832339323403234132342323433234432345323463234732348323493235032351323523235332354323553235632357323583235932360323613236232363323643236532366323673236832369323703237132372323733237432375323763237732378323793238032381323823238332384323853238632387323883238932390323913239232393323943239532396323973239832399324003240132402324033240432405324063240732408324093241032411324123241332414324153241632417324183241932420324213242232423324243242532426324273242832429324303243132432324333243432435324363243732438324393244032441324423244332444324453244632447324483244932450324513245232453324543245532456324573245832459324603246132462324633246432465324663246732468324693247032471324723247332474324753247632477324783247932480324813248232483324843248532486324873248832489324903249132492324933249432495324963249732498324993250032501325023250332504325053250632507325083250932510325113251232513325143251532516325173251832519325203252132522325233252432525325263252732528325293253032531325323253332534325353253632537325383253932540325413254232543325443254532546325473254832549325503255132552325533255432555325563255732558325593256032561325623256332564325653256632567325683256932570325713257232573325743257532576325773257832579325803258132582325833258432585325863258732588325893259032591325923259332594325953259632597325983259932600326013260232603326043260532606326073260832609326103261132612326133261432615326163261732618326193262032621326223262332624326253262632627326283262932630326313263232633326343263532636326373263832639326403264132642326433264432645326463264732648326493265032651326523265332654326553265632657326583265932660326613266232663326643266532666326673266832669326703267132672326733267432675326763267732678326793268032681326823268332684326853268632687326883268932690326913269232693326943269532696326973269832699327003270132702327033270432705327063270732708327093271032711327123271332714327153271632717327183271932720327213272232723327243272532726327273272832729327303273132732327333273432735327363273732738327393274032741327423274332744327453274632747327483274932750327513275232753327543275532756327573275832759327603276132762327633276432765327663276732768327693277032771327723277332774327753277632777327783277932780327813278232783327843278532786327873278832789327903279132792327933279432795327963279732798327993280032801328023280332804328053280632807328083280932810328113281232813328143281532816328173281832819328203282132822328233282432825328263282732828328293283032831328323283332834328353283632837328383283932840328413284232843328443284532846328473284832849328503285132852328533285432855328563285732858328593286032861328623286332864328653286632867328683286932870328713287232873328743287532876328773287832879328803288132882328833288432885328863288732888328893289032891328923289332894328953289632897328983289932900329013290232903329043290532906329073290832909329103291132912329133291432915329163291732918329193292032921329223292332924329253292632927329283292932930329313293232933329343293532936329373293832939329403294132942329433294432945329463294732948329493295032951329523295332954329553295632957329583295932960329613296232963329643296532966329673296832969329703297132972329733297432975329763297732978329793298032981329823298332984329853298632987329883298932990329913299232993329943299532996329973299832999330003300133002330033300433005330063300733008330093301033011330123301333014330153301633017330183301933020330213302233023330243302533026330273302833029330303303133032330333303433035330363303733038330393304033041330423304333044330453304633047330483304933050330513305233053330543305533056330573305833059330603306133062330633306433065330663306733068330693307033071330723307333074330753307633077330783307933080330813308233083330843308533086330873308833089330903309133092330933309433095330963309733098330993310033101331023310333104331053310633107331083310933110331113311233113331143311533116331173311833119331203312133122331233312433125331263312733128331293313033131331323313333134331353313633137331383313933140331413314233143331443314533146331473314833149331503315133152331533315433155331563315733158331593316033161331623316333164331653316633167331683316933170331713317233173331743317533176331773317833179331803318133182331833318433185331863318733188331893319033191331923319333194331953319633197331983319933200332013320233203332043320533206332073320833209332103321133212332133321433215332163321733218332193322033221332223322333224332253322633227332283322933230332313323233233332343323533236332373323833239332403324133242332433324433245332463324733248332493325033251332523325333254332553325633257332583325933260332613326233263332643326533266332673326833269332703327133272332733327433275332763327733278332793328033281332823328333284332853328633287332883328933290332913329233293332943329533296332973329833299333003330133302333033330433305333063330733308333093331033311333123331333314333153331633317333183331933320333213332233323333243332533326333273332833329333303333133332333333333433335333363333733338333393334033341333423334333344333453334633347333483334933350333513335233353333543335533356333573335833359333603336133362333633336433365333663336733368333693337033371333723337333374333753337633377333783337933380333813338233383333843338533386333873338833389333903339133392333933339433395333963339733398333993340033401334023340333404334053340633407334083340933410334113341233413334143341533416334173341833419334203342133422334233342433425334263342733428334293343033431334323343333434334353343633437334383343933440334413344233443334443344533446334473344833449334503345133452334533345433455334563345733458334593346033461334623346333464334653346633467334683346933470334713347233473334743347533476334773347833479334803348133482334833348433485334863348733488334893349033491334923349333494334953349633497334983349933500335013350233503335043350533506335073350833509335103351133512335133351433515335163351733518335193352033521335223352333524335253352633527335283352933530335313353233533335343353533536335373353833539335403354133542335433354433545335463354733548335493355033551335523355333554335553355633557335583355933560335613356233563335643356533566335673356833569335703357133572335733357433575335763357733578335793358033581335823358333584335853358633587335883358933590335913359233593335943359533596335973359833599336003360133602336033360433605336063360733608336093361033611336123361333614336153361633617336183361933620336213362233623336243362533626336273362833629336303363133632336333363433635336363363733638336393364033641336423364333644336453364633647336483364933650336513365233653336543365533656336573365833659336603366133662336633366433665336663366733668336693367033671336723367333674336753367633677336783367933680336813368233683336843368533686336873368833689336903369133692336933369433695336963369733698336993370033701337023370333704337053370633707337083370933710337113371233713337143371533716337173371833719337203372133722337233372433725337263372733728337293373033731337323373333734337353373633737337383373933740337413374233743337443374533746337473374833749337503375133752337533375433755337563375733758337593376033761337623376333764337653376633767337683376933770337713377233773337743377533776337773377833779337803378133782337833378433785337863378733788337893379033791337923379333794337953379633797337983379933800338013380233803338043380533806338073380833809338103381133812338133381433815338163381733818338193382033821338223382333824338253382633827338283382933830338313383233833338343383533836338373383833839338403384133842338433384433845338463384733848338493385033851338523385333854338553385633857338583385933860338613386233863338643386533866338673386833869338703387133872338733387433875338763387733878338793388033881338823388333884338853388633887338883388933890338913389233893338943389533896338973389833899339003390133902339033390433905339063390733908339093391033911339123391333914339153391633917339183391933920339213392233923339243392533926339273392833929339303393133932339333393433935339363393733938339393394033941339423394333944339453394633947339483394933950339513395233953339543395533956339573395833959339603396133962339633396433965339663396733968339693397033971339723397333974339753397633977339783397933980339813398233983339843398533986339873398833989339903399133992339933399433995339963399733998339993400034001340023400334004340053400634007340083400934010340113401234013340143401534016340173401834019340203402134022340233402434025340263402734028340293403034031340323403334034340353403634037340383403934040340413404234043340443404534046340473404834049340503405134052340533405434055340563405734058340593406034061340623406334064340653406634067340683406934070340713407234073340743407534076340773407834079340803408134082340833408434085340863408734088340893409034091340923409334094340953409634097340983409934100341013410234103341043410534106341073410834109341103411134112341133411434115341163411734118341193412034121341223412334124341253412634127341283412934130341313413234133341343413534136341373413834139341403414134142341433414434145341463414734148341493415034151341523415334154341553415634157341583415934160341613416234163341643416534166341673416834169341703417134172341733417434175341763417734178341793418034181341823418334184341853418634187341883418934190341913419234193341943419534196341973419834199342003420134202342033420434205342063420734208342093421034211342123421334214342153421634217342183421934220342213422234223342243422534226342273422834229342303423134232342333423434235342363423734238342393424034241342423424334244342453424634247342483424934250342513425234253342543425534256342573425834259342603426134262342633426434265342663426734268342693427034271342723427334274342753427634277342783427934280342813428234283342843428534286342873428834289342903429134292342933429434295342963429734298342993430034301343023430334304343053430634307343083430934310343113431234313343143431534316343173431834319343203432134322343233432434325343263432734328343293433034331343323433334334343353433634337343383433934340343413434234343343443434534346343473434834349343503435134352343533435434355343563435734358343593436034361343623436334364343653436634367343683436934370343713437234373343743437534376343773437834379343803438134382343833438434385343863438734388343893439034391343923439334394343953439634397343983439934400344013440234403344043440534406344073440834409344103441134412344133441434415344163441734418344193442034421344223442334424344253442634427344283442934430344313443234433344343443534436344373443834439344403444134442344433444434445344463444734448344493445034451344523445334454344553445634457344583445934460344613446234463344643446534466344673446834469344703447134472344733447434475344763447734478344793448034481344823448334484344853448634487344883448934490344913449234493344943449534496344973449834499345003450134502345033450434505345063450734508345093451034511345123451334514345153451634517345183451934520345213452234523345243452534526345273452834529345303453134532345333453434535345363453734538345393454034541345423454334544345453454634547345483454934550345513455234553345543455534556345573455834559345603456134562345633456434565345663456734568345693457034571345723457334574345753457634577345783457934580345813458234583345843458534586345873458834589345903459134592345933459434595345963459734598345993460034601346023460334604346053460634607346083460934610346113461234613346143461534616346173461834619346203462134622346233462434625346263462734628346293463034631346323463334634346353463634637346383463934640346413464234643346443464534646346473464834649346503465134652346533465434655346563465734658346593466034661346623466334664346653466634667346683466934670346713467234673346743467534676346773467834679346803468134682346833468434685346863468734688346893469034691346923469334694346953469634697346983469934700347013470234703347043470534706347073470834709347103471134712347133471434715347163471734718347193472034721347223472334724347253472634727347283472934730347313473234733347343473534736347373473834739347403474134742347433474434745347463474734748347493475034751347523475334754347553475634757347583475934760347613476234763347643476534766347673476834769347703477134772347733477434775347763477734778347793478034781347823478334784347853478634787347883478934790347913479234793347943479534796347973479834799348003480134802348033480434805348063480734808348093481034811348123481334814348153481634817348183481934820348213482234823348243482534826348273482834829348303483134832348333483434835348363483734838348393484034841348423484334844348453484634847348483484934850348513485234853348543485534856348573485834859348603486134862348633486434865348663486734868348693487034871348723487334874348753487634877348783487934880348813488234883348843488534886348873488834889348903489134892348933489434895348963489734898348993490034901349023490334904349053490634907349083490934910349113491234913349143491534916349173491834919349203492134922349233492434925349263492734928349293493034931349323493334934349353493634937349383493934940349413494234943349443494534946349473494834949349503495134952349533495434955349563495734958349593496034961349623496334964349653496634967349683496934970349713497234973349743497534976349773497834979349803498134982349833498434985349863498734988349893499034991349923499334994349953499634997349983499935000350013500235003350043500535006350073500835009350103501135012350133501435015350163501735018350193502035021350223502335024350253502635027350283502935030350313503235033350343503535036350373503835039350403504135042350433504435045350463504735048350493505035051350523505335054350553505635057350583505935060350613506235063350643506535066350673506835069350703507135072350733507435075350763507735078350793508035081350823508335084350853508635087350883508935090350913509235093350943509535096350973509835099351003510135102351033510435105351063510735108351093511035111351123511335114351153511635117351183511935120351213512235123351243512535126351273512835129351303513135132351333513435135351363513735138351393514035141351423514335144351453514635147351483514935150351513515235153351543515535156351573515835159351603516135162351633516435165351663516735168351693517035171351723517335174351753517635177351783517935180351813518235183351843518535186351873518835189351903519135192351933519435195351963519735198351993520035201352023520335204352053520635207352083520935210352113521235213352143521535216352173521835219352203522135222352233522435225352263522735228352293523035231352323523335234352353523635237352383523935240352413524235243352443524535246352473524835249352503525135252352533525435255352563525735258352593526035261352623526335264352653526635267352683526935270352713527235273352743527535276352773527835279352803528135282352833528435285352863528735288352893529035291352923529335294352953529635297352983529935300353013530235303353043530535306353073530835309353103531135312353133531435315353163531735318353193532035321353223532335324353253532635327353283532935330353313533235333353343533535336353373533835339353403534135342353433534435345353463534735348353493535035351353523535335354353553535635357353583535935360353613536235363353643536535366353673536835369353703537135372353733537435375353763537735378353793538035381353823538335384353853538635387353883538935390353913539235393353943539535396353973539835399354003540135402354033540435405354063540735408354093541035411354123541335414354153541635417354183541935420354213542235423354243542535426354273542835429354303543135432354333543435435354363543735438354393544035441354423544335444354453544635447354483544935450354513545235453354543545535456354573545835459354603546135462354633546435465354663546735468354693547035471354723547335474354753547635477354783547935480354813548235483354843548535486354873548835489354903549135492354933549435495354963549735498354993550035501355023550335504355053550635507355083550935510355113551235513355143551535516355173551835519355203552135522355233552435525355263552735528355293553035531355323553335534355353553635537355383553935540355413554235543355443554535546355473554835549355503555135552355533555435555355563555735558355593556035561355623556335564355653556635567355683556935570355713557235573355743557535576355773557835579355803558135582355833558435585355863558735588355893559035591355923559335594355953559635597355983559935600356013560235603356043560535606356073560835609356103561135612356133561435615356163561735618356193562035621356223562335624356253562635627356283562935630356313563235633356343563535636356373563835639356403564135642356433564435645356463564735648356493565035651356523565335654356553565635657356583565935660356613566235663356643566535666356673566835669356703567135672356733567435675356763567735678356793568035681356823568335684356853568635687356883568935690356913569235693356943569535696356973569835699357003570135702357033570435705357063570735708357093571035711357123571335714357153571635717357183571935720357213572235723357243572535726357273572835729357303573135732357333573435735357363573735738357393574035741357423574335744357453574635747357483574935750357513575235753357543575535756357573575835759357603576135762357633576435765357663576735768357693577035771357723577335774357753577635777357783577935780357813578235783357843578535786357873578835789357903579135792357933579435795357963579735798357993580035801358023580335804358053580635807358083580935810358113581235813358143581535816358173581835819358203582135822358233582435825358263582735828358293583035831358323583335834358353583635837358383583935840358413584235843358443584535846358473584835849358503585135852358533585435855358563585735858358593586035861358623586335864358653586635867358683586935870358713587235873358743587535876358773587835879358803588135882358833588435885358863588735888358893589035891358923589335894358953589635897358983589935900359013590235903359043590535906359073590835909359103591135912359133591435915359163591735918359193592035921359223592335924359253592635927359283592935930359313593235933359343593535936359373593835939359403594135942359433594435945359463594735948359493595035951359523595335954359553595635957359583595935960359613596235963359643596535966359673596835969359703597135972359733597435975359763597735978359793598035981359823598335984359853598635987359883598935990359913599235993359943599535996359973599835999360003600136002360033600436005360063600736008360093601036011360123601336014360153601636017360183601936020360213602236023360243602536026360273602836029360303603136032360333603436035360363603736038360393604036041360423604336044360453604636047360483604936050360513605236053360543605536056360573605836059360603606136062360633606436065360663606736068360693607036071360723607336074360753607636077360783607936080360813608236083360843608536086360873608836089360903609136092360933609436095360963609736098360993610036101361023610336104361053610636107361083610936110361113611236113361143611536116361173611836119361203612136122361233612436125361263612736128361293613036131361323613336134361353613636137361383613936140361413614236143361443614536146361473614836149361503615136152361533615436155361563615736158361593616036161361623616336164361653616636167361683616936170361713617236173361743617536176361773617836179361803618136182361833618436185361863618736188361893619036191361923619336194361953619636197361983619936200362013620236203362043620536206362073620836209362103621136212362133621436215362163621736218362193622036221362223622336224362253622636227362283622936230362313623236233362343623536236362373623836239362403624136242362433624436245362463624736248362493625036251362523625336254362553625636257362583625936260362613626236263362643626536266362673626836269362703627136272362733627436275362763627736278362793628036281362823628336284362853628636287362883628936290362913629236293362943629536296362973629836299363003630136302363033630436305363063630736308363093631036311363123631336314363153631636317363183631936320363213632236323363243632536326363273632836329363303633136332363333633436335363363633736338363393634036341363423634336344363453634636347363483634936350363513635236353363543635536356363573635836359363603636136362363633636436365363663636736368363693637036371363723637336374363753637636377363783637936380363813638236383363843638536386363873638836389363903639136392363933639436395363963639736398363993640036401364023640336404364053640636407364083640936410364113641236413364143641536416364173641836419364203642136422364233642436425364263642736428364293643036431364323643336434364353643636437364383643936440364413644236443364443644536446364473644836449364503645136452364533645436455364563645736458364593646036461364623646336464364653646636467364683646936470364713647236473364743647536476364773647836479364803648136482364833648436485364863648736488364893649036491364923649336494364953649636497364983649936500365013650236503365043650536506365073650836509365103651136512365133651436515365163651736518365193652036521365223652336524365253652636527365283652936530365313653236533365343653536536365373653836539365403654136542365433654436545365463654736548365493655036551365523655336554365553655636557365583655936560365613656236563365643656536566365673656836569365703657136572365733657436575365763657736578365793658036581365823658336584365853658636587365883658936590365913659236593365943659536596365973659836599366003660136602366033660436605366063660736608366093661036611366123661336614366153661636617366183661936620366213662236623366243662536626366273662836629366303663136632366333663436635366363663736638366393664036641366423664336644366453664636647366483664936650366513665236653366543665536656366573665836659366603666136662366633666436665366663666736668366693667036671366723667336674366753667636677366783667936680366813668236683366843668536686366873668836689366903669136692366933669436695366963669736698366993670036701367023670336704367053670636707367083670936710367113671236713367143671536716367173671836719367203672136722367233672436725367263672736728367293673036731367323673336734367353673636737367383673936740367413674236743367443674536746367473674836749367503675136752367533675436755367563675736758367593676036761367623676336764367653676636767367683676936770367713677236773367743677536776367773677836779367803678136782367833678436785367863678736788367893679036791367923679336794367953679636797367983679936800368013680236803368043680536806368073680836809368103681136812368133681436815368163681736818368193682036821368223682336824368253682636827368283682936830368313683236833368343683536836368373683836839368403684136842368433684436845368463684736848368493685036851368523685336854368553685636857368583685936860368613686236863368643686536866368673686836869368703687136872368733687436875368763687736878368793688036881368823688336884368853688636887368883688936890368913689236893368943689536896368973689836899369003690136902369033690436905369063690736908369093691036911369123691336914369153691636917369183691936920369213692236923369243692536926369273692836929369303693136932369333693436935369363693736938369393694036941369423694336944369453694636947369483694936950369513695236953369543695536956369573695836959369603696136962369633696436965369663696736968369693697036971369723697336974369753697636977369783697936980369813698236983369843698536986369873698836989369903699136992369933699436995369963699736998369993700037001370023700337004370053700637007370083700937010370113701237013370143701537016370173701837019370203702137022370233702437025370263702737028370293703037031370323703337034370353703637037370383703937040370413704237043370443704537046370473704837049370503705137052370533705437055370563705737058370593706037061370623706337064370653706637067370683706937070370713707237073370743707537076370773707837079370803708137082370833708437085370863708737088370893709037091370923709337094370953709637097370983709937100371013710237103371043710537106371073710837109371103711137112371133711437115371163711737118371193712037121371223712337124371253712637127371283712937130371313713237133371343713537136371373713837139371403714137142371433714437145371463714737148371493715037151371523715337154371553715637157371583715937160371613716237163371643716537166371673716837169371703717137172371733717437175371763717737178371793718037181371823718337184371853718637187371883718937190371913719237193371943719537196371973719837199372003720137202372033720437205372063720737208372093721037211372123721337214372153721637217372183721937220372213722237223372243722537226372273722837229372303723137232372333723437235372363723737238372393724037241372423724337244372453724637247372483724937250372513725237253372543725537256372573725837259372603726137262372633726437265372663726737268372693727037271372723727337274372753727637277372783727937280372813728237283372843728537286372873728837289372903729137292372933729437295372963729737298372993730037301373023730337304373053730637307373083730937310373113731237313373143731537316373173731837319373203732137322373233732437325373263732737328373293733037331373323733337334373353733637337373383733937340373413734237343373443734537346373473734837349373503735137352373533735437355373563735737358373593736037361373623736337364373653736637367373683736937370373713737237373373743737537376373773737837379373803738137382373833738437385373863738737388373893739037391373923739337394373953739637397373983739937400374013740237403374043740537406374073740837409374103741137412374133741437415374163741737418374193742037421374223742337424374253742637427374283742937430374313743237433374343743537436374373743837439374403744137442374433744437445374463744737448374493745037451374523745337454374553745637457374583745937460374613746237463374643746537466374673746837469374703747137472374733747437475374763747737478374793748037481374823748337484374853748637487374883748937490374913749237493374943749537496374973749837499375003750137502375033750437505375063750737508375093751037511375123751337514375153751637517375183751937520375213752237523375243752537526375273752837529375303753137532375333753437535375363753737538375393754037541375423754337544375453754637547375483754937550375513755237553375543755537556375573755837559375603756137562375633756437565375663756737568375693757037571375723757337574375753757637577375783757937580375813758237583375843758537586375873758837589375903759137592375933759437595375963759737598375993760037601376023760337604376053760637607376083760937610376113761237613376143761537616376173761837619376203762137622376233762437625376263762737628376293763037631376323763337634376353763637637376383763937640376413764237643376443764537646376473764837649376503765137652376533765437655376563765737658376593766037661376623766337664376653766637667376683766937670376713767237673376743767537676376773767837679376803768137682376833768437685376863768737688376893769037691376923769337694376953769637697376983769937700377013770237703377043770537706377073770837709377103771137712377133771437715377163771737718377193772037721377223772337724377253772637727377283772937730377313773237733377343773537736377373773837739377403774137742377433774437745377463774737748377493775037751377523775337754377553775637757377583775937760377613776237763377643776537766377673776837769377703777137772377733777437775377763777737778377793778037781377823778337784377853778637787377883778937790377913779237793377943779537796377973779837799378003780137802378033780437805378063780737808378093781037811378123781337814378153781637817378183781937820378213782237823378243782537826378273782837829378303783137832378333783437835378363783737838378393784037841378423784337844378453784637847378483784937850378513785237853378543785537856378573785837859378603786137862378633786437865378663786737868378693787037871378723787337874378753787637877378783787937880378813788237883378843788537886378873788837889378903789137892378933789437895378963789737898378993790037901379023790337904379053790637907379083790937910379113791237913379143791537916379173791837919379203792137922379233792437925379263792737928379293793037931379323793337934379353793637937379383793937940379413794237943379443794537946379473794837949379503795137952379533795437955379563795737958379593796037961379623796337964379653796637967379683796937970379713797237973379743797537976379773797837979379803798137982379833798437985379863798737988379893799037991379923799337994379953799637997379983799938000380013800238003380043800538006380073800838009380103801138012380133801438015380163801738018380193802038021380223802338024380253802638027380283802938030380313803238033380343803538036380373803838039380403804138042380433804438045380463804738048380493805038051380523805338054380553805638057380583805938060380613806238063380643806538066380673806838069380703807138072380733807438075380763807738078380793808038081380823808338084380853808638087380883808938090380913809238093380943809538096380973809838099381003810138102381033810438105381063810738108381093811038111381123811338114381153811638117381183811938120381213812238123381243812538126381273812838129381303813138132381333813438135381363813738138381393814038141381423814338144381453814638147381483814938150381513815238153381543815538156381573815838159381603816138162381633816438165381663816738168381693817038171381723817338174381753817638177381783817938180381813818238183381843818538186381873818838189381903819138192381933819438195381963819738198381993820038201382023820338204382053820638207382083820938210382113821238213382143821538216382173821838219382203822138222382233822438225382263822738228382293823038231382323823338234382353823638237382383823938240382413824238243382443824538246382473824838249382503825138252382533825438255382563825738258382593826038261382623826338264382653826638267382683826938270382713827238273382743827538276382773827838279382803828138282382833828438285382863828738288382893829038291382923829338294382953829638297382983829938300383013830238303383043830538306383073830838309383103831138312383133831438315383163831738318383193832038321383223832338324383253832638327383283832938330383313833238333383343833538336383373833838339383403834138342383433834438345383463834738348383493835038351383523835338354383553835638357383583835938360383613836238363383643836538366383673836838369383703837138372383733837438375383763837738378383793838038381383823838338384383853838638387383883838938390383913839238393383943839538396383973839838399384003840138402384033840438405384063840738408384093841038411384123841338414384153841638417384183841938420384213842238423384243842538426384273842838429384303843138432384333843438435384363843738438384393844038441384423844338444384453844638447384483844938450384513845238453384543845538456384573845838459384603846138462384633846438465384663846738468384693847038471384723847338474384753847638477384783847938480384813848238483384843848538486384873848838489384903849138492384933849438495384963849738498384993850038501385023850338504385053850638507385083850938510385113851238513385143851538516385173851838519385203852138522385233852438525385263852738528385293853038531385323853338534385353853638537385383853938540385413854238543385443854538546385473854838549385503855138552385533855438555385563855738558385593856038561385623856338564385653856638567
  1. /* test.c
  2. *
  3. * Copyright (C) 2006-2021 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #ifndef WOLFSSL_USER_SETTINGS
  25. #include <wolfssl/options.h>
  26. #endif
  27. #include <wolfssl/wolfcrypt/settings.h>
  28. #include <wolfssl/version.h>
  29. #include <wolfssl/wolfcrypt/wc_port.h>
  30. #ifndef NO_CRYPT_TEST
  31. #if defined(HAVE_STACK_SIZE) && !defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
  32. #define HAVE_WOLFCRYPT_TEST_OPTIONS
  33. #endif
  34. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  35. #include <wolfssl/ssl.h>
  36. #define err_sys err_sys_remap /* remap err_sys */
  37. #include <wolfssl/test.h>
  38. #undef err_sys
  39. #endif
  40. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
  41. defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  42. #include <stdint.h>
  43. #endif
  44. #if defined(HAVE_STACK_SIZE_VERBOSE)
  45. #ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
  46. static ssize_t max_relative_stack = WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
  47. #else
  48. static ssize_t max_relative_stack = -1;
  49. #endif
  50. #else
  51. #define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) (__VA_ARGS__, 0)
  52. #define STACK_SIZE_INIT()
  53. #endif
  54. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  55. #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
  56. static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
  57. #else
  58. static ssize_t max_relative_heap_allocs = -1;
  59. #endif
  60. #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES
  61. static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES;
  62. #else
  63. static ssize_t max_relative_heap_bytes = -1;
  64. #endif
  65. #define PRINT_HEAP_CHECKPOINT() { \
  66. const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
  67. const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \
  68. printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \
  69. _rha, \
  70. _rha == 1 ? "" : "s", \
  71. _rhb); \
  72. if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \
  73. return err_sys("heap allocs exceed designated max.", -1); \
  74. if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \
  75. return err_sys("heap bytes exceed designated max.", -1); \
  76. heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \
  77. heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \
  78. }
  79. #else
  80. #define PRINT_HEAP_CHECKPOINT()
  81. #endif
  82. #ifdef __GNUC__
  83. _Pragma("GCC diagnostic ignored \"-Wunused-function\"")
  84. #endif
  85. #ifdef USE_FLAT_TEST_H
  86. #ifdef HAVE_CONFIG_H
  87. #include "test_paths.h"
  88. #endif
  89. #include "test.h"
  90. #else
  91. #ifdef HAVE_CONFIG_H
  92. #include "wolfcrypt/test/test_paths.h"
  93. #endif
  94. #include "wolfcrypt/test/test.h"
  95. #endif
  96. /* printf mappings */
  97. #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
  98. #include <mqx.h>
  99. #include <stdlib.h>
  100. /* see wc_port.h for fio.h and nio.h includes */
  101. #elif defined(FREESCALE_KSDK_BM)
  102. #include "fsl_debug_console.h"
  103. #undef printf
  104. #define printf PRINTF
  105. #elif defined(WOLFSSL_APACHE_MYNEWT)
  106. #include <assert.h>
  107. #include <string.h>
  108. #include "sysinit/sysinit.h"
  109. #include "os/os.h"
  110. #ifdef ARCH_sim
  111. #include "mcu/mcu_sim.h"
  112. #endif
  113. #include "os/os_time.h"
  114. #elif defined(WOLFSSL_ESPIDF)
  115. #include <time.h>
  116. #include <sys/time.h>
  117. #elif defined(WOLFSSL_ZEPHYR)
  118. #include <stdio.h>
  119. #define printf printk
  120. #elif defined(MICRIUM)
  121. #include <os.h>
  122. #if (OS_VERSION < 50000)
  123. #include <bsp_ser.h>
  124. void BSP_Ser_Printf (CPU_CHAR* format, ...);
  125. #undef printf
  126. #define printf BSP_Ser_Printf
  127. #else
  128. #include <stdio.h>
  129. #endif
  130. #elif defined(WOLFSSL_PB)
  131. #include <stdarg.h>
  132. int wolfssl_pb_print(const char*, ...);
  133. #undef printf
  134. #define printf wolfssl_pb_print
  135. #elif defined(WOLFSSL_TELIT_M2MB)
  136. #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */
  137. #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */
  138. /* remap printf */
  139. #undef printf
  140. #define printf M2M_LOG_INFO
  141. /* OS requires occasional sleep() */
  142. #ifndef TEST_SLEEP_MS
  143. #define TEST_SLEEP_MS 50
  144. #endif
  145. #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS))
  146. /* don't use file system for these tests, since ./certs dir isn't loaded */
  147. #undef NO_FILESYSTEM
  148. #define NO_FILESYSTEM
  149. #elif defined(THREADX) && !defined(WOLFSSL_WICED) && \
  150. !defined(THREADX_NO_DC_PRINTF)
  151. #ifndef (NETOS)
  152. /* since just testing, use THREADX log printf instead (NETOS prototypes
  153. * this elsewhere) */
  154. int dc_log_printf(char*, ...);
  155. #endif
  156. #undef printf
  157. #define printf dc_log_printf
  158. #elif defined(ANDROID)
  159. #ifdef XMALLOC_USER
  160. #include <stdlib.h> /* we're using malloc / free direct here */
  161. #endif
  162. #ifndef STRING_USER
  163. #include <stdio.h>
  164. #endif
  165. #include <android/log.h>
  166. #ifdef ANDROID_V454 /* See fips/android/wolfCrypt_v454_android */
  167. #ifndef NO_FILESYSTEM
  168. #define NO_FILESYSTEM /* Turn off tests that want to call SaveDerAndPem() */
  169. #endif
  170. #else
  171. #define printf(...) \
  172. __android_log_print(ANDROID_LOG_DEBUG, "TAG", __VA_ARGS__)
  173. #define fprintf(fp, ...) \
  174. __android_log_print(ANDROID_LOG_DEBUG, "TAG", __VA_ARGS__)
  175. #endif
  176. #elif defined(WOLFSSL_DEOS)
  177. #include <printx.h>
  178. #undef printf
  179. #define printf printx
  180. #else
  181. #ifdef XMALLOC_USER
  182. #include <stdlib.h> /* we're using malloc / free direct here */
  183. #endif
  184. #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
  185. #include <stdio.h>
  186. #endif
  187. #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
  188. #undef printf
  189. #define printf(...) ({})
  190. #endif
  191. /* enable way for customer to override test/bench printf */
  192. #ifdef XPRINTF
  193. #undef printf
  194. #define printf XPRINTF
  195. #endif
  196. #endif
  197. #include <wolfssl/wolfcrypt/memory.h>
  198. #include <wolfssl/wolfcrypt/wc_port.h>
  199. #include <wolfssl/wolfcrypt/logging.h>
  200. #include <wolfssl/wolfcrypt/types.h>
  201. #include <wolfssl/wolfcrypt/asn.h>
  202. #include <wolfssl/wolfcrypt/md2.h>
  203. #include <wolfssl/wolfcrypt/md5.h>
  204. #include <wolfssl/wolfcrypt/md4.h>
  205. #include <wolfssl/wolfcrypt/sha.h>
  206. #include <wolfssl/wolfcrypt/sha256.h>
  207. #include <wolfssl/wolfcrypt/sha512.h>
  208. #include <wolfssl/wolfcrypt/rc2.h>
  209. #include <wolfssl/wolfcrypt/arc4.h>
  210. #if defined(WC_NO_RNG)
  211. #include <wolfssl/wolfcrypt/integer.h>
  212. #else
  213. #include <wolfssl/wolfcrypt/random.h>
  214. #endif
  215. #include <wolfssl/wolfcrypt/coding.h>
  216. #include <wolfssl/wolfcrypt/signature.h>
  217. #include <wolfssl/wolfcrypt/rsa.h>
  218. #include <wolfssl/wolfcrypt/des3.h>
  219. #include <wolfssl/wolfcrypt/aes.h>
  220. #include <wolfssl/wolfcrypt/wc_encrypt.h>
  221. #include <wolfssl/wolfcrypt/cmac.h>
  222. #include <wolfssl/wolfcrypt/poly1305.h>
  223. #include <wolfssl/wolfcrypt/camellia.h>
  224. #include <wolfssl/wolfcrypt/hmac.h>
  225. #include <wolfssl/wolfcrypt/kdf.h>
  226. #include <wolfssl/wolfcrypt/dh.h>
  227. #include <wolfssl/wolfcrypt/dsa.h>
  228. #include <wolfssl/wolfcrypt/srp.h>
  229. #include <wolfssl/wolfcrypt/idea.h>
  230. #include <wolfssl/wolfcrypt/hc128.h>
  231. #include <wolfssl/wolfcrypt/rabbit.h>
  232. #include <wolfssl/wolfcrypt/chacha.h>
  233. #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
  234. #include <wolfssl/wolfcrypt/pwdbased.h>
  235. #include <wolfssl/wolfcrypt/ripemd.h>
  236. #include <wolfssl/wolfcrypt/error-crypt.h>
  237. #ifdef HAVE_ECC
  238. #include <wolfssl/wolfcrypt/ecc.h>
  239. #endif
  240. #ifdef HAVE_CURVE25519
  241. #include <wolfssl/wolfcrypt/curve25519.h>
  242. #endif
  243. #ifdef HAVE_ED25519
  244. #include <wolfssl/wolfcrypt/ed25519.h>
  245. #endif
  246. #ifdef HAVE_CURVE448
  247. #include <wolfssl/wolfcrypt/curve448.h>
  248. #endif
  249. #ifdef HAVE_ED448
  250. #include <wolfssl/wolfcrypt/ed448.h>
  251. #endif
  252. #ifdef WOLFCRYPT_HAVE_ECCSI
  253. #include <wolfssl/wolfcrypt/eccsi.h>
  254. #endif
  255. #ifdef WOLFCRYPT_HAVE_SAKKE
  256. #include <wolfssl/wolfcrypt/sakke.h>
  257. #endif
  258. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  259. #include <wolfssl/wolfcrypt/blake2.h>
  260. #endif
  261. #ifdef WOLFSSL_SHA3
  262. #include <wolfssl/wolfcrypt/sha3.h>
  263. #endif
  264. #ifdef HAVE_LIBZ
  265. #include <wolfssl/wolfcrypt/compress.h>
  266. #endif
  267. #ifdef HAVE_PKCS7
  268. #include <wolfssl/wolfcrypt/pkcs7.h>
  269. #endif
  270. #ifdef HAVE_FIPS
  271. #include <wolfssl/wolfcrypt/fips_test.h>
  272. #endif
  273. #ifdef HAVE_SELFTEST
  274. #include <wolfssl/wolfcrypt/selftest.h>
  275. #endif
  276. #ifdef WOLFSSL_ASYNC_CRYPT
  277. #include <wolfssl/wolfcrypt/async.h>
  278. #endif
  279. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  280. #include <wolfssl/wolfcrypt/logging.h>
  281. #endif
  282. #ifdef WOLFSSL_IMX6_CAAM_BLOB
  283. #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
  284. #endif
  285. #ifdef WOLF_CRYPTO_CB
  286. #include <wolfssl/wolfcrypt/cryptocb.h>
  287. #ifdef HAVE_INTEL_QA_SYNC
  288. #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
  289. #endif
  290. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  291. #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
  292. #endif
  293. #endif
  294. #ifdef _MSC_VER
  295. /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
  296. #pragma warning(disable: 4996)
  297. #endif
  298. #ifdef OPENSSL_EXTRA
  299. #ifndef WOLFCRYPT_ONLY
  300. #include <wolfssl/openssl/evp.h>
  301. #include <wolfssl/openssl/hmac.h>
  302. #endif
  303. #include <wolfssl/openssl/rand.h>
  304. #include <wolfssl/openssl/aes.h>
  305. #include <wolfssl/openssl/des.h>
  306. #endif
  307. #if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
  308. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  309. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  310. #define USE_CERT_BUFFERS_2048
  311. #endif
  312. #if !defined(USE_CERT_BUFFERS_256)
  313. #define USE_CERT_BUFFERS_256
  314. #endif
  315. #endif
  316. #if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
  317. #define ENABLE_ECC384_CERT_GEN_TEST
  318. #endif
  319. #include <wolfssl/certs_test.h>
  320. #ifdef DEVKITPRO
  321. #include <wiiuse/wpad.h>
  322. #endif
  323. #ifdef WOLFSSL_STATIC_MEMORY
  324. static WOLFSSL_HEAP_HINT* HEAP_HINT;
  325. #else
  326. #define HEAP_HINT NULL
  327. #endif /* WOLFSSL_STATIC_MEMORY */
  328. /* these cases do not have intermediate hashing support */
  329. #if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \
  330. && !defined(WOLFSSL_XILINX_CRYPT)
  331. #define NO_INTM_HASH_TEST
  332. #endif
  333. #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
  334. static void initDefaultName(void);
  335. #endif
  336. /* for async devices */
  337. #ifdef WOLFSSL_QNX_CAAM
  338. static int devId = WOLFSSL_CAAM_DEVID;
  339. #else
  340. static int devId = INVALID_DEVID;
  341. #endif
  342. #ifdef HAVE_WNR
  343. const char* wnrConfigFile = "wnr-example.conf";
  344. #endif
  345. #define TEST_STRING "Everyone gets Friday off."
  346. #define TEST_STRING_SZ 25
  347. typedef struct testVector {
  348. const char* input;
  349. const char* output;
  350. size_t inLen;
  351. size_t outLen;
  352. } testVector;
  353. #ifndef WOLFSSL_TEST_SUBROUTINE
  354. #define WOLFSSL_TEST_SUBROUTINE
  355. #endif
  356. WOLFSSL_TEST_SUBROUTINE int error_test(void);
  357. WOLFSSL_TEST_SUBROUTINE int base64_test(void);
  358. WOLFSSL_TEST_SUBROUTINE int base16_test(void);
  359. WOLFSSL_TEST_SUBROUTINE int asn_test(void);
  360. WOLFSSL_TEST_SUBROUTINE int md2_test(void);
  361. WOLFSSL_TEST_SUBROUTINE int md5_test(void);
  362. WOLFSSL_TEST_SUBROUTINE int md4_test(void);
  363. WOLFSSL_TEST_SUBROUTINE int sha_test(void);
  364. WOLFSSL_TEST_SUBROUTINE int sha224_test(void);
  365. WOLFSSL_TEST_SUBROUTINE int sha256_test(void);
  366. WOLFSSL_TEST_SUBROUTINE int sha512_test(void);
  367. WOLFSSL_TEST_SUBROUTINE int sha384_test(void);
  368. WOLFSSL_TEST_SUBROUTINE int sha3_test(void);
  369. WOLFSSL_TEST_SUBROUTINE int shake256_test(void);
  370. WOLFSSL_TEST_SUBROUTINE int hash_test(void);
  371. WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void);
  372. WOLFSSL_TEST_SUBROUTINE int hmac_sha_test(void);
  373. WOLFSSL_TEST_SUBROUTINE int hmac_sha224_test(void);
  374. WOLFSSL_TEST_SUBROUTINE int hmac_sha256_test(void);
  375. WOLFSSL_TEST_SUBROUTINE int hmac_sha384_test(void);
  376. WOLFSSL_TEST_SUBROUTINE int hmac_sha512_test(void);
  377. WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void);
  378. /* WOLFSSL_TEST_SUBROUTINE */ static int hkdf_test(void);
  379. WOLFSSL_TEST_SUBROUTINE int sshkdf_test(void);
  380. WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void);
  381. WOLFSSL_TEST_SUBROUTINE int arc4_test(void);
  382. WOLFSSL_TEST_SUBROUTINE int rc2_test(void);
  383. WOLFSSL_TEST_SUBROUTINE int hc128_test(void);
  384. WOLFSSL_TEST_SUBROUTINE int rabbit_test(void);
  385. WOLFSSL_TEST_SUBROUTINE int chacha_test(void);
  386. WOLFSSL_TEST_SUBROUTINE int XChaCha_test(void);
  387. WOLFSSL_TEST_SUBROUTINE int chacha20_poly1305_aead_test(void);
  388. WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void);
  389. WOLFSSL_TEST_SUBROUTINE int des_test(void);
  390. WOLFSSL_TEST_SUBROUTINE int des3_test(void);
  391. WOLFSSL_TEST_SUBROUTINE int aes_test(void);
  392. WOLFSSL_TEST_SUBROUTINE int aes192_test(void);
  393. WOLFSSL_TEST_SUBROUTINE int aes256_test(void);
  394. WOLFSSL_TEST_SUBROUTINE int aesofb_test(void);
  395. WOLFSSL_TEST_SUBROUTINE int cmac_test(void);
  396. WOLFSSL_TEST_SUBROUTINE int poly1305_test(void);
  397. WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void);
  398. WOLFSSL_TEST_SUBROUTINE int aesgcm_default_test(void);
  399. WOLFSSL_TEST_SUBROUTINE int gmac_test(void);
  400. WOLFSSL_TEST_SUBROUTINE int aesccm_test(void);
  401. WOLFSSL_TEST_SUBROUTINE int aeskeywrap_test(void);
  402. WOLFSSL_TEST_SUBROUTINE int camellia_test(void);
  403. WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void);
  404. WOLFSSL_TEST_SUBROUTINE int rsa_test(void);
  405. WOLFSSL_TEST_SUBROUTINE int dh_test(void);
  406. WOLFSSL_TEST_SUBROUTINE int dsa_test(void);
  407. WOLFSSL_TEST_SUBROUTINE int srp_test(void);
  408. #ifndef WC_NO_RNG
  409. WOLFSSL_TEST_SUBROUTINE int random_test(void);
  410. #endif /* WC_NO_RNG */
  411. WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void);
  412. WOLFSSL_TEST_SUBROUTINE int ripemd_test(void);
  413. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  414. WOLFSSL_TEST_SUBROUTINE int openssl_test(void); /* test mini api */
  415. WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void);
  416. WOLFSSL_TEST_SUBROUTINE int openssl_pkey1_test(void);
  417. WOLFSSL_TEST_SUBROUTINE int openSSL_evpMD_test(void);
  418. WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void);
  419. #endif
  420. WOLFSSL_TEST_SUBROUTINE int pbkdf1_test(void);
  421. WOLFSSL_TEST_SUBROUTINE int pkcs12_test(void);
  422. WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void);
  423. WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
  424. #ifdef HAVE_ECC
  425. WOLFSSL_TEST_SUBROUTINE int ecc_test(void);
  426. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
  427. defined(WOLFSSL_AES_128)
  428. WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
  429. #endif
  430. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  431. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  432. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
  433. /* skip for ATECC508/608A, cannot import private key buffers */
  434. WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void);
  435. #endif
  436. #endif
  437. #ifdef HAVE_CURVE25519
  438. WOLFSSL_TEST_SUBROUTINE int curve25519_test(void);
  439. #endif
  440. #ifdef HAVE_ED25519
  441. WOLFSSL_TEST_SUBROUTINE int ed25519_test(void);
  442. #endif
  443. #ifdef HAVE_CURVE448
  444. WOLFSSL_TEST_SUBROUTINE int curve448_test(void);
  445. #endif
  446. #ifdef HAVE_ED448
  447. WOLFSSL_TEST_SUBROUTINE int ed448_test(void);
  448. #endif
  449. #ifdef WOLFCRYPT_HAVE_ECCSI
  450. WOLFSSL_TEST_SUBROUTINE int eccsi_test(void);
  451. #endif
  452. #ifdef WOLFCRYPT_HAVE_SAKKE
  453. WOLFSSL_TEST_SUBROUTINE int sakke_test(void);
  454. #endif
  455. #ifdef HAVE_BLAKE2
  456. WOLFSSL_TEST_SUBROUTINE int blake2b_test(void);
  457. #endif
  458. #ifdef HAVE_BLAKE2S
  459. WOLFSSL_TEST_SUBROUTINE int blake2s_test(void);
  460. #endif
  461. #ifdef HAVE_LIBZ
  462. WOLFSSL_TEST_SUBROUTINE int compress_test(void);
  463. #endif
  464. #ifdef HAVE_PKCS7
  465. #ifndef NO_PKCS7_ENCRYPTED_DATA
  466. WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void);
  467. #endif
  468. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  469. WOLFSSL_TEST_SUBROUTINE int pkcs7compressed_test(void);
  470. #endif
  471. WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void);
  472. WOLFSSL_TEST_SUBROUTINE int pkcs7enveloped_test(void);
  473. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  474. WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void);
  475. #endif
  476. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  477. WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key,
  478. word32 keySz);
  479. #endif
  480. #endif
  481. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  482. !defined(NO_FILESYSTEM)
  483. WOLFSSL_TEST_SUBROUTINE int cert_test(void);
  484. #endif
  485. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  486. !defined(NO_FILESYSTEM)
  487. WOLFSSL_TEST_SUBROUTINE int certext_test(void);
  488. #endif
  489. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  490. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  491. WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void);
  492. #endif
  493. #ifdef HAVE_IDEA
  494. WOLFSSL_TEST_SUBROUTINE int idea_test(void);
  495. #endif
  496. WOLFSSL_TEST_SUBROUTINE int memory_test(void);
  497. #ifdef HAVE_VALGRIND
  498. WOLFSSL_TEST_SUBROUTINE int mp_test(void);
  499. #endif
  500. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  501. WOLFSSL_TEST_SUBROUTINE int prime_test(void);
  502. #endif
  503. #ifdef ASN_BER_TO_DER
  504. WOLFSSL_TEST_SUBROUTINE int berder_test(void);
  505. #endif
  506. WOLFSSL_TEST_SUBROUTINE int logging_test(void);
  507. WOLFSSL_TEST_SUBROUTINE int mutex_test(void);
  508. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  509. WOLFSSL_TEST_SUBROUTINE int memcb_test(void);
  510. #endif
  511. #ifdef WOLFSSL_IMX6_CAAM_BLOB
  512. WOLFSSL_TEST_SUBROUTINE int blob_test(void);
  513. #endif
  514. #ifdef WOLF_CRYPTO_CB
  515. WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void);
  516. #endif
  517. #ifdef WOLFSSL_CERT_PIV
  518. WOLFSSL_TEST_SUBROUTINE int certpiv_test(void);
  519. #endif
  520. /* General big buffer size for many tests. */
  521. #define FOURK_BUF 4096
  522. #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
  523. #ifdef HAVE_STACK_SIZE
  524. static THREAD_RETURN err_sys(const char* msg, int es)
  525. #else
  526. static int err_sys(const char* msg, int es)
  527. #endif
  528. {
  529. (void)msg;
  530. (void)es;
  531. #ifdef WOLFSSL_LINUXKM
  532. lkm_printf("%s error = %d\n", msg, es);
  533. EXIT_TEST(es);
  534. #else
  535. printf("%s error = %d\n", msg, es);
  536. EXIT_TEST(-1);
  537. #endif
  538. }
  539. #ifndef HAVE_WOLFCRYPT_TEST_OPTIONS
  540. /* func_args from test.h, so don't have to pull in other stuff */
  541. typedef struct func_args {
  542. int argc;
  543. char** argv;
  544. int return_code;
  545. } func_args;
  546. #endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
  547. #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
  548. static void myFipsCb(int ok, int err, const char* hash)
  549. {
  550. printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
  551. printf("message = %s\n", wc_GetErrorString(err));
  552. printf("hash = %s\n", hash);
  553. if (err == IN_CORE_FIPS_E) {
  554. printf("In core integrity hash check failure, copy above hash\n");
  555. printf("into verifyCore[] in fips_test.c and rebuild\n");
  556. }
  557. }
  558. #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
  559. #ifdef WOLFSSL_STATIC_MEMORY
  560. #ifdef BENCH_EMBEDDED
  561. static byte gTestMemory[14000];
  562. #elif defined(WOLFSSL_CERT_EXT)
  563. static byte gTestMemory[140000];
  564. #elif defined(USE_FAST_MATH) && !defined(ALT_ECC_SIZE)
  565. static byte gTestMemory[160000];
  566. #else
  567. static byte gTestMemory[80000];
  568. #endif
  569. #endif
  570. #ifdef WOLFSSL_PB
  571. static int wolfssl_pb_print(const char* msg, ...)
  572. {
  573. int ret;
  574. va_list args;
  575. char tmpBuf[80];
  576. va_start(args, msg);
  577. ret = vsprint(tmpBuf, msg, args);
  578. va_end(args);
  579. fnDumpStringToSystemLog(tmpBuf);
  580. return ret;
  581. }
  582. #endif /* WOLFSSL_PB */
  583. /* optional macro to add sleep between tests */
  584. #ifdef TEST_SLEEP
  585. #include <stdarg.h> /* for var args */
  586. static WC_INLINE void test_pass(const char* fmt, ...)
  587. {
  588. va_list args;
  589. va_start(args, fmt);
  590. STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
  591. va_end(args);
  592. PRINT_HEAP_CHECKPOINT();
  593. TEST_SLEEP();
  594. ASSERT_RESTORED_VECTOR_REGISTERS(exit(1););
  595. }
  596. #else
  597. /* redirect to printf */
  598. #define test_pass(...) { \
  599. if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \
  600. (max_relative_stack, printf(__VA_ARGS__)) < 0) { \
  601. return err_sys("post-test check failed", -1); \
  602. } \
  603. PRINT_HEAP_CHECKPOINT(); \
  604. ASSERT_RESTORED_VECTOR_REGISTERS(exit(1);); \
  605. }
  606. /* stub the sleep macro */
  607. #define TEST_SLEEP()
  608. #endif
  609. #ifdef HAVE_STACK_SIZE
  610. THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
  611. #else
  612. int wolfcrypt_test(void* args)
  613. #endif
  614. {
  615. int ret;
  616. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  617. long heap_baselineAllocs, heap_baselineBytes;
  618. #endif
  619. STACK_SIZE_INIT();
  620. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  621. (void)wolfCrypt_heap_peakAllocs_checkpoint();
  622. heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
  623. (void)wolfCrypt_heap_peakBytes_checkpoint();
  624. heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
  625. #endif
  626. printf("------------------------------------------------------------------------------\n");
  627. printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
  628. printf("------------------------------------------------------------------------------\n");
  629. if (args) {
  630. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  631. int ch;
  632. #endif
  633. ((func_args*)args)->return_code = -1; /* error state */
  634. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  635. while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) {
  636. switch(ch) {
  637. case 's':
  638. #ifdef HAVE_STACK_SIZE_VERBOSE
  639. max_relative_stack = (ssize_t)atoi(myoptarg);
  640. break;
  641. #else
  642. return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", -1);
  643. #endif
  644. case 'm':
  645. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  646. max_relative_heap_bytes = (ssize_t)atoi(myoptarg);
  647. break;
  648. #else
  649. return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", -1);
  650. #endif
  651. case 'a':
  652. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  653. max_relative_heap_allocs = (ssize_t)atoi(myoptarg);
  654. break;
  655. #else
  656. return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", -1);
  657. #endif
  658. case 'h':
  659. return err_sys("\
  660. options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
  661. [-a max_relative_heap_allocs] [-h]\n", 0);
  662. default:
  663. return err_sys("unknown test option. try -h.", -1);
  664. }
  665. }
  666. #endif
  667. }
  668. #ifdef WOLFSSL_STATIC_MEMORY
  669. if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
  670. WOLFMEM_GENERAL, 1) != 0) {
  671. printf("unable to load static memory.\n");
  672. return(EXIT_FAILURE);
  673. }
  674. #endif
  675. #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
  676. wolfSSL_Debugging_ON();
  677. #endif
  678. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  679. wc_SetLoggingHeap(HEAP_HINT);
  680. #endif
  681. #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
  682. wolfCrypt_SetCb_fips(myFipsCb);
  683. #endif
  684. #if !defined(NO_BIG_INT)
  685. if (CheckCtcSettings() != 1) {
  686. printf("Sizeof mismatch (build) %x != (run) %x\n",
  687. CTC_SETTINGS, CheckRunTimeSettings());
  688. return err_sys("Build vs runtime math mismatch\n", -1000);
  689. }
  690. #if defined(USE_FAST_MATH) && \
  691. (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
  692. if (CheckFastMathSettings() != 1)
  693. return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
  694. -1001);
  695. #endif /* USE_FAST_MATH */
  696. #endif /* !NO_BIG_INT */
  697. #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
  698. initDefaultName();
  699. #endif
  700. #ifdef WOLFSSL_ASYNC_CRYPT
  701. ret = wolfAsync_DevOpen(&devId);
  702. if (ret < 0) {
  703. printf("Async device open failed\nRunning without async\n");
  704. }
  705. #else
  706. (void)devId;
  707. #endif /* WOLFSSL_ASYNC_CRYPT */
  708. #ifdef WOLF_CRYPTO_CB
  709. #ifdef HAVE_INTEL_QA_SYNC
  710. devId = wc_CryptoCb_InitIntelQa();
  711. if (INVALID_DEVID == devId) {
  712. printf("Couldn't init the Intel QA\n");
  713. }
  714. #endif
  715. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  716. devId = wc_CryptoCb_InitOcteon();
  717. if (INVALID_DEVID == devId) {
  718. printf("Couldn't init the Cavium Octeon\n");
  719. }
  720. #endif
  721. #endif
  722. #ifdef HAVE_SELFTEST
  723. if ( (ret = wolfCrypt_SelfTest()) != 0)
  724. return err_sys("CAVP selftest failed!\n", ret);
  725. else
  726. test_pass("CAVP selftest passed!\n");
  727. #endif
  728. if ( (ret = error_test()) != 0)
  729. return err_sys("error test failed!\n", ret);
  730. else
  731. test_pass("error test passed!\n");
  732. if ( (ret = memory_test()) != 0)
  733. return err_sys("MEMORY test failed!\n", ret);
  734. else
  735. test_pass("MEMORY test passed!\n");
  736. #ifndef NO_CODING
  737. if ( (ret = base64_test()) != 0)
  738. return err_sys("base64 test failed!\n", ret);
  739. else
  740. test_pass("base64 test passed!\n");
  741. #ifdef WOLFSSL_BASE16
  742. if ( (ret = base16_test()) != 0)
  743. return err_sys("base16 test failed!\n", ret);
  744. else
  745. test_pass("base16 test passed!\n");
  746. #endif
  747. #endif /* !NO_CODING */
  748. #ifndef NO_ASN
  749. if ( (ret = asn_test()) != 0)
  750. return err_sys("asn test failed!\n", ret);
  751. else
  752. test_pass("asn test passed!\n");
  753. #endif
  754. #ifndef WC_NO_RNG
  755. if ( (ret = random_test()) != 0)
  756. return err_sys("RANDOM test failed!\n", ret);
  757. else
  758. test_pass("RANDOM test passed!\n");
  759. #endif /* WC_NO_RNG */
  760. #ifndef NO_MD5
  761. if ( (ret = md5_test()) != 0)
  762. return err_sys("MD5 test failed!\n", ret);
  763. else
  764. test_pass("MD5 test passed!\n");
  765. #endif
  766. #ifdef WOLFSSL_MD2
  767. if ( (ret = md2_test()) != 0)
  768. return err_sys("MD2 test failed!\n", ret);
  769. else
  770. test_pass("MD2 test passed!\n");
  771. #endif
  772. #ifndef NO_MD4
  773. if ( (ret = md4_test()) != 0)
  774. return err_sys("MD4 test failed!\n", ret);
  775. else
  776. test_pass("MD4 test passed!\n");
  777. #endif
  778. #ifndef NO_SHA
  779. if ( (ret = sha_test()) != 0)
  780. return err_sys("SHA test failed!\n", ret);
  781. else
  782. test_pass("SHA test passed!\n");
  783. #endif
  784. #ifdef WOLFSSL_SHA224
  785. if ( (ret = sha224_test()) != 0)
  786. return err_sys("SHA-224 test failed!\n", ret);
  787. else
  788. test_pass("SHA-224 test passed!\n");
  789. #endif
  790. #ifndef NO_SHA256
  791. if ( (ret = sha256_test()) != 0)
  792. return err_sys("SHA-256 test failed!\n", ret);
  793. else
  794. test_pass("SHA-256 test passed!\n");
  795. #endif
  796. #ifdef WOLFSSL_SHA384
  797. if ( (ret = sha384_test()) != 0)
  798. return err_sys("SHA-384 test failed!\n", ret);
  799. else
  800. test_pass("SHA-384 test passed!\n");
  801. #endif
  802. #ifdef WOLFSSL_SHA512
  803. if ( (ret = sha512_test()) != 0)
  804. return err_sys("SHA-512 test failed!\n", ret);
  805. else
  806. test_pass("SHA-512 test passed!\n");
  807. #endif
  808. #ifdef WOLFSSL_SHA3
  809. if ( (ret = sha3_test()) != 0)
  810. return err_sys("SHA-3 test failed!\n", ret);
  811. else
  812. test_pass("SHA-3 test passed!\n");
  813. #endif
  814. #ifdef WOLFSSL_SHAKE256
  815. if ( (ret = shake256_test()) != 0)
  816. return err_sys("SHAKE256 test failed!\n", ret);
  817. else
  818. test_pass("SHAKE256 test passed!\n");
  819. #endif
  820. #ifndef NO_HASH_WRAPPER
  821. if ( (ret = hash_test()) != 0)
  822. return err_sys("Hash test failed!\n", ret);
  823. else
  824. test_pass("Hash test passed!\n");
  825. #endif
  826. #ifdef WOLFSSL_RIPEMD
  827. if ( (ret = ripemd_test()) != 0)
  828. return err_sys("RIPEMD test failed!\n", ret);
  829. else
  830. test_pass("RIPEMD test passed!\n");
  831. #endif
  832. #ifdef HAVE_BLAKE2
  833. if ( (ret = blake2b_test()) != 0)
  834. return err_sys("BLAKE2b test failed!\n", ret);
  835. else
  836. test_pass("BLAKE2b test passed!\n");
  837. #endif
  838. #ifdef HAVE_BLAKE2S
  839. if ( (ret = blake2s_test()) != 0)
  840. return err_sys("BLAKE2s test failed!\n", ret);
  841. else
  842. test_pass("BLAKE2s test passed!\n");
  843. #endif
  844. #ifndef NO_HMAC
  845. #if !defined(NO_MD5) && !(defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) \
  846. && (HAVE_FIPS_VERSION >= 5))
  847. if ( (ret = hmac_md5_test()) != 0)
  848. return err_sys("HMAC-MD5 test failed!\n", ret);
  849. else
  850. test_pass("HMAC-MD5 test passed!\n");
  851. #endif
  852. #ifndef NO_SHA
  853. if ( (ret = hmac_sha_test()) != 0)
  854. return err_sys("HMAC-SHA test failed!\n", ret);
  855. else
  856. test_pass("HMAC-SHA test passed!\n");
  857. #endif
  858. #ifdef WOLFSSL_SHA224
  859. if ( (ret = hmac_sha224_test()) != 0)
  860. return err_sys("HMAC-SHA224 test failed!\n", ret);
  861. else
  862. test_pass("HMAC-SHA224 test passed!\n");
  863. #endif
  864. #ifndef NO_SHA256
  865. if ( (ret = hmac_sha256_test()) != 0)
  866. return err_sys("HMAC-SHA256 test failed!\n", ret);
  867. else
  868. test_pass("HMAC-SHA256 test passed!\n");
  869. #endif
  870. #ifdef WOLFSSL_SHA384
  871. if ( (ret = hmac_sha384_test()) != 0)
  872. return err_sys("HMAC-SHA384 test failed!\n", ret);
  873. else
  874. test_pass("HMAC-SHA384 test passed!\n");
  875. #endif
  876. #ifdef WOLFSSL_SHA512
  877. if ( (ret = hmac_sha512_test()) != 0)
  878. return err_sys("HMAC-SHA512 test failed!\n", ret);
  879. else
  880. test_pass("HMAC-SHA512 test passed!\n");
  881. #endif
  882. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
  883. !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
  884. !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
  885. if ( (ret = hmac_sha3_test()) != 0)
  886. return err_sys("HMAC-SHA3 test failed!\n", ret);
  887. else
  888. test_pass("HMAC-SHA3 test passed!\n");
  889. #endif
  890. #ifdef HAVE_HKDF
  891. PRIVATE_KEY_UNLOCK();
  892. if ( (ret = hkdf_test()) != 0)
  893. return err_sys("HMAC-KDF test failed!\n", ret);
  894. else
  895. test_pass("HMAC-KDF test passed!\n");
  896. PRIVATE_KEY_LOCK();
  897. #endif
  898. #endif /* !NO_HMAC */
  899. #ifdef WOLFSSL_WOLFSSH
  900. PRIVATE_KEY_UNLOCK();
  901. if ( (ret = sshkdf_test()) != 0)
  902. return err_sys("SSH-KDF test failed!\n", ret);
  903. else
  904. test_pass("SSH-KDF test passed!\n");
  905. PRIVATE_KEY_LOCK();
  906. #endif /* WOLFSSL_WOLFSSH */
  907. #if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
  908. if ( (ret = x963kdf_test()) != 0)
  909. return err_sys("X963-KDF test failed!\n", ret);
  910. else
  911. test_pass("X963-KDF test passed!\n");
  912. #endif
  913. #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
  914. !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  915. if ( (ret = gmac_test()) != 0)
  916. return err_sys("GMAC test failed!\n", ret);
  917. else
  918. test_pass("GMAC test passed!\n");
  919. #endif
  920. #ifdef WC_RC2
  921. if ( (ret = rc2_test()) != 0)
  922. return err_sys("RC2 test failed!\n", ret);
  923. else
  924. test_pass("RC2 test passed!\n");
  925. #endif
  926. #ifndef NO_RC4
  927. if ( (ret = arc4_test()) != 0)
  928. return err_sys("ARC4 test failed!\n", ret);
  929. else
  930. test_pass("ARC4 test passed!\n");
  931. #endif
  932. #ifndef NO_HC128
  933. if ( (ret = hc128_test()) != 0)
  934. return err_sys("HC-128 test failed!\n", ret);
  935. else
  936. test_pass("HC-128 test passed!\n");
  937. #endif
  938. #ifndef NO_RABBIT
  939. if ( (ret = rabbit_test()) != 0)
  940. return err_sys("Rabbit test failed!\n", ret);
  941. else
  942. test_pass("Rabbit test passed!\n");
  943. #endif
  944. #ifdef HAVE_CHACHA
  945. if ( (ret = chacha_test()) != 0)
  946. return err_sys("Chacha test failed!\n", ret);
  947. else
  948. test_pass("Chacha test passed!\n");
  949. #endif
  950. #ifdef HAVE_XCHACHA
  951. if ( (ret = XChaCha_test()) != 0)
  952. return err_sys("XChacha test failed!\n", ret);
  953. else
  954. test_pass("XChacha test passed!\n");
  955. #endif
  956. #ifdef HAVE_POLY1305
  957. if ( (ret = poly1305_test()) != 0)
  958. return err_sys("POLY1305 test failed!\n", ret);
  959. else
  960. test_pass("POLY1305 test passed!\n");
  961. #endif
  962. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  963. if ( (ret = chacha20_poly1305_aead_test()) != 0)
  964. return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret);
  965. else
  966. test_pass("ChaCha20-Poly1305 AEAD test passed!\n");
  967. #endif
  968. #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
  969. if ( (ret = XChaCha20Poly1305_test()) != 0)
  970. return err_sys("XChaCha20-Poly1305 AEAD test failed!\n", ret);
  971. else
  972. test_pass("XChaCha20-Poly1305 AEAD test passed!\n");
  973. #endif
  974. #ifndef NO_DES3
  975. if ( (ret = des_test()) != 0)
  976. return err_sys("DES test failed!\n", ret);
  977. else
  978. test_pass("DES test passed!\n");
  979. #endif
  980. #ifndef NO_DES3
  981. if ( (ret = des3_test()) != 0)
  982. return err_sys("DES3 test failed!\n", ret);
  983. else
  984. test_pass("DES3 test passed!\n");
  985. #endif
  986. #ifndef NO_AES
  987. if ( (ret = aes_test()) != 0)
  988. return err_sys("AES test failed!\n", ret);
  989. else
  990. test_pass("AES test passed!\n");
  991. #ifdef WOLFSSL_AES_192
  992. if ( (ret = aes192_test()) != 0)
  993. return err_sys("AES192 test failed!\n", ret);
  994. else
  995. test_pass("AES192 test passed!\n");
  996. #endif
  997. #ifdef WOLFSSL_AES_256
  998. if ( (ret = aes256_test()) != 0)
  999. return err_sys("AES256 test failed!\n", ret);
  1000. else
  1001. test_pass("AES256 test passed!\n");
  1002. #endif
  1003. #ifdef WOLFSSL_AES_OFB
  1004. if ( (ret = aesofb_test()) != 0)
  1005. return err_sys("AES-OFB test failed!\n", ret);
  1006. else
  1007. test_pass("AESOFB test passed!\n");
  1008. #endif
  1009. #ifdef HAVE_AESGCM
  1010. #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO)
  1011. if ( (ret = aesgcm_test()) != 0)
  1012. return err_sys("AES-GCM test failed!\n", ret);
  1013. #endif
  1014. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
  1015. !(defined(WOLF_CRYPTO_CB) && \
  1016. (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
  1017. if ((ret = aesgcm_default_test()) != 0) {
  1018. return err_sys("AES-GCM test failed!\n", ret);
  1019. }
  1020. #endif
  1021. test_pass("AES-GCM test passed!\n");
  1022. #endif
  1023. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  1024. if ( (ret = aesccm_test()) != 0)
  1025. return err_sys("AES-CCM test failed!\n", ret);
  1026. else
  1027. test_pass("AES-CCM test passed!\n");
  1028. #endif
  1029. #ifdef HAVE_AES_KEYWRAP
  1030. if ( (ret = aeskeywrap_test()) != 0)
  1031. return err_sys("AES Key Wrap test failed!\n", ret);
  1032. else
  1033. test_pass("AES Key Wrap test passed!\n");
  1034. #endif
  1035. #endif
  1036. #ifdef HAVE_CAMELLIA
  1037. if ( (ret = camellia_test()) != 0)
  1038. return err_sys("CAMELLIA test failed!\n", ret);
  1039. else
  1040. test_pass("CAMELLIA test passed!\n");
  1041. #endif
  1042. #ifdef HAVE_IDEA
  1043. if ( (ret = idea_test()) != 0)
  1044. return err_sys("IDEA test failed!\n", ret);
  1045. else
  1046. test_pass("IDEA test passed!\n");
  1047. #endif
  1048. #ifndef NO_RSA
  1049. #ifdef WC_RSA_NO_PADDING
  1050. if ( (ret = rsa_no_pad_test()) != 0)
  1051. return err_sys("RSA NOPAD test failed!\n", ret);
  1052. else
  1053. test_pass("RSA NOPAD test passed!\n");
  1054. #endif
  1055. if ( (ret = rsa_test()) != 0)
  1056. return err_sys("RSA test failed!\n", ret);
  1057. else
  1058. test_pass("RSA test passed!\n");
  1059. #endif
  1060. #ifndef NO_DH
  1061. PRIVATE_KEY_UNLOCK();
  1062. if ( (ret = dh_test()) != 0)
  1063. return err_sys("DH test failed!\n", ret);
  1064. else
  1065. test_pass("DH test passed!\n");
  1066. PRIVATE_KEY_LOCK();
  1067. #endif
  1068. #ifndef NO_DSA
  1069. if ( (ret = dsa_test()) != 0)
  1070. return err_sys("DSA test failed!\n", ret);
  1071. else
  1072. test_pass("DSA test passed!\n");
  1073. #endif
  1074. #ifdef WOLFCRYPT_HAVE_SRP
  1075. if ( (ret = srp_test()) != 0)
  1076. return err_sys("SRP test failed!\n", ret);
  1077. else
  1078. test_pass("SRP test passed!\n");
  1079. #endif
  1080. #ifndef NO_PWDBASED
  1081. if ( (ret = pwdbased_test()) != 0)
  1082. return err_sys("PWDBASED test failed!\n", ret);
  1083. else
  1084. test_pass("PWDBASED test passed!\n");
  1085. #endif
  1086. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  1087. if ( (ret = openssl_test()) != 0)
  1088. return err_sys("OPENSSL test failed!\n", ret);
  1089. else
  1090. test_pass("OPENSSL test passed!\n");
  1091. if ( (ret = openSSL_evpMD_test()) != 0)
  1092. return err_sys("OPENSSL (EVP MD) test failed!\n", ret);
  1093. else
  1094. test_pass("OPENSSL (EVP MD) passed!\n");
  1095. if ( (ret = openssl_pkey0_test()) != 0)
  1096. return err_sys("OPENSSL (PKEY0) test failed!\n", ret);
  1097. else
  1098. test_pass("OPENSSL (PKEY0) passed!\n");
  1099. if ( (ret = openssl_pkey1_test()) != 0)
  1100. return err_sys("OPENSSL (PKEY1) test failed!\n", ret);
  1101. else
  1102. test_pass("OPENSSL (PKEY1) passed!\n");
  1103. if ( (ret = openssl_evpSig_test()) != 0)
  1104. return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
  1105. else
  1106. test_pass("OPENSSL (EVP Sign/Verify) passed!\n");
  1107. #endif
  1108. #ifdef HAVE_ECC
  1109. PRIVATE_KEY_UNLOCK();
  1110. if ( (ret = ecc_test()) != 0)
  1111. return err_sys("ECC test failed!\n", ret);
  1112. else
  1113. test_pass("ECC test passed!\n");
  1114. PRIVATE_KEY_LOCK();
  1115. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
  1116. defined(WOLFSSL_AES_128)
  1117. if ( (ret = ecc_encrypt_test()) != 0)
  1118. return err_sys("ECC Enc test failed!\n", ret);
  1119. else
  1120. test_pass("ECC Enc test passed!\n");
  1121. #endif
  1122. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  1123. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  1124. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
  1125. /* skip for ATECC508/608A, cannot import private key buffers */
  1126. if ( (ret = ecc_test_buffers()) != 0)
  1127. return err_sys("ECC buffer test failed!\n", ret);
  1128. else
  1129. test_pass("ECC buffer test passed!\n");
  1130. #endif
  1131. #endif
  1132. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  1133. !defined(NO_FILESYSTEM)
  1134. if ( (ret = cert_test()) != 0)
  1135. return err_sys("CERT test failed!\n", ret);
  1136. else
  1137. test_pass("CERT test passed!\n");
  1138. #endif
  1139. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  1140. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  1141. if ( (ret = certext_test()) != 0)
  1142. return err_sys("CERT EXT test failed!\n", ret);
  1143. else
  1144. test_pass("CERT EXT test passed!\n");
  1145. #endif
  1146. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  1147. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  1148. if ( (ret = decodedCertCache_test()) != 0)
  1149. return err_sys("DECODED CERT CACHE test failed!\n", ret);
  1150. else
  1151. test_pass("DECODED CERT CACHE test passed!\n");
  1152. #endif
  1153. #ifdef HAVE_CURVE25519
  1154. if ( (ret = curve25519_test()) != 0)
  1155. return err_sys("CURVE25519 test failed!\n", ret);
  1156. else
  1157. test_pass("CURVE25519 test passed!\n");
  1158. #endif
  1159. #ifdef HAVE_ED25519
  1160. if ( (ret = ed25519_test()) != 0)
  1161. return err_sys("ED25519 test failed!\n", ret);
  1162. else
  1163. test_pass("ED25519 test passed!\n");
  1164. #endif
  1165. #ifdef HAVE_CURVE448
  1166. if ( (ret = curve448_test()) != 0)
  1167. return err_sys("CURVE448 test failed!\n", ret);
  1168. else
  1169. test_pass("CURVE448 test passed!\n");
  1170. #endif
  1171. #ifdef HAVE_ED448
  1172. if ( (ret = ed448_test()) != 0)
  1173. return err_sys("ED448 test failed!\n", ret);
  1174. else
  1175. test_pass("ED448 test passed!\n");
  1176. #endif
  1177. #ifdef WOLFCRYPT_HAVE_ECCSI
  1178. if ( (ret = eccsi_test()) != 0)
  1179. return err_sys("ECCSI test failed!\n", ret);
  1180. else
  1181. test_pass("ECCSI test passed!\n");
  1182. #endif
  1183. #ifdef WOLFCRYPT_HAVE_SAKKE
  1184. if ( (ret = sakke_test()) != 0)
  1185. return err_sys("SAKKE test failed!\n", ret);
  1186. else
  1187. test_pass("SAKKE test passed!\n");
  1188. #endif
  1189. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  1190. if ( (ret = cmac_test()) != 0)
  1191. return err_sys("CMAC test failed!\n", ret);
  1192. else
  1193. test_pass("CMAC test passed!\n");
  1194. #endif
  1195. #ifdef HAVE_LIBZ
  1196. if ( (ret = compress_test()) != 0)
  1197. return err_sys("COMPRESS test failed!\n", ret);
  1198. else
  1199. test_pass("COMPRESS test passed!\n");
  1200. #endif
  1201. #ifdef HAVE_PKCS7
  1202. #ifndef NO_PKCS7_ENCRYPTED_DATA
  1203. if ( (ret = pkcs7encrypted_test()) != 0)
  1204. return err_sys("PKCS7encrypted test failed!\n", ret);
  1205. else
  1206. test_pass("PKCS7encrypted test passed!\n");
  1207. #endif
  1208. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  1209. if ( (ret = pkcs7compressed_test()) != 0)
  1210. return err_sys("PKCS7compressed test failed!\n", ret);
  1211. else
  1212. test_pass("PKCS7compressed test passed!\n");
  1213. #endif
  1214. if ( (ret = pkcs7signed_test()) != 0)
  1215. return err_sys("PKCS7signed test failed!\n", ret);
  1216. else
  1217. test_pass("PKCS7signed test passed!\n");
  1218. if ( (ret = pkcs7enveloped_test()) != 0)
  1219. return err_sys("PKCS7enveloped test failed!\n", ret);
  1220. else
  1221. test_pass("PKCS7enveloped test passed!\n");
  1222. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  1223. if ( (ret = pkcs7authenveloped_test()) != 0)
  1224. return err_sys("PKCS7authenveloped test failed!\n", ret);
  1225. else
  1226. test_pass("PKCS7authenveloped test passed!\n");
  1227. #endif
  1228. #endif
  1229. #ifdef HAVE_VALGRIND
  1230. if ( (ret = mp_test()) != 0)
  1231. return err_sys("mp test failed!\n", ret);
  1232. else
  1233. test_pass("mp test passed!\n");
  1234. #endif
  1235. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  1236. if ( (ret = prime_test()) != 0)
  1237. return err_sys("prime test failed!\n", ret);
  1238. else
  1239. test_pass("prime test passed!\n");
  1240. #endif
  1241. #if defined(ASN_BER_TO_DER) && \
  1242. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  1243. defined(OPENSSL_EXTRA_X509_SMALL))
  1244. if ( (ret = berder_test()) != 0)
  1245. return err_sys("ber-der test failed!\n", ret);
  1246. else
  1247. test_pass("ber-der test passed!\n");
  1248. #endif
  1249. if ( (ret = logging_test()) != 0)
  1250. return err_sys("logging test failed!\n", ret);
  1251. else
  1252. test_pass("logging test passed!\n");
  1253. if ( (ret = mutex_test()) != 0)
  1254. return err_sys("mutex test failed!\n", ret);
  1255. else
  1256. test_pass("mutex test passed!\n");
  1257. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  1258. if ( (ret = memcb_test()) != 0)
  1259. return err_sys("memcb test failed!\n", ret);
  1260. else
  1261. test_pass("memcb test passed!\n");
  1262. #endif
  1263. #ifdef WOLFSSL_IMX6_CAAM_BLOB
  1264. if ( (ret = blob_test()) != 0)
  1265. return err_sys("blob test failed!\n", ret);
  1266. else
  1267. test_pass("blob test passed!\n");
  1268. #endif
  1269. #if defined(WOLF_CRYPTO_CB) && \
  1270. !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
  1271. defined(WOLFSSL_QNX_CAAM))
  1272. if ( (ret = cryptocb_test()) != 0)
  1273. return err_sys("crypto callback test failed!\n", ret);
  1274. else
  1275. test_pass("crypto callback test passed!\n");
  1276. #endif
  1277. #ifdef WOLFSSL_CERT_PIV
  1278. if ( (ret = certpiv_test()) != 0)
  1279. return err_sys("cert piv test failed!\n", ret);
  1280. else
  1281. test_pass("cert piv test passed!\n");
  1282. #endif
  1283. #ifdef WOLF_CRYPTO_CB
  1284. #ifdef HAVE_INTEL_QA_SYNC
  1285. wc_CryptoCb_CleanupIntelQa(&devId);
  1286. #endif
  1287. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  1288. wc_CryptoCb_CleanupOcteon(&devId);
  1289. #endif
  1290. #endif
  1291. #ifdef WOLFSSL_ASYNC_CRYPT
  1292. wolfAsync_DevClose(&devId);
  1293. #endif
  1294. /* cleanup the thread if fixed point cache is enabled and have thread local */
  1295. #if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
  1296. wc_ecc_fp_free();
  1297. #endif
  1298. if (args)
  1299. ((func_args*)args)->return_code = ret;
  1300. test_pass("Test complete\n");
  1301. EXIT_TEST(ret);
  1302. }
  1303. #ifndef NO_MAIN_DRIVER
  1304. /* so overall tests can pull in test function */
  1305. #ifdef WOLFSSL_ESPIDF
  1306. void app_main( )
  1307. #else
  1308. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  1309. int myoptind = 0;
  1310. char* myoptarg = NULL;
  1311. #endif
  1312. int main(int argc, char** argv)
  1313. #endif
  1314. {
  1315. int ret;
  1316. func_args args;
  1317. #ifdef WOLFSSL_ESPIDF
  1318. /* set dummy wallclock time. */
  1319. struct timeval utctime;
  1320. struct timezone tz;
  1321. utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
  1322. utctime.tv_usec = 0;
  1323. tz.tz_minuteswest = 0;
  1324. tz.tz_dsttime = 0;
  1325. settimeofday(&utctime, &tz);
  1326. #endif
  1327. #ifdef WOLFSSL_APACHE_MYNEWT
  1328. #ifdef ARCH_sim
  1329. mcu_sim_parse_args(argc, argv);
  1330. #endif
  1331. sysinit();
  1332. /* set dummy wallclock time. */
  1333. struct os_timeval utctime;
  1334. struct os_timezone tz;
  1335. utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
  1336. utctime.tv_usec = 0;
  1337. tz.tz_minuteswest = 0;
  1338. tz.tz_dsttime = 0;
  1339. os_settimeofday(&utctime, &tz);
  1340. #endif
  1341. #ifdef DEVKITPRO
  1342. void *framebuffer;
  1343. GXRModeObj *rmode = NULL;
  1344. VIDEO_Init();
  1345. WPAD_Init();
  1346. rmode = VIDEO_GetPreferredMode(NULL);
  1347. #pragma GCC diagnostic ignored "-Wbad-function-cast"
  1348. framebuffer = MEM_K0_TO_K1(SYS_AllocateFramebuffer(rmode));
  1349. #pragma GCC diagnostic pop
  1350. console_init(framebuffer,20,20,rmode->fbWidth,rmode->xfbHeight,rmode->fbWidth*VI_DISPLAY_PIX_SZ);
  1351. VIDEO_Configure(rmode);
  1352. VIDEO_SetNextFramebuffer(framebuffer);
  1353. VIDEO_SetBlack(FALSE);
  1354. VIDEO_Flush();
  1355. VIDEO_WaitVSync();
  1356. if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
  1357. #endif
  1358. #ifdef HAVE_WNR
  1359. if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) {
  1360. err_sys("Whitewood netRandom global config failed", -1001);
  1361. return -1002;
  1362. }
  1363. #endif
  1364. #ifndef WOLFSSL_ESPIDF
  1365. args.argc = argc;
  1366. args.argv = argv;
  1367. #endif
  1368. if ((ret = wolfCrypt_Init()) != 0) {
  1369. printf("wolfCrypt_Init failed %d\n", ret);
  1370. err_sys("Error with wolfCrypt_Init!\n", -1003);
  1371. }
  1372. #ifdef WC_RNG_SEED_CB
  1373. wc_SetSeed_Cb(wc_GenerateSeed);
  1374. #endif
  1375. #ifdef HAVE_STACK_SIZE
  1376. StackSizeCheck(&args, wolfcrypt_test);
  1377. #else
  1378. wolfcrypt_test(&args);
  1379. #endif
  1380. if ((ret = wolfCrypt_Cleanup()) != 0) {
  1381. printf("wolfCrypt_Cleanup failed %d\n", ret);
  1382. err_sys("Error with wolfCrypt_Cleanup!\n", -1004);
  1383. }
  1384. #ifdef HAVE_WNR
  1385. if (wc_FreeNetRandom() < 0)
  1386. err_sys("Failed to free netRandom context", -1005);
  1387. #endif /* HAVE_WNR */
  1388. #ifdef DOLPHIN_EMULATOR
  1389. /* Returning from main panics the emulator. Just hang
  1390. * and let the user force quit the emulator window. */
  1391. printf("args.return_code: %d\n", args.return_code);
  1392. printf("Testing complete. You may close the window now\n");
  1393. while (1);
  1394. #endif
  1395. #ifndef WOLFSSL_ESPIDF
  1396. printf("Exiting main with return code: %d\n", args.return_code);
  1397. return args.return_code;
  1398. #endif
  1399. }
  1400. #endif /* NO_MAIN_DRIVER */
  1401. /* helper to save DER, convert to PEM and save PEM */
  1402. #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
  1403. (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))))
  1404. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1405. #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB)
  1406. #else
  1407. #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, NULL, NULL, pT, eB)
  1408. #endif
  1409. static int _SaveDerAndPem(const byte* der, int derSz,
  1410. const char* fileDer, const char* filePem, int pemType, int errBase)
  1411. {
  1412. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1413. int ret;
  1414. XFILE derFile;
  1415. derFile = XFOPEN(fileDer, "wb");
  1416. if (!derFile) {
  1417. return errBase + 0;
  1418. }
  1419. ret = (int)XFWRITE(der, 1, derSz, derFile);
  1420. XFCLOSE(derFile);
  1421. if (ret != derSz) {
  1422. return errBase + 1;
  1423. }
  1424. #endif
  1425. #ifdef WOLFSSL_DER_TO_PEM
  1426. if (filePem) {
  1427. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1428. XFILE pemFile;
  1429. #endif
  1430. byte* pem;
  1431. int pemSz;
  1432. /* calculate PEM size */
  1433. pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType);
  1434. if (pemSz < 0) {
  1435. return pemSz;
  1436. }
  1437. pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1438. if (pem == NULL) {
  1439. return MEMORY_E;
  1440. }
  1441. /* Convert to PEM */
  1442. pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
  1443. if (pemSz < 0) {
  1444. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1445. return errBase + 2;
  1446. }
  1447. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1448. pemFile = XFOPEN(filePem, "wb");
  1449. if (!pemFile) {
  1450. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1451. return errBase + 3;
  1452. }
  1453. ret = (int)XFWRITE(pem, 1, pemSz, pemFile);
  1454. XFCLOSE(pemFile);
  1455. if (ret != pemSz) {
  1456. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1457. return errBase + 4;
  1458. }
  1459. #endif
  1460. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1461. }
  1462. #endif /* WOLFSSL_DER_TO_PEM */
  1463. /* suppress unused variable warnings */
  1464. (void)der;
  1465. (void)derSz;
  1466. (void)filePem;
  1467. (void)fileDer;
  1468. (void)pemType;
  1469. (void)errBase;
  1470. return 0;
  1471. }
  1472. #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
  1473. WOLFSSL_TEST_SUBROUTINE int error_test(void)
  1474. {
  1475. const char* errStr;
  1476. char out[WOLFSSL_MAX_ERROR_SZ];
  1477. const char* unknownStr = wc_GetErrorString(0);
  1478. #ifdef NO_ERROR_STRINGS
  1479. /* Ensure a valid error code's string matches an invalid code's.
  1480. * The string is that error strings are not available.
  1481. */
  1482. errStr = wc_GetErrorString(OPEN_RAN_E);
  1483. wc_ErrorString(OPEN_RAN_E, out);
  1484. if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
  1485. return -1100;
  1486. if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
  1487. return -1101;
  1488. #else
  1489. int i;
  1490. int j = 0;
  1491. /* Values that are not or no longer error codes. */
  1492. int missing[] = { -122, -123, -124, -127, -128, -129, -159,
  1493. -163, -164, -165, -166, -167, -168, -169, -233,
  1494. 0 };
  1495. /* Check that all errors have a string and it's the same through the two
  1496. * APIs. Check that the values that are not errors map to the unknown
  1497. * string.
  1498. */
  1499. for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
  1500. errStr = wc_GetErrorString(i);
  1501. wc_ErrorString(i, out);
  1502. if (i != missing[j]) {
  1503. if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) == 0)
  1504. return -1102;
  1505. if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) == 0)
  1506. return -1103;
  1507. if (XSTRNCMP(errStr, out, XSTRLEN(errStr)) != 0)
  1508. return -1104;
  1509. if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ)
  1510. return -1105;
  1511. }
  1512. else {
  1513. j++;
  1514. if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
  1515. return -1106;
  1516. if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
  1517. return -1107;
  1518. }
  1519. }
  1520. /* Check if the next possible value has been given a string. */
  1521. errStr = wc_GetErrorString(i);
  1522. wc_ErrorString(i, out);
  1523. if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
  1524. return -1108;
  1525. if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
  1526. return -1109;
  1527. #endif
  1528. return 0;
  1529. }
  1530. #ifndef NO_CODING
  1531. WOLFSSL_TEST_SUBROUTINE int base64_test(void)
  1532. {
  1533. int ret;
  1534. WOLFSSL_SMALL_STACK_STATIC const byte good[] = "A+Gd\0\0\0";
  1535. WOLFSSL_SMALL_STACK_STATIC const byte goodEnd[] = "A+Gd \r\n";
  1536. WOLFSSL_SMALL_STACK_STATIC const byte good_spaces[] = " A + G d \0";
  1537. byte out[128];
  1538. word32 outLen;
  1539. #ifdef WOLFSSL_BASE64_ENCODE
  1540. byte data[3];
  1541. word32 dataLen;
  1542. byte longData[79] = { 0 };
  1543. WOLFSSL_SMALL_STACK_STATIC const byte symbols[] = "+/A=";
  1544. #endif
  1545. WOLFSSL_SMALL_STACK_STATIC const byte badSmall[] = "AAA!Gdj=";
  1546. WOLFSSL_SMALL_STACK_STATIC const byte badLarge[] = "AAA~Gdj=";
  1547. WOLFSSL_SMALL_STACK_STATIC const byte badEOL[] = "A+Gd!AA";
  1548. WOLFSSL_SMALL_STACK_STATIC const byte badPadding[] = "AA=A";
  1549. WOLFSSL_SMALL_STACK_STATIC const byte badChar[] = ",-.:;<=>?@[\\]^_`";
  1550. byte goodChar[] =
  1551. "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
  1552. "abcdefghijklmnopqrstuvwxyz"
  1553. "0123456789+/;";
  1554. byte charTest[] = "A+Gd\0\0\0";
  1555. int i;
  1556. /* Good Base64 encodings. */
  1557. outLen = sizeof(out);
  1558. ret = Base64_Decode(good, sizeof(good), out, &outLen);
  1559. if (ret != 0)
  1560. return -1200;
  1561. outLen = sizeof(out);
  1562. ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
  1563. if (ret != 0)
  1564. return -1201;
  1565. outLen = sizeof(goodChar);
  1566. ret = Base64_Decode(goodChar, sizeof(goodChar), goodChar, &outLen);
  1567. if (ret != 0)
  1568. return -1235;
  1569. if (outLen != 64 / 4 * 3)
  1570. return -1236;
  1571. outLen = sizeof(out);
  1572. ret = Base64_Decode(good_spaces, sizeof(good_spaces), out, &outLen);
  1573. if (ret != 0)
  1574. return -1201;
  1575. /* Bad parameters. */
  1576. outLen = 1;
  1577. ret = Base64_Decode(good, sizeof(good), out, &outLen);
  1578. if (ret != BAD_FUNC_ARG)
  1579. return -1202;
  1580. outLen = sizeof(out);
  1581. ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
  1582. if (ret != ASN_INPUT_E)
  1583. return -1203;
  1584. outLen = sizeof(out);
  1585. ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
  1586. if (ret != ASN_INPUT_E)
  1587. return -1203;
  1588. /* Bad character at each offset 0-3. */
  1589. for (i = 0; i < 4; i++) {
  1590. outLen = sizeof(out);
  1591. ret = Base64_Decode(badSmall + i, 4, out, &outLen);
  1592. if (ret != ASN_INPUT_E)
  1593. return -1204 - i;
  1594. ret = Base64_Decode(badLarge + i, 4, out, &outLen);
  1595. if (ret != ASN_INPUT_E)
  1596. return -1214 - i;
  1597. }
  1598. /* Invalid character less than 0x2b */
  1599. for (i = 1; i < 0x2b; i++) {
  1600. outLen = sizeof(out);
  1601. charTest[0] = i;
  1602. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  1603. if (ret != ASN_INPUT_E)
  1604. return -1240 - i;
  1605. }
  1606. /* Bad characters in range 0x2b - 0x7a. */
  1607. for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
  1608. outLen = sizeof(out);
  1609. charTest[0] = badChar[i];
  1610. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  1611. if (ret != ASN_INPUT_E)
  1612. return -1270 - i;
  1613. }
  1614. /* Invalid character greater than 0x7a */
  1615. for (i = 0x7b; i < 0x100; i++) {
  1616. outLen = sizeof(out);
  1617. charTest[0] = i;
  1618. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  1619. if (ret != ASN_INPUT_E)
  1620. return -1290 - i;
  1621. }
  1622. #ifdef WOLFSSL_BASE64_ENCODE
  1623. /* Decode and encode all symbols - non-alphanumeric. */
  1624. dataLen = sizeof(data);
  1625. ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
  1626. if (ret != 0)
  1627. return -1224;
  1628. outLen = sizeof(out);
  1629. ret = Base64_Encode(data, dataLen, NULL, &outLen);
  1630. if (ret != LENGTH_ONLY_E)
  1631. return -1225;
  1632. outLen = sizeof(out);
  1633. ret = Base64_Encode(data, dataLen, out, &outLen);
  1634. if (ret != 0)
  1635. return -1226;
  1636. outLen = 7;
  1637. ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
  1638. if (ret != BUFFER_E)
  1639. return -1227;
  1640. outLen = sizeof(out);
  1641. ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
  1642. if (ret != LENGTH_ONLY_E)
  1643. return -1228;
  1644. outLen = sizeof(out);
  1645. ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
  1646. if (ret != 0)
  1647. return -1229;
  1648. outLen = sizeof(out);
  1649. ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
  1650. if (ret != 0)
  1651. return -1230;
  1652. /* Data that results in an encoding longer than one line. */
  1653. outLen = sizeof(out);
  1654. dataLen = sizeof(longData);
  1655. ret = Base64_Encode(longData, dataLen, out, &outLen);
  1656. if (ret != 0)
  1657. return -1231;
  1658. outLen = sizeof(out);
  1659. ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
  1660. if (ret != 0)
  1661. return -1232;
  1662. outLen = sizeof(out);
  1663. ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
  1664. if (ret != 0)
  1665. return -1233;
  1666. #endif
  1667. return 0;
  1668. }
  1669. #ifdef WOLFSSL_BASE16
  1670. WOLFSSL_TEST_SUBROUTINE int base16_test(void)
  1671. {
  1672. int ret;
  1673. WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n";
  1674. WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
  1675. byte encoded[40];
  1676. word32 encodedLen;
  1677. byte plain[40];
  1678. word32 len;
  1679. /* length returned includes null termination */
  1680. encodedLen = sizeof(encoded);
  1681. ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
  1682. if (ret != 0)
  1683. return -1300;
  1684. len = (word32)XSTRLEN((char*)encoded);
  1685. if (len != encodedLen - 1)
  1686. return -1301;
  1687. len = sizeof(plain);
  1688. ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
  1689. if (ret != 0)
  1690. return -1302;
  1691. if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
  1692. return -1303;
  1693. if (encodedLen != sizeof(encodedTestData) ||
  1694. XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
  1695. return -1304;
  1696. }
  1697. return 0;
  1698. }
  1699. #endif /* WOLFSSL_BASE16 */
  1700. #endif /* !NO_CODING */
  1701. #ifndef NO_ASN
  1702. WOLFSSL_TEST_SUBROUTINE int asn_test(void)
  1703. {
  1704. int ret;
  1705. /* ASN1 encoded date buffer */
  1706. WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
  1707. 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a};
  1708. byte format;
  1709. int length;
  1710. const byte* datePart;
  1711. #ifndef NO_ASN_TIME
  1712. struct tm timearg;
  1713. time_t now;
  1714. #endif
  1715. ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
  1716. &length);
  1717. if (ret != 0)
  1718. return -1400;
  1719. #ifndef NO_ASN_TIME
  1720. /* Parameter Validation tests. */
  1721. if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG)
  1722. return -1401;
  1723. if (wc_GetTime(&now, 0) != BUFFER_E)
  1724. return -1402;
  1725. now = 0;
  1726. if (wc_GetTime(&now, sizeof(now)) != 0) {
  1727. return -1403;
  1728. }
  1729. if (now == 0) {
  1730. printf("RTC/Time not set!\n");
  1731. return -1404;
  1732. }
  1733. ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
  1734. if (ret != 0)
  1735. return -1405;
  1736. #endif /* !NO_ASN_TIME */
  1737. return 0;
  1738. }
  1739. #endif /* !NO_ASN */
  1740. #ifdef WOLFSSL_MD2
  1741. WOLFSSL_TEST_SUBROUTINE int md2_test(void)
  1742. {
  1743. int ret = 0;
  1744. Md2 md2;
  1745. byte hash[MD2_DIGEST_SIZE];
  1746. testVector a, b, c, d, e, f, g;
  1747. testVector test_md2[7];
  1748. int times = sizeof(test_md2) / sizeof(testVector), i;
  1749. a.input = "";
  1750. a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
  1751. "\x27\x73";
  1752. a.inLen = XSTRLEN(a.input);
  1753. a.outLen = MD2_DIGEST_SIZE;
  1754. b.input = "a";
  1755. b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
  1756. "\xb5\xd1";
  1757. b.inLen = XSTRLEN(b.input);
  1758. b.outLen = MD2_DIGEST_SIZE;
  1759. c.input = "abc";
  1760. c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
  1761. "\xd6\xbb";
  1762. c.inLen = XSTRLEN(c.input);
  1763. c.outLen = MD2_DIGEST_SIZE;
  1764. d.input = "message digest";
  1765. d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
  1766. "\x06\xb0";
  1767. d.inLen = XSTRLEN(d.input);
  1768. d.outLen = MD2_DIGEST_SIZE;
  1769. e.input = "abcdefghijklmnopqrstuvwxyz";
  1770. e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
  1771. "\x94\x0b";
  1772. e.inLen = XSTRLEN(e.input);
  1773. e.outLen = MD2_DIGEST_SIZE;
  1774. f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  1775. "6789";
  1776. f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
  1777. "\x38\xcd";
  1778. f.inLen = XSTRLEN(f.input);
  1779. f.outLen = MD2_DIGEST_SIZE;
  1780. g.input = "1234567890123456789012345678901234567890123456789012345678"
  1781. "9012345678901234567890";
  1782. g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
  1783. "\xef\xd8";
  1784. g.inLen = XSTRLEN(g.input);
  1785. g.outLen = MD2_DIGEST_SIZE;
  1786. test_md2[0] = a;
  1787. test_md2[1] = b;
  1788. test_md2[2] = c;
  1789. test_md2[3] = d;
  1790. test_md2[4] = e;
  1791. test_md2[5] = f;
  1792. test_md2[6] = g;
  1793. wc_InitMd2(&md2);
  1794. for (i = 0; i < times; ++i) {
  1795. wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
  1796. wc_Md2Final(&md2, hash);
  1797. if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
  1798. return -1500 - i;
  1799. }
  1800. for (i = 0; i < times; ++i) {
  1801. ret = wc_Md2Hash((byte*)test_md2[i].input, (word32)test_md2[i].inLen, hash);
  1802. if (ret != 0) {
  1803. return -1507 - i;
  1804. }
  1805. if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) {
  1806. return -1507 - i;
  1807. }
  1808. }
  1809. return 0;
  1810. }
  1811. #endif
  1812. #ifndef NO_MD5
  1813. WOLFSSL_TEST_SUBROUTINE int md5_test(void)
  1814. {
  1815. int ret = 0;
  1816. wc_Md5 md5, md5Copy;
  1817. byte hash[WC_MD5_DIGEST_SIZE];
  1818. byte hashcopy[WC_MD5_DIGEST_SIZE];
  1819. testVector a, b, c, d, e, f;
  1820. testVector test_md5[6];
  1821. int times = sizeof(test_md5) / sizeof(testVector), i;
  1822. a.input = "";
  1823. a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
  1824. "\x7e";
  1825. a.inLen = XSTRLEN(a.input);
  1826. a.outLen = WC_MD5_DIGEST_SIZE;
  1827. b.input = "abc";
  1828. b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
  1829. "\x72";
  1830. b.inLen = XSTRLEN(b.input);
  1831. b.outLen = WC_MD5_DIGEST_SIZE;
  1832. c.input = "message digest";
  1833. c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
  1834. "\xd0";
  1835. c.inLen = XSTRLEN(c.input);
  1836. c.outLen = WC_MD5_DIGEST_SIZE;
  1837. d.input = "abcdefghijklmnopqrstuvwxyz";
  1838. d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
  1839. "\x3b";
  1840. d.inLen = XSTRLEN(d.input);
  1841. d.outLen = WC_MD5_DIGEST_SIZE;
  1842. e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  1843. "6789";
  1844. e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
  1845. "\x9f";
  1846. e.inLen = XSTRLEN(e.input);
  1847. e.outLen = WC_MD5_DIGEST_SIZE;
  1848. f.input = "1234567890123456789012345678901234567890123456789012345678"
  1849. "9012345678901234567890";
  1850. f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
  1851. "\x7a";
  1852. f.inLen = XSTRLEN(f.input);
  1853. f.outLen = WC_MD5_DIGEST_SIZE;
  1854. test_md5[0] = a;
  1855. test_md5[1] = b;
  1856. test_md5[2] = c;
  1857. test_md5[3] = d;
  1858. test_md5[4] = e;
  1859. test_md5[5] = f;
  1860. ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId);
  1861. if (ret != 0)
  1862. return -1600;
  1863. ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId);
  1864. if (ret != 0) {
  1865. wc_Md5Free(&md5);
  1866. return -1601;
  1867. }
  1868. for (i = 0; i < times; ++i) {
  1869. ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
  1870. (word32)test_md5[i].inLen);
  1871. if (ret != 0)
  1872. ERROR_OUT(-1602 - i, exit);
  1873. ret = wc_Md5GetHash(&md5, hashcopy);
  1874. if (ret != 0)
  1875. ERROR_OUT(-1603 - i, exit);
  1876. ret = wc_Md5Copy(&md5, &md5Copy);
  1877. if (ret != 0)
  1878. ERROR_OUT(-1604 - i, exit);
  1879. ret = wc_Md5Final(&md5, hash);
  1880. if (ret != 0)
  1881. ERROR_OUT(-1605 - i, exit);
  1882. wc_Md5Free(&md5Copy);
  1883. if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
  1884. ERROR_OUT(-1606 - i, exit);
  1885. if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
  1886. ERROR_OUT(-1607 - i, exit);
  1887. }
  1888. /* BEGIN LARGE HASH TEST */ {
  1889. byte large_input[1024];
  1890. const char* large_digest =
  1891. "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
  1892. for (i = 0; i < (int)sizeof(large_input); i++) {
  1893. large_input[i] = (byte)(i & 0xFF);
  1894. }
  1895. times = 100;
  1896. #ifdef WOLFSSL_PIC32MZ_HASH
  1897. wc_Md5SizeSet(&md5, times * sizeof(large_input));
  1898. #endif
  1899. for (i = 0; i < times; ++i) {
  1900. ret = wc_Md5Update(&md5, (byte*)large_input,
  1901. (word32)sizeof(large_input));
  1902. if (ret != 0)
  1903. ERROR_OUT(-1608, exit);
  1904. }
  1905. ret = wc_Md5Final(&md5, hash);
  1906. if (ret != 0)
  1907. ERROR_OUT(-1609, exit);
  1908. if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
  1909. ERROR_OUT(-1610, exit);
  1910. } /* END LARGE HASH TEST */
  1911. exit:
  1912. wc_Md5Free(&md5);
  1913. wc_Md5Free(&md5Copy);
  1914. return ret;
  1915. }
  1916. #endif /* NO_MD5 */
  1917. #ifndef NO_MD4
  1918. WOLFSSL_TEST_SUBROUTINE int md4_test(void)
  1919. {
  1920. Md4 md4;
  1921. byte hash[MD4_DIGEST_SIZE];
  1922. testVector a, b, c, d, e, f, g;
  1923. testVector test_md4[7];
  1924. int times = sizeof(test_md4) / sizeof(testVector), i;
  1925. a.input = "";
  1926. a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
  1927. "\xc0";
  1928. a.inLen = XSTRLEN(a.input);
  1929. a.outLen = MD4_DIGEST_SIZE;
  1930. b.input = "a";
  1931. b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
  1932. "\x24";
  1933. b.inLen = XSTRLEN(b.input);
  1934. b.outLen = MD4_DIGEST_SIZE;
  1935. c.input = "abc";
  1936. c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
  1937. "\x9d";
  1938. c.inLen = XSTRLEN(c.input);
  1939. c.outLen = MD4_DIGEST_SIZE;
  1940. d.input = "message digest";
  1941. d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
  1942. "\x4b";
  1943. d.inLen = XSTRLEN(d.input);
  1944. d.outLen = MD4_DIGEST_SIZE;
  1945. e.input = "abcdefghijklmnopqrstuvwxyz";
  1946. e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
  1947. "\xa9";
  1948. e.inLen = XSTRLEN(e.input);
  1949. e.outLen = MD4_DIGEST_SIZE;
  1950. f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  1951. "6789";
  1952. f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
  1953. "\xe4";
  1954. f.inLen = XSTRLEN(f.input);
  1955. f.outLen = MD4_DIGEST_SIZE;
  1956. g.input = "1234567890123456789012345678901234567890123456789012345678"
  1957. "9012345678901234567890";
  1958. g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
  1959. "\x36";
  1960. g.inLen = XSTRLEN(g.input);
  1961. g.outLen = MD4_DIGEST_SIZE;
  1962. test_md4[0] = a;
  1963. test_md4[1] = b;
  1964. test_md4[2] = c;
  1965. test_md4[3] = d;
  1966. test_md4[4] = e;
  1967. test_md4[5] = f;
  1968. test_md4[6] = g;
  1969. wc_InitMd4(&md4);
  1970. for (i = 0; i < times; ++i) {
  1971. wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
  1972. wc_Md4Final(&md4, hash);
  1973. if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
  1974. return -1700 - i;
  1975. }
  1976. return 0;
  1977. }
  1978. #endif /* NO_MD4 */
  1979. #ifndef NO_SHA
  1980. WOLFSSL_TEST_SUBROUTINE int sha_test(void)
  1981. {
  1982. int ret = 0;
  1983. wc_Sha sha, shaCopy;
  1984. byte hash[WC_SHA_DIGEST_SIZE];
  1985. byte hashcopy[WC_SHA_DIGEST_SIZE];
  1986. testVector a, b, c, d, e;
  1987. testVector test_sha[5];
  1988. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  1989. a.input = "";
  1990. a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
  1991. "\x90\xaf\xd8\x07\x09";
  1992. a.inLen = XSTRLEN(a.input);
  1993. a.outLen = WC_SHA_DIGEST_SIZE;
  1994. b.input = "abc";
  1995. b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
  1996. "\x6C\x9C\xD0\xD8\x9D";
  1997. b.inLen = XSTRLEN(b.input);
  1998. b.outLen = WC_SHA_DIGEST_SIZE;
  1999. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2000. c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
  2001. "\xE5\xE5\x46\x70\xF1";
  2002. c.inLen = XSTRLEN(c.input);
  2003. c.outLen = WC_SHA_DIGEST_SIZE;
  2004. d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  2005. "aaaaaa";
  2006. d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
  2007. "\x2A\x25\xEC\x64\x4D";
  2008. d.inLen = XSTRLEN(d.input);
  2009. d.outLen = WC_SHA_DIGEST_SIZE;
  2010. e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  2011. "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  2012. "aaaaaaaaaa";
  2013. e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
  2014. "\x53\x99\x5E\x26\xA0";
  2015. e.inLen = XSTRLEN(e.input);
  2016. e.outLen = WC_SHA_DIGEST_SIZE;
  2017. test_sha[0] = a;
  2018. test_sha[1] = b;
  2019. test_sha[2] = c;
  2020. test_sha[3] = d;
  2021. test_sha[4] = e;
  2022. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  2023. if (ret != 0)
  2024. return -1800;
  2025. ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId);
  2026. if (ret != 0) {
  2027. wc_ShaFree(&sha);
  2028. return -1801;
  2029. }
  2030. for (i = 0; i < times; ++i) {
  2031. ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input,
  2032. (word32)test_sha[i].inLen);
  2033. if (ret != 0)
  2034. ERROR_OUT(-1802 - i, exit);
  2035. ret = wc_ShaGetHash(&sha, hashcopy);
  2036. if (ret != 0)
  2037. ERROR_OUT(-1803 - i, exit);
  2038. ret = wc_ShaCopy(&sha, &shaCopy);
  2039. if (ret != 0)
  2040. ERROR_OUT(-1804 - i, exit);
  2041. ret = wc_ShaFinal(&sha, hash);
  2042. if (ret != 0)
  2043. ERROR_OUT(-1805 - i, exit);
  2044. wc_ShaFree(&shaCopy);
  2045. if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
  2046. ERROR_OUT(-1806 - i, exit);
  2047. if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
  2048. ERROR_OUT(-1807 - i, exit);
  2049. }
  2050. /* BEGIN LARGE HASH TEST */ {
  2051. byte large_input[1024];
  2052. #ifdef WOLFSSL_RENESAS_TSIP
  2053. const char* large_digest =
  2054. "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
  2055. "\x15\x8c\x6d\xb6";
  2056. #else
  2057. const char* large_digest =
  2058. "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
  2059. "\xc5\xd9\x0a\xac";
  2060. #endif
  2061. for (i = 0; i < (int)sizeof(large_input); i++) {
  2062. large_input[i] = (byte)(i & 0xFF);
  2063. }
  2064. #ifdef WOLFSSL_RENESAS_TSIP
  2065. times = 20;
  2066. #else
  2067. times = 100;
  2068. #endif
  2069. #ifdef WOLFSSL_PIC32MZ_HASH
  2070. wc_ShaSizeSet(&sha, times * sizeof(large_input));
  2071. #endif
  2072. for (i = 0; i < times; ++i) {
  2073. ret = wc_ShaUpdate(&sha, (byte*)large_input,
  2074. (word32)sizeof(large_input));
  2075. if (ret != 0)
  2076. ERROR_OUT(-1808, exit);
  2077. }
  2078. ret = wc_ShaFinal(&sha, hash);
  2079. if (ret != 0)
  2080. ERROR_OUT(-1809, exit);
  2081. if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
  2082. ERROR_OUT(-1810, exit);
  2083. } /* END LARGE HASH TEST */
  2084. exit:
  2085. wc_ShaFree(&sha);
  2086. wc_ShaFree(&shaCopy);
  2087. return ret;
  2088. }
  2089. #endif /* NO_SHA */
  2090. #ifdef WOLFSSL_RIPEMD
  2091. WOLFSSL_TEST_SUBROUTINE int ripemd_test(void)
  2092. {
  2093. RipeMd ripemd;
  2094. int ret;
  2095. byte hash[RIPEMD_DIGEST_SIZE];
  2096. testVector a, b, c, d;
  2097. testVector test_ripemd[4];
  2098. int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
  2099. a.input = "abc";
  2100. a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
  2101. "\xb0\x87\xf1\x5a\x0b\xfc";
  2102. a.inLen = XSTRLEN(a.input);
  2103. a.outLen = RIPEMD_DIGEST_SIZE;
  2104. b.input = "message digest";
  2105. b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
  2106. "\x5f\xfa\x21\x59\x5f\x36";
  2107. b.inLen = XSTRLEN(b.input);
  2108. b.outLen = RIPEMD_DIGEST_SIZE;
  2109. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2110. c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
  2111. "\xf4\x9a\xda\x62\xeb\x2b";
  2112. c.inLen = XSTRLEN(c.input);
  2113. c.outLen = RIPEMD_DIGEST_SIZE;
  2114. d.input = "12345678901234567890123456789012345678901234567890123456"
  2115. "789012345678901234567890";
  2116. d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
  2117. "\x82\xbf\x63\x32\x6b\xfb";
  2118. d.inLen = XSTRLEN(d.input);
  2119. d.outLen = RIPEMD_DIGEST_SIZE;
  2120. test_ripemd[0] = a;
  2121. test_ripemd[1] = b;
  2122. test_ripemd[2] = c;
  2123. test_ripemd[3] = d;
  2124. ret = wc_InitRipeMd(&ripemd);
  2125. if (ret != 0) {
  2126. return -1900;
  2127. }
  2128. for (i = 0; i < times; ++i) {
  2129. ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
  2130. (word32)test_ripemd[i].inLen);
  2131. if (ret != 0) {
  2132. return -1901 - i;
  2133. }
  2134. ret = wc_RipeMdFinal(&ripemd, hash);
  2135. if (ret != 0) {
  2136. return -1911 - i;
  2137. }
  2138. if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
  2139. return -1921 - i;
  2140. }
  2141. return 0;
  2142. }
  2143. #endif /* WOLFSSL_RIPEMD */
  2144. #ifdef HAVE_BLAKE2
  2145. #define BLAKE2B_TESTS 3
  2146. static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] =
  2147. {
  2148. {
  2149. 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
  2150. 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
  2151. 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
  2152. 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
  2153. 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
  2154. 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
  2155. 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
  2156. 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
  2157. },
  2158. {
  2159. 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
  2160. 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
  2161. 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
  2162. 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
  2163. 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
  2164. 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
  2165. 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
  2166. 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
  2167. },
  2168. {
  2169. 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
  2170. 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
  2171. 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
  2172. 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
  2173. 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
  2174. 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
  2175. 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
  2176. 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
  2177. }
  2178. };
  2179. WOLFSSL_TEST_SUBROUTINE int blake2b_test(void)
  2180. {
  2181. Blake2b b2b;
  2182. byte digest[64];
  2183. byte input[64];
  2184. int i, ret;
  2185. for (i = 0; i < (int)sizeof(input); i++)
  2186. input[i] = (byte)i;
  2187. for (i = 0; i < BLAKE2B_TESTS; i++) {
  2188. ret = wc_InitBlake2b(&b2b, 64);
  2189. if (ret != 0)
  2190. return -2000 - i;
  2191. ret = wc_Blake2bUpdate(&b2b, input, i);
  2192. if (ret != 0)
  2193. return -2010 - 1;
  2194. ret = wc_Blake2bFinal(&b2b, digest, 64);
  2195. if (ret != 0)
  2196. return -2020 - i;
  2197. if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
  2198. return -2030 - i;
  2199. }
  2200. }
  2201. return 0;
  2202. }
  2203. #endif /* HAVE_BLAKE2 */
  2204. #ifdef HAVE_BLAKE2S
  2205. #define BLAKE2S_TESTS 3
  2206. static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] =
  2207. {
  2208. {
  2209. 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
  2210. 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
  2211. 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
  2212. 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9,
  2213. },
  2214. {
  2215. 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6,
  2216. 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2,
  2217. 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb,
  2218. 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea,
  2219. },
  2220. {
  2221. 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49,
  2222. 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe,
  2223. 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88,
  2224. 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c,
  2225. }
  2226. };
  2227. WOLFSSL_TEST_SUBROUTINE int blake2s_test(void)
  2228. {
  2229. Blake2s b2s;
  2230. byte digest[32];
  2231. byte input[64];
  2232. int i, ret;
  2233. for (i = 0; i < (int)sizeof(input); i++)
  2234. input[i] = (byte)i;
  2235. for (i = 0; i < BLAKE2S_TESTS; i++) {
  2236. ret = wc_InitBlake2s(&b2s, 32);
  2237. if (ret != 0)
  2238. return -2100 - i;
  2239. ret = wc_Blake2sUpdate(&b2s, input, i);
  2240. if (ret != 0)
  2241. return -2110 - 1;
  2242. ret = wc_Blake2sFinal(&b2s, digest, 32);
  2243. if (ret != 0)
  2244. return -2120 - i;
  2245. if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) {
  2246. return -2130 - i;
  2247. }
  2248. }
  2249. return 0;
  2250. }
  2251. #endif /* HAVE_BLAKE2S */
  2252. #ifdef WOLFSSL_SHA224
  2253. WOLFSSL_TEST_SUBROUTINE int sha224_test(void)
  2254. {
  2255. wc_Sha224 sha, shaCopy;
  2256. byte hash[WC_SHA224_DIGEST_SIZE];
  2257. byte hashcopy[WC_SHA224_DIGEST_SIZE];
  2258. int ret = 0;
  2259. testVector a, b, c;
  2260. testVector test_sha[3];
  2261. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2262. a.input = "";
  2263. a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
  2264. "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
  2265. a.inLen = XSTRLEN(a.input);
  2266. a.outLen = WC_SHA224_DIGEST_SIZE;
  2267. b.input = "abc";
  2268. b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
  2269. "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
  2270. b.inLen = XSTRLEN(b.input);
  2271. b.outLen = WC_SHA224_DIGEST_SIZE;
  2272. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2273. c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
  2274. "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
  2275. c.inLen = XSTRLEN(c.input);
  2276. c.outLen = WC_SHA224_DIGEST_SIZE;
  2277. test_sha[0] = a;
  2278. test_sha[1] = b;
  2279. test_sha[2] = c;
  2280. ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
  2281. if (ret != 0)
  2282. return -2200;
  2283. ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
  2284. if (ret != 0) {
  2285. wc_Sha224Free(&sha);
  2286. return -2201;
  2287. }
  2288. for (i = 0; i < times; ++i) {
  2289. ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
  2290. (word32)test_sha[i].inLen);
  2291. if (ret != 0)
  2292. ERROR_OUT(-2202 - i, exit);
  2293. ret = wc_Sha224GetHash(&sha, hashcopy);
  2294. if (ret != 0)
  2295. ERROR_OUT(-2203 - i, exit);
  2296. ret = wc_Sha224Copy(&sha, &shaCopy);
  2297. if (ret != 0)
  2298. ERROR_OUT(-2204 - i, exit);
  2299. ret = wc_Sha224Final(&sha, hash);
  2300. if (ret != 0)
  2301. ERROR_OUT(-2205 - i, exit);
  2302. wc_Sha224Free(&shaCopy);
  2303. if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
  2304. ERROR_OUT(-2206 - i, exit);
  2305. if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
  2306. ERROR_OUT(-2207 - i, exit);
  2307. }
  2308. exit:
  2309. wc_Sha224Free(&sha);
  2310. wc_Sha224Free(&shaCopy);
  2311. return ret;
  2312. }
  2313. #endif
  2314. #ifndef NO_SHA256
  2315. WOLFSSL_TEST_SUBROUTINE int sha256_test(void)
  2316. {
  2317. wc_Sha256 sha, shaCopy;
  2318. byte hash[WC_SHA256_DIGEST_SIZE];
  2319. byte hashcopy[WC_SHA256_DIGEST_SIZE];
  2320. int ret = 0;
  2321. testVector a, b, c;
  2322. testVector test_sha[3];
  2323. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2324. a.input = "";
  2325. a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
  2326. "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
  2327. "\xb8\x55";
  2328. a.inLen = XSTRLEN(a.input);
  2329. a.outLen = WC_SHA256_DIGEST_SIZE;
  2330. b.input = "abc";
  2331. b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  2332. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  2333. "\x15\xAD";
  2334. b.inLen = XSTRLEN(b.input);
  2335. b.outLen = WC_SHA256_DIGEST_SIZE;
  2336. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2337. c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
  2338. "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
  2339. "\x06\xC1";
  2340. c.inLen = XSTRLEN(c.input);
  2341. c.outLen = WC_SHA256_DIGEST_SIZE;
  2342. test_sha[0] = a;
  2343. test_sha[1] = b;
  2344. test_sha[2] = c;
  2345. ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
  2346. if (ret != 0)
  2347. return -2300;
  2348. ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
  2349. if (ret != 0) {
  2350. wc_Sha256Free(&sha);
  2351. return -2301;
  2352. }
  2353. for (i = 0; i < times; ++i) {
  2354. ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
  2355. (word32)test_sha[i].inLen);
  2356. if (ret != 0) {
  2357. ERROR_OUT(-2302 - i, exit);
  2358. }
  2359. ret = wc_Sha256GetHash(&sha, hashcopy);
  2360. if (ret != 0)
  2361. ERROR_OUT(-2303 - i, exit);
  2362. ret = wc_Sha256Copy(&sha, &shaCopy);
  2363. if (ret != 0)
  2364. ERROR_OUT(-2304 - i, exit);
  2365. ret = wc_Sha256Final(&sha, hash);
  2366. if (ret != 0)
  2367. ERROR_OUT(-2305 - i, exit);
  2368. wc_Sha256Free(&shaCopy);
  2369. if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
  2370. ERROR_OUT(-2306 - i, exit);
  2371. if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
  2372. ERROR_OUT(-2307 - i, exit);
  2373. }
  2374. /* BEGIN LARGE HASH TEST */ {
  2375. byte large_input[1024];
  2376. #ifdef WOLFSSL_RENESAS_TSIP_CRYPT
  2377. const char* large_digest =
  2378. "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
  2379. "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
  2380. #else
  2381. const char* large_digest =
  2382. "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
  2383. "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
  2384. #endif
  2385. for (i = 0; i < (int)sizeof(large_input); i++) {
  2386. large_input[i] = (byte)(i & 0xFF);
  2387. }
  2388. #ifdef WOLFSSL_RENESAS_TSIP
  2389. times = 20;
  2390. #else
  2391. times = 100;
  2392. #endif
  2393. #ifdef WOLFSSL_PIC32MZ_HASH
  2394. wc_Sha256SizeSet(&sha, times * sizeof(large_input));
  2395. #endif
  2396. for (i = 0; i < times; ++i) {
  2397. ret = wc_Sha256Update(&sha, (byte*)large_input,
  2398. (word32)sizeof(large_input));
  2399. if (ret != 0)
  2400. ERROR_OUT(-2308, exit);
  2401. }
  2402. ret = wc_Sha256Final(&sha, hash);
  2403. if (ret != 0)
  2404. ERROR_OUT(-2309, exit);
  2405. if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
  2406. ERROR_OUT(-2310, exit);
  2407. } /* END LARGE HASH TEST */
  2408. exit:
  2409. wc_Sha256Free(&sha);
  2410. wc_Sha256Free(&shaCopy);
  2411. return ret;
  2412. }
  2413. #endif
  2414. #ifdef WOLFSSL_SHA512
  2415. WOLFSSL_TEST_SUBROUTINE int sha512_test(void)
  2416. {
  2417. wc_Sha512 sha, shaCopy;
  2418. byte hash[WC_SHA512_DIGEST_SIZE];
  2419. byte hashcopy[WC_SHA512_DIGEST_SIZE];
  2420. int ret = 0;
  2421. testVector a, b, c;
  2422. testVector test_sha[3];
  2423. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2424. a.input = "";
  2425. a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
  2426. "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
  2427. "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
  2428. "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
  2429. "\xf9\x27\xda\x3e";
  2430. a.inLen = XSTRLEN(a.input);
  2431. a.outLen = WC_SHA512_DIGEST_SIZE;
  2432. b.input = "abc";
  2433. b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
  2434. "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
  2435. "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
  2436. "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
  2437. "\xa5\x4c\xa4\x9f";
  2438. b.inLen = XSTRLEN(b.input);
  2439. b.outLen = WC_SHA512_DIGEST_SIZE;
  2440. c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  2441. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  2442. c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
  2443. "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
  2444. "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
  2445. "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
  2446. "\x87\x4b\xe9\x09";
  2447. c.inLen = XSTRLEN(c.input);
  2448. c.outLen = WC_SHA512_DIGEST_SIZE;
  2449. test_sha[0] = a;
  2450. test_sha[1] = b;
  2451. test_sha[2] = c;
  2452. ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
  2453. if (ret != 0)
  2454. return -2400;
  2455. ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
  2456. if (ret != 0) {
  2457. wc_Sha512Free(&sha);
  2458. return -2401;
  2459. }
  2460. for (i = 0; i < times; ++i) {
  2461. ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
  2462. (word32)test_sha[i].inLen);
  2463. if (ret != 0)
  2464. ERROR_OUT(-2402 - i, exit);
  2465. ret = wc_Sha512GetHash(&sha, hashcopy);
  2466. if (ret != 0)
  2467. ERROR_OUT(-2403 - i, exit);
  2468. ret = wc_Sha512Copy(&sha, &shaCopy);
  2469. if (ret != 0)
  2470. ERROR_OUT(-2404 - i, exit);
  2471. ret = wc_Sha512Final(&sha, hash);
  2472. if (ret != 0)
  2473. ERROR_OUT(-2405 - i, exit);
  2474. wc_Sha512Free(&shaCopy);
  2475. if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
  2476. ERROR_OUT(-2406 - i, exit);
  2477. if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
  2478. ERROR_OUT(-2407 - i, exit);
  2479. }
  2480. /* BEGIN LARGE HASH TEST */ {
  2481. byte large_input[1024];
  2482. const char* large_digest =
  2483. "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
  2484. "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
  2485. "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
  2486. "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
  2487. for (i = 0; i < (int)sizeof(large_input); i++) {
  2488. large_input[i] = (byte)(i & 0xFF);
  2489. }
  2490. times = 100;
  2491. for (i = 0; i < times; ++i) {
  2492. ret = wc_Sha512Update(&sha, (byte*)large_input,
  2493. (word32)sizeof(large_input));
  2494. if (ret != 0)
  2495. ERROR_OUT(-2408, exit);
  2496. }
  2497. ret = wc_Sha512Final(&sha, hash);
  2498. if (ret != 0)
  2499. ERROR_OUT(-2409, exit);
  2500. if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
  2501. ERROR_OUT(-2410, exit);
  2502. /* Unaligned memory access test */
  2503. for (i = 1; i < 16; i++) {
  2504. ret = wc_Sha512Update(&sha, (byte*)large_input + i,
  2505. (word32)sizeof(large_input) - i);
  2506. if (ret != 0)
  2507. ERROR_OUT(-2411, exit);
  2508. ret = wc_Sha512Final(&sha, hash);
  2509. }
  2510. } /* END LARGE HASH TEST */
  2511. exit:
  2512. wc_Sha512Free(&sha);
  2513. wc_Sha512Free(&shaCopy);
  2514. return ret;
  2515. }
  2516. #endif
  2517. #ifdef WOLFSSL_SHA384
  2518. WOLFSSL_TEST_SUBROUTINE int sha384_test(void)
  2519. {
  2520. wc_Sha384 sha, shaCopy;
  2521. byte hash[WC_SHA384_DIGEST_SIZE];
  2522. byte hashcopy[WC_SHA384_DIGEST_SIZE];
  2523. int ret = 0;
  2524. testVector a, b, c;
  2525. testVector test_sha[3];
  2526. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2527. a.input = "";
  2528. a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
  2529. "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
  2530. "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
  2531. "\x98\xb9\x5b";
  2532. a.inLen = XSTRLEN(a.input);
  2533. a.outLen = WC_SHA384_DIGEST_SIZE;
  2534. b.input = "abc";
  2535. b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
  2536. "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
  2537. "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
  2538. "\xc8\x25\xa7";
  2539. b.inLen = XSTRLEN(b.input);
  2540. b.outLen = WC_SHA384_DIGEST_SIZE;
  2541. c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  2542. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  2543. c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
  2544. "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
  2545. "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
  2546. "\x74\x60\x39";
  2547. c.inLen = XSTRLEN(c.input);
  2548. c.outLen = WC_SHA384_DIGEST_SIZE;
  2549. test_sha[0] = a;
  2550. test_sha[1] = b;
  2551. test_sha[2] = c;
  2552. ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
  2553. if (ret != 0)
  2554. return -2500;
  2555. ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
  2556. if (ret != 0) {
  2557. wc_Sha384Free(&sha);
  2558. return -2501;
  2559. }
  2560. for (i = 0; i < times; ++i) {
  2561. ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
  2562. (word32)test_sha[i].inLen);
  2563. if (ret != 0)
  2564. ERROR_OUT(-2502 - i, exit);
  2565. ret = wc_Sha384GetHash(&sha, hashcopy);
  2566. if (ret != 0)
  2567. ERROR_OUT(-2503 - i, exit);
  2568. ret = wc_Sha384Copy(&sha, &shaCopy);
  2569. if (ret != 0)
  2570. ERROR_OUT(-2504 - i, exit);
  2571. ret = wc_Sha384Final(&sha, hash);
  2572. if (ret != 0)
  2573. ERROR_OUT(-2505 - i, exit);
  2574. wc_Sha384Free(&shaCopy);
  2575. if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
  2576. ERROR_OUT(-2506 - i, exit);
  2577. if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
  2578. ERROR_OUT(-2507 - i, exit);
  2579. }
  2580. /* BEGIN LARGE HASH TEST */ {
  2581. byte large_input[1024];
  2582. const char* large_digest =
  2583. "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
  2584. "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
  2585. "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
  2586. for (i = 0; i < (int)sizeof(large_input); i++) {
  2587. large_input[i] = (byte)(i & 0xFF);
  2588. }
  2589. times = 100;
  2590. for (i = 0; i < times; ++i) {
  2591. ret = wc_Sha384Update(&sha, (byte*)large_input,
  2592. (word32)sizeof(large_input));
  2593. if (ret != 0)
  2594. ERROR_OUT(-2508, exit);
  2595. }
  2596. ret = wc_Sha384Final(&sha, hash);
  2597. if (ret != 0)
  2598. ERROR_OUT(-2509, exit);
  2599. if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
  2600. ERROR_OUT(-2510, exit);
  2601. } /* END LARGE HASH TEST */
  2602. exit:
  2603. wc_Sha384Free(&sha);
  2604. wc_Sha384Free(&shaCopy);
  2605. return ret;
  2606. }
  2607. #endif /* WOLFSSL_SHA384 */
  2608. #ifdef WOLFSSL_SHA3
  2609. #ifndef WOLFSSL_NOSHA3_224
  2610. static int sha3_224_test(void)
  2611. {
  2612. wc_Sha3 sha;
  2613. byte hash[WC_SHA3_224_DIGEST_SIZE];
  2614. byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
  2615. testVector a, b, c;
  2616. testVector test_sha[3];
  2617. int ret = 0;
  2618. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2619. a.input = "";
  2620. a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
  2621. "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
  2622. a.inLen = XSTRLEN(a.input);
  2623. a.outLen = WC_SHA3_224_DIGEST_SIZE;
  2624. b.input = "abc";
  2625. b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
  2626. "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf";
  2627. b.inLen = XSTRLEN(b.input);
  2628. b.outLen = WC_SHA3_224_DIGEST_SIZE;
  2629. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2630. c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
  2631. "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33";
  2632. c.inLen = XSTRLEN(c.input);
  2633. c.outLen = WC_SHA3_224_DIGEST_SIZE;
  2634. test_sha[0] = a;
  2635. test_sha[1] = b;
  2636. test_sha[2] = c;
  2637. ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
  2638. if (ret != 0)
  2639. return -2600;
  2640. for (i = 0; i < times; ++i) {
  2641. ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
  2642. (word32)test_sha[i].inLen);
  2643. if (ret != 0)
  2644. ERROR_OUT(-2601 - i, exit);
  2645. ret = wc_Sha3_224_GetHash(&sha, hashcopy);
  2646. if (ret != 0)
  2647. ERROR_OUT(-2602 - i, exit);
  2648. ret = wc_Sha3_224_Final(&sha, hash);
  2649. if (ret != 0)
  2650. ERROR_OUT(-2603 - i, exit);
  2651. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
  2652. ERROR_OUT(-2604 - i, exit);
  2653. if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
  2654. ERROR_OUT(-2605 - i, exit);
  2655. }
  2656. /* BEGIN LARGE HASH TEST */ {
  2657. byte large_input[1024];
  2658. const char* large_digest =
  2659. "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
  2660. "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
  2661. for (i = 0; i < (int)sizeof(large_input); i++) {
  2662. large_input[i] = (byte)(i & 0xFF);
  2663. }
  2664. times = 100;
  2665. for (i = 0; i < times; ++i) {
  2666. ret = wc_Sha3_224_Update(&sha, (byte*)large_input,
  2667. (word32)sizeof(large_input));
  2668. if (ret != 0)
  2669. ERROR_OUT(-2606, exit);
  2670. }
  2671. ret = wc_Sha3_224_Final(&sha, hash);
  2672. if (ret != 0)
  2673. ERROR_OUT(-2607, exit);
  2674. if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
  2675. ERROR_OUT(-2608, exit);
  2676. } /* END LARGE HASH TEST */
  2677. exit:
  2678. wc_Sha3_224_Free(&sha);
  2679. return ret;
  2680. }
  2681. #endif /* WOLFSSL_NOSHA3_224 */
  2682. #ifndef WOLFSSL_NOSHA3_256
  2683. static int sha3_256_test(void)
  2684. {
  2685. wc_Sha3 sha;
  2686. byte hash[WC_SHA3_256_DIGEST_SIZE];
  2687. byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
  2688. testVector a, b, c;
  2689. testVector test_sha[3];
  2690. int ret = 0;
  2691. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2692. byte large_input[1024];
  2693. const char* large_digest =
  2694. "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
  2695. "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
  2696. #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
  2697. /* test vector with hash of empty string */
  2698. const char* Keccak256EmptyOut =
  2699. "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0"
  2700. "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70";
  2701. #endif
  2702. a.input = "";
  2703. a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
  2704. "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
  2705. "\x43\x4a";
  2706. a.inLen = XSTRLEN(a.input);
  2707. a.outLen = WC_SHA3_256_DIGEST_SIZE;
  2708. b.input = "abc";
  2709. b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
  2710. "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
  2711. "\x15\x32";
  2712. b.inLen = XSTRLEN(b.input);
  2713. b.outLen = WC_SHA3_256_DIGEST_SIZE;
  2714. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2715. c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
  2716. "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
  2717. "\x33\x76";
  2718. c.inLen = XSTRLEN(c.input);
  2719. c.outLen = WC_SHA3_256_DIGEST_SIZE;
  2720. test_sha[0] = a;
  2721. test_sha[1] = b;
  2722. test_sha[2] = c;
  2723. ret = wc_InitSha3_256(&sha, HEAP_HINT, devId);
  2724. if (ret != 0)
  2725. return -2700;
  2726. for (i = 0; i < times; ++i) {
  2727. ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input,
  2728. (word32)test_sha[i].inLen);
  2729. if (ret != 0)
  2730. ERROR_OUT(-2701 - i, exit);
  2731. ret = wc_Sha3_256_GetHash(&sha, hashcopy);
  2732. if (ret != 0)
  2733. ERROR_OUT(-2702 - i, exit);
  2734. ret = wc_Sha3_256_Final(&sha, hash);
  2735. if (ret != 0)
  2736. ERROR_OUT(-2703 - i, exit);
  2737. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
  2738. ERROR_OUT(-2704 - i, exit);
  2739. if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
  2740. ERROR_OUT(-2705 - i, exit);
  2741. }
  2742. /* BEGIN LARGE HASH TEST */ {
  2743. for (i = 0; i < (int)sizeof(large_input); i++) {
  2744. large_input[i] = (byte)(i & 0xFF);
  2745. }
  2746. times = 100;
  2747. for (i = 0; i < times; ++i) {
  2748. ret = wc_Sha3_256_Update(&sha, (byte*)large_input,
  2749. (word32)sizeof(large_input));
  2750. if (ret != 0)
  2751. ERROR_OUT(-2706, exit);
  2752. }
  2753. ret = wc_Sha3_256_Final(&sha, hash);
  2754. if (ret != 0)
  2755. ERROR_OUT(-2707, exit);
  2756. if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
  2757. ERROR_OUT(-2708, exit);
  2758. } /* END LARGE HASH TEST */
  2759. /* this is a software only variant of SHA3 not supported by external hardware devices */
  2760. #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
  2761. /* Test for Keccak256 */
  2762. ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
  2763. if (ret != 0) {
  2764. ERROR_OUT(-2709, exit);
  2765. }
  2766. ret = wc_Sha3_256_Update(&sha, (byte*)"", 0);
  2767. if (ret != 0) {
  2768. ERROR_OUT(-2710, exit);
  2769. }
  2770. ret = wc_Sha3_256_Final(&sha, hash);
  2771. if (ret != 0) {
  2772. ERROR_OUT(-2711, exit);
  2773. }
  2774. if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) {
  2775. ERROR_OUT(-2712, exit);
  2776. }
  2777. #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
  2778. exit:
  2779. wc_Sha3_256_Free(&sha);
  2780. return ret;
  2781. }
  2782. #endif /* WOLFSSL_NOSHA3_256 */
  2783. #ifndef WOLFSSL_NOSHA3_384
  2784. static int sha3_384_test(void)
  2785. {
  2786. wc_Sha3 sha;
  2787. byte hash[WC_SHA3_384_DIGEST_SIZE];
  2788. #ifndef NO_INTM_HASH_TEST
  2789. byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
  2790. #endif
  2791. testVector a, b, c;
  2792. testVector test_sha[3];
  2793. int ret;
  2794. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2795. a.input = "";
  2796. a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
  2797. "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
  2798. "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
  2799. "\xd5\xf0\x04";
  2800. a.inLen = XSTRLEN(a.input);
  2801. a.outLen = WC_SHA3_384_DIGEST_SIZE;
  2802. #if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT)
  2803. /* NIST test vector with a length that is a multiple of 4 */
  2804. b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
  2805. "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
  2806. b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4"
  2807. "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4"
  2808. "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14"
  2809. "\x19\x87\x22";
  2810. b.inLen = XSTRLEN(b.input);
  2811. b.outLen = WC_SHA3_384_DIGEST_SIZE;
  2812. #else
  2813. b.input = "abc";
  2814. b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
  2815. "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
  2816. "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
  2817. "\x37\x6d\x25";
  2818. b.inLen = XSTRLEN(b.input);
  2819. b.outLen = WC_SHA3_384_DIGEST_SIZE;
  2820. #endif
  2821. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2822. c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
  2823. "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
  2824. "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
  2825. "\x65\x7c\x22";
  2826. c.inLen = XSTRLEN(c.input);
  2827. c.outLen = WC_SHA3_384_DIGEST_SIZE;
  2828. #ifdef WOLFSSL_XILINX_CRYPT
  2829. test_sha[0] = b; /* hardware acc. can not handle "" string */
  2830. #else
  2831. test_sha[0] = a;
  2832. #endif
  2833. test_sha[1] = b;
  2834. test_sha[2] = c;
  2835. ret = wc_InitSha3_384(&sha, HEAP_HINT, devId);
  2836. if (ret != 0)
  2837. return -2800;
  2838. for (i = 0; i < times; ++i) {
  2839. ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input,
  2840. (word32)test_sha[i].inLen);
  2841. if (ret != 0)
  2842. ERROR_OUT(-2801 - i, exit);
  2843. #ifndef NO_INTM_HASH_TEST
  2844. ret = wc_Sha3_384_GetHash(&sha, hashcopy);
  2845. if (ret != 0)
  2846. ERROR_OUT(-2802 - i, exit);
  2847. #endif
  2848. ret = wc_Sha3_384_Final(&sha, hash);
  2849. if (ret != 0)
  2850. ERROR_OUT(-2803 - i, exit);
  2851. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
  2852. ERROR_OUT(-2804 - i, exit);
  2853. #ifndef NO_INTM_HASH_TEST
  2854. if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
  2855. ERROR_OUT(-2805 - i, exit);
  2856. #endif
  2857. }
  2858. /* BEGIN LARGE HASH TEST */ {
  2859. byte large_input[1024];
  2860. const char* large_digest =
  2861. "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
  2862. "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
  2863. "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
  2864. for (i = 0; i < (int)sizeof(large_input); i++) {
  2865. large_input[i] = (byte)(i & 0xFF);
  2866. }
  2867. times = 100;
  2868. for (i = 0; i < times; ++i) {
  2869. ret = wc_Sha3_384_Update(&sha, (byte*)large_input,
  2870. (word32)sizeof(large_input));
  2871. if (ret != 0)
  2872. ERROR_OUT(-2806, exit);
  2873. }
  2874. ret = wc_Sha3_384_Final(&sha, hash);
  2875. if (ret != 0)
  2876. ERROR_OUT(-2807, exit);
  2877. if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
  2878. ERROR_OUT(-2808, exit);
  2879. } /* END LARGE HASH TEST */
  2880. exit:
  2881. wc_Sha3_384_Free(&sha);
  2882. return ret;
  2883. }
  2884. #endif /* WOLFSSL_NOSHA3_384 */
  2885. #ifndef WOLFSSL_NOSHA3_512
  2886. static int sha3_512_test(void)
  2887. {
  2888. wc_Sha3 sha;
  2889. byte hash[WC_SHA3_512_DIGEST_SIZE];
  2890. byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
  2891. testVector a, b, c;
  2892. testVector test_sha[3];
  2893. int ret;
  2894. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2895. a.input = "";
  2896. a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
  2897. "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
  2898. "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
  2899. "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
  2900. "\x28\x1d\xcd\x26";
  2901. a.inLen = XSTRLEN(a.input);
  2902. a.outLen = WC_SHA3_512_DIGEST_SIZE;
  2903. b.input = "abc";
  2904. b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
  2905. "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
  2906. "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
  2907. "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
  2908. "\x4e\xec\x53\xf0";
  2909. b.inLen = XSTRLEN(b.input);
  2910. b.outLen = WC_SHA3_512_DIGEST_SIZE;
  2911. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2912. c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
  2913. "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
  2914. "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
  2915. "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
  2916. "\x39\xd6\xe7\x5e";
  2917. c.inLen = XSTRLEN(c.input);
  2918. c.outLen = WC_SHA3_512_DIGEST_SIZE;
  2919. test_sha[0] = a;
  2920. test_sha[1] = b;
  2921. test_sha[2] = c;
  2922. ret = wc_InitSha3_512(&sha, HEAP_HINT, devId);
  2923. if (ret != 0)
  2924. return -2900;
  2925. for (i = 0; i < times; ++i) {
  2926. ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input,
  2927. (word32)test_sha[i].inLen);
  2928. if (ret != 0)
  2929. ERROR_OUT(-2901 - i, exit);
  2930. ret = wc_Sha3_512_GetHash(&sha, hashcopy);
  2931. if (ret != 0)
  2932. ERROR_OUT(-2902 - i, exit);
  2933. ret = wc_Sha3_512_Final(&sha, hash);
  2934. if (ret != 0)
  2935. ERROR_OUT(-2903 - i, exit);
  2936. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
  2937. ERROR_OUT(-2904 - i, exit);
  2938. if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
  2939. ERROR_OUT(-2905 - i, exit);
  2940. }
  2941. /* BEGIN LARGE HASH TEST */ {
  2942. byte large_input[1024];
  2943. const char* large_digest =
  2944. "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
  2945. "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
  2946. "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
  2947. "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
  2948. for (i = 0; i < (int)sizeof(large_input); i++) {
  2949. large_input[i] = (byte)(i & 0xFF);
  2950. }
  2951. times = 100;
  2952. for (i = 0; i < times; ++i) {
  2953. ret = wc_Sha3_512_Update(&sha, (byte*)large_input,
  2954. (word32)sizeof(large_input));
  2955. if (ret != 0)
  2956. ERROR_OUT(-2906, exit);
  2957. }
  2958. ret = wc_Sha3_512_Final(&sha, hash);
  2959. if (ret != 0)
  2960. ERROR_OUT(-2907, exit);
  2961. if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
  2962. ERROR_OUT(-2908, exit);
  2963. } /* END LARGE HASH TEST */
  2964. exit:
  2965. wc_Sha3_512_Free(&sha);
  2966. return ret;
  2967. }
  2968. #endif /* WOLFSSL_NOSHA3_512 */
  2969. WOLFSSL_TEST_SUBROUTINE int sha3_test(void)
  2970. {
  2971. int ret;
  2972. (void)ret;
  2973. #ifndef WOLFSSL_NOSHA3_224
  2974. if ((ret = sha3_224_test()) != 0)
  2975. return ret;
  2976. #endif
  2977. #ifndef WOLFSSL_NOSHA3_256
  2978. if ((ret = sha3_256_test()) != 0)
  2979. return ret;
  2980. #endif
  2981. #ifndef WOLFSSL_NOSHA3_384
  2982. if ((ret = sha3_384_test()) != 0)
  2983. return ret;
  2984. #endif
  2985. #ifndef WOLFSSL_NOSHA3_512
  2986. if ((ret = sha3_512_test()) != 0)
  2987. return ret;
  2988. #endif
  2989. return 0;
  2990. }
  2991. #endif /* WOLFSSL_SHA3 */
  2992. #ifdef WOLFSSL_SHAKE256
  2993. WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
  2994. {
  2995. wc_Shake sha;
  2996. byte hash[250];
  2997. testVector a, b, c, d, e;
  2998. testVector test_sha[5];
  2999. int ret = 0;
  3000. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3001. byte large_input[1024];
  3002. const char* large_digest =
  3003. "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7"
  3004. "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f"
  3005. "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68"
  3006. "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac"
  3007. "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5"
  3008. "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
  3009. "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
  3010. "\xea\x26";
  3011. a.input = "";
  3012. a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
  3013. "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
  3014. "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
  3015. "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
  3016. "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
  3017. "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
  3018. "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
  3019. "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
  3020. a.inLen = XSTRLEN(a.input);
  3021. a.outLen = 114;
  3022. b.input = "abc";
  3023. b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
  3024. "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
  3025. "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
  3026. "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
  3027. "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
  3028. "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
  3029. "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
  3030. "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
  3031. b.inLen = XSTRLEN(b.input);
  3032. b.outLen = 114;
  3033. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  3034. c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
  3035. "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
  3036. "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
  3037. "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
  3038. "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
  3039. "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
  3040. "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
  3041. "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
  3042. c.inLen = XSTRLEN(c.input);
  3043. c.outLen = 114;
  3044. /* Taken from NIST CAVP test vectors - full rate output. */
  3045. d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
  3046. "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
  3047. "\x85\xe0";
  3048. d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
  3049. "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
  3050. "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
  3051. "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
  3052. "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
  3053. "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
  3054. "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
  3055. "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
  3056. "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
  3057. "\xc2";
  3058. d.inLen = 32;
  3059. d.outLen = 136;
  3060. /* Taken from NIST CAVP test vectors - more than one output block. */
  3061. e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
  3062. "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
  3063. "\x47\xe4";
  3064. e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
  3065. "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
  3066. "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
  3067. "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
  3068. "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
  3069. "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
  3070. "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
  3071. "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
  3072. "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
  3073. "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
  3074. "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
  3075. "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
  3076. "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
  3077. "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
  3078. "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
  3079. "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
  3080. "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
  3081. e.inLen = 32;
  3082. e.outLen = 250;
  3083. test_sha[0] = a;
  3084. test_sha[1] = b;
  3085. test_sha[2] = c;
  3086. test_sha[3] = d;
  3087. test_sha[4] = e;
  3088. ret = wc_InitShake256(&sha, HEAP_HINT, devId);
  3089. if (ret != 0)
  3090. return -3100;
  3091. for (i = 0; i < times; ++i) {
  3092. ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input,
  3093. (word32)test_sha[i].inLen);
  3094. if (ret != 0)
  3095. ERROR_OUT(-3101 - i, exit);
  3096. ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen);
  3097. if (ret != 0)
  3098. ERROR_OUT(-3102 - i, exit);
  3099. if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
  3100. ERROR_OUT(-3103 - i, exit);
  3101. }
  3102. /* BEGIN LARGE HASH TEST */ {
  3103. for (i = 0; i < (int)sizeof(large_input); i++) {
  3104. large_input[i] = (byte)(i & 0xFF);
  3105. }
  3106. times = 100;
  3107. for (i = 0; i < times; ++i) {
  3108. ret = wc_Shake256_Update(&sha, (byte*)large_input,
  3109. (word32)sizeof(large_input));
  3110. if (ret != 0)
  3111. ERROR_OUT(-3104, exit);
  3112. }
  3113. ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
  3114. if (ret != 0)
  3115. ERROR_OUT(-3105, exit);
  3116. if (XMEMCMP(hash, large_digest, 114) != 0)
  3117. ERROR_OUT(-3106, exit);
  3118. } /* END LARGE HASH TEST */
  3119. exit:
  3120. wc_Shake256_Free(&sha);
  3121. return ret;
  3122. }
  3123. #endif
  3124. #ifndef NO_HASH_WRAPPER
  3125. WOLFSSL_TEST_SUBROUTINE int hash_test(void)
  3126. {
  3127. wc_HashAlg hash;
  3128. int ret, exp_ret;
  3129. int i, j;
  3130. int digestSz;
  3131. byte data[] = "0123456789abcdef0123456789abcdef0123456";
  3132. byte out[WC_MAX_DIGEST_SIZE];
  3133. byte hashOut[WC_MAX_DIGEST_SIZE];
  3134. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  3135. enum wc_HashType hashType;
  3136. #endif
  3137. enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
  3138. WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
  3139. WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512,
  3140. WC_HASH_TYPE_SHA3_224,
  3141. WC_HASH_TYPE_SHA3_256,
  3142. WC_HASH_TYPE_SHA3_384,
  3143. WC_HASH_TYPE_SHA3_512 };
  3144. enum wc_HashType typesNoImpl[] = {
  3145. #ifdef NO_MD5
  3146. WC_HASH_TYPE_MD5,
  3147. #endif
  3148. #ifdef NO_SHA
  3149. WC_HASH_TYPE_SHA,
  3150. #endif
  3151. #ifndef WOLFSSL_SHA224
  3152. WC_HASH_TYPE_SHA224,
  3153. #endif
  3154. #ifdef NO_SHA256
  3155. WC_HASH_TYPE_SHA256,
  3156. #endif
  3157. #ifndef WOLFSSL_SHA384
  3158. WC_HASH_TYPE_SHA384,
  3159. #endif
  3160. #ifndef WOLFSSL_SHA512
  3161. WC_HASH_TYPE_SHA512,
  3162. #endif
  3163. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224)
  3164. WC_HASH_TYPE_SHA3_224,
  3165. #endif
  3166. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256)
  3167. WC_HASH_TYPE_SHA3_256,
  3168. #endif
  3169. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384)
  3170. WC_HASH_TYPE_SHA3_384,
  3171. #endif
  3172. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512)
  3173. WC_HASH_TYPE_SHA3_512,
  3174. #endif
  3175. WC_HASH_TYPE_NONE
  3176. };
  3177. enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA,
  3178. WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 };
  3179. enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4,
  3180. WC_HASH_TYPE_BLAKE2B,
  3181. WC_HASH_TYPE_NONE };
  3182. /* Parameter Validation testing. */
  3183. ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
  3184. if (ret != BAD_FUNC_ARG)
  3185. return -3200;
  3186. ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
  3187. if (ret != BAD_FUNC_ARG)
  3188. return -3201;
  3189. ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
  3190. if (ret != BAD_FUNC_ARG)
  3191. return -3202;
  3192. ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
  3193. if (ret != BAD_FUNC_ARG)
  3194. return -3203;
  3195. ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
  3196. if (ret != BAD_FUNC_ARG)
  3197. return -3204;
  3198. ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
  3199. if (ret != BAD_FUNC_ARG)
  3200. return -3205;
  3201. ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
  3202. if (ret != BAD_FUNC_ARG)
  3203. return -3206;
  3204. /* Try invalid hash algorithms. */
  3205. for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
  3206. ret = wc_HashInit(&hash, typesBad[i]);
  3207. if (ret != BAD_FUNC_ARG)
  3208. return -3207 - i;
  3209. ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
  3210. if (ret != BAD_FUNC_ARG)
  3211. return -3217 - i;
  3212. ret = wc_HashFinal(&hash, typesBad[i], out);
  3213. if (ret != BAD_FUNC_ARG)
  3214. return -3227 - i;
  3215. wc_HashFree(&hash, typesBad[i]);
  3216. }
  3217. /* Try valid hash algorithms. */
  3218. for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
  3219. exp_ret = 0;
  3220. if (typesGood[i] == typesNoImpl[j]) {
  3221. /* Recognized but no implementation compiled in. */
  3222. exp_ret = HASH_TYPE_E;
  3223. j++;
  3224. }
  3225. ret = wc_HashInit(&hash, typesGood[i]);
  3226. if (ret != exp_ret)
  3227. return -3237 - i;
  3228. ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
  3229. if (ret != exp_ret)
  3230. return -3247 - i;
  3231. ret = wc_HashFinal(&hash, typesGood[i], out);
  3232. if (ret != exp_ret)
  3233. return -3257 - i;
  3234. wc_HashFree(&hash, typesGood[i]);
  3235. digestSz = wc_HashGetDigestSize(typesGood[i]);
  3236. if (exp_ret < 0 && digestSz != exp_ret)
  3237. return -3267 - i;
  3238. if (exp_ret == 0 && digestSz < 0)
  3239. return -3277 - i;
  3240. if (exp_ret == 0) {
  3241. ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
  3242. digestSz - 1);
  3243. if (ret != BUFFER_E)
  3244. return -3287 - i;
  3245. }
  3246. ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz);
  3247. if (ret != exp_ret)
  3248. return -3297 - i;
  3249. if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
  3250. return -3307 -i;
  3251. ret = wc_HashGetBlockSize(typesGood[i]);
  3252. if (exp_ret < 0 && ret != exp_ret)
  3253. return -3308 - i;
  3254. if (exp_ret == 0 && ret < 0)
  3255. return -3318 - i;
  3256. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  3257. ret = wc_HashGetOID(typesGood[i]);
  3258. if (ret == BAD_FUNC_ARG ||
  3259. (exp_ret == 0 && ret == HASH_TYPE_E) ||
  3260. (exp_ret != 0 && ret != HASH_TYPE_E)) {
  3261. return -3328 - i;
  3262. }
  3263. hashType = wc_OidGetHash(ret);
  3264. if (exp_ret == 0 && hashType != typesGood[i])
  3265. return -3338 - i;
  3266. #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
  3267. }
  3268. for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
  3269. ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
  3270. if (ret != BAD_FUNC_ARG && ret != BUFFER_E)
  3271. return -3348 - i;
  3272. }
  3273. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  3274. ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
  3275. #ifdef WOLFSSL_MD2
  3276. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3277. return -3358;
  3278. #else
  3279. if (ret != HASH_TYPE_E)
  3280. return -3359;
  3281. #endif
  3282. hashType = wc_OidGetHash(646); /* Md2h */
  3283. #ifdef WOLFSSL_MD2
  3284. if (hashType != WC_HASH_TYPE_MD2)
  3285. return -3360;
  3286. #else
  3287. if (hashType != WC_HASH_TYPE_NONE)
  3288. return -3361;
  3289. #endif
  3290. ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
  3291. #ifndef NO_MD5
  3292. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3293. return -3362;
  3294. #else
  3295. if (ret != HASH_TYPE_E)
  3296. return -3363;
  3297. #endif
  3298. ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
  3299. if (ret != BAD_FUNC_ARG)
  3300. return -3364;
  3301. ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
  3302. if (ret != BAD_FUNC_ARG)
  3303. return -3365;
  3304. hashType = wc_OidGetHash(0);
  3305. if (hashType != WC_HASH_TYPE_NONE)
  3306. return -3366;
  3307. #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
  3308. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
  3309. #ifdef WOLFSSL_MD2
  3310. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3311. return -3367;
  3312. #else
  3313. if (ret != HASH_TYPE_E)
  3314. return -3368;
  3315. #endif
  3316. ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
  3317. #ifdef WOLFSSL_MD2
  3318. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3319. return -3369;
  3320. #else
  3321. if (ret != HASH_TYPE_E)
  3322. return -3370;
  3323. #endif
  3324. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
  3325. #ifndef NO_MD4
  3326. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3327. return -3371;
  3328. #else
  3329. if (ret != HASH_TYPE_E)
  3330. return -3372;
  3331. #endif
  3332. ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
  3333. #ifndef NO_MD4
  3334. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3335. return -3373;
  3336. #else
  3337. if (ret != HASH_TYPE_E)
  3338. return -3374;
  3339. #endif
  3340. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
  3341. #if !defined(NO_MD5) && !defined(NO_SHA)
  3342. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3343. return -3375;
  3344. #else
  3345. if (ret != HASH_TYPE_E)
  3346. return -3376;
  3347. #endif
  3348. ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
  3349. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  3350. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3351. return -3377;
  3352. #else
  3353. if (ret != HASH_TYPE_E)
  3354. return -3378;
  3355. #endif
  3356. ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
  3357. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  3358. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3359. return -3379;
  3360. #else
  3361. if (ret != HASH_TYPE_E)
  3362. return -3380;
  3363. #endif
  3364. ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
  3365. if (ret != BAD_FUNC_ARG)
  3366. return -3381;
  3367. ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
  3368. if (ret != BAD_FUNC_ARG)
  3369. return -3382;
  3370. #if !defined(NO_CERTS) && !defined(NO_ASN)
  3371. #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  3372. ret = wc_GetCTC_HashOID(MD2);
  3373. if (ret == 0)
  3374. return -3383;
  3375. #endif
  3376. #ifndef NO_MD5
  3377. ret = wc_GetCTC_HashOID(WC_MD5);
  3378. if (ret == 0)
  3379. return -3384;
  3380. #endif
  3381. #ifndef NO_SHA
  3382. ret = wc_GetCTC_HashOID(WC_SHA);
  3383. if (ret == 0)
  3384. return -3385;
  3385. #endif
  3386. #ifdef WOLFSSL_SHA224
  3387. ret = wc_GetCTC_HashOID(WC_SHA224);
  3388. if (ret == 0)
  3389. return -3386;
  3390. #endif
  3391. #ifndef NO_SHA256
  3392. ret = wc_GetCTC_HashOID(WC_SHA256);
  3393. if (ret == 0)
  3394. return -3387;
  3395. #endif
  3396. #ifdef WOLFSSL_SHA384
  3397. ret = wc_GetCTC_HashOID(WC_SHA384);
  3398. if (ret == 0)
  3399. return -3388;
  3400. #endif
  3401. #ifdef WOLFSSL_SHA512
  3402. ret = wc_GetCTC_HashOID(WC_SHA512);
  3403. if (ret == 0)
  3404. return -3389;
  3405. #endif
  3406. ret = wc_GetCTC_HashOID(-1);
  3407. if (ret != 0)
  3408. return -3390;
  3409. #endif
  3410. return 0;
  3411. }
  3412. #endif /* !NO_HASH_WRAPPER */
  3413. #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS) && \
  3414. defined(HAVE_FIPS_VERSION) && \
  3415. (HAVE_FIPS_VERSION >= 5))
  3416. WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void)
  3417. {
  3418. Hmac hmac;
  3419. byte hash[WC_MD5_DIGEST_SIZE];
  3420. const char* keys[]=
  3421. {
  3422. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
  3423. "Jefe",
  3424. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3425. };
  3426. testVector a, b, c;
  3427. testVector test_hmac[3];
  3428. int ret;
  3429. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3430. a.input = "Hi There";
  3431. a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
  3432. "\x9d";
  3433. a.inLen = XSTRLEN(a.input);
  3434. a.outLen = WC_MD5_DIGEST_SIZE;
  3435. b.input = "what do ya want for nothing?";
  3436. b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
  3437. "\x38";
  3438. b.inLen = XSTRLEN(b.input);
  3439. b.outLen = WC_MD5_DIGEST_SIZE;
  3440. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3441. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3442. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3443. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3444. c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
  3445. "\xf6";
  3446. c.inLen = XSTRLEN(c.input);
  3447. c.outLen = WC_MD5_DIGEST_SIZE;
  3448. test_hmac[0] = a;
  3449. test_hmac[1] = b;
  3450. test_hmac[2] = c;
  3451. for (i = 0; i < times; ++i) {
  3452. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  3453. if (i == 1) {
  3454. continue; /* cavium can't handle short keys, fips not allowed */
  3455. }
  3456. #endif
  3457. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) {
  3458. return -3400;
  3459. }
  3460. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
  3461. (word32)XSTRLEN(keys[i]));
  3462. if (ret != 0)
  3463. return -3401;
  3464. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3465. (word32)test_hmac[i].inLen);
  3466. if (ret != 0)
  3467. return -3402;
  3468. ret = wc_HmacFinal(&hmac, hash);
  3469. if (ret != 0)
  3470. return -3403;
  3471. if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
  3472. return -3404 - i;
  3473. wc_HmacFree(&hmac);
  3474. }
  3475. #ifndef HAVE_FIPS
  3476. if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE)
  3477. return -3414;
  3478. #endif
  3479. return 0;
  3480. }
  3481. #endif /* !NO_HMAC && !NO_MD5 && (!HAVE_FIPS || (HAVE_FIPS_VERSION < 5)) */
  3482. #if !defined(NO_HMAC) && !defined(NO_SHA)
  3483. WOLFSSL_TEST_SUBROUTINE int hmac_sha_test(void)
  3484. {
  3485. Hmac hmac;
  3486. byte hash[WC_SHA_DIGEST_SIZE];
  3487. const char* keys[]=
  3488. {
  3489. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3490. "\x0b\x0b\x0b",
  3491. "Jefe",
  3492. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3493. "\xAA\xAA\xAA"
  3494. };
  3495. testVector a, b, c;
  3496. testVector test_hmac[3];
  3497. int ret;
  3498. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3499. a.input = "Hi There";
  3500. a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
  3501. "\x8e\xf1\x46\xbe\x00";
  3502. a.inLen = XSTRLEN(a.input);
  3503. a.outLen = WC_SHA_DIGEST_SIZE;
  3504. b.input = "what do ya want for nothing?";
  3505. b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
  3506. "\x9c\x25\x9a\x7c\x79";
  3507. b.inLen = XSTRLEN(b.input);
  3508. b.outLen = WC_SHA_DIGEST_SIZE;
  3509. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3510. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3511. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3512. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3513. c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
  3514. "\x4f\x63\xf1\x75\xd3";
  3515. c.inLen = XSTRLEN(c.input);
  3516. c.outLen = WC_SHA_DIGEST_SIZE;
  3517. test_hmac[0] = a;
  3518. test_hmac[1] = b;
  3519. test_hmac[2] = c;
  3520. for (i = 0; i < times; ++i) {
  3521. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  3522. if (i == 1)
  3523. continue; /* cavium can't handle short keys, fips not allowed */
  3524. #endif
  3525. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3526. return -3500;
  3527. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
  3528. (word32)XSTRLEN(keys[i]));
  3529. if (ret != 0)
  3530. return -3501;
  3531. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3532. (word32)test_hmac[i].inLen);
  3533. if (ret != 0)
  3534. return -3502;
  3535. ret = wc_HmacFinal(&hmac, hash);
  3536. if (ret != 0)
  3537. return -3503;
  3538. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
  3539. return -3504 - i;
  3540. wc_HmacFree(&hmac);
  3541. }
  3542. #ifndef HAVE_FIPS
  3543. if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE)
  3544. return -3514;
  3545. #endif
  3546. return 0;
  3547. }
  3548. #endif
  3549. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  3550. WOLFSSL_TEST_SUBROUTINE int hmac_sha224_test(void)
  3551. {
  3552. Hmac hmac;
  3553. byte hash[WC_SHA224_DIGEST_SIZE];
  3554. const char* keys[]=
  3555. {
  3556. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3557. "\x0b\x0b\x0b",
  3558. "Jefe",
  3559. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3560. "\xAA\xAA\xAA",
  3561. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3562. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3563. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3564. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3565. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3566. };
  3567. testVector a, b, c, d;
  3568. testVector test_hmac[4];
  3569. int ret;
  3570. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3571. a.input = "Hi There";
  3572. a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
  3573. "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
  3574. a.inLen = XSTRLEN(a.input);
  3575. a.outLen = WC_SHA224_DIGEST_SIZE;
  3576. b.input = "what do ya want for nothing?";
  3577. b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
  3578. "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
  3579. b.inLen = XSTRLEN(b.input);
  3580. b.outLen = WC_SHA224_DIGEST_SIZE;
  3581. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3582. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3583. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3584. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3585. c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
  3586. "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
  3587. c.inLen = XSTRLEN(c.input);
  3588. c.outLen = WC_SHA224_DIGEST_SIZE;
  3589. d.input = "Big Key Input";
  3590. d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1"
  3591. "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a";
  3592. d.inLen = XSTRLEN(d.input);
  3593. d.outLen = WC_SHA224_DIGEST_SIZE;
  3594. test_hmac[0] = a;
  3595. test_hmac[1] = b;
  3596. test_hmac[2] = c;
  3597. test_hmac[3] = d;
  3598. for (i = 0; i < times; ++i) {
  3599. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  3600. if (i == 1)
  3601. continue; /* cavium can't handle short keys, fips not allowed */
  3602. #endif
  3603. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3604. return -3600;
  3605. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
  3606. (word32)XSTRLEN(keys[i]));
  3607. if (ret != 0)
  3608. return -3601;
  3609. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3610. (word32)test_hmac[i].inLen);
  3611. if (ret != 0)
  3612. return -3602;
  3613. ret = wc_HmacFinal(&hmac, hash);
  3614. if (ret != 0)
  3615. return -3603;
  3616. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
  3617. return -3604 - i;
  3618. wc_HmacFree(&hmac);
  3619. }
  3620. #ifndef HAVE_FIPS
  3621. if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE)
  3622. return -3614;
  3623. #endif
  3624. return 0;
  3625. }
  3626. #endif
  3627. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  3628. WOLFSSL_TEST_SUBROUTINE int hmac_sha256_test(void)
  3629. {
  3630. Hmac hmac;
  3631. byte hash[WC_SHA256_DIGEST_SIZE];
  3632. const char* keys[]=
  3633. {
  3634. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3635. "\x0b\x0b\x0b",
  3636. "Jefe",
  3637. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3638. "\xAA\xAA\xAA",
  3639. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3640. "\xAA\xAA\xAA",
  3641. };
  3642. testVector a, b, c, d;
  3643. testVector test_hmac[4];
  3644. int ret;
  3645. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3646. a.input = "Hi There";
  3647. a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
  3648. "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
  3649. "\xcf\xf7";
  3650. a.inLen = XSTRLEN(a.input);
  3651. a.outLen = WC_SHA256_DIGEST_SIZE;
  3652. b.input = "what do ya want for nothing?";
  3653. b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
  3654. "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
  3655. "\x38\x43";
  3656. b.inLen = XSTRLEN(b.input);
  3657. b.outLen = WC_SHA256_DIGEST_SIZE;
  3658. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3659. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3660. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3661. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3662. c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
  3663. "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
  3664. "\x65\xfe";
  3665. c.inLen = XSTRLEN(c.input);
  3666. c.outLen = WC_SHA256_DIGEST_SIZE;
  3667. d.input = 0;
  3668. d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
  3669. "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
  3670. "\x3e\x46";
  3671. d.inLen = 0;
  3672. d.outLen = WC_SHA256_DIGEST_SIZE;
  3673. test_hmac[0] = a;
  3674. test_hmac[1] = b;
  3675. test_hmac[2] = c;
  3676. test_hmac[3] = d;
  3677. for (i = 0; i < times; ++i) {
  3678. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  3679. if (i == 1)
  3680. continue; /* cavium can't handle short keys, fips not allowed */
  3681. #endif
  3682. #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
  3683. if (i == 3)
  3684. continue; /* QuickAssist can't handle empty HMAC */
  3685. #endif
  3686. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3687. return -3700 - i;
  3688. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
  3689. (word32)XSTRLEN(keys[i]));
  3690. if (ret != 0)
  3691. return -3710 - i;
  3692. if (test_hmac[i].input != NULL) {
  3693. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3694. (word32)test_hmac[i].inLen);
  3695. if (ret != 0)
  3696. return -3720 - i;
  3697. }
  3698. ret = wc_HmacFinal(&hmac, hash);
  3699. if (ret != 0)
  3700. return -3730 - i;
  3701. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
  3702. return -3740 - i;
  3703. wc_HmacFree(&hmac);
  3704. }
  3705. #ifndef HAVE_FIPS
  3706. if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE)
  3707. return -3750;
  3708. if (wc_HmacSizeByType(20) != BAD_FUNC_ARG)
  3709. return -3751;
  3710. #endif
  3711. if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE)
  3712. return -3752;
  3713. return 0;
  3714. }
  3715. #endif
  3716. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  3717. WOLFSSL_TEST_SUBROUTINE int hmac_sha384_test(void)
  3718. {
  3719. Hmac hmac;
  3720. byte hash[WC_SHA384_DIGEST_SIZE];
  3721. const char* keys[]=
  3722. {
  3723. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3724. "\x0b\x0b\x0b",
  3725. "Jefe",
  3726. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3727. "\xAA\xAA\xAA",
  3728. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3729. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3730. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3731. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3732. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3733. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3734. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3735. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3736. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3737. };
  3738. testVector a, b, c, d;
  3739. testVector test_hmac[4];
  3740. int ret;
  3741. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3742. a.input = "Hi There";
  3743. a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
  3744. "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
  3745. "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
  3746. "\xfa\x9c\xb6";
  3747. a.inLen = XSTRLEN(a.input);
  3748. a.outLen = WC_SHA384_DIGEST_SIZE;
  3749. b.input = "what do ya want for nothing?";
  3750. b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
  3751. "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
  3752. "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
  3753. "\xb2\x16\x49";
  3754. b.inLen = XSTRLEN(b.input);
  3755. b.outLen = WC_SHA384_DIGEST_SIZE;
  3756. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3757. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3758. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3759. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3760. c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
  3761. "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
  3762. "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
  3763. "\xa3\x4f\x27";
  3764. c.inLen = XSTRLEN(c.input);
  3765. c.outLen = WC_SHA384_DIGEST_SIZE;
  3766. d.input = "Big Key Input";
  3767. d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b"
  3768. "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54"
  3769. "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a"
  3770. "\x57\x41\x69";
  3771. d.inLen = XSTRLEN(d.input);
  3772. d.outLen = WC_SHA384_DIGEST_SIZE;
  3773. test_hmac[0] = a;
  3774. test_hmac[1] = b;
  3775. test_hmac[2] = c;
  3776. test_hmac[3] = d;
  3777. for (i = 0; i < times; ++i) {
  3778. #if defined(HAVE_FIPS)
  3779. if (i == 1)
  3780. continue; /* fips not allowed */
  3781. #endif
  3782. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3783. return -3800;
  3784. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
  3785. (word32)XSTRLEN(keys[i]));
  3786. if (ret != 0)
  3787. return -3801;
  3788. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3789. (word32)test_hmac[i].inLen);
  3790. if (ret != 0)
  3791. return -3802;
  3792. ret = wc_HmacFinal(&hmac, hash);
  3793. if (ret != 0)
  3794. return -3803;
  3795. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
  3796. return -3804 - i;
  3797. wc_HmacFree(&hmac);
  3798. }
  3799. #ifndef HAVE_FIPS
  3800. if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE)
  3801. return -3814;
  3802. #endif
  3803. return 0;
  3804. }
  3805. #endif
  3806. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
  3807. WOLFSSL_TEST_SUBROUTINE int hmac_sha512_test(void)
  3808. {
  3809. Hmac hmac;
  3810. byte hash[WC_SHA512_DIGEST_SIZE];
  3811. const char* keys[]=
  3812. {
  3813. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3814. "\x0b\x0b\x0b",
  3815. "Jefe",
  3816. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3817. "\xAA\xAA\xAA",
  3818. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3819. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3820. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3821. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3822. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3823. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3824. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3825. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3826. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3827. };
  3828. testVector a, b, c, d;
  3829. testVector test_hmac[4];
  3830. int ret;
  3831. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3832. a.input = "Hi There";
  3833. a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
  3834. "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
  3835. "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
  3836. "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
  3837. "\x3a\x12\x68\x54";
  3838. a.inLen = XSTRLEN(a.input);
  3839. a.outLen = WC_SHA512_DIGEST_SIZE;
  3840. b.input = "what do ya want for nothing?";
  3841. b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
  3842. "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
  3843. "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
  3844. "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
  3845. "\x38\xbc\xe7\x37";
  3846. b.inLen = XSTRLEN(b.input);
  3847. b.outLen = WC_SHA512_DIGEST_SIZE;
  3848. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3849. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3850. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3851. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3852. c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
  3853. "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
  3854. "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
  3855. "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
  3856. "\xe1\x32\x92\xfb";
  3857. c.inLen = XSTRLEN(c.input);
  3858. c.outLen = WC_SHA512_DIGEST_SIZE;
  3859. d.input = "Big Key Input";
  3860. d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb"
  3861. "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27"
  3862. "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30"
  3863. "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b"
  3864. "\x1e\x18\xfe\xfa";
  3865. d.inLen = XSTRLEN(d.input);
  3866. d.outLen = WC_SHA512_DIGEST_SIZE;
  3867. test_hmac[0] = a;
  3868. test_hmac[1] = b;
  3869. test_hmac[2] = c;
  3870. test_hmac[3] = d;
  3871. for (i = 0; i < times; ++i) {
  3872. #if defined(HAVE_FIPS)
  3873. if (i == 1)
  3874. continue; /* fips not allowed */
  3875. #endif
  3876. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3877. return -3900;
  3878. ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
  3879. (word32)XSTRLEN(keys[i]));
  3880. if (ret != 0)
  3881. return -3901;
  3882. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3883. (word32)test_hmac[i].inLen);
  3884. if (ret != 0)
  3885. return -3902;
  3886. ret = wc_HmacFinal(&hmac, hash);
  3887. if (ret != 0)
  3888. return -3903;
  3889. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
  3890. return -3904 - i;
  3891. wc_HmacFree(&hmac);
  3892. }
  3893. #ifndef HAVE_FIPS
  3894. if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE)
  3895. return -3914;
  3896. #endif
  3897. return 0;
  3898. }
  3899. #endif
  3900. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
  3901. !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
  3902. !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
  3903. WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void)
  3904. {
  3905. Hmac hmac;
  3906. byte hash[WC_SHA3_512_DIGEST_SIZE];
  3907. const char* key[4] =
  3908. {
  3909. "Jefe",
  3910. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3911. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
  3912. "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
  3913. "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
  3914. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3915. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3916. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3917. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3918. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3919. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3920. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3921. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3922. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3923. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3924. };
  3925. const char* input[4] =
  3926. {
  3927. "what do ya want for nothing?",
  3928. "Hi There",
  3929. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  3930. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  3931. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  3932. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  3933. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
  3934. "Big Key Input"
  3935. };
  3936. const int hashType[4] =
  3937. {
  3938. WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
  3939. };
  3940. const int hashSz[4] =
  3941. {
  3942. WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
  3943. WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
  3944. };
  3945. const char* output[16] =
  3946. {
  3947. /* key = jefe, input = what do ya want for nothing? */
  3948. /* HMAC-SHA3-224 */
  3949. "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
  3950. "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
  3951. /* HMAC-SHA3-256 */
  3952. "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
  3953. "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
  3954. /* HMAC-SHA3-384 */
  3955. "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
  3956. "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
  3957. "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
  3958. /* HMAC-SHA3-512 */
  3959. "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
  3960. "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
  3961. "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
  3962. "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
  3963. /* key = 0b..., input = Hi There */
  3964. /* HMAC-SHA3-224 */
  3965. "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
  3966. "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
  3967. /* HMAC-SHA3-256 */
  3968. "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
  3969. "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
  3970. /* HMAC-SHA3-384 */
  3971. "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
  3972. "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
  3973. "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
  3974. /* HMAC-SHA3-512 */
  3975. "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
  3976. "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
  3977. "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
  3978. "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
  3979. /* key = aa..., output = dd... */
  3980. /* HMAC-SHA3-224 */
  3981. "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
  3982. "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
  3983. /* HMAC-SHA3-256 */
  3984. "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
  3985. "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
  3986. /* HMAC-SHA3-384 */
  3987. "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
  3988. "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
  3989. "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
  3990. /* HMAC-SHA3-512 */
  3991. "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
  3992. "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
  3993. "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
  3994. "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
  3995. /* key = big key, input = Big Key Input */
  3996. /* HMAC-SHA3-224 */
  3997. "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
  3998. "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
  3999. /* HMAC-SHA3-256 */
  4000. "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
  4001. "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
  4002. /* HMAC-SHA3-384 */
  4003. "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
  4004. "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
  4005. "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
  4006. /* HMAC-SHA3-512 */
  4007. "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
  4008. "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
  4009. "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
  4010. "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
  4011. };
  4012. int i = 0, iMax = sizeof(input) / sizeof(input[0]),
  4013. j, jMax = sizeof(hashType) / sizeof(hashType[0]),
  4014. ret;
  4015. #ifdef HAVE_FIPS
  4016. /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
  4017. * short. Skip it in FIPS builds. */
  4018. i = 1;
  4019. #endif
  4020. for (; i < iMax; i++) {
  4021. for (j = 0; j < jMax; j++) {
  4022. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  4023. return -4000;
  4024. ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
  4025. (word32)XSTRLEN(key[i]));
  4026. if (ret != 0)
  4027. return -4001;
  4028. ret = wc_HmacUpdate(&hmac, (byte*)input[i],
  4029. (word32)XSTRLEN(input[i]));
  4030. if (ret != 0)
  4031. return -4002;
  4032. ret = wc_HmacFinal(&hmac, hash);
  4033. if (ret != 0)
  4034. return -4003;
  4035. if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0)
  4036. return -4004;
  4037. wc_HmacFree(&hmac);
  4038. if (i > 0)
  4039. continue;
  4040. #ifndef HAVE_FIPS
  4041. ret = wc_HmacSizeByType(hashType[j]);
  4042. if (ret != hashSz[j])
  4043. return -4005;
  4044. #endif
  4045. }
  4046. }
  4047. return 0;
  4048. }
  4049. #endif
  4050. #ifdef WC_RC2
  4051. typedef struct rc2TestVector {
  4052. const char* input;
  4053. const char* output;
  4054. const char* key; /* Key, variable up to 128 bytes */
  4055. const char* iv; /* IV, 8-bytes */
  4056. int inLen;
  4057. int outLen;
  4058. int keyLen;
  4059. int effectiveKeyBits; /* Up to 1024 bits supported */
  4060. } rc2TestVector;
  4061. static int rc2_ecb_test(void)
  4062. {
  4063. int ret = 0;
  4064. byte cipher[RC2_BLOCK_SIZE];
  4065. byte plain[RC2_BLOCK_SIZE];
  4066. rc2TestVector a, b, c, d, e, f, g, h;
  4067. rc2TestVector test_rc2[8];
  4068. int times = sizeof(test_rc2) / sizeof(rc2TestVector), i;
  4069. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4070. a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff";
  4071. a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4072. a.inLen = RC2_BLOCK_SIZE;
  4073. a.outLen = RC2_BLOCK_SIZE;
  4074. a.keyLen = 8;
  4075. a.effectiveKeyBits = 63;
  4076. b.input = "\xff\xff\xff\xff\xff\xff\xff\xff";
  4077. b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49";
  4078. b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
  4079. b.inLen = RC2_BLOCK_SIZE;
  4080. b.outLen = RC2_BLOCK_SIZE;
  4081. b.keyLen = 8;
  4082. b.effectiveKeyBits = 64;
  4083. c.input = "\x10\x00\x00\x00\x00\x00\x00\x01";
  4084. c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
  4085. c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
  4086. c.inLen = RC2_BLOCK_SIZE;
  4087. c.outLen = RC2_BLOCK_SIZE;
  4088. c.keyLen = 8;
  4089. c.effectiveKeyBits = 64;
  4090. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4091. d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0";
  4092. d.key = "\x88";
  4093. d.inLen = RC2_BLOCK_SIZE;
  4094. d.outLen = RC2_BLOCK_SIZE;
  4095. d.keyLen = 1;
  4096. d.effectiveKeyBits = 64;
  4097. e.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4098. e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f";
  4099. e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
  4100. e.inLen = RC2_BLOCK_SIZE;
  4101. e.outLen = RC2_BLOCK_SIZE;
  4102. e.keyLen = 7;
  4103. e.effectiveKeyBits = 64;
  4104. f.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4105. f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1";
  4106. f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4107. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  4108. f.inLen = RC2_BLOCK_SIZE;
  4109. f.outLen = RC2_BLOCK_SIZE;
  4110. f.keyLen = 16;
  4111. f.effectiveKeyBits = 64;
  4112. g.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4113. g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6";
  4114. g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4115. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  4116. g.inLen = RC2_BLOCK_SIZE;
  4117. g.outLen = RC2_BLOCK_SIZE;
  4118. g.keyLen = 16;
  4119. g.effectiveKeyBits = 128;
  4120. h.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4121. h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1";
  4122. h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4123. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
  4124. "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
  4125. "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
  4126. "\x1e";
  4127. h.inLen = RC2_BLOCK_SIZE;
  4128. h.outLen = RC2_BLOCK_SIZE;
  4129. h.keyLen = 33;
  4130. h.effectiveKeyBits = 129;
  4131. a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL;
  4132. test_rc2[0] = a;
  4133. test_rc2[1] = b;
  4134. test_rc2[2] = c;
  4135. test_rc2[3] = d;
  4136. test_rc2[4] = e;
  4137. test_rc2[5] = f;
  4138. test_rc2[6] = g;
  4139. test_rc2[7] = h;
  4140. for (i = 0; i < times; ++i) {
  4141. Rc2 enc;
  4142. XMEMSET(cipher, 0, RC2_BLOCK_SIZE);
  4143. XMEMSET(plain, 0, RC2_BLOCK_SIZE);
  4144. ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen,
  4145. NULL, test_rc2[i].effectiveKeyBits);
  4146. if (ret != 0) {
  4147. return -4100;
  4148. }
  4149. /* ECB encrypt */
  4150. ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input,
  4151. (word32)test_rc2[i].outLen);
  4152. if (ret != 0) {
  4153. return -4101;
  4154. }
  4155. if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) {
  4156. return -4102;
  4157. }
  4158. /* ECB decrypt */
  4159. ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE);
  4160. if (ret != 0) {
  4161. return -4103;
  4162. }
  4163. if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) {
  4164. return -4104;
  4165. }
  4166. }
  4167. return 0;
  4168. }
  4169. static int rc2_cbc_test(void)
  4170. {
  4171. int ret = 0;
  4172. byte cipher[128];
  4173. byte plain[128];
  4174. rc2TestVector a, b, c, d, e, f, g, h, i;
  4175. rc2TestVector test_rc2[9];
  4176. int times = sizeof(test_rc2) / sizeof(rc2TestVector), j;
  4177. /* key length = 7, effective key bits = 63 */
  4178. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4179. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4180. a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF"
  4181. "\xF0\x51\x77\x8B\x65\xDB\x13\x57";
  4182. a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4183. a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4184. a.inLen = RC2_BLOCK_SIZE*2;
  4185. a.outLen = RC2_BLOCK_SIZE*2;
  4186. a.keyLen = 8;
  4187. a.effectiveKeyBits = 63;
  4188. /* key length = 8, effective key bits = 64, all 0xFF */
  4189. b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
  4190. "\xff\xff\xff\xff\xff\xff\xff\xff";
  4191. b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD"
  4192. "\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F";
  4193. b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
  4194. b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff";
  4195. b.inLen = RC2_BLOCK_SIZE*2;
  4196. b.outLen = RC2_BLOCK_SIZE*2;
  4197. b.keyLen = 8;
  4198. b.effectiveKeyBits = 64;
  4199. /* key length = 8, effective key bits = 64 */
  4200. c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
  4201. "\x10\x00\x00\x00\x00\x00\x00\x01";
  4202. c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
  4203. "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
  4204. c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
  4205. c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00";
  4206. c.inLen = RC2_BLOCK_SIZE*2;
  4207. c.outLen = RC2_BLOCK_SIZE*2;
  4208. c.keyLen = 8;
  4209. c.effectiveKeyBits = 64;
  4210. /* key length = 1, effective key bits = 64 */
  4211. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4212. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4213. d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0"
  4214. "\x6D\x19\xE8\xF1\xFC\xE7\x38\x87";
  4215. d.key = "\x88";
  4216. d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4217. d.inLen = RC2_BLOCK_SIZE*2;
  4218. d.outLen = RC2_BLOCK_SIZE*2;
  4219. d.keyLen = 1;
  4220. d.effectiveKeyBits = 64;
  4221. /* key length = 7, effective key bits = 64 */
  4222. e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4223. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4224. e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F"
  4225. "\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B";
  4226. e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
  4227. e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4228. e.inLen = RC2_BLOCK_SIZE*2;
  4229. e.outLen = RC2_BLOCK_SIZE*2;
  4230. e.keyLen = 7;
  4231. e.effectiveKeyBits = 64;
  4232. /* key length = 16, effective key bits = 64 */
  4233. f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4234. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4235. f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1"
  4236. "\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA";
  4237. f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4238. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  4239. f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4240. f.inLen = RC2_BLOCK_SIZE*2;
  4241. f.outLen = RC2_BLOCK_SIZE*2;
  4242. f.keyLen = 16;
  4243. f.effectiveKeyBits = 64;
  4244. /* key length = 16, effective bits = 128 */
  4245. g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4246. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4247. g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6"
  4248. "\x53\x6E\xFD\x2D\x89\xE1\x2A\x73";
  4249. g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4250. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  4251. g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4252. g.inLen = RC2_BLOCK_SIZE*2;
  4253. g.outLen = RC2_BLOCK_SIZE*2;
  4254. g.keyLen = 16;
  4255. g.effectiveKeyBits = 128;
  4256. /* key length = 33, effective bits = 129 */
  4257. h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4258. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4259. h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1"
  4260. "\x45\x30\xA8\xD5\xC7\x7C\x46\x19";
  4261. h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4262. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
  4263. "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
  4264. "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
  4265. "\x1e";
  4266. h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4267. h.inLen = RC2_BLOCK_SIZE*2;
  4268. h.outLen = RC2_BLOCK_SIZE*2;
  4269. h.keyLen = 33;
  4270. h.effectiveKeyBits = 129;
  4271. /* key length = 10, effective bits = 40 */
  4272. i.input = "\x11\x22\x33\x44\x55\x66\x77\x88"
  4273. "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"
  4274. "\x11\x22\x33\x44\x55\x66\x77\x88"
  4275. "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00";
  4276. i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F"
  4277. "\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB"
  4278. "\xB2\x6E\x0D\xA4\x72\xBC\x31\x51"
  4279. "\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D";
  4280. i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8"
  4281. "\x3E\x96";
  4282. i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08";
  4283. i.inLen = RC2_BLOCK_SIZE*4;
  4284. i.outLen = RC2_BLOCK_SIZE*4;
  4285. i.keyLen = 10;
  4286. i.effectiveKeyBits = 40;
  4287. test_rc2[0] = a;
  4288. test_rc2[1] = b;
  4289. test_rc2[2] = c;
  4290. test_rc2[3] = d;
  4291. test_rc2[4] = e;
  4292. test_rc2[5] = f;
  4293. test_rc2[6] = g;
  4294. test_rc2[7] = h;
  4295. test_rc2[8] = i;
  4296. for (j = 0; j < times; ++j) {
  4297. Rc2 rc2;
  4298. XMEMSET(cipher, 0, sizeof(cipher));
  4299. XMEMSET(plain, 0, sizeof(plain));
  4300. ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen,
  4301. (byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits);
  4302. if (ret != 0) {
  4303. return -4200;
  4304. }
  4305. ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input,
  4306. test_rc2[j].inLen);
  4307. if (ret != 0) {
  4308. return -4201;
  4309. }
  4310. if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) {
  4311. return -4202;
  4312. }
  4313. /* reset IV for decrypt, since overriden by encrypt operation */
  4314. ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv);
  4315. if (ret != 0) {
  4316. return -4203;
  4317. }
  4318. ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen);
  4319. if (ret != 0) {
  4320. return -4204;
  4321. }
  4322. if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) {
  4323. return -4205;
  4324. }
  4325. }
  4326. return 0;
  4327. }
  4328. WOLFSSL_TEST_SUBROUTINE int rc2_test(void)
  4329. {
  4330. int ret = 0;
  4331. ret = rc2_ecb_test();
  4332. if (ret != 0) {
  4333. return ret;
  4334. }
  4335. return rc2_cbc_test();
  4336. }
  4337. #endif
  4338. #ifndef NO_RC4
  4339. WOLFSSL_TEST_SUBROUTINE int arc4_test(void)
  4340. {
  4341. byte cipher[16];
  4342. byte plain[16];
  4343. const char* keys[] =
  4344. {
  4345. "\x01\x23\x45\x67\x89\xab\xcd\xef",
  4346. "\x01\x23\x45\x67\x89\xab\xcd\xef",
  4347. "\x00\x00\x00\x00\x00\x00\x00\x00",
  4348. "\xef\x01\x23\x45"
  4349. };
  4350. testVector a, b, c, d;
  4351. testVector test_arc4[4];
  4352. int times = sizeof(test_arc4) / sizeof(testVector), i;
  4353. a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  4354. a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
  4355. a.inLen = 8;
  4356. a.outLen = 8;
  4357. b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4358. b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
  4359. b.inLen = 8;
  4360. b.outLen = 8;
  4361. c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4362. c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
  4363. c.inLen = 8;
  4364. c.outLen = 8;
  4365. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
  4366. d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
  4367. d.inLen = 10;
  4368. d.outLen = 10;
  4369. test_arc4[0] = a;
  4370. test_arc4[1] = b;
  4371. test_arc4[2] = c;
  4372. test_arc4[3] = d;
  4373. for (i = 0; i < times; ++i) {
  4374. Arc4 enc;
  4375. Arc4 dec;
  4376. int keylen = 8; /* XSTRLEN with key 0x00 not good */
  4377. if (i == 3)
  4378. keylen = 4;
  4379. if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0)
  4380. return -4400;
  4381. if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0)
  4382. return -4401;
  4383. wc_Arc4SetKey(&enc, (byte*)keys[i], keylen);
  4384. wc_Arc4SetKey(&dec, (byte*)keys[i], keylen);
  4385. wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
  4386. (word32)test_arc4[i].outLen);
  4387. wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
  4388. if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
  4389. return -4402 - i;
  4390. if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
  4391. return -4412 - i;
  4392. wc_Arc4Free(&enc);
  4393. wc_Arc4Free(&dec);
  4394. }
  4395. return 0;
  4396. }
  4397. #endif
  4398. WOLFSSL_TEST_SUBROUTINE int hc128_test(void)
  4399. {
  4400. #ifdef HAVE_HC128
  4401. byte cipher[16];
  4402. byte plain[16];
  4403. const char* keys[] =
  4404. {
  4405. "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4406. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4407. "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
  4408. "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
  4409. };
  4410. const char* ivs[] =
  4411. {
  4412. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4413. "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4414. "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16",
  4415. "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31"
  4416. };
  4417. testVector a, b, c, d;
  4418. testVector test_hc128[4];
  4419. int times = sizeof(test_hc128) / sizeof(testVector), i;
  4420. int ret = 0;
  4421. #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
  4422. HC128 enc[1], dec[1];
  4423. #else
  4424. HC128 *enc = (HC128 *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4425. HC128 *dec = (HC128 *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4426. if ((! enc) || (! dec)) {
  4427. ERROR_OUT(-4500, out);
  4428. }
  4429. #endif
  4430. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4431. a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48";
  4432. a.inLen = 8;
  4433. a.outLen = 8;
  4434. b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4435. b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F";
  4436. b.inLen = 8;
  4437. b.outLen = 8;
  4438. c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4439. c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A";
  4440. c.inLen = 8;
  4441. c.outLen = 8;
  4442. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
  4443. d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29";
  4444. d.inLen = 15;
  4445. d.outLen = 15;
  4446. test_hc128[0] = a;
  4447. test_hc128[1] = b;
  4448. test_hc128[2] = c;
  4449. test_hc128[3] = d;
  4450. for (i = 0; i < times; ++i) {
  4451. /* align keys/ivs in plain/cipher buffers */
  4452. XMEMCPY(plain, keys[i], 16);
  4453. XMEMCPY(cipher, ivs[i], 16);
  4454. wc_Hc128_SetKey(enc, plain, cipher);
  4455. wc_Hc128_SetKey(dec, plain, cipher);
  4456. /* align input */
  4457. XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen);
  4458. if (wc_Hc128_Process(enc, cipher, plain,
  4459. (word32)test_hc128[i].outLen) != 0) {
  4460. ret = -4501;
  4461. goto out;
  4462. }
  4463. if (wc_Hc128_Process(dec, plain, cipher,
  4464. (word32)test_hc128[i].outLen) != 0) {
  4465. ret = -4502;
  4466. goto out;
  4467. }
  4468. if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen)) {
  4469. ret = -4503 - i;
  4470. goto out;
  4471. }
  4472. if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen)) {
  4473. ret = -4513 - i;
  4474. goto out;
  4475. }
  4476. }
  4477. out:
  4478. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  4479. if (enc)
  4480. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4481. if (dec)
  4482. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4483. #endif
  4484. return ret;
  4485. #else
  4486. return 0;
  4487. #endif /* HAVE_HC128 */
  4488. }
  4489. #ifndef NO_RABBIT
  4490. WOLFSSL_TEST_SUBROUTINE int rabbit_test(void)
  4491. {
  4492. byte cipher[16];
  4493. byte plain[16];
  4494. const char* keys[] =
  4495. {
  4496. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4497. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4498. "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
  4499. };
  4500. const char* ivs[] =
  4501. {
  4502. "\x00\x00\x00\x00\x00\x00\x00\x00",
  4503. "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
  4504. 0
  4505. };
  4506. testVector a, b, c;
  4507. testVector test_rabbit[3];
  4508. int times = sizeof(test_rabbit) / sizeof(testVector), i;
  4509. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4510. a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C";
  4511. a.inLen = 8;
  4512. a.outLen = 8;
  4513. b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4514. b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0";
  4515. b.inLen = 8;
  4516. b.outLen = 8;
  4517. c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4518. c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77";
  4519. c.inLen = 8;
  4520. c.outLen = 8;
  4521. test_rabbit[0] = a;
  4522. test_rabbit[1] = b;
  4523. test_rabbit[2] = c;
  4524. for (i = 0; i < times; ++i) {
  4525. Rabbit enc;
  4526. Rabbit dec;
  4527. byte* iv;
  4528. /* align keys/ivs in plain/cipher buffers */
  4529. XMEMCPY(plain, keys[i], 16);
  4530. if (ivs[i]) {
  4531. XMEMCPY(cipher, ivs[i], 8);
  4532. iv = cipher;
  4533. } else
  4534. iv = NULL;
  4535. wc_RabbitSetKey(&enc, plain, iv);
  4536. wc_RabbitSetKey(&dec, plain, iv);
  4537. /* align input */
  4538. XMEMCPY(plain, test_rabbit[i].input, test_rabbit[i].outLen);
  4539. wc_RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen);
  4540. wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen);
  4541. if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen))
  4542. return -4600 - i;
  4543. if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen))
  4544. return -4610 - i;
  4545. }
  4546. return 0;
  4547. }
  4548. #endif /* NO_RABBIT */
  4549. #ifdef HAVE_CHACHA
  4550. WOLFSSL_TEST_SUBROUTINE int chacha_test(void)
  4551. {
  4552. ChaCha enc;
  4553. ChaCha dec;
  4554. byte cipher[128];
  4555. byte plain[128];
  4556. byte sliver[64];
  4557. byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
  4558. word32 keySz = 32;
  4559. int ret = 0;
  4560. int i;
  4561. int times = 4;
  4562. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  4563. {
  4564. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4565. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4566. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4567. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4568. };
  4569. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  4570. {
  4571. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4572. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4573. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4574. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  4575. };
  4576. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  4577. {
  4578. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4579. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4580. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4581. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4582. };
  4583. /* 128 bit key */
  4584. WOLFSSL_SMALL_STACK_STATIC const byte key4[] =
  4585. {
  4586. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4587. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4588. };
  4589. const byte* keys[] = {key1, key2, key3, key4};
  4590. WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  4591. WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  4592. WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
  4593. WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  4594. const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
  4595. #ifndef BENCH_EMBEDDED
  4596. WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
  4597. 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
  4598. 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a,
  4599. 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00,
  4600. 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32,
  4601. 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6,
  4602. 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17,
  4603. 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e,
  4604. 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0,
  4605. 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6,
  4606. 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87,
  4607. 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4,
  4608. 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28,
  4609. 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26,
  4610. 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d,
  4611. 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91,
  4612. 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4,
  4613. 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad,
  4614. 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0,
  4615. 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46,
  4616. 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb,
  4617. 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95,
  4618. 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a,
  4619. 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76,
  4620. 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5,
  4621. 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a,
  4622. 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8,
  4623. 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52,
  4624. 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7,
  4625. 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3,
  4626. 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef,
  4627. 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90,
  4628. 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56,
  4629. 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac,
  4630. 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85,
  4631. 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0,
  4632. 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d,
  4633. 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a,
  4634. 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d,
  4635. 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f,
  4636. 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda,
  4637. 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39,
  4638. 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83,
  4639. 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e,
  4640. 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92,
  4641. 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc,
  4642. 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3,
  4643. 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6,
  4644. 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9,
  4645. 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16,
  4646. 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7,
  4647. 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65,
  4648. 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f,
  4649. 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38,
  4650. 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9,
  4651. 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0,
  4652. 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb,
  4653. 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d,
  4654. 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44,
  4655. 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a,
  4656. 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80,
  4657. 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d,
  4658. 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce,
  4659. 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51,
  4660. 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24,
  4661. 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2,
  4662. 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88,
  4663. 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47,
  4664. 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45,
  4665. 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4,
  4666. 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c,
  4667. 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7,
  4668. 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92,
  4669. 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5,
  4670. 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc,
  4671. 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19,
  4672. 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3,
  4673. 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a,
  4674. 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9,
  4675. 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f,
  4676. 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89,
  4677. 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5,
  4678. 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c,
  4679. 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d,
  4680. 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99,
  4681. 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5,
  4682. 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18,
  4683. 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf,
  4684. 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3,
  4685. 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d,
  4686. 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca,
  4687. 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a,
  4688. 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39,
  4689. 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13,
  4690. 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee,
  4691. 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8,
  4692. 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc,
  4693. 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a,
  4694. 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2,
  4695. 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1,
  4696. 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07,
  4697. 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0,
  4698. 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3,
  4699. 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3,
  4700. 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19,
  4701. 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8,
  4702. 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02,
  4703. 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e,
  4704. 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22,
  4705. 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec
  4706. };
  4707. #define CHACHA_BIG_TEST_SIZE 1305
  4708. #ifndef WOLFSSL_SMALL_STACK
  4709. byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0};
  4710. byte plain_big[CHACHA_BIG_TEST_SIZE] = {0};
  4711. byte input_big[CHACHA_BIG_TEST_SIZE] = {0};
  4712. #else
  4713. byte* cipher_big;
  4714. byte* plain_big;
  4715. byte* input_big;
  4716. #endif /* WOLFSSL_SMALL_STACK */
  4717. int block_size;
  4718. #endif /* BENCH_EMBEDDED */
  4719. byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
  4720. byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
  4721. byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
  4722. byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
  4723. byte* test_chacha[4];
  4724. test_chacha[0] = a;
  4725. test_chacha[1] = b;
  4726. test_chacha[2] = c;
  4727. test_chacha[3] = d;
  4728. #ifndef BENCH_EMBEDDED
  4729. #ifdef WOLFSSL_SMALL_STACK
  4730. cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  4731. DYNAMIC_TYPE_TMP_BUFFER);
  4732. if (cipher_big == NULL) {
  4733. return MEMORY_E;
  4734. }
  4735. plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  4736. DYNAMIC_TYPE_TMP_BUFFER);
  4737. if (plain_big == NULL) {
  4738. return MEMORY_E;
  4739. }
  4740. input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  4741. DYNAMIC_TYPE_TMP_BUFFER);
  4742. if (input_big == NULL) {
  4743. return MEMORY_E;
  4744. }
  4745. XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
  4746. XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
  4747. XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE);
  4748. #endif /* WOLFSSL_SMALL_STACK */
  4749. #endif /* BENCH_EMBEDDED */
  4750. for (i = 0; i < times; ++i) {
  4751. if (i < 3) {
  4752. keySz = 32;
  4753. }
  4754. else {
  4755. keySz = 16;
  4756. }
  4757. XMEMCPY(plain, keys[i], keySz);
  4758. XMEMSET(cipher, 0, 32);
  4759. XMEMCPY(cipher + 4, ivs[i], 8);
  4760. ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
  4761. ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
  4762. if (ret != 0)
  4763. return ret;
  4764. ret |= wc_Chacha_SetIV(&enc, cipher, 0);
  4765. ret |= wc_Chacha_SetIV(&dec, cipher, 0);
  4766. if (ret != 0)
  4767. return ret;
  4768. XMEMCPY(plain, input, 8);
  4769. ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8);
  4770. ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8);
  4771. if (ret != 0)
  4772. return ret;
  4773. if (XMEMCMP(test_chacha[i], cipher, 8))
  4774. return -4700 - i;
  4775. if (XMEMCMP(plain, input, 8))
  4776. return -4710 - i;
  4777. }
  4778. /* test of starting at a different counter
  4779. encrypts all of the information and decrypts starting at 2nd chunk */
  4780. XMEMSET(plain, 0, sizeof(plain));
  4781. XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
  4782. XMEMSET(cipher, 0, sizeof(cipher));
  4783. XMEMCPY(cipher + 4, ivs[0], 8);
  4784. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  4785. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  4786. if (ret != 0)
  4787. return ret;
  4788. ret |= wc_Chacha_SetIV(&enc, cipher, 0);
  4789. ret |= wc_Chacha_SetIV(&dec, cipher, 1);
  4790. if (ret != 0)
  4791. return ret;
  4792. ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain));
  4793. ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver));
  4794. if (ret != 0)
  4795. return ret;
  4796. if (XMEMCMP(plain + 64, sliver, 64))
  4797. return -4720;
  4798. #ifndef BENCH_EMBEDDED
  4799. /* test of encrypting more data */
  4800. keySz = 32;
  4801. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  4802. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  4803. if (ret != 0)
  4804. return ret;
  4805. ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
  4806. ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
  4807. if (ret != 0)
  4808. return ret;
  4809. ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
  4810. ret |= wc_Chacha_Process(&dec, plain_big, cipher_big,
  4811. CHACHA_BIG_TEST_SIZE);
  4812. if (ret != 0)
  4813. return ret;
  4814. if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
  4815. return -4721;
  4816. if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
  4817. return -4722;
  4818. for (i = 0; i < 18; ++i) {
  4819. /* this will test all paths */
  4820. /* block sizes: 1 2 3 4 7 8 15 16 31 32 63 64 127 128 255 256 511 512 */
  4821. block_size = (2 << (i%9)) - (i<9?1:0);
  4822. keySz = 32;
  4823. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  4824. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  4825. if (ret != 0)
  4826. return ret;
  4827. ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
  4828. ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
  4829. if (ret != 0)
  4830. return ret;
  4831. ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, block_size);
  4832. ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, block_size);
  4833. if (ret != 0)
  4834. return ret;
  4835. if (XMEMCMP(plain_big, input_big, block_size))
  4836. return -4723-i;
  4837. if (XMEMCMP(cipher_big, cipher_big_result, block_size))
  4838. return -4724-i;
  4839. }
  4840. /* Streaming test */
  4841. for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) {
  4842. int j, rem;
  4843. ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
  4844. if (ret != 0)
  4845. return -4725;
  4846. ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
  4847. if (ret != 0)
  4848. return -4726;
  4849. ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
  4850. if (ret != 0)
  4851. return -4727;
  4852. ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
  4853. if (ret != 0)
  4854. return -4728;
  4855. for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
  4856. ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, i);
  4857. if (ret != 0)
  4858. return -4729;
  4859. ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, i);
  4860. if (ret != 0)
  4861. return -4730;
  4862. }
  4863. rem = CHACHA_BIG_TEST_SIZE - j;
  4864. ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, rem);
  4865. if (ret != 0)
  4866. return -4731;
  4867. ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, rem);
  4868. if (ret != 0)
  4869. return -4732;
  4870. if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
  4871. return -4733;
  4872. if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
  4873. return -4734;
  4874. }
  4875. #ifdef WOLFSSL_SMALL_STACK
  4876. XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4877. XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4878. XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4879. #endif /* WOLFSSL_SMALL_STACK */
  4880. #endif /* BENCH_EMBEDDED */
  4881. return 0;
  4882. }
  4883. #endif /* HAVE_CHACHA */
  4884. #ifdef HAVE_POLY1305
  4885. WOLFSSL_TEST_SUBROUTINE int poly1305_test(void)
  4886. {
  4887. int ret = 0;
  4888. int i;
  4889. byte tag[16];
  4890. Poly1305 enc;
  4891. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  4892. {
  4893. 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
  4894. 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
  4895. 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
  4896. 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
  4897. 0x75,0x70
  4898. };
  4899. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  4900. {
  4901. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
  4902. 0x6c,0x64,0x21
  4903. };
  4904. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  4905. {
  4906. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4907. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4908. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4909. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4910. };
  4911. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
  4912. {
  4913. 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
  4914. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  4915. 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
  4916. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  4917. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  4918. 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
  4919. 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
  4920. 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
  4921. 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
  4922. 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
  4923. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  4924. 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
  4925. 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
  4926. 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
  4927. 0x61,0x16
  4928. };
  4929. WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
  4930. {
  4931. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  4932. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  4933. };
  4934. WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
  4935. {
  4936. 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
  4937. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  4938. 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
  4939. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  4940. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  4941. 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
  4942. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  4943. 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
  4944. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  4945. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  4946. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  4947. 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
  4948. 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
  4949. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  4950. 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
  4951. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  4952. 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
  4953. 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
  4954. 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
  4955. 0x61,0x16
  4956. };
  4957. byte additional[] =
  4958. {
  4959. 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
  4960. 0xc4,0xc5,0xc6,0xc7
  4961. };
  4962. WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
  4963. {
  4964. 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
  4965. 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
  4966. };
  4967. WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
  4968. {
  4969. 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
  4970. 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
  4971. };
  4972. WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
  4973. {
  4974. 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
  4975. 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
  4976. };
  4977. WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
  4978. {
  4979. 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
  4980. 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
  4981. };
  4982. WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
  4983. {
  4984. 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
  4985. 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
  4986. };
  4987. WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
  4988. {
  4989. 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4990. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4991. };
  4992. WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
  4993. {
  4994. 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
  4995. 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
  4996. };
  4997. WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
  4998. 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
  4999. 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
  5000. 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
  5001. 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
  5002. };
  5003. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  5004. 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
  5005. 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
  5006. 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
  5007. 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
  5008. };
  5009. WOLFSSL_SMALL_STACK_STATIC const byte key4[] = {
  5010. 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
  5011. 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
  5012. 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
  5013. 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
  5014. };
  5015. WOLFSSL_SMALL_STACK_STATIC const byte key5[] = {
  5016. 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5017. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5018. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5019. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5020. };
  5021. const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6};
  5022. word32 szm[] = {0, sizeof(msg1), sizeof(msg2),
  5023. sizeof(msg3), sizeof(msg5), sizeof(msg6)};
  5024. const byte* keys[] = {key, key, key2, key2, key5, key};
  5025. const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
  5026. correct6};
  5027. for (i = 0; i < 6; i++) {
  5028. ret = wc_Poly1305SetKey(&enc, keys[i], 32);
  5029. if (ret != 0)
  5030. return -4800 - i;
  5031. ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
  5032. if (ret != 0)
  5033. return -4810 - i;
  5034. ret = wc_Poly1305Final(&enc, tag);
  5035. if (ret != 0)
  5036. return -4820 - i;
  5037. if (XMEMCMP(tag, tests[i], sizeof(tag)))
  5038. return -4830 - i;
  5039. }
  5040. /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
  5041. XMEMSET(tag, 0, sizeof(tag));
  5042. ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
  5043. if (ret != 0)
  5044. return -4840;
  5045. ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
  5046. (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
  5047. if (ret != 0)
  5048. return -4841;
  5049. if (XMEMCMP(tag, correct4, sizeof(tag)))
  5050. return -4842;
  5051. /* Check fail of TLS MAC function if altering additional data */
  5052. XMEMSET(tag, 0, sizeof(tag));
  5053. additional[0]++;
  5054. ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
  5055. (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
  5056. if (ret != 0)
  5057. return -4843;
  5058. if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
  5059. return -4844;
  5060. return 0;
  5061. }
  5062. #endif /* HAVE_POLY1305 */
  5063. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  5064. WOLFSSL_TEST_SUBROUTINE int chacha20_poly1305_aead_test(void)
  5065. {
  5066. /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
  5067. /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
  5068. WOLFSSL_SMALL_STACK_STATIC const byte key1[] = {
  5069. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  5070. 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  5071. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  5072. 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  5073. };
  5074. WOLFSSL_SMALL_STACK_STATIC const byte plaintext1[] = {
  5075. 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
  5076. 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
  5077. 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
  5078. 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
  5079. 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
  5080. 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
  5081. 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
  5082. 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
  5083. 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
  5084. 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
  5085. 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
  5086. 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
  5087. 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
  5088. 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
  5089. 0x74, 0x2e
  5090. };
  5091. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = {
  5092. 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
  5093. 0x44, 0x45, 0x46, 0x47
  5094. };
  5095. WOLFSSL_SMALL_STACK_STATIC const byte aad1[] = { /* additional data */
  5096. 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
  5097. 0xc4, 0xc5, 0xc6, 0xc7
  5098. };
  5099. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = { /* expected output from operation */
  5100. 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
  5101. 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
  5102. 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
  5103. 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
  5104. 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
  5105. 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
  5106. 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
  5107. 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
  5108. 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
  5109. 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
  5110. 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
  5111. 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
  5112. 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
  5113. 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
  5114. 0x61, 0x16
  5115. };
  5116. WOLFSSL_SMALL_STACK_STATIC const byte authTag1[] = { /* expected output from operation */
  5117. 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
  5118. 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
  5119. };
  5120. /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
  5121. /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
  5122. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  5123. 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
  5124. 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
  5125. 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
  5126. 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
  5127. };
  5128. WOLFSSL_SMALL_STACK_STATIC const byte plaintext2[] = {
  5129. 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
  5130. 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
  5131. 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
  5132. 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
  5133. 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
  5134. 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
  5135. 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
  5136. 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
  5137. 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
  5138. 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
  5139. 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
  5140. 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
  5141. 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
  5142. 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
  5143. 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
  5144. 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
  5145. 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
  5146. 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
  5147. 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
  5148. 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
  5149. 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
  5150. 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
  5151. 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
  5152. 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
  5153. 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
  5154. 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
  5155. 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
  5156. 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
  5157. 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
  5158. 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
  5159. 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
  5160. 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
  5161. 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
  5162. 0x9d
  5163. };
  5164. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  5165. 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
  5166. 0x05, 0x06, 0x07, 0x08
  5167. };
  5168. WOLFSSL_SMALL_STACK_STATIC const byte aad2[] = { /* additional data */
  5169. 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
  5170. 0x00, 0x00, 0x4e, 0x91
  5171. };
  5172. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = { /* expected output from operation */
  5173. 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
  5174. 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
  5175. 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
  5176. 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
  5177. 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
  5178. 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
  5179. 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
  5180. 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
  5181. 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
  5182. 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
  5183. 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
  5184. 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
  5185. 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
  5186. 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
  5187. 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
  5188. 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
  5189. 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
  5190. 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
  5191. 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
  5192. 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
  5193. 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
  5194. 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
  5195. 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
  5196. 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
  5197. 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
  5198. 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
  5199. 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
  5200. 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
  5201. 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
  5202. 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
  5203. 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
  5204. 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
  5205. 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
  5206. 0x9b
  5207. };
  5208. WOLFSSL_SMALL_STACK_STATIC const byte authTag2[] = { /* expected output from operation */
  5209. 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
  5210. 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
  5211. };
  5212. byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
  5213. byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
  5214. byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
  5215. int err;
  5216. ChaChaPoly_Aead aead;
  5217. #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
  5218. #define TEST_SMALL_CHACHA_CHUNKS 32
  5219. #else
  5220. #define TEST_SMALL_CHACHA_CHUNKS 64
  5221. #endif
  5222. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5223. word32 testLen;
  5224. #endif
  5225. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  5226. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  5227. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  5228. /* Parameter Validation testing */
  5229. /* Encrypt */
  5230. err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
  5231. sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
  5232. if (err != BAD_FUNC_ARG)
  5233. return -4900;
  5234. err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
  5235. plaintext1, sizeof(plaintext1), generatedCiphertext,
  5236. generatedAuthTag);
  5237. if (err != BAD_FUNC_ARG)
  5238. return -4901;
  5239. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
  5240. sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
  5241. if (err != BAD_FUNC_ARG)
  5242. return -4902;
  5243. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
  5244. sizeof(plaintext1), NULL, generatedAuthTag);
  5245. if (err != BAD_FUNC_ARG)
  5246. return -4903;
  5247. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
  5248. sizeof(plaintext1), generatedCiphertext, NULL);
  5249. if (err != BAD_FUNC_ARG)
  5250. return -4904;
  5251. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
  5252. 0, generatedCiphertext, generatedAuthTag);
  5253. if (err != BAD_FUNC_ARG)
  5254. return -4905;
  5255. /* Decrypt */
  5256. err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
  5257. sizeof(cipher2), authTag2, generatedPlaintext);
  5258. if (err != BAD_FUNC_ARG)
  5259. return -4906;
  5260. err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
  5261. sizeof(cipher2), authTag2, generatedPlaintext);
  5262. if (err != BAD_FUNC_ARG)
  5263. return -4907;
  5264. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
  5265. sizeof(cipher2), authTag2, generatedPlaintext);
  5266. if (err != BAD_FUNC_ARG)
  5267. return -4908;
  5268. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
  5269. sizeof(cipher2), NULL, generatedPlaintext);
  5270. if (err != BAD_FUNC_ARG)
  5271. return -4909;
  5272. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
  5273. sizeof(cipher2), authTag2, NULL);
  5274. if (err != BAD_FUNC_ARG)
  5275. return -4910;
  5276. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
  5277. 0, authTag2, generatedPlaintext);
  5278. if (err != BAD_FUNC_ARG)
  5279. return -4911;
  5280. /* Test #1 */
  5281. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
  5282. aad1, sizeof(aad1),
  5283. plaintext1, sizeof(plaintext1),
  5284. generatedCiphertext, generatedAuthTag);
  5285. if (err) {
  5286. return err;
  5287. }
  5288. /* -- Check the ciphertext and authtag */
  5289. if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
  5290. return -4912;
  5291. }
  5292. if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) {
  5293. return -4913;
  5294. }
  5295. /* -- Verify decryption works */
  5296. err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
  5297. aad1, sizeof(aad1),
  5298. cipher1, sizeof(cipher1),
  5299. authTag1, generatedPlaintext);
  5300. if (err) {
  5301. return err;
  5302. }
  5303. if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
  5304. return -4914;
  5305. }
  5306. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  5307. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  5308. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  5309. /* Test #2 */
  5310. err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
  5311. aad2, sizeof(aad2),
  5312. plaintext2, sizeof(plaintext2),
  5313. generatedCiphertext, generatedAuthTag);
  5314. if (err) {
  5315. return err;
  5316. }
  5317. /* -- Check the ciphertext and authtag */
  5318. if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
  5319. return -4915;
  5320. }
  5321. if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) {
  5322. return -4916;
  5323. }
  5324. /* -- Verify decryption works */
  5325. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
  5326. aad2, sizeof(aad2),
  5327. cipher2, sizeof(cipher2),
  5328. authTag2, generatedPlaintext);
  5329. if (err) {
  5330. return err;
  5331. }
  5332. if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
  5333. return -4917;
  5334. }
  5335. /* AEAD init/update/final - bad argument tests */
  5336. err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
  5337. CHACHA20_POLY1305_AEAD_DECRYPT);
  5338. if (err != BAD_FUNC_ARG)
  5339. return -4918;
  5340. err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
  5341. CHACHA20_POLY1305_AEAD_DECRYPT);
  5342. if (err != BAD_FUNC_ARG)
  5343. return -4919;
  5344. err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
  5345. CHACHA20_POLY1305_AEAD_DECRYPT);
  5346. if (err != BAD_FUNC_ARG)
  5347. return -4920;
  5348. err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
  5349. if (err != BAD_FUNC_ARG)
  5350. return -4921;
  5351. err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
  5352. if (err != BAD_FUNC_ARG)
  5353. return -4922;
  5354. err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
  5355. generatedPlaintext, sizeof(plaintext1));
  5356. if (err != BAD_FUNC_ARG)
  5357. return -4923;
  5358. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
  5359. sizeof(plaintext1));
  5360. if (err != BAD_FUNC_ARG)
  5361. return -4924;
  5362. err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
  5363. sizeof(plaintext1));
  5364. if (err != BAD_FUNC_ARG)
  5365. return -4925;
  5366. err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
  5367. if (err != BAD_FUNC_ARG)
  5368. return -4926;
  5369. err = wc_ChaCha20Poly1305_Final(&aead, NULL);
  5370. if (err != BAD_FUNC_ARG)
  5371. return -4927;
  5372. /* AEAD init/update/final - bad state tests */
  5373. /* clear struct - make valgrind happy to resolve
  5374. "Conditional jump or move depends on uninitialised value(s)".
  5375. The enum is "int" size and aead.state is "byte" */
  5376. /* The wc_ChaCha20Poly1305_Init function does this normally */
  5377. XMEMSET(&aead, 0, sizeof(aead));
  5378. aead.state = CHACHA20_POLY1305_STATE_INIT;
  5379. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  5380. if (err != BAD_STATE_E)
  5381. return -4928;
  5382. aead.state = CHACHA20_POLY1305_STATE_DATA;
  5383. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  5384. if (err != BAD_STATE_E)
  5385. return -4929;
  5386. aead.state = CHACHA20_POLY1305_STATE_INIT;
  5387. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
  5388. generatedPlaintext, sizeof(plaintext1));
  5389. if (err != BAD_STATE_E)
  5390. return -4930;
  5391. aead.state = CHACHA20_POLY1305_STATE_INIT;
  5392. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5393. if (err != BAD_STATE_E)
  5394. return -4931;
  5395. aead.state = CHACHA20_POLY1305_STATE_READY;
  5396. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5397. if (err != BAD_STATE_E)
  5398. return -4932;
  5399. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  5400. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  5401. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  5402. /* Test 1 - Encrypt */
  5403. err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
  5404. CHACHA20_POLY1305_AEAD_ENCRYPT);
  5405. if (err != 0)
  5406. return -4933;
  5407. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  5408. if (err != 0)
  5409. return -4934;
  5410. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5411. /* test doing data in smaller chunks */
  5412. for (testLen=0; testLen<sizeof(plaintext1); ) {
  5413. word32 dataLen = sizeof(plaintext1) - testLen;
  5414. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  5415. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  5416. err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen],
  5417. &generatedCiphertext[testLen], dataLen);
  5418. if (err != 0)
  5419. return -4935;
  5420. testLen += dataLen;
  5421. }
  5422. #else
  5423. err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1,
  5424. generatedCiphertext, sizeof(plaintext1));
  5425. #endif
  5426. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5427. if (err != 0)
  5428. return -4936;
  5429. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
  5430. if (err != 0)
  5431. return -4937;
  5432. if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
  5433. return -4938;
  5434. }
  5435. /* Test 1 - Decrypt */
  5436. err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
  5437. CHACHA20_POLY1305_AEAD_DECRYPT);
  5438. if (err != 0)
  5439. return -4939;
  5440. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  5441. if (err != 0)
  5442. return -4940;
  5443. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5444. /* test doing data in smaller chunks */
  5445. for (testLen=0; testLen<sizeof(plaintext1); ) {
  5446. word32 dataLen = sizeof(plaintext1) - testLen;
  5447. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  5448. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  5449. err = wc_ChaCha20Poly1305_UpdateData(&aead,
  5450. &generatedCiphertext[testLen], &generatedPlaintext[testLen],
  5451. dataLen);
  5452. if (err != 0)
  5453. return -4941;
  5454. testLen += dataLen;
  5455. }
  5456. #else
  5457. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
  5458. generatedPlaintext, sizeof(cipher1));
  5459. #endif
  5460. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5461. if (err != 0)
  5462. return -4942;
  5463. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
  5464. if (err != 0)
  5465. return -4943;
  5466. if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
  5467. return -4944;
  5468. }
  5469. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  5470. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  5471. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  5472. /* Test 2 - Encrypt */
  5473. err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
  5474. CHACHA20_POLY1305_AEAD_ENCRYPT);
  5475. if (err != 0)
  5476. return -4945;
  5477. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
  5478. if (err != 0)
  5479. return -4946;
  5480. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5481. /* test doing data in smaller chunks */
  5482. for (testLen=0; testLen<sizeof(plaintext2); ) {
  5483. word32 dataLen = sizeof(plaintext2) - testLen;
  5484. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  5485. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  5486. err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen],
  5487. &generatedCiphertext[testLen], dataLen);
  5488. if (err != 0)
  5489. return -4947;
  5490. testLen += dataLen;
  5491. }
  5492. #else
  5493. err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext,
  5494. sizeof(plaintext2));
  5495. #endif
  5496. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5497. if (err != 0)
  5498. return -4948;
  5499. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
  5500. if (err != 0)
  5501. return -4949;
  5502. if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
  5503. return -4950;
  5504. }
  5505. /* Test 2 - Decrypt */
  5506. err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
  5507. CHACHA20_POLY1305_AEAD_DECRYPT);
  5508. if (err != 0)
  5509. return -4951;
  5510. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
  5511. if (err != 0)
  5512. return -4952;
  5513. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5514. /* test doing data in smaller chunks */
  5515. for (testLen=0; testLen<sizeof(plaintext2); ) {
  5516. word32 dataLen = sizeof(plaintext2) - testLen;
  5517. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  5518. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  5519. err = wc_ChaCha20Poly1305_UpdateData(&aead,
  5520. &generatedCiphertext[testLen], &generatedPlaintext[testLen],
  5521. dataLen);
  5522. if (err != 0)
  5523. return -4953;
  5524. testLen += dataLen;
  5525. }
  5526. #else
  5527. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
  5528. generatedPlaintext, sizeof(cipher2));
  5529. #endif
  5530. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5531. if (err != 0)
  5532. return -4954;
  5533. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
  5534. if (err != 0)
  5535. return -4955;
  5536. if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
  5537. return -4956;
  5538. }
  5539. return err;
  5540. }
  5541. #endif /* HAVE_CHACHA && HAVE_POLY1305 */
  5542. #ifndef NO_DES3
  5543. WOLFSSL_TEST_SUBROUTINE int des_test(void)
  5544. {
  5545. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
  5546. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  5547. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  5548. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  5549. };
  5550. byte plain[24];
  5551. byte cipher[24];
  5552. Des enc;
  5553. Des dec;
  5554. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  5555. {
  5556. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  5557. };
  5558. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  5559. {
  5560. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
  5561. };
  5562. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  5563. {
  5564. 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
  5565. 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
  5566. 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
  5567. };
  5568. int ret;
  5569. ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
  5570. if (ret != 0)
  5571. return -5000;
  5572. ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
  5573. if (ret != 0)
  5574. return -5001;
  5575. ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
  5576. if (ret != 0)
  5577. return -5002;
  5578. ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
  5579. if (ret != 0)
  5580. return -5003;
  5581. if (XMEMCMP(plain, vector, sizeof(plain)))
  5582. return -5004;
  5583. if (XMEMCMP(cipher, verify, sizeof(cipher)))
  5584. return -5005;
  5585. ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv);
  5586. if (ret != 0)
  5587. return -5006;
  5588. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
  5589. {
  5590. EncryptedInfo info;
  5591. XMEMSET(&info, 0, sizeof(EncryptedInfo));
  5592. XMEMCPY(info.iv, iv, sizeof(iv));
  5593. info.ivSz = sizeof(iv);
  5594. info.keySz = sizeof(key);
  5595. info.cipherType = WC_CIPHER_DES;
  5596. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
  5597. sizeof(key), WC_HASH_TYPE_SHA);
  5598. if (ret != 0)
  5599. return -5007;
  5600. /* Test invalid info ptr */
  5601. ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
  5602. sizeof(key), WC_HASH_TYPE_SHA);
  5603. if (ret != BAD_FUNC_ARG)
  5604. return -5008;
  5605. #ifndef NO_PWDBASED
  5606. /* Test invalid hash type - only applies to wc_PBKDF1 call */
  5607. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
  5608. sizeof(key), WC_HASH_TYPE_NONE);
  5609. if (ret == 0)
  5610. return -5009;
  5611. #endif /* !NO_PWDBASED */
  5612. }
  5613. #endif
  5614. return 0;
  5615. }
  5616. #endif /* !NO_DES3 */
  5617. #ifndef NO_DES3
  5618. WOLFSSL_TEST_SUBROUTINE int des3_test(void)
  5619. {
  5620. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
  5621. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  5622. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  5623. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  5624. };
  5625. byte plain[24];
  5626. byte cipher[24];
  5627. Des3 enc;
  5628. Des3 dec;
  5629. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  5630. {
  5631. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  5632. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  5633. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  5634. };
  5635. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  5636. {
  5637. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  5638. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  5639. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  5640. };
  5641. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
  5642. {
  5643. 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
  5644. 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
  5645. 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
  5646. };
  5647. int ret;
  5648. if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0)
  5649. return -5100;
  5650. if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0)
  5651. return -5101;
  5652. ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
  5653. if (ret != 0)
  5654. return -5102;
  5655. ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
  5656. if (ret != 0)
  5657. return -5103;
  5658. ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
  5659. #if defined(WOLFSSL_ASYNC_CRYPT)
  5660. ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
  5661. #endif
  5662. if (ret != 0)
  5663. return -5104;
  5664. ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
  5665. #if defined(WOLFSSL_ASYNC_CRYPT)
  5666. ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
  5667. #endif
  5668. if (ret != 0)
  5669. return -5105;
  5670. if (XMEMCMP(plain, vector, sizeof(plain)))
  5671. return -5106;
  5672. if (XMEMCMP(cipher, verify3, sizeof(cipher)))
  5673. return -5107;
  5674. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  5675. /* test the same vectors with using compatibility layer */
  5676. {
  5677. DES_key_schedule ks1;
  5678. DES_key_schedule ks2;
  5679. DES_key_schedule ks3;
  5680. DES_cblock iv4;
  5681. XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
  5682. XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
  5683. XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
  5684. XMEMCPY(iv4, iv3, sizeof(DES_cblock));
  5685. XMEMSET(plain, 0, sizeof(plain));
  5686. XMEMSET(cipher, 0, sizeof(cipher));
  5687. DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3,
  5688. &iv4, DES_ENCRYPT);
  5689. DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3,
  5690. &iv4, DES_DECRYPT);
  5691. if (XMEMCMP(plain, vector, sizeof(plain)))
  5692. return -5108;
  5693. if (XMEMCMP(cipher, verify3, sizeof(cipher)))
  5694. return -5109;
  5695. }
  5696. #endif /* OPENSSL_EXTRA */
  5697. wc_Des3Free(&enc);
  5698. wc_Des3Free(&dec);
  5699. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
  5700. {
  5701. EncryptedInfo info;
  5702. XMEMSET(&info, 0, sizeof(EncryptedInfo));
  5703. XMEMCPY(info.iv, iv3, sizeof(iv3));
  5704. info.ivSz = sizeof(iv3);
  5705. info.keySz = sizeof(key3);
  5706. info.cipherType = WC_CIPHER_DES3;
  5707. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3,
  5708. sizeof(key3), WC_HASH_TYPE_SHA);
  5709. if (ret != 0)
  5710. return -5110;
  5711. }
  5712. #endif
  5713. return 0;
  5714. }
  5715. #endif /* NO_DES3 */
  5716. #ifndef NO_AES
  5717. #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
  5718. defined(WOLFSSL_AES_XTS)
  5719. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  5720. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  5721. /* pass in the function, key, iv, plain text and expected and this function
  5722. * tests that the encryption and decryption is successful */
  5723. static int EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
  5724. const byte* iv, const byte* plain, int plainSz,
  5725. const byte* expected, int expectedSz)
  5726. {
  5727. #ifdef WOLFSSL_SMALL_STACK
  5728. EVP_CIPHER_CTX *ctx = NULL;
  5729. #else
  5730. EVP_CIPHER_CTX ctx[1];
  5731. #endif
  5732. int idx, ret = 0, cipherSz;
  5733. byte* cipher;
  5734. #ifdef WOLFSSL_SMALL_STACK
  5735. if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL)
  5736. return MEMORY_E;
  5737. #endif
  5738. cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  5739. if (cipher == NULL) {
  5740. ret = -5120;
  5741. goto EVP_TEST_END;
  5742. }
  5743. /* test encrypt */
  5744. EVP_CIPHER_CTX_init(ctx);
  5745. if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
  5746. ret = -5121;
  5747. goto EVP_TEST_END;
  5748. }
  5749. if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
  5750. ret = -5122;
  5751. goto EVP_TEST_END;
  5752. }
  5753. cipherSz = idx;
  5754. if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
  5755. ret = -5123;
  5756. goto EVP_TEST_END;
  5757. }
  5758. cipherSz += idx;
  5759. if (XMEMCMP(cipher, expected, plainSz)) {
  5760. ret = -5124;
  5761. goto EVP_TEST_END;
  5762. }
  5763. /* test decrypt */
  5764. EVP_CIPHER_CTX_init(ctx);
  5765. if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
  5766. ret = -5125;
  5767. goto EVP_TEST_END;
  5768. }
  5769. if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
  5770. ret = -5126;
  5771. goto EVP_TEST_END;
  5772. }
  5773. cipherSz = idx;
  5774. if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
  5775. ret = -5127;
  5776. goto EVP_TEST_END;
  5777. }
  5778. cipherSz += idx;
  5779. if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
  5780. ret = -5128;
  5781. goto EVP_TEST_END;
  5782. }
  5783. EVP_TEST_END:
  5784. if (cipher)
  5785. XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  5786. (void)cipherSz;
  5787. #ifdef WOLFSSL_SMALL_STACK
  5788. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  5789. #endif
  5790. return ret;
  5791. }
  5792. #endif /* OPENSSL_EXTRA */
  5793. #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
  5794. #ifdef WOLFSSL_AES_OFB
  5795. /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */
  5796. WOLFSSL_TEST_SUBROUTINE int aesofb_test(void)
  5797. {
  5798. #ifdef WOLFSSL_AES_256
  5799. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  5800. {
  5801. 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
  5802. 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
  5803. 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
  5804. 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
  5805. };
  5806. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  5807. {
  5808. 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
  5809. 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
  5810. };
  5811. WOLFSSL_SMALL_STACK_STATIC const byte plain1[] =
  5812. {
  5813. 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
  5814. 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
  5815. 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
  5816. 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
  5817. 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
  5818. 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
  5819. };
  5820. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  5821. {
  5822. 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
  5823. 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
  5824. 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
  5825. 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
  5826. 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
  5827. 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
  5828. };
  5829. #endif /* WOLFSSL_AES_256 */
  5830. #ifdef WOLFSSL_AES_128
  5831. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  5832. {
  5833. 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
  5834. 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
  5835. };
  5836. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  5837. {
  5838. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5839. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5840. };
  5841. WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
  5842. {
  5843. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5844. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5845. };
  5846. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  5847. {
  5848. 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
  5849. 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
  5850. };
  5851. #endif /* WOLFSSL_AES_128 */
  5852. #ifdef WOLFSSL_AES_192
  5853. WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
  5854. 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
  5855. 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
  5856. 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
  5857. };
  5858. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  5859. {
  5860. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5861. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5862. };
  5863. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  5864. {
  5865. 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
  5866. 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
  5867. };
  5868. WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
  5869. {
  5870. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5871. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5872. };
  5873. #endif /* WOLFSSL_AES_192 */
  5874. #ifdef WOLFSSL_SMALL_STACK
  5875. Aes *enc = NULL;
  5876. #else
  5877. Aes enc[1];
  5878. #endif
  5879. byte cipher[AES_BLOCK_SIZE * 4];
  5880. #ifdef HAVE_AES_DECRYPT
  5881. #ifdef WOLFSSL_SMALL_STACK
  5882. Aes *dec = NULL;
  5883. #else
  5884. Aes dec[1];
  5885. #endif
  5886. byte plain [AES_BLOCK_SIZE * 4];
  5887. #endif
  5888. int ret = 0;
  5889. #ifdef WOLFSSL_SMALL_STACK
  5890. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  5891. ERROR_OUT(-1, out);
  5892. #ifdef HAVE_AES_DECRYPT
  5893. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  5894. ERROR_OUT(-1, out);
  5895. #endif
  5896. #endif
  5897. XMEMSET(enc, 0, sizeof *enc);
  5898. #ifdef HAVE_AES_DECRYPT
  5899. XMEMSET(dec, 0, sizeof *dec);
  5900. #endif
  5901. #ifdef WOLFSSL_AES_128
  5902. /* 128 key size test */
  5903. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  5904. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  5905. ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
  5906. cipher2, sizeof(cipher2));
  5907. if (ret != 0) {
  5908. goto out;
  5909. }
  5910. #endif
  5911. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  5912. if (ret != 0)
  5913. ERROR_OUT(-5129, out);
  5914. #ifdef HAVE_AES_DECRYPT
  5915. /* decrypt uses AES_ENCRYPTION */
  5916. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  5917. if (ret != 0)
  5918. ERROR_OUT(-5130, out);
  5919. #endif
  5920. XMEMSET(cipher, 0, sizeof(cipher));
  5921. ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
  5922. if (ret != 0)
  5923. ERROR_OUT(-5131, out);
  5924. if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
  5925. ERROR_OUT(-5132, out);
  5926. #ifdef HAVE_AES_DECRYPT
  5927. ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
  5928. if (ret != 0)
  5929. ERROR_OUT(-5133, out);
  5930. if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
  5931. ERROR_OUT(-5134, out);
  5932. #endif /* HAVE_AES_DECRYPT */
  5933. #endif /* WOLFSSL_AES_128 */
  5934. #ifdef WOLFSSL_AES_192
  5935. /* 192 key size test */
  5936. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  5937. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  5938. ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
  5939. cipher3, sizeof(cipher3));
  5940. if (ret != 0) {
  5941. goto out;
  5942. }
  5943. #endif
  5944. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  5945. if (ret != 0)
  5946. ERROR_OUT(-5135, out);
  5947. #ifdef HAVE_AES_DECRYPT
  5948. /* decrypt uses AES_ENCRYPTION */
  5949. ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  5950. if (ret != 0)
  5951. ERROR_OUT(-5136, out);
  5952. #endif
  5953. XMEMSET(cipher, 0, sizeof(cipher));
  5954. ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
  5955. if (ret != 0)
  5956. ERROR_OUT(-5137, out);
  5957. if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
  5958. ERROR_OUT(-5138, out);
  5959. #ifdef HAVE_AES_DECRYPT
  5960. ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
  5961. if (ret != 0)
  5962. ERROR_OUT(-5139, out);
  5963. if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
  5964. ERROR_OUT(-5140, out);
  5965. #endif /* HAVE_AES_DECRYPT */
  5966. #endif /* WOLFSSL_AES_192 */
  5967. #ifdef WOLFSSL_AES_256
  5968. /* 256 key size test */
  5969. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  5970. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  5971. ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
  5972. cipher1, sizeof(cipher1));
  5973. if (ret != 0) {
  5974. goto out;
  5975. }
  5976. #endif
  5977. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5978. if (ret != 0)
  5979. ERROR_OUT(-5141, out);
  5980. #ifdef HAVE_AES_DECRYPT
  5981. /* decrypt uses AES_ENCRYPTION */
  5982. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5983. if (ret != 0)
  5984. ERROR_OUT(-5142, out);
  5985. #endif
  5986. XMEMSET(cipher, 0, sizeof(cipher));
  5987. ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
  5988. if (ret != 0)
  5989. ERROR_OUT(-5143, out);
  5990. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
  5991. ERROR_OUT(-5144, out);
  5992. ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
  5993. plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  5994. if (ret != 0)
  5995. ERROR_OUT(-5145, out);
  5996. if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
  5997. AES_BLOCK_SIZE))
  5998. ERROR_OUT(-5146, out);
  5999. #ifdef HAVE_AES_DECRYPT
  6000. ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
  6001. if (ret != 0)
  6002. ERROR_OUT(-5147, out);
  6003. if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
  6004. ERROR_OUT(-5148, out);
  6005. ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
  6006. cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  6007. if (ret != 0)
  6008. ERROR_OUT(-5149, out);
  6009. if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
  6010. AES_BLOCK_SIZE))
  6011. ERROR_OUT(-5150, out);
  6012. #endif /* HAVE_AES_DECRYPT */
  6013. /* multiple blocks at once */
  6014. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  6015. if (ret != 0)
  6016. ERROR_OUT(-5151, out);
  6017. #ifdef HAVE_AES_DECRYPT
  6018. /* decrypt uses AES_ENCRYPTION */
  6019. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  6020. if (ret != 0)
  6021. ERROR_OUT(-5152, out);
  6022. #endif
  6023. XMEMSET(cipher, 0, sizeof(cipher));
  6024. ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
  6025. if (ret != 0)
  6026. ERROR_OUT(-5153, out);
  6027. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
  6028. ERROR_OUT(-5154, out);
  6029. #ifdef HAVE_AES_DECRYPT
  6030. ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
  6031. if (ret != 0)
  6032. ERROR_OUT(-5155, out);
  6033. if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
  6034. ERROR_OUT(-5156, out);
  6035. #endif /* HAVE_AES_DECRYPT */
  6036. /* inline decrypt/encrypt*/
  6037. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  6038. if (ret != 0)
  6039. ERROR_OUT(-5157, out);
  6040. #ifdef HAVE_AES_DECRYPT
  6041. /* decrypt uses AES_ENCRYPTION */
  6042. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  6043. if (ret != 0)
  6044. ERROR_OUT(-5158, out);
  6045. #endif
  6046. XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
  6047. ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
  6048. if (ret != 0)
  6049. ERROR_OUT(-5159, out);
  6050. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  6051. ERROR_OUT(-5160, out);
  6052. #ifdef HAVE_AES_DECRYPT
  6053. ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
  6054. if (ret != 0)
  6055. ERROR_OUT(-5161, out);
  6056. if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
  6057. ERROR_OUT(-5162, out);
  6058. #endif /* HAVE_AES_DECRYPT */
  6059. /* 256 key size test leftover support */
  6060. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  6061. if (ret != 0)
  6062. ERROR_OUT(-5163, out);
  6063. #ifdef HAVE_AES_DECRYPT
  6064. /* decrypt uses AES_ENCRYPTION */
  6065. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  6066. if (ret != 0)
  6067. ERROR_OUT(-5164, out);
  6068. #endif
  6069. XMEMSET(cipher, 0, sizeof(cipher));
  6070. ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3);
  6071. if (ret != 0)
  6072. ERROR_OUT(-5165, out);
  6073. if (XMEMCMP(cipher, cipher1, 3))
  6074. ERROR_OUT(-5166, out);
  6075. ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
  6076. if (ret != 0)
  6077. ERROR_OUT(-5167, out);
  6078. if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
  6079. ERROR_OUT(-5168, out);
  6080. #ifdef HAVE_AES_DECRYPT
  6081. ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6);
  6082. if (ret != 0)
  6083. ERROR_OUT(-5169, out);
  6084. if (XMEMCMP(plain, plain1, 6))
  6085. ERROR_OUT(-5170, out);
  6086. ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
  6087. if (ret != 0)
  6088. ERROR_OUT(-5171, out);
  6089. if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
  6090. ERROR_OUT(-5172, out);
  6091. #endif /* HAVE_AES_DECRYPT */
  6092. out:
  6093. #ifdef WOLFSSL_SMALL_STACK
  6094. if (enc)
  6095. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  6096. #ifdef HAVE_AES_DECRYPT
  6097. if (dec)
  6098. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  6099. #endif
  6100. #endif
  6101. #endif /* WOLFSSL_AES_256 */
  6102. return ret;
  6103. }
  6104. #endif /* WOLFSSL_AES_OFB */
  6105. #if defined(WOLFSSL_AES_CFB)
  6106. /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/
  6107. static int aescfb_test(void)
  6108. {
  6109. #ifdef WOLFSSL_SMALL_STACK
  6110. Aes *enc = NULL;
  6111. #else
  6112. Aes enc[1];
  6113. #endif
  6114. int enc_inited = 0;
  6115. byte cipher[AES_BLOCK_SIZE * 4];
  6116. #ifdef HAVE_AES_DECRYPT
  6117. #ifdef WOLFSSL_SMALL_STACK
  6118. Aes *dec = NULL;
  6119. #else
  6120. Aes dec[1];
  6121. #endif
  6122. int dec_inited = 0;
  6123. byte plain [AES_BLOCK_SIZE * 4];
  6124. #endif
  6125. int ret = 0;
  6126. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  6127. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  6128. 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
  6129. };
  6130. #ifdef WOLFSSL_AES_128
  6131. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  6132. {
  6133. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  6134. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  6135. };
  6136. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  6137. {
  6138. 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
  6139. 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
  6140. 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
  6141. 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
  6142. 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
  6143. 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
  6144. };
  6145. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  6146. {
  6147. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  6148. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  6149. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  6150. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  6151. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  6152. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
  6153. };
  6154. #endif /* WOLFSSL_AES_128 */
  6155. #ifdef WOLFSSL_AES_192
  6156. /* 192 size key test */
  6157. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  6158. {
  6159. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  6160. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  6161. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  6162. };
  6163. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  6164. {
  6165. 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
  6166. 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
  6167. 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
  6168. 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
  6169. 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
  6170. 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
  6171. 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
  6172. 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
  6173. };
  6174. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  6175. {
  6176. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  6177. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  6178. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  6179. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  6180. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  6181. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  6182. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  6183. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  6184. };
  6185. #endif /* WOLFSSL_AES_192 */
  6186. #ifdef WOLFSSL_AES_256
  6187. /* 256 size key simple test */
  6188. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  6189. {
  6190. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  6191. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  6192. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  6193. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  6194. };
  6195. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  6196. {
  6197. 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
  6198. 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
  6199. 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
  6200. 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
  6201. 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
  6202. 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
  6203. 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
  6204. 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
  6205. };
  6206. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  6207. {
  6208. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  6209. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  6210. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  6211. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  6212. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  6213. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  6214. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  6215. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  6216. };
  6217. #endif /* WOLFSSL_AES_256 */
  6218. #ifdef WOLFSSL_SMALL_STACK
  6219. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6220. ERROR_OUT(-1, out);
  6221. #ifdef HAVE_AES_DECRYPT
  6222. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6223. ERROR_OUT(-1, out);
  6224. #endif
  6225. #endif
  6226. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  6227. ERROR_OUT(-5173, out);
  6228. else
  6229. enc_inited = 1;
  6230. #ifdef HAVE_AES_DECRYPT
  6231. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  6232. ERROR_OUT(-5174, out);
  6233. else
  6234. dec_inited = 1;
  6235. #endif
  6236. #ifdef WOLFSSL_AES_128
  6237. /* 128 key tests */
  6238. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  6239. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6240. ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
  6241. cipher1, sizeof(cipher1));
  6242. if (ret != 0) {
  6243. return ret;
  6244. }
  6245. #endif
  6246. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6247. if (ret != 0)
  6248. ERROR_OUT(-5175, out);
  6249. #ifdef HAVE_AES_DECRYPT
  6250. /* decrypt uses AES_ENCRYPTION */
  6251. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6252. if (ret != 0)
  6253. ERROR_OUT(-5176, out);
  6254. #endif
  6255. XMEMSET(cipher, 0, sizeof(cipher));
  6256. ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
  6257. if (ret != 0)
  6258. ERROR_OUT(-5177, out);
  6259. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  6260. ERROR_OUT(-5178, out);
  6261. /* test restarting encryption process */
  6262. ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
  6263. msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
  6264. if (ret != 0)
  6265. ERROR_OUT(-5179, out);
  6266. if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
  6267. cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
  6268. ERROR_OUT(-5180, out);
  6269. #ifdef HAVE_AES_DECRYPT
  6270. ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
  6271. if (ret != 0)
  6272. ERROR_OUT(-5181, out);
  6273. if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
  6274. ERROR_OUT(-5182, out);
  6275. #endif /* HAVE_AES_DECRYPT */
  6276. #endif /* WOLFSSL_AES_128 */
  6277. #ifdef WOLFSSL_AES_192
  6278. /* 192 key size test */
  6279. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  6280. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6281. ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
  6282. cipher2, sizeof(cipher2));
  6283. if (ret != 0) {
  6284. return ret;
  6285. }
  6286. #endif
  6287. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
  6288. if (ret != 0)
  6289. ERROR_OUT(-5183, out);
  6290. #ifdef HAVE_AES_DECRYPT
  6291. /* decrypt uses AES_ENCRYPTION */
  6292. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
  6293. if (ret != 0)
  6294. ERROR_OUT(-5184, out);
  6295. #endif
  6296. XMEMSET(cipher, 0, sizeof(cipher));
  6297. ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
  6298. if (ret != 0)
  6299. ERROR_OUT(-5185, out);
  6300. if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
  6301. ERROR_OUT(-5186, out);
  6302. #ifdef HAVE_AES_DECRYPT
  6303. ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
  6304. if (ret != 0)
  6305. ERROR_OUT(-5187, out);
  6306. if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
  6307. ERROR_OUT(-5188, out);
  6308. #endif /* HAVE_AES_DECRYPT */
  6309. #endif /* WOLFSSL_AES_192 */
  6310. #ifdef WOLFSSL_AES_256
  6311. /* 256 key size test */
  6312. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  6313. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6314. ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
  6315. cipher3, sizeof(cipher3));
  6316. if (ret != 0) {
  6317. return ret;
  6318. }
  6319. #endif
  6320. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
  6321. if (ret != 0)
  6322. ERROR_OUT(-5189, out);
  6323. #ifdef HAVE_AES_DECRYPT
  6324. /* decrypt uses AES_ENCRYPTION */
  6325. ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
  6326. if (ret != 0)
  6327. ERROR_OUT(-5190, out);
  6328. #endif
  6329. /* test with data left overs, magic lengths are checking near edges */
  6330. XMEMSET(cipher, 0, sizeof(cipher));
  6331. ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4);
  6332. if (ret != 0)
  6333. ERROR_OUT(-5191, out);
  6334. if (XMEMCMP(cipher, cipher3, 4))
  6335. ERROR_OUT(-5192, out);
  6336. ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27);
  6337. if (ret != 0)
  6338. ERROR_OUT(-5193, out);
  6339. if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
  6340. ERROR_OUT(-5194, out);
  6341. ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
  6342. (AES_BLOCK_SIZE * 4) - 31);
  6343. if (ret != 0)
  6344. ERROR_OUT(-5195, out);
  6345. if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
  6346. ERROR_OUT(-5196, out);
  6347. #ifdef HAVE_AES_DECRYPT
  6348. ret = wc_AesCfbDecrypt(dec, plain, cipher, 4);
  6349. if (ret != 0)
  6350. ERROR_OUT(-5197, out);
  6351. if (XMEMCMP(plain, msg3, 4))
  6352. ERROR_OUT(-5198, out);
  6353. ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4);
  6354. if (ret != 0)
  6355. ERROR_OUT(-5199, out);
  6356. ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23);
  6357. if (ret != 0)
  6358. ERROR_OUT(-5200, out);
  6359. if (XMEMCMP(plain + 4, msg3 + 4, 27))
  6360. ERROR_OUT(-5201, out);
  6361. ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
  6362. (AES_BLOCK_SIZE * 4) - 31);
  6363. if (ret != 0)
  6364. ERROR_OUT(-5202, out);
  6365. if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
  6366. ERROR_OUT(-5203, out);
  6367. #endif /* HAVE_AES_DECRYPT */
  6368. #endif /* WOLFSSL_AES_256 */
  6369. out:
  6370. if (enc_inited)
  6371. wc_AesFree(enc);
  6372. if (dec_inited)
  6373. wc_AesFree(dec);
  6374. #ifdef WOLFSSL_SMALL_STACK
  6375. if (enc)
  6376. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  6377. #ifdef HAVE_AES_DECRYPT
  6378. if (dec)
  6379. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  6380. #endif
  6381. #endif
  6382. return ret;
  6383. }
  6384. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6385. static int aescfb1_test(void)
  6386. {
  6387. #ifdef WOLFSSL_SMALL_STACK
  6388. Aes *enc = NULL;
  6389. #else
  6390. Aes enc[1];
  6391. #endif
  6392. int enc_inited = 0;
  6393. byte cipher[AES_BLOCK_SIZE];
  6394. #ifdef HAVE_AES_DECRYPT
  6395. #ifdef WOLFSSL_SMALL_STACK
  6396. Aes *dec = NULL;
  6397. #else
  6398. Aes dec[1];
  6399. #endif
  6400. int dec_inited = 0;
  6401. byte plain [AES_BLOCK_SIZE];
  6402. #endif
  6403. int ret = 0;
  6404. #ifdef WOLFSSL_AES_128
  6405. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  6406. 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9,
  6407. 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7
  6408. };
  6409. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  6410. {
  6411. 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73,
  6412. 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66
  6413. };
  6414. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  6415. {
  6416. 0x00
  6417. };
  6418. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  6419. {
  6420. 0xC0
  6421. };
  6422. #endif /* WOLFSSL_AES_128 */
  6423. #ifdef WOLFSSL_AES_192
  6424. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  6425. 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13,
  6426. 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e
  6427. };
  6428. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  6429. {
  6430. 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10,
  6431. 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6,
  6432. 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a
  6433. };
  6434. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  6435. {
  6436. 0x30
  6437. };
  6438. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  6439. {
  6440. 0x80
  6441. };
  6442. #endif /* WOLFSSL_AES_192 */
  6443. #ifdef WOLFSSL_AES_256
  6444. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
  6445. 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e,
  6446. 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0
  6447. };
  6448. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  6449. {
  6450. 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50,
  6451. 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e,
  6452. 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20,
  6453. 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40
  6454. };
  6455. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  6456. {
  6457. 0xF7, 0x00
  6458. };
  6459. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  6460. {
  6461. 0x41, 0xC0
  6462. };
  6463. #endif /* WOLFSSL_AES_256 */
  6464. #ifdef WOLFSSL_SMALL_STACK
  6465. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6466. ERROR_OUT(-1, out);
  6467. #ifdef HAVE_AES_DECRYPT
  6468. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6469. ERROR_OUT(-1, out);
  6470. #endif
  6471. #endif
  6472. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  6473. ERROR_OUT(-5204, out);
  6474. else
  6475. enc_inited = 1;
  6476. #ifdef HAVE_AES_DECRYPT
  6477. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  6478. ERROR_OUT(-5205, out);
  6479. else
  6480. dec_inited = 1;
  6481. #endif
  6482. #ifdef WOLFSSL_AES_128
  6483. /* 128 key tests */
  6484. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6485. if (ret != 0)
  6486. ERROR_OUT(-5206, out);
  6487. #ifdef HAVE_AES_DECRYPT
  6488. /* decrypt uses AES_ENCRYPTION */
  6489. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6490. if (ret != 0)
  6491. ERROR_OUT(-5207, out);
  6492. #endif
  6493. XMEMSET(cipher, 0, sizeof(cipher));
  6494. ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2);
  6495. if (ret != 0)
  6496. ERROR_OUT(-5208, out);
  6497. if (cipher[0] != cipher1[0])
  6498. ERROR_OUT(-5209, out);
  6499. #ifdef HAVE_AES_DECRYPT
  6500. ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2);
  6501. if (ret != 0)
  6502. ERROR_OUT(-5210, out);
  6503. if (plain[0] != msg1[0])
  6504. ERROR_OUT(-5211, out);
  6505. #endif /* HAVE_AES_DECRYPT */
  6506. #ifdef OPENSSL_EXTRA
  6507. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6508. if (ret != 0)
  6509. ERROR_OUT(-5212, out);
  6510. XMEMSET(cipher, 0, sizeof(cipher));
  6511. ret = wc_AesCfb1Encrypt(enc, cipher, msg1,
  6512. sizeof(msg1) * WOLFSSL_BIT_SIZE);
  6513. if (ret != 0)
  6514. ERROR_OUT(-5213, out);
  6515. #ifndef WOLFCRYPT_ONLY
  6516. ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
  6517. cipher, sizeof(msg1));
  6518. if (ret != 0) {
  6519. goto out;
  6520. }
  6521. #endif
  6522. #endif
  6523. #endif /* WOLFSSL_AES_128 */
  6524. #ifdef WOLFSSL_AES_192
  6525. /* 192 key tests */
  6526. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  6527. if (ret != 0)
  6528. ERROR_OUT(-5214, out);
  6529. XMEMSET(cipher, 0, sizeof(cipher));
  6530. ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4);
  6531. if (ret != 0)
  6532. ERROR_OUT(-5215, out);
  6533. if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0)
  6534. ERROR_OUT(-5216, out);
  6535. #ifdef OPENSSL_EXTRA
  6536. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  6537. if (ret != 0)
  6538. ERROR_OUT(-5217, out);
  6539. XMEMSET(cipher, 0, sizeof(cipher));
  6540. ret = wc_AesCfb1Encrypt(enc, cipher, msg2,
  6541. sizeof(msg2) * WOLFSSL_BIT_SIZE);
  6542. if (ret != 0)
  6543. ERROR_OUT(-5218, out);
  6544. #ifndef WOLFCRYPT_ONLY
  6545. ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
  6546. cipher, sizeof(msg2));
  6547. if (ret != 0) {
  6548. goto out;
  6549. }
  6550. #endif
  6551. #endif
  6552. #endif /* WOLFSSL_AES_192 */
  6553. #ifdef WOLFSSL_AES_256
  6554. /* 256 key tests */
  6555. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  6556. if (ret != 0)
  6557. ERROR_OUT(-5219, out);
  6558. XMEMSET(cipher, 0, sizeof(cipher));
  6559. ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10);
  6560. if (ret != 0)
  6561. ERROR_OUT(-5220, out);
  6562. if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
  6563. ERROR_OUT(-5221, out);
  6564. #ifdef OPENSSL_EXTRA
  6565. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  6566. if (ret != 0)
  6567. ERROR_OUT(-5222, out);
  6568. XMEMSET(cipher, 0, sizeof(cipher));
  6569. ret = wc_AesCfb1Encrypt(enc, cipher, msg3,
  6570. sizeof(msg3) * WOLFSSL_BIT_SIZE);
  6571. if (ret != 0)
  6572. ERROR_OUT(-5223, out);
  6573. #ifndef WOLFCRYPT_ONLY
  6574. ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
  6575. cipher, sizeof(msg3));
  6576. if (ret != 0) {
  6577. goto out;
  6578. }
  6579. #endif
  6580. #endif
  6581. out:
  6582. if (enc_inited)
  6583. wc_AesFree(enc);
  6584. #ifdef HAVE_AES_DECRYPT
  6585. if (dec_inited)
  6586. wc_AesFree(dec);
  6587. #endif
  6588. #ifdef WOLFSSL_SMALL_STACK
  6589. if (enc)
  6590. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  6591. #ifdef HAVE_AES_DECRYPT
  6592. if (dec)
  6593. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  6594. #endif
  6595. #endif
  6596. #endif /* WOLFSSL_AES_256 */
  6597. return ret;
  6598. }
  6599. static int aescfb8_test(void)
  6600. {
  6601. #ifdef WOLFSSL_SMALL_STACK
  6602. Aes *enc = NULL;
  6603. #else
  6604. Aes enc[1];
  6605. #endif
  6606. int enc_inited = 0;
  6607. byte cipher[AES_BLOCK_SIZE];
  6608. #ifdef HAVE_AES_DECRYPT
  6609. #ifdef WOLFSSL_SMALL_STACK
  6610. Aes *dec = NULL;
  6611. #else
  6612. Aes dec[1];
  6613. #endif
  6614. int dec_inited = 0;
  6615. byte plain [AES_BLOCK_SIZE];
  6616. #endif
  6617. int ret = 0;
  6618. #ifdef WOLFSSL_AES_128
  6619. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  6620. 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae,
  6621. 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22
  6622. };
  6623. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  6624. {
  6625. 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46,
  6626. 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4
  6627. };
  6628. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  6629. {
  6630. 0xd2,0x76,0x91
  6631. };
  6632. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  6633. {
  6634. 0xc9,0x06,0x35
  6635. };
  6636. #endif /* WOLFSSL_AES_128 */
  6637. #ifdef WOLFSSL_AES_192
  6638. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  6639. 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93,
  6640. 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29
  6641. };
  6642. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  6643. {
  6644. 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5,
  6645. 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54,
  6646. 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3
  6647. };
  6648. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  6649. {
  6650. 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e,
  6651. 0xb5,0xe8
  6652. };
  6653. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  6654. {
  6655. 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3,
  6656. 0x3a,0x60
  6657. };
  6658. #endif
  6659. #ifdef WOLFSSL_AES_256
  6660. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
  6661. 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44,
  6662. 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b
  6663. };
  6664. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  6665. {
  6666. 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc,
  6667. 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9,
  6668. 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23,
  6669. 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66
  6670. };
  6671. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  6672. {
  6673. 0x1c,0xff,0x95
  6674. };
  6675. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  6676. {
  6677. 0xb9,0x74,0xfa
  6678. };
  6679. #endif
  6680. #ifdef WOLFSSL_SMALL_STACK
  6681. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6682. ERROR_OUT(-5238, out);
  6683. #ifdef HAVE_AES_DECRYPT
  6684. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6685. ERROR_OUT(-5239, out);
  6686. #endif
  6687. #endif
  6688. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  6689. ERROR_OUT(-5224, out);
  6690. else
  6691. enc_inited = 1;
  6692. #ifdef HAVE_AES_DECRYPT
  6693. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  6694. ERROR_OUT(-5225, out);
  6695. else
  6696. dec_inited = 1;
  6697. #endif
  6698. #ifdef WOLFSSL_AES_128
  6699. /* 128 key tests */
  6700. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  6701. ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
  6702. cipher1, sizeof(cipher1));
  6703. if (ret != 0) {
  6704. return ret;
  6705. }
  6706. #endif
  6707. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6708. if (ret != 0)
  6709. ERROR_OUT(-5226, out);
  6710. #ifdef HAVE_AES_DECRYPT
  6711. /* decrypt uses AES_ENCRYPTION */
  6712. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6713. if (ret != 0)
  6714. ERROR_OUT(-5227, out);
  6715. #endif
  6716. XMEMSET(cipher, 0, sizeof(cipher));
  6717. ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1));
  6718. if (ret != 0)
  6719. ERROR_OUT(-5228, out);
  6720. if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0)
  6721. ERROR_OUT(-5229, out);
  6722. #ifdef HAVE_AES_DECRYPT
  6723. ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1));
  6724. if (ret != 0)
  6725. ERROR_OUT(-5230, out);
  6726. if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0)
  6727. ERROR_OUT(-5231, out);
  6728. #endif /* HAVE_AES_DECRYPT */
  6729. #endif /* WOLFSSL_AES_128 */
  6730. #ifdef WOLFSSL_AES_192
  6731. /* 192 key tests */
  6732. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  6733. if (ret != 0)
  6734. ERROR_OUT(-5232, out);
  6735. XMEMSET(cipher, 0, sizeof(cipher));
  6736. ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2));
  6737. if (ret != 0)
  6738. ERROR_OUT(-5233, out);
  6739. if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
  6740. ERROR_OUT(-5234, out);
  6741. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  6742. ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
  6743. cipher2, sizeof(msg2));
  6744. if (ret != 0) {
  6745. return ret;
  6746. }
  6747. #endif
  6748. #endif /* WOLFSSL_AES_192 */
  6749. #ifdef WOLFSSL_AES_256
  6750. /* 256 key tests */
  6751. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  6752. if (ret != 0)
  6753. ERROR_OUT(-5235, out);
  6754. XMEMSET(cipher, 0, sizeof(cipher));
  6755. ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3));
  6756. if (ret != 0)
  6757. ERROR_OUT(-5236, out);
  6758. if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
  6759. ERROR_OUT(-5237, out);
  6760. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  6761. ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
  6762. cipher3, sizeof(msg3));
  6763. if (ret != 0) {
  6764. goto out;
  6765. }
  6766. #endif
  6767. out:
  6768. if (enc_inited)
  6769. wc_AesFree(enc);
  6770. #ifdef HAVE_AES_DECRYPT
  6771. if (dec_inited)
  6772. wc_AesFree(dec);
  6773. #endif
  6774. #ifdef WOLFSSL_SMALL_STACK
  6775. if (enc)
  6776. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  6777. #ifdef HAVE_AES_DECRYPT
  6778. if (dec)
  6779. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  6780. #endif
  6781. #endif
  6782. #endif /* WOLFSSL_AES_256 */
  6783. return ret;
  6784. }
  6785. #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
  6786. #endif /* WOLFSSL_AES_CFB */
  6787. static int aes_key_size_test(void)
  6788. {
  6789. int ret;
  6790. #ifdef WOLFSSL_SMALL_STACK
  6791. Aes *aes;
  6792. #else
  6793. Aes aes[1];
  6794. #endif
  6795. byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  6796. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
  6797. #ifndef WOLFSSL_CRYPTOCELL
  6798. byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  6799. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  6800. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
  6801. #endif
  6802. byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  6803. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  6804. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  6805. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
  6806. byte iv[] = "1234567890abcdef";
  6807. #ifndef HAVE_FIPS
  6808. word32 keySize;
  6809. #endif
  6810. #ifdef WOLFSSL_SMALL_STACK
  6811. if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6812. return -5315;
  6813. #endif
  6814. #if !defined(HAVE_FIPS) || \
  6815. defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
  6816. /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
  6817. * supported with that FIPS version */
  6818. ret = wc_AesInit(NULL, HEAP_HINT, devId);
  6819. if (ret != BAD_FUNC_ARG)
  6820. ERROR_OUT(-5300, out);
  6821. #endif
  6822. ret = wc_AesInit(aes, HEAP_HINT, devId);
  6823. /* 0 check OK for FIPSv1 */
  6824. if (ret != 0)
  6825. ERROR_OUT(-5301, out);
  6826. #ifndef HAVE_FIPS
  6827. /* Parameter Validation testing. */
  6828. ret = wc_AesGetKeySize(NULL, NULL);
  6829. if (ret != BAD_FUNC_ARG)
  6830. ERROR_OUT(-5302, out);
  6831. ret = wc_AesGetKeySize(aes, NULL);
  6832. if (ret != BAD_FUNC_ARG)
  6833. ERROR_OUT(-5303, out);
  6834. ret = wc_AesGetKeySize(NULL, &keySize);
  6835. if (ret != BAD_FUNC_ARG)
  6836. ERROR_OUT(-5304, out);
  6837. /* Crashes in FIPS */
  6838. ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
  6839. if (ret != BAD_FUNC_ARG)
  6840. ERROR_OUT(-5305, out);
  6841. #endif
  6842. /* NULL IV indicates to use all zeros IV. */
  6843. ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
  6844. #ifdef WOLFSSL_AES_128
  6845. if (ret != 0)
  6846. #else
  6847. if (ret != BAD_FUNC_ARG)
  6848. #endif
  6849. ERROR_OUT(-5306, out);
  6850. ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
  6851. if (ret != BAD_FUNC_ARG)
  6852. ERROR_OUT(-5307, out);
  6853. /* CryptoCell handles rounds internally */
  6854. #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
  6855. /* Force invalid rounds */
  6856. aes->rounds = 16;
  6857. ret = wc_AesGetKeySize(aes, &keySize);
  6858. if (ret != BAD_FUNC_ARG)
  6859. ERROR_OUT(-5308, out);
  6860. #endif
  6861. ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
  6862. #ifdef WOLFSSL_AES_128
  6863. if (ret != 0)
  6864. #else
  6865. if (ret != BAD_FUNC_ARG)
  6866. #endif
  6867. ERROR_OUT(-5309, out);
  6868. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
  6869. ret = wc_AesGetKeySize(aes, &keySize);
  6870. if (ret != 0 || keySize != sizeof(key16))
  6871. ERROR_OUT(-5310, out);
  6872. #endif
  6873. #ifndef WOLFSSL_CRYPTOCELL
  6874. /* Cryptocell only supports AES-128 key size */
  6875. ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
  6876. #ifdef WOLFSSL_AES_192
  6877. if (ret != 0)
  6878. #else
  6879. if (ret != BAD_FUNC_ARG)
  6880. #endif
  6881. ERROR_OUT(-5311, out);
  6882. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
  6883. ret = wc_AesGetKeySize(aes, &keySize);
  6884. if (ret != 0 || keySize != sizeof(key24))
  6885. ERROR_OUT(-5312, out);
  6886. #endif
  6887. ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
  6888. #ifdef WOLFSSL_AES_256
  6889. if (ret != 0)
  6890. #else
  6891. if (ret != BAD_FUNC_ARG)
  6892. #endif
  6893. ERROR_OUT(-5313, out);
  6894. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
  6895. ret = wc_AesGetKeySize(aes, &keySize);
  6896. if (ret != 0 || keySize != sizeof(key32))
  6897. ERROR_OUT(-5314, out);
  6898. #endif
  6899. #endif /* !WOLFSSL_CRYPTOCELL */
  6900. ret = 0; /* success */
  6901. out:
  6902. #ifdef WOLFSSL_SMALL_STACK
  6903. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  6904. #endif
  6905. return ret;
  6906. }
  6907. #if defined(WOLFSSL_AES_XTS)
  6908. /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
  6909. #ifdef WOLFSSL_AES_128
  6910. static int aes_xts_128_test(void)
  6911. {
  6912. #ifdef WOLFSSL_SMALL_STACK
  6913. XtsAes *aes = NULL;
  6914. #else
  6915. XtsAes aes[1];
  6916. #endif
  6917. int aes_inited = 0;
  6918. int ret = 0;
  6919. unsigned char buf[AES_BLOCK_SIZE * 2];
  6920. unsigned char cipher[AES_BLOCK_SIZE * 2];
  6921. /* 128 key tests */
  6922. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  6923. 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
  6924. 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
  6925. 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
  6926. 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
  6927. };
  6928. WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
  6929. 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
  6930. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  6931. };
  6932. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  6933. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  6934. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
  6935. };
  6936. /* plain text test of partial block is not from NIST test vector list */
  6937. WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
  6938. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  6939. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
  6940. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  6941. };
  6942. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  6943. 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
  6944. 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
  6945. };
  6946. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  6947. 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
  6948. 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
  6949. 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
  6950. 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
  6951. };
  6952. WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
  6953. 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
  6954. 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
  6955. };
  6956. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  6957. 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
  6958. 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
  6959. 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
  6960. 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
  6961. };
  6962. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  6963. 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
  6964. 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
  6965. 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
  6966. 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
  6967. };
  6968. #ifdef WOLFSSL_SMALL_STACK
  6969. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6970. ERROR_OUT(-5417, out);
  6971. #endif
  6972. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  6973. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6974. ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
  6975. if (ret != 0) {
  6976. printf("EVP_aes_128_xts failed!\n");
  6977. goto out;
  6978. }
  6979. #endif
  6980. XMEMSET(buf, 0, sizeof(buf));
  6981. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
  6982. HEAP_HINT, devId) != 0)
  6983. ERROR_OUT(-5400, out);
  6984. else
  6985. aes_inited = 1;
  6986. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  6987. #if defined(WOLFSSL_ASYNC_CRYPT)
  6988. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  6989. #endif
  6990. if (ret != 0)
  6991. ERROR_OUT(-5401, out);
  6992. if (XMEMCMP(c2, buf, sizeof(c2)))
  6993. ERROR_OUT(-5402, out);
  6994. XMEMSET(buf, 0, sizeof(buf));
  6995. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
  6996. HEAP_HINT, devId) != 0)
  6997. ERROR_OUT(-5403, out);
  6998. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  6999. #if defined(WOLFSSL_ASYNC_CRYPT)
  7000. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7001. #endif
  7002. if (ret != 0)
  7003. ERROR_OUT(-5404, out);
  7004. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  7005. ERROR_OUT(-5405, out);
  7006. /* partial block encryption test */
  7007. XMEMSET(cipher, 0, sizeof(cipher));
  7008. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  7009. #if defined(WOLFSSL_ASYNC_CRYPT)
  7010. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7011. #endif
  7012. if (ret != 0)
  7013. ERROR_OUT(-5406, out);
  7014. wc_AesXtsFree(aes);
  7015. /* partial block decrypt test */
  7016. XMEMSET(buf, 0, sizeof(buf));
  7017. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
  7018. HEAP_HINT, devId) != 0)
  7019. ERROR_OUT(-5407, out);
  7020. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  7021. #if defined(WOLFSSL_ASYNC_CRYPT)
  7022. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7023. #endif
  7024. if (ret != 0)
  7025. ERROR_OUT(-5408, out);
  7026. if (XMEMCMP(pp, buf, sizeof(pp)))
  7027. ERROR_OUT(-5409, out);
  7028. /* NIST decrypt test vector */
  7029. XMEMSET(buf, 0, sizeof(buf));
  7030. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  7031. #if defined(WOLFSSL_ASYNC_CRYPT)
  7032. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7033. #endif
  7034. if (ret != 0)
  7035. ERROR_OUT(-5410, out);
  7036. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  7037. ERROR_OUT(-5411, out);
  7038. /* fail case with decrypting using wrong key */
  7039. XMEMSET(buf, 0, sizeof(buf));
  7040. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  7041. #if defined(WOLFSSL_ASYNC_CRYPT)
  7042. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7043. #endif
  7044. if (ret != 0)
  7045. ERROR_OUT(-5412, out);
  7046. if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
  7047. ERROR_OUT(-5413, out);
  7048. /* set correct key and retest */
  7049. XMEMSET(buf, 0, sizeof(buf));
  7050. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
  7051. HEAP_HINT, devId) != 0)
  7052. ERROR_OUT(-5414, out);
  7053. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  7054. #if defined(WOLFSSL_ASYNC_CRYPT)
  7055. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7056. #endif
  7057. if (ret != 0)
  7058. ERROR_OUT(-5415, out);
  7059. if (XMEMCMP(p2, buf, sizeof(p2)))
  7060. ERROR_OUT(-5416, out);
  7061. out:
  7062. if (aes_inited)
  7063. wc_AesXtsFree(aes);
  7064. #ifdef WOLFSSL_SMALL_STACK
  7065. if (aes)
  7066. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  7067. #endif
  7068. return ret;
  7069. }
  7070. #endif /* WOLFSSL_AES_128 */
  7071. #ifdef WOLFSSL_AES_256
  7072. static int aes_xts_256_test(void)
  7073. {
  7074. #ifdef WOLFSSL_SMALL_STACK
  7075. XtsAes *aes = NULL;
  7076. #else
  7077. XtsAes aes[1];
  7078. #endif
  7079. int aes_inited = 0;
  7080. int ret = 0;
  7081. unsigned char buf[AES_BLOCK_SIZE * 3];
  7082. unsigned char cipher[AES_BLOCK_SIZE * 3];
  7083. /* 256 key tests */
  7084. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  7085. 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
  7086. 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
  7087. 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
  7088. 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
  7089. 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
  7090. 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
  7091. 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
  7092. 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
  7093. };
  7094. WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
  7095. 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
  7096. 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
  7097. };
  7098. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  7099. 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
  7100. 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
  7101. 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
  7102. 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
  7103. };
  7104. /* plain text test of partial block is not from NIST test vector list */
  7105. WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
  7106. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  7107. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
  7108. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  7109. };
  7110. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  7111. 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
  7112. 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
  7113. 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
  7114. 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
  7115. };
  7116. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  7117. 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
  7118. 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
  7119. 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
  7120. 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
  7121. 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
  7122. 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
  7123. 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
  7124. 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
  7125. };
  7126. WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
  7127. 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
  7128. 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
  7129. };
  7130. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  7131. 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
  7132. 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
  7133. 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
  7134. 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
  7135. 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
  7136. 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
  7137. };
  7138. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  7139. 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
  7140. 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
  7141. 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
  7142. 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
  7143. 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
  7144. 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
  7145. };
  7146. #ifdef WOLFSSL_SMALL_STACK
  7147. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7148. ERROR_OUT(-5515, out);
  7149. #endif
  7150. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  7151. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7152. ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
  7153. if (ret != 0) {
  7154. printf("EVP_aes_256_xts failed\n");
  7155. goto out;
  7156. }
  7157. #endif
  7158. XMEMSET(buf, 0, sizeof(buf));
  7159. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
  7160. HEAP_HINT, devId) != 0)
  7161. ERROR_OUT(-5500, out);
  7162. else
  7163. aes_inited = 1;
  7164. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  7165. #if defined(WOLFSSL_ASYNC_CRYPT)
  7166. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7167. #endif
  7168. if (ret != 0)
  7169. ERROR_OUT(-5501, out);
  7170. if (XMEMCMP(c2, buf, sizeof(c2)))
  7171. ERROR_OUT(-5502, out);
  7172. XMEMSET(buf, 0, sizeof(buf));
  7173. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
  7174. HEAP_HINT, devId) != 0)
  7175. ERROR_OUT(-5503, out);
  7176. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  7177. #if defined(WOLFSSL_ASYNC_CRYPT)
  7178. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7179. #endif
  7180. if (ret != 0)
  7181. ERROR_OUT(-5504, out);
  7182. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  7183. ERROR_OUT(-5505, out);
  7184. /* partial block encryption test */
  7185. XMEMSET(cipher, 0, sizeof(cipher));
  7186. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  7187. #if defined(WOLFSSL_ASYNC_CRYPT)
  7188. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7189. #endif
  7190. if (ret != 0)
  7191. ERROR_OUT(-5506, out);
  7192. wc_AesXtsFree(aes);
  7193. /* partial block decrypt test */
  7194. XMEMSET(buf, 0, sizeof(buf));
  7195. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
  7196. HEAP_HINT, devId) != 0)
  7197. ERROR_OUT(-5507, out);
  7198. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  7199. #if defined(WOLFSSL_ASYNC_CRYPT)
  7200. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7201. #endif
  7202. if (ret != 0)
  7203. ERROR_OUT(-5508, out);
  7204. if (XMEMCMP(pp, buf, sizeof(pp)))
  7205. ERROR_OUT(-5509, out);
  7206. /* NIST decrypt test vector */
  7207. XMEMSET(buf, 0, sizeof(buf));
  7208. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  7209. #if defined(WOLFSSL_ASYNC_CRYPT)
  7210. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7211. #endif
  7212. if (ret != 0)
  7213. ERROR_OUT(-5510, out);
  7214. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  7215. ERROR_OUT(-5511, out);
  7216. XMEMSET(buf, 0, sizeof(buf));
  7217. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
  7218. HEAP_HINT, devId) != 0)
  7219. ERROR_OUT(-5512, out);
  7220. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  7221. #if defined(WOLFSSL_ASYNC_CRYPT)
  7222. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7223. #endif
  7224. if (ret != 0)
  7225. ERROR_OUT(-5513, out);
  7226. if (XMEMCMP(p2, buf, sizeof(p2)))
  7227. ERROR_OUT(-5514, out);
  7228. out:
  7229. if (aes_inited)
  7230. wc_AesXtsFree(aes);
  7231. #ifdef WOLFSSL_SMALL_STACK
  7232. if (aes)
  7233. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  7234. #endif
  7235. return ret;
  7236. }
  7237. #endif /* WOLFSSL_AES_256 */
  7238. #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
  7239. /* both 128 and 256 bit key test */
  7240. static int aes_xts_sector_test(void)
  7241. {
  7242. #ifdef WOLFSSL_SMALL_STACK
  7243. XtsAes *aes = NULL;
  7244. #else
  7245. XtsAes aes[1];
  7246. #endif
  7247. int aes_inited = 0;
  7248. int ret = 0;
  7249. unsigned char buf[AES_BLOCK_SIZE * 2];
  7250. /* 128 key tests */
  7251. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  7252. 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
  7253. 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
  7254. 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
  7255. 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
  7256. };
  7257. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  7258. 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
  7259. 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
  7260. };
  7261. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  7262. 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
  7263. 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
  7264. };
  7265. word64 s1 = 141;
  7266. /* 256 key tests */
  7267. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  7268. 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
  7269. 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
  7270. 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
  7271. 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
  7272. 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
  7273. 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
  7274. 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
  7275. 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
  7276. };
  7277. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  7278. 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
  7279. 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
  7280. 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
  7281. 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
  7282. };
  7283. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  7284. 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
  7285. 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
  7286. 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
  7287. 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
  7288. };
  7289. word64 s2 = 187;
  7290. #ifdef WOLFSSL_SMALL_STACK
  7291. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7292. ERROR_OUT(-5612, out);
  7293. #endif
  7294. XMEMSET(buf, 0, sizeof(buf));
  7295. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
  7296. HEAP_HINT, devId) != 0)
  7297. ERROR_OUT(-5600, out);
  7298. else
  7299. aes_inited = 1;
  7300. ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1);
  7301. #if defined(WOLFSSL_ASYNC_CRYPT)
  7302. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7303. #endif
  7304. if (ret != 0)
  7305. ERROR_OUT(-5601, out);
  7306. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  7307. ERROR_OUT(-5602, out);
  7308. /* decrypt test */
  7309. XMEMSET(buf, 0, sizeof(buf));
  7310. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
  7311. HEAP_HINT, devId) != 0)
  7312. ERROR_OUT(-5603, out);
  7313. ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
  7314. #if defined(WOLFSSL_ASYNC_CRYPT)
  7315. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7316. #endif
  7317. if (ret != 0)
  7318. ERROR_OUT(-5604, out);
  7319. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  7320. ERROR_OUT(-5605, out);
  7321. wc_AesXtsFree(aes);
  7322. /* 256 bit key tests */
  7323. XMEMSET(buf, 0, sizeof(buf));
  7324. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
  7325. HEAP_HINT, devId) != 0)
  7326. ERROR_OUT(-5606, out);
  7327. ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2);
  7328. #if defined(WOLFSSL_ASYNC_CRYPT)
  7329. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7330. #endif
  7331. if (ret != 0)
  7332. ERROR_OUT(-5607, out);
  7333. if (XMEMCMP(c2, buf, sizeof(c2)))
  7334. ERROR_OUT(-5608, out);
  7335. /* decrypt test */
  7336. XMEMSET(buf, 0, sizeof(buf));
  7337. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
  7338. HEAP_HINT, devId) != 0)
  7339. ERROR_OUT(-5609, out);
  7340. ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
  7341. #if defined(WOLFSSL_ASYNC_CRYPT)
  7342. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7343. #endif
  7344. if (ret != 0)
  7345. ERROR_OUT(-5610, out);
  7346. if (XMEMCMP(p2, buf, sizeof(p2)))
  7347. ERROR_OUT(-5611, out);
  7348. out:
  7349. if (aes_inited)
  7350. wc_AesXtsFree(aes);
  7351. #ifdef WOLFSSL_SMALL_STACK
  7352. if (aes)
  7353. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  7354. #endif
  7355. return ret;
  7356. }
  7357. #endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
  7358. #ifdef WOLFSSL_AES_128
  7359. /* testing of bad arguments */
  7360. static int aes_xts_args_test(void)
  7361. {
  7362. #ifdef WOLFSSL_SMALL_STACK
  7363. XtsAes *aes = NULL;
  7364. #else
  7365. XtsAes aes[1];
  7366. #endif
  7367. int aes_inited = 0;
  7368. int ret;
  7369. unsigned char buf[AES_BLOCK_SIZE * 2];
  7370. /* 128 key tests */
  7371. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  7372. 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
  7373. 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
  7374. 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
  7375. 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
  7376. };
  7377. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  7378. 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
  7379. 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
  7380. };
  7381. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  7382. 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
  7383. 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
  7384. };
  7385. word64 s1 = 141;
  7386. #ifdef WOLFSSL_SMALL_STACK
  7387. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7388. ERROR_OUT(-5708, out);
  7389. #endif
  7390. if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION,
  7391. HEAP_HINT, devId) == 0)
  7392. ERROR_OUT(-5700, out);
  7393. if (wc_AesXtsSetKey(aes, NULL, sizeof(k1), AES_ENCRYPTION,
  7394. HEAP_HINT, devId) == 0)
  7395. ERROR_OUT(-5701, out);
  7396. /* encryption operations */
  7397. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
  7398. HEAP_HINT, devId) != 0)
  7399. ERROR_OUT(-5702, out);
  7400. else
  7401. aes_inited = 1;
  7402. ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
  7403. #if defined(WOLFSSL_ASYNC_CRYPT)
  7404. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7405. #endif
  7406. if (ret == 0)
  7407. ERROR_OUT(-5703, out);
  7408. ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1);
  7409. #if defined(WOLFSSL_ASYNC_CRYPT)
  7410. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7411. #endif
  7412. if (ret == 0)
  7413. ERROR_OUT(-5704, out);
  7414. wc_AesXtsFree(aes);
  7415. /* decryption operations */
  7416. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
  7417. HEAP_HINT, devId) != 0)
  7418. ERROR_OUT(-5705, out);
  7419. ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
  7420. #if defined(WOLFSSL_ASYNC_CRYPT)
  7421. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7422. #endif
  7423. if (ret == 0)
  7424. ERROR_OUT(-5706, out);
  7425. ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
  7426. #if defined(WOLFSSL_ASYNC_CRYPT)
  7427. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7428. #endif
  7429. if (ret == 0)
  7430. ERROR_OUT(-5707, out);
  7431. ret = 0;
  7432. out:
  7433. if (aes_inited)
  7434. wc_AesXtsFree(aes);
  7435. #ifdef WOLFSSL_SMALL_STACK
  7436. if (aes)
  7437. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  7438. #endif
  7439. return ret;
  7440. }
  7441. #endif /* WOLFSSL_AES_128 */
  7442. #endif /* WOLFSSL_AES_XTS */
  7443. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  7444. static int aes_cbc_test(void)
  7445. {
  7446. byte cipher[AES_BLOCK_SIZE];
  7447. byte plain[AES_BLOCK_SIZE];
  7448. int ret;
  7449. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  7450. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  7451. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  7452. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  7453. };
  7454. byte key[] = "0123456789abcdef "; /* align */
  7455. byte iv[] = "1234567890abcdef "; /* align */
  7456. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  7457. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  7458. /* Parameter Validation testing. */
  7459. ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
  7460. if (ret != BAD_FUNC_ARG)
  7461. return -5800;
  7462. #ifdef HAVE_AES_DECRYPT
  7463. ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
  7464. if (ret != BAD_FUNC_ARG)
  7465. return -5801;
  7466. #endif
  7467. ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
  7468. AES_BLOCK_SIZE, iv);
  7469. if (ret != 0)
  7470. return -5802;
  7471. #ifdef HAVE_AES_DECRYPT
  7472. ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
  7473. AES_BLOCK_SIZE, iv);
  7474. if (ret != 0)
  7475. return -5803;
  7476. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
  7477. return -5804;
  7478. #endif /* HAVE_AES_DECRYPT */
  7479. (void)plain;
  7480. return 0;
  7481. }
  7482. #endif
  7483. WOLFSSL_TEST_SUBROUTINE int aes_test(void)
  7484. {
  7485. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  7486. #ifdef WOLFSSL_SMALL_STACK
  7487. Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  7488. #else
  7489. Aes enc[1];
  7490. #endif
  7491. byte cipher[AES_BLOCK_SIZE * 4];
  7492. #ifdef HAVE_AES_DECRYPT
  7493. #ifdef WOLFSSL_SMALL_STACK
  7494. Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  7495. #else
  7496. Aes dec[1];
  7497. #endif
  7498. byte plain [AES_BLOCK_SIZE * 4];
  7499. #endif /* HAVE_AES_DECRYPT */
  7500. #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
  7501. int ret = 0;
  7502. #ifdef HAVE_AES_CBC
  7503. #ifdef WOLFSSL_AES_128
  7504. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  7505. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  7506. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  7507. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  7508. };
  7509. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  7510. {
  7511. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  7512. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
  7513. };
  7514. WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef "; /* align */
  7515. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */
  7516. #ifdef WOLFSSL_SMALL_STACK
  7517. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  7518. if (enc == NULL)
  7519. ERROR_OUT(-5948, out);
  7520. #endif
  7521. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  7522. if (dec == NULL)
  7523. ERROR_OUT(-5949, out);
  7524. #endif
  7525. #endif
  7526. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  7527. ERROR_OUT(-5900, out); /* note this error code is used programmatically in cleanup. */
  7528. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
  7529. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  7530. ERROR_OUT(-5901, out); /* note this error code is used programmatically in cleanup. */
  7531. #endif
  7532. ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  7533. if (ret != 0)
  7534. ERROR_OUT(-5902, out);
  7535. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
  7536. ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
  7537. if (ret != 0)
  7538. ERROR_OUT(-5903, out);
  7539. #endif
  7540. XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
  7541. ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
  7542. #if defined(WOLFSSL_ASYNC_CRYPT)
  7543. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  7544. #endif
  7545. if (ret != 0)
  7546. ERROR_OUT(-5904, out);
  7547. #ifdef HAVE_AES_DECRYPT
  7548. XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
  7549. ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
  7550. #if defined(WOLFSSL_ASYNC_CRYPT)
  7551. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  7552. #endif
  7553. if (ret != 0)
  7554. ERROR_OUT(-5905, out);
  7555. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  7556. ERROR_OUT(-5906, out);
  7557. #endif /* HAVE_AES_DECRYPT */
  7558. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  7559. ERROR_OUT(-5907, out);
  7560. #endif /* WOLFSSL_AES_128 */
  7561. #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
  7562. {
  7563. WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
  7564. /* "All work and no play makes Jack a dull boy. " */
  7565. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7566. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7567. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7568. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  7569. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  7570. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  7571. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  7572. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  7573. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  7574. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  7575. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  7576. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7577. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7578. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7579. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  7580. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  7581. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  7582. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  7583. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  7584. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  7585. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  7586. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  7587. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7588. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7589. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7590. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  7591. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  7592. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  7593. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  7594. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  7595. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  7596. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  7597. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  7598. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7599. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7600. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7601. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  7602. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  7603. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  7604. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  7605. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  7606. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  7607. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  7608. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  7609. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7610. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7611. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7612. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
  7613. };
  7614. WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
  7615. word32 keySz, msgSz;
  7616. #ifdef WOLFSSL_SMALL_STACK
  7617. byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7618. byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7619. if ((bigCipher == NULL) ||
  7620. (bigPlain == NULL)) {
  7621. if (bigCipher != NULL)
  7622. XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7623. ERROR_OUT(-5947, out);
  7624. }
  7625. #else
  7626. byte bigCipher[sizeof(bigMsg)];
  7627. byte bigPlain[sizeof(bigMsg)];
  7628. #endif
  7629. /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
  7630. * message by AES_BLOCK_SIZE for each size of AES key. */
  7631. for (keySz = 16; keySz <= 32; keySz += 8) {
  7632. for (msgSz = AES_BLOCK_SIZE;
  7633. msgSz <= sizeof(bigMsg);
  7634. msgSz += AES_BLOCK_SIZE) {
  7635. XMEMSET(bigCipher, 0, sizeof(bigMsg));
  7636. XMEMSET(bigPlain, 0, sizeof(bigMsg));
  7637. ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
  7638. if (ret != 0) {
  7639. ret = -5908;
  7640. break;
  7641. }
  7642. ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
  7643. if (ret != 0) {
  7644. ret = -5909;
  7645. break;
  7646. }
  7647. ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
  7648. #if defined(WOLFSSL_ASYNC_CRYPT)
  7649. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  7650. #endif
  7651. if (ret != 0) {
  7652. ret = -5910;
  7653. break;
  7654. }
  7655. ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
  7656. #if defined(WOLFSSL_ASYNC_CRYPT)
  7657. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  7658. #endif
  7659. if (ret != 0) {
  7660. ret = -5911;
  7661. break;
  7662. }
  7663. if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
  7664. ret = -5912;
  7665. break;
  7666. }
  7667. }
  7668. if (ret != 0)
  7669. break;
  7670. }
  7671. #ifdef WOLFSSL_SMALL_STACK
  7672. XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7673. XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7674. #endif
  7675. if (ret != 0)
  7676. goto out;
  7677. }
  7678. #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
  7679. /* Test of AES IV state with encrypt/decrypt */
  7680. #ifdef WOLFSSL_AES_128
  7681. {
  7682. /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
  7683. * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
  7684. */
  7685. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  7686. {
  7687. 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
  7688. 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
  7689. 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
  7690. 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
  7691. };
  7692. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] =
  7693. {
  7694. 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
  7695. 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
  7696. 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
  7697. 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
  7698. };
  7699. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  7700. 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
  7701. 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
  7702. };
  7703. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  7704. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  7705. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
  7706. };
  7707. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  7708. if (ret != 0)
  7709. ERROR_OUT(-5913, out);
  7710. XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
  7711. ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
  7712. #if defined(WOLFSSL_ASYNC_CRYPT)
  7713. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  7714. #endif
  7715. if (ret != 0)
  7716. ERROR_OUT(-5914, out);
  7717. if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
  7718. ERROR_OUT(-5915, out);
  7719. ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
  7720. msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  7721. #if defined(WOLFSSL_ASYNC_CRYPT)
  7722. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  7723. #endif
  7724. if (ret != 0)
  7725. ERROR_OUT(-5916, out);
  7726. if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
  7727. AES_BLOCK_SIZE))
  7728. ERROR_OUT(-5917, out);
  7729. #if defined(HAVE_AES_DECRYPT)
  7730. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
  7731. if (ret != 0)
  7732. ERROR_OUT(-5918, out);
  7733. XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
  7734. ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
  7735. #if defined(WOLFSSL_ASYNC_CRYPT)
  7736. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  7737. #endif
  7738. if (ret != 0)
  7739. ERROR_OUT(-5919, out);
  7740. if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
  7741. ERROR_OUT(-5920, out);
  7742. ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
  7743. verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  7744. #if defined(WOLFSSL_ASYNC_CRYPT)
  7745. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  7746. #endif
  7747. if (ret != 0)
  7748. ERROR_OUT(-5921, out);
  7749. if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
  7750. AES_BLOCK_SIZE))
  7751. ERROR_OUT(-5922, out);
  7752. #endif /* HAVE_AES_DECRYPT */
  7753. }
  7754. #endif /* WOLFSSL_AES_128 */
  7755. #endif /* HAVE_AES_CBC */
  7756. #ifdef WOLFSSL_AES_COUNTER
  7757. {
  7758. /* test vectors from "Recommendation for Block Cipher Modes of
  7759. * Operation" NIST Special Publication 800-38A */
  7760. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  7761. {
  7762. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  7763. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  7764. };
  7765. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  7766. {
  7767. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  7768. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  7769. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  7770. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  7771. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  7772. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  7773. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  7774. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  7775. };
  7776. #ifdef WOLFSSL_AES_128
  7777. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  7778. {
  7779. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  7780. 0xc2
  7781. };
  7782. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
  7783. {
  7784. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  7785. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  7786. };
  7787. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
  7788. {
  7789. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  7790. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  7791. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  7792. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  7793. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  7794. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  7795. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  7796. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  7797. };
  7798. #endif /* WOLFSSL_AES_128 */
  7799. #ifdef WOLFSSL_AES_192
  7800. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  7801. {
  7802. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  7803. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  7804. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  7805. };
  7806. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  7807. {
  7808. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  7809. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
  7810. 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
  7811. 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
  7812. 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
  7813. 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
  7814. 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
  7815. 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
  7816. };
  7817. #endif
  7818. #ifdef WOLFSSL_AES_256
  7819. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  7820. {
  7821. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  7822. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  7823. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  7824. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  7825. };
  7826. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  7827. {
  7828. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  7829. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
  7830. 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
  7831. 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
  7832. 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
  7833. 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
  7834. 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
  7835. 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
  7836. };
  7837. #endif
  7838. #ifdef WOLFSSL_AES_128
  7839. wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key),
  7840. ctrIv, AES_ENCRYPTION);
  7841. /* Ctr only uses encrypt, even on key setup */
  7842. wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key),
  7843. ctrIv, AES_ENCRYPTION);
  7844. ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctrPlain));
  7845. if (ret != 0) {
  7846. ERROR_OUT(-5923, out);
  7847. }
  7848. ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctrPlain));
  7849. if (ret != 0) {
  7850. ERROR_OUT(-5924, out);
  7851. }
  7852. if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
  7853. ERROR_OUT(-5925, out);
  7854. if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher)))
  7855. ERROR_OUT(-5926, out);
  7856. /* let's try with just 9 bytes, non block size test */
  7857. wc_AesSetKeyDirect(enc, ctr128Key, AES_BLOCK_SIZE,
  7858. ctrIv, AES_ENCRYPTION);
  7859. /* Ctr only uses encrypt, even on key setup */
  7860. wc_AesSetKeyDirect(dec, ctr128Key, AES_BLOCK_SIZE,
  7861. ctrIv, AES_ENCRYPTION);
  7862. ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher));
  7863. if (ret != 0) {
  7864. ERROR_OUT(-5927, out);
  7865. }
  7866. ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(oddCipher));
  7867. if (ret != 0) {
  7868. ERROR_OUT(-5928, out);
  7869. }
  7870. if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher)))
  7871. ERROR_OUT(-5929, out);
  7872. if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher)))
  7873. ERROR_OUT(-5930, out);
  7874. /* and an additional 9 bytes to reuse tmp left buffer */
  7875. ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher));
  7876. if (ret != 0) {
  7877. ERROR_OUT(-5931, out);
  7878. }
  7879. ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(oddCipher));
  7880. if (ret != 0) {
  7881. ERROR_OUT(-5932, out);
  7882. }
  7883. if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher)))
  7884. ERROR_OUT(-5933, out);
  7885. if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher)))
  7886. ERROR_OUT(-5934, out);
  7887. #endif /* WOLFSSL_AES_128 */
  7888. #ifdef WOLFSSL_AES_192
  7889. /* 192 bit key */
  7890. wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key),
  7891. ctrIv, AES_ENCRYPTION);
  7892. /* Ctr only uses encrypt, even on key setup */
  7893. wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key),
  7894. ctrIv, AES_ENCRYPTION);
  7895. XMEMSET(plain, 0, sizeof(plain));
  7896. ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher));
  7897. if (ret != 0) {
  7898. ERROR_OUT(-5935, out);
  7899. }
  7900. if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher)))
  7901. ERROR_OUT(-5936, out);
  7902. ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain));
  7903. if (ret != 0) {
  7904. ERROR_OUT(-5937, out);
  7905. }
  7906. if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher)))
  7907. ERROR_OUT(-5938, out);
  7908. #endif /* WOLFSSL_AES_192 */
  7909. #ifdef WOLFSSL_AES_256
  7910. /* 256 bit key */
  7911. wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key),
  7912. ctrIv, AES_ENCRYPTION);
  7913. /* Ctr only uses encrypt, even on key setup */
  7914. wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key),
  7915. ctrIv, AES_ENCRYPTION);
  7916. XMEMSET(plain, 0, sizeof(plain));
  7917. ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher));
  7918. if (ret != 0) {
  7919. ERROR_OUT(-5939, out);
  7920. }
  7921. if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
  7922. ERROR_OUT(-5940, out);
  7923. ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain));
  7924. if (ret != 0) {
  7925. ERROR_OUT(-5941, out);
  7926. }
  7927. if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher)))
  7928. ERROR_OUT(-5942, out);
  7929. #endif /* WOLFSSL_AES_256 */
  7930. }
  7931. #endif /* WOLFSSL_AES_COUNTER */
  7932. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  7933. {
  7934. WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
  7935. {
  7936. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  7937. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  7938. };
  7939. WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
  7940. {
  7941. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  7942. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  7943. };
  7944. WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
  7945. {
  7946. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  7947. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  7948. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  7949. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  7950. };
  7951. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  7952. ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
  7953. if (ret != 0)
  7954. ERROR_OUT(-5943, out);
  7955. #ifdef WOLFSSL_LINUXKM
  7956. if (wc_AesEncryptDirect(enc, cipher, niPlain) != 0)
  7957. ERROR_OUT(-5950, out);
  7958. #else
  7959. wc_AesEncryptDirect(enc, cipher, niPlain);
  7960. #endif
  7961. if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
  7962. ERROR_OUT(-5944, out);
  7963. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  7964. ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
  7965. if (ret != 0)
  7966. ERROR_OUT(-5945, out);
  7967. #ifdef WOLFSSL_LINUXKM
  7968. if (wc_AesDecryptDirect(dec, plain, niCipher) != 0)
  7969. ERROR_OUT(-5951, out);
  7970. #else
  7971. wc_AesDecryptDirect(dec, plain, niCipher);
  7972. #endif
  7973. if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
  7974. ERROR_OUT(-5946, out);
  7975. }
  7976. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  7977. ret = aes_key_size_test();
  7978. if (ret != 0)
  7979. goto out;
  7980. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  7981. ret = aes_cbc_test();
  7982. if (ret != 0)
  7983. goto out;
  7984. #endif
  7985. #if defined(WOLFSSL_AES_XTS)
  7986. #ifdef WOLFSSL_AES_128
  7987. ret = aes_xts_128_test();
  7988. if (ret != 0)
  7989. goto out;
  7990. #endif
  7991. #ifdef WOLFSSL_AES_256
  7992. ret = aes_xts_256_test();
  7993. if (ret != 0)
  7994. goto out;
  7995. #endif
  7996. #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
  7997. ret = aes_xts_sector_test();
  7998. if (ret != 0)
  7999. goto out;
  8000. #endif
  8001. #ifdef WOLFSSL_AES_128
  8002. ret = aes_xts_args_test();
  8003. if (ret != 0)
  8004. goto out;
  8005. #endif
  8006. #endif
  8007. #if defined(WOLFSSL_AES_CFB)
  8008. ret = aescfb_test();
  8009. if (ret != 0)
  8010. goto out;
  8011. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  8012. ret = aescfb1_test();
  8013. if (ret != 0)
  8014. goto out;
  8015. ret = aescfb8_test();
  8016. if (ret != 0)
  8017. goto out;
  8018. #endif
  8019. #endif
  8020. out:
  8021. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  8022. #ifdef WOLFSSL_SMALL_STACK
  8023. if (enc) {
  8024. if (ret != -5900) /* note this must match ERRROR_OUT() code
  8025. * for wc_AesInit(enc, ...) failure above.
  8026. */
  8027. wc_AesFree(enc);
  8028. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8029. }
  8030. #else
  8031. if (ret != -5900)
  8032. wc_AesFree(enc);
  8033. #endif
  8034. (void)cipher;
  8035. #ifdef HAVE_AES_DECRYPT
  8036. #ifdef WOLFSSL_SMALL_STACK
  8037. if (dec) {
  8038. if ((ret != -5900) && (ret != -5901))
  8039. /* note these codes must match the ERRROR_OUT() codes for
  8040. * wc_AesInit() failures above.
  8041. */
  8042. wc_AesFree(dec);
  8043. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8044. }
  8045. #else
  8046. if ((ret != -5900) && (ret != -5901))
  8047. wc_AesFree(dec);
  8048. #endif
  8049. (void)plain;
  8050. #endif /* HAVE_AES_DECRYPT */
  8051. #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
  8052. return ret;
  8053. }
  8054. #ifdef WOLFSSL_AES_192
  8055. WOLFSSL_TEST_SUBROUTINE int aes192_test(void)
  8056. {
  8057. #ifdef HAVE_AES_CBC
  8058. #ifdef WOLFSSL_SMALL_STACK
  8059. Aes *enc = NULL;
  8060. #else
  8061. Aes enc[1];
  8062. #endif
  8063. byte cipher[AES_BLOCK_SIZE];
  8064. #ifdef HAVE_AES_DECRYPT
  8065. #ifdef WOLFSSL_SMALL_STACK
  8066. Aes *dec = NULL;
  8067. #else
  8068. Aes dec[1];
  8069. #endif
  8070. byte plain[AES_BLOCK_SIZE];
  8071. #endif
  8072. #endif /* HAVE_AES_CBC */
  8073. int ret = 0;
  8074. #ifdef HAVE_AES_CBC
  8075. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
  8076. * Appendix F.2.3 */
  8077. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  8078. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  8079. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  8080. };
  8081. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  8082. {
  8083. 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
  8084. 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
  8085. };
  8086. WOLFSSL_SMALL_STACK_STATIC byte key[] = {
  8087. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  8088. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  8089. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  8090. };
  8091. WOLFSSL_SMALL_STACK_STATIC byte iv[] = {
  8092. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  8093. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
  8094. };
  8095. #ifdef WOLFSSL_SMALL_STACK
  8096. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8097. ERROR_OUT(-6008, out);
  8098. #ifdef HAVE_AES_DECRYPT
  8099. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8100. ERROR_OUT(-6009, out);
  8101. #endif
  8102. #endif
  8103. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  8104. ERROR_OUT(-6000, out);
  8105. #ifdef HAVE_AES_DECRYPT
  8106. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  8107. ERROR_OUT(-6001, out);
  8108. #endif
  8109. ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
  8110. if (ret != 0)
  8111. ERROR_OUT(-6002, out);
  8112. #ifdef HAVE_AES_DECRYPT
  8113. ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
  8114. if (ret != 0)
  8115. ERROR_OUT(-6003, out);
  8116. #endif
  8117. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  8118. ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
  8119. #if defined(WOLFSSL_ASYNC_CRYPT)
  8120. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8121. #endif
  8122. if (ret != 0)
  8123. ERROR_OUT(-6004, out);
  8124. #ifdef HAVE_AES_DECRYPT
  8125. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  8126. ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
  8127. #if defined(WOLFSSL_ASYNC_CRYPT)
  8128. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8129. #endif
  8130. if (ret != 0)
  8131. ERROR_OUT(-6005, out);
  8132. if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
  8133. ERROR_OUT(-6006, out);
  8134. }
  8135. #endif
  8136. if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
  8137. ERROR_OUT(-6007, out);
  8138. wc_AesFree(enc);
  8139. #ifdef HAVE_AES_DECRYPT
  8140. wc_AesFree(dec);
  8141. #endif
  8142. out:
  8143. #ifdef WOLFSSL_SMALL_STACK
  8144. if (enc)
  8145. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8146. #ifdef HAVE_AES_DECRYPT
  8147. if (dec)
  8148. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8149. #endif
  8150. #endif
  8151. #endif /* HAVE_AES_CBC */
  8152. return ret;
  8153. }
  8154. #endif /* WOLFSSL_AES_192 */
  8155. #ifdef WOLFSSL_AES_256
  8156. WOLFSSL_TEST_SUBROUTINE int aes256_test(void)
  8157. {
  8158. #ifdef HAVE_AES_CBC
  8159. #ifdef WOLFSSL_SMALL_STACK
  8160. Aes *enc = NULL;
  8161. #else
  8162. Aes enc[1];
  8163. #endif
  8164. byte cipher[AES_BLOCK_SIZE];
  8165. #ifdef HAVE_AES_DECRYPT
  8166. #ifdef WOLFSSL_SMALL_STACK
  8167. Aes *dec = NULL;
  8168. #else
  8169. Aes dec[1];
  8170. #endif
  8171. byte plain[AES_BLOCK_SIZE];
  8172. #endif
  8173. #endif /* HAVE_AES_CBC */
  8174. int ret = 0;
  8175. #ifdef HAVE_AES_CBC
  8176. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
  8177. * Appendix F.2.5 */
  8178. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  8179. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  8180. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  8181. };
  8182. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  8183. {
  8184. 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
  8185. 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
  8186. };
  8187. WOLFSSL_SMALL_STACK_STATIC byte key[] = {
  8188. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  8189. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  8190. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  8191. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  8192. };
  8193. WOLFSSL_SMALL_STACK_STATIC byte iv[] = {
  8194. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  8195. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
  8196. };
  8197. #ifdef WOLFSSL_SMALL_STACK
  8198. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8199. ERROR_OUT(-6108, out);
  8200. #ifdef HAVE_AES_DECRYPT
  8201. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8202. ERROR_OUT(-6109, out);
  8203. #endif
  8204. #endif
  8205. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  8206. ERROR_OUT(-6100, out);
  8207. #ifdef HAVE_AES_DECRYPT
  8208. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  8209. ERROR_OUT(-6101, out);
  8210. #endif
  8211. ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
  8212. if (ret != 0)
  8213. ERROR_OUT(-6102, out);
  8214. #ifdef HAVE_AES_DECRYPT
  8215. ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
  8216. if (ret != 0)
  8217. ERROR_OUT(-6103, out);
  8218. #endif
  8219. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  8220. ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
  8221. #if defined(WOLFSSL_ASYNC_CRYPT)
  8222. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8223. #endif
  8224. if (ret != 0)
  8225. ERROR_OUT(-6104, out);
  8226. #ifdef HAVE_AES_DECRYPT
  8227. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  8228. ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
  8229. #if defined(WOLFSSL_ASYNC_CRYPT)
  8230. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8231. #endif
  8232. if (ret != 0)
  8233. ERROR_OUT(-6105, out);
  8234. if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
  8235. ERROR_OUT(-6106, out);
  8236. }
  8237. #endif
  8238. if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
  8239. ERROR_OUT(-6107, out);
  8240. wc_AesFree(enc);
  8241. #ifdef HAVE_AES_DECRYPT
  8242. wc_AesFree(dec);
  8243. #endif
  8244. out:
  8245. #ifdef WOLFSSL_SMALL_STACK
  8246. if (enc)
  8247. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8248. #ifdef HAVE_AES_DECRYPT
  8249. if (dec)
  8250. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8251. #endif
  8252. #endif
  8253. #endif /* HAVE_AES_CBC */
  8254. return ret;
  8255. }
  8256. #endif /* WOLFSSL_AES_256 */
  8257. #ifdef HAVE_AESGCM
  8258. static int aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
  8259. byte* plain, int plainSz, byte* cipher, int cipherSz,
  8260. byte* aad, int aadSz, byte* tag, int tagSz)
  8261. {
  8262. int ret, enc_inited = 0, dec_inited = 0;
  8263. #ifdef WOLFSSL_SMALL_STACK
  8264. Aes *enc = NULL;
  8265. Aes *dec = NULL;
  8266. #else
  8267. Aes enc[1];
  8268. Aes dec[1];
  8269. #endif
  8270. byte resultT[AES_BLOCK_SIZE];
  8271. byte resultP[AES_BLOCK_SIZE * 3];
  8272. byte resultC[AES_BLOCK_SIZE * 3];
  8273. int result;
  8274. #ifdef WOLFSSL_SMALL_STACK
  8275. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8276. ERROR_OUT(-6118, out);
  8277. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8278. ERROR_OUT(-6119, out);
  8279. #endif
  8280. XMEMSET(resultT, 0, sizeof(resultT));
  8281. XMEMSET(resultC, 0, sizeof(resultC));
  8282. XMEMSET(resultP, 0, sizeof(resultP));
  8283. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  8284. ERROR_OUT(-6110, out);
  8285. else
  8286. enc_inited = 1;
  8287. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  8288. ERROR_OUT(-6111, out);
  8289. else
  8290. dec_inited = 1;
  8291. result = wc_AesGcmSetKey(enc, key, keySz);
  8292. if (result != 0)
  8293. ERROR_OUT(-6112, out);
  8294. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8295. result = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
  8296. resultT, tagSz, aad, aadSz);
  8297. #if defined(WOLFSSL_ASYNC_CRYPT)
  8298. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8299. #endif
  8300. if (result != 0)
  8301. ERROR_OUT(-6113, out);
  8302. if (cipher != NULL) {
  8303. if (XMEMCMP(cipher, resultC, cipherSz))
  8304. ERROR_OUT(-6114, out);
  8305. }
  8306. if (XMEMCMP(tag, resultT, tagSz))
  8307. ERROR_OUT(-6115, out);
  8308. #ifdef HAVE_AES_DECRYPT
  8309. result = wc_AesGcmSetKey(dec, key, keySz);
  8310. if (result != 0)
  8311. ERROR_OUT(-6116, out);
  8312. result = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
  8313. iv, ivSz, resultT, tagSz, aad, aadSz);
  8314. #if defined(WOLFSSL_ASYNC_CRYPT)
  8315. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8316. #endif
  8317. if (result != 0)
  8318. ERROR_OUT(-6117, out);
  8319. if (plain != NULL) {
  8320. if (XMEMCMP(plain, resultP, plainSz))
  8321. ERROR_OUT(-6118, out);
  8322. }
  8323. #endif /* HAVE_AES_DECRYPT */
  8324. ret = 0;
  8325. out:
  8326. if (enc_inited)
  8327. wc_AesFree(enc);
  8328. if (dec_inited)
  8329. wc_AesFree(dec);
  8330. #ifdef WOLFSSL_SMALL_STACK
  8331. if (enc)
  8332. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8333. if (dec)
  8334. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8335. #endif
  8336. return ret;
  8337. }
  8338. /* tests that only use 12 byte IV and 16 or less byte AAD
  8339. * test vectors are from NIST SP 800-38D
  8340. * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
  8341. WOLFSSL_TEST_SUBROUTINE int aesgcm_default_test(void)
  8342. {
  8343. byte key1[] = {
  8344. 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
  8345. 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
  8346. };
  8347. byte iv1[] = {
  8348. 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
  8349. 0xe4, 0xed, 0x2f, 0x6d
  8350. };
  8351. ALIGN64 byte plain1[] = {
  8352. 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
  8353. 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
  8354. 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
  8355. 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
  8356. };
  8357. byte aad1[] = {
  8358. 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
  8359. 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
  8360. };
  8361. ALIGN64 byte cipher1[] = {
  8362. 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
  8363. 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
  8364. 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
  8365. 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
  8366. };
  8367. byte tag1[] = {
  8368. 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
  8369. 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
  8370. };
  8371. byte key2[] = {
  8372. 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
  8373. 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
  8374. };
  8375. byte iv2[] = {
  8376. 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
  8377. 0xc9, 0x8a, 0xff, 0xe3
  8378. };
  8379. ALIGN64 byte plain2[] = {
  8380. 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
  8381. 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
  8382. };
  8383. ALIGN64 byte cipher2[] = {
  8384. 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
  8385. 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
  8386. };
  8387. byte tag2[] = {
  8388. 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
  8389. 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
  8390. };
  8391. byte key3[] = {
  8392. 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
  8393. 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
  8394. };
  8395. byte iv3[] = {
  8396. 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
  8397. 0x6a, 0x4b, 0xd5, 0xe1
  8398. };
  8399. byte tag3[] = {
  8400. 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
  8401. 0x11, 0x64, 0xb2, 0xff
  8402. };
  8403. int ret;
  8404. ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
  8405. plain1, sizeof(plain1), cipher1, sizeof(cipher1),
  8406. aad1, sizeof(aad1), tag1, sizeof(tag1));
  8407. if (ret != 0) {
  8408. return ret;
  8409. }
  8410. ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
  8411. plain2, sizeof(plain2), cipher2, sizeof(cipher2),
  8412. NULL, 0, tag2, sizeof(tag2));
  8413. if (ret != 0) {
  8414. return ret;
  8415. }
  8416. ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
  8417. NULL, 0, NULL, 0,
  8418. NULL, 0, tag3, sizeof(tag3));
  8419. if (ret != 0) {
  8420. return ret;
  8421. }
  8422. return 0;
  8423. }
  8424. WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void)
  8425. {
  8426. #ifdef WOLFSSL_SMALL_STACK
  8427. Aes *enc = NULL;
  8428. Aes *dec = NULL;
  8429. #else
  8430. Aes enc[1];
  8431. Aes dec[1];
  8432. #endif
  8433. /*
  8434. * This is Test Case 16 from the document Galois/
  8435. * Counter Mode of Operation (GCM) by McGrew and
  8436. * Viega.
  8437. */
  8438. WOLFSSL_SMALL_STACK_STATIC const byte p[] =
  8439. {
  8440. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  8441. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  8442. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  8443. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  8444. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  8445. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  8446. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  8447. 0xba, 0x63, 0x7b, 0x39
  8448. };
  8449. #if defined(WOLFSSL_AES_256)
  8450. WOLFSSL_SMALL_STACK_STATIC const byte a[] =
  8451. {
  8452. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  8453. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  8454. 0xab, 0xad, 0xda, 0xd2
  8455. };
  8456. #endif
  8457. #ifdef WOLFSSL_AES_256
  8458. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  8459. {
  8460. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  8461. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
  8462. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  8463. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
  8464. };
  8465. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  8466. {
  8467. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
  8468. 0xde, 0xca, 0xf8, 0x88
  8469. };
  8470. WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
  8471. {
  8472. 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
  8473. 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
  8474. 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
  8475. 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
  8476. 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
  8477. 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
  8478. 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
  8479. 0xbc, 0xc9, 0xf6, 0x62
  8480. };
  8481. #endif /* WOLFSSL_AES_256 */
  8482. WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
  8483. {
  8484. 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
  8485. 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
  8486. };
  8487. /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */
  8488. #if !defined(HAVE_FIPS) && \
  8489. !defined(WOLFSSL_PIC32MZ_CRYPT) && \
  8490. !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \
  8491. !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
  8492. !defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_AES) && \
  8493. !(defined(WOLF_CRYPTO_CB) && \
  8494. (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
  8495. #define ENABLE_NON_12BYTE_IV_TEST
  8496. #ifdef WOLFSSL_AES_192
  8497. /* Test Case 12, uses same plaintext and AAD data. */
  8498. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  8499. {
  8500. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  8501. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
  8502. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
  8503. };
  8504. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  8505. {
  8506. 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
  8507. 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
  8508. 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
  8509. 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
  8510. 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
  8511. 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
  8512. 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
  8513. 0xa6, 0x37, 0xb3, 0x9b
  8514. };
  8515. WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
  8516. {
  8517. 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
  8518. 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
  8519. 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
  8520. 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
  8521. 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
  8522. 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
  8523. 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
  8524. 0xe9, 0xb7, 0x37, 0x3b
  8525. };
  8526. WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
  8527. {
  8528. 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
  8529. 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
  8530. };
  8531. #endif /* WOLFSSL_AES_192 */
  8532. #ifdef WOLFSSL_AES_128
  8533. /* The following is an interesting test case from the example
  8534. * FIPS test vectors for AES-GCM. IVlen = 1 byte */
  8535. WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
  8536. {
  8537. 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
  8538. 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
  8539. };
  8540. WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
  8541. {
  8542. 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
  8543. 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
  8544. };
  8545. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  8546. {
  8547. 0xca
  8548. };
  8549. WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
  8550. {
  8551. 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
  8552. 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
  8553. };
  8554. WOLFSSL_SMALL_STACK_STATIC const byte a3[] =
  8555. {
  8556. 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
  8557. 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
  8558. };
  8559. WOLFSSL_SMALL_STACK_STATIC const byte t3[] =
  8560. {
  8561. 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
  8562. 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
  8563. };
  8564. #endif /* WOLFSSL_AES_128 */
  8565. #ifdef WOLFSSL_AES_256
  8566. int ivlen;
  8567. #endif
  8568. #endif
  8569. byte resultT[sizeof(t1)];
  8570. byte resultP[sizeof(p) + AES_BLOCK_SIZE];
  8571. byte resultC[sizeof(p) + AES_BLOCK_SIZE];
  8572. int result = 0;
  8573. int ret;
  8574. #ifdef WOLFSSL_AES_256
  8575. int alen;
  8576. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  8577. int plen;
  8578. #endif
  8579. #endif
  8580. #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
  8581. #if !defined(BENCH_AESGCM_LARGE)
  8582. #define BENCH_AESGCM_LARGE 1024
  8583. #endif
  8584. byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8585. byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8586. byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8587. if ((! large_input) || (! large_output) || (! large_outdec))
  8588. ERROR_OUT(MEMORY_E, out);
  8589. XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
  8590. XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
  8591. XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
  8592. #endif
  8593. #ifdef WOLFSSL_SMALL_STACK
  8594. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8595. ERROR_OUT(-6342, out);
  8596. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8597. ERROR_OUT(-6343, out);
  8598. #endif
  8599. (void)result;
  8600. XMEMSET(resultT, 0, sizeof(resultT));
  8601. XMEMSET(resultC, 0, sizeof(resultC));
  8602. XMEMSET(resultP, 0, sizeof(resultP));
  8603. if (wc_AesInit(enc, HEAP_HINT, devId) != 0) {
  8604. ERROR_OUT(-6300, out);
  8605. }
  8606. if (wc_AesInit(dec, HEAP_HINT, devId) != 0) {
  8607. ERROR_OUT(-6301, out);
  8608. }
  8609. #ifdef WOLFSSL_AES_256
  8610. result = wc_AesGcmSetKey(enc, k1, sizeof(k1));
  8611. if (result != 0)
  8612. ERROR_OUT(-6302, out);
  8613. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8614. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
  8615. resultT, sizeof(resultT), a, sizeof(a));
  8616. #if defined(WOLFSSL_ASYNC_CRYPT)
  8617. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8618. #endif
  8619. if (result != 0)
  8620. ERROR_OUT(-6303, out);
  8621. if (XMEMCMP(c1, resultC, sizeof(c1)))
  8622. ERROR_OUT(-6304, out);
  8623. if (XMEMCMP(t1, resultT, sizeof(resultT)))
  8624. ERROR_OUT(-6305, out);
  8625. #ifdef HAVE_AES_DECRYPT
  8626. result = wc_AesGcmSetKey(dec, k1, sizeof(k1));
  8627. if (result != 0)
  8628. ERROR_OUT(-6306, out);
  8629. result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
  8630. iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
  8631. #if defined(WOLFSSL_ASYNC_CRYPT)
  8632. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8633. #endif
  8634. if (result != 0)
  8635. ERROR_OUT(-6307, out);
  8636. if (XMEMCMP(p, resultP, sizeof(p)))
  8637. ERROR_OUT(-6308, out);
  8638. #endif /* HAVE_AES_DECRYPT */
  8639. /* Large buffer test */
  8640. #ifdef BENCH_AESGCM_LARGE
  8641. /* setup test buffer */
  8642. for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
  8643. large_input[alen] = (byte)alen;
  8644. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8645. result = wc_AesGcmEncrypt(enc, large_output, large_input,
  8646. BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
  8647. resultT, sizeof(resultT), a, sizeof(a));
  8648. #if defined(WOLFSSL_ASYNC_CRYPT)
  8649. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8650. #endif
  8651. if (result != 0)
  8652. ERROR_OUT(-6309, out);
  8653. #ifdef HAVE_AES_DECRYPT
  8654. result = wc_AesGcmDecrypt(dec, large_outdec, large_output,
  8655. BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
  8656. sizeof(resultT), a, sizeof(a));
  8657. #if defined(WOLFSSL_ASYNC_CRYPT)
  8658. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8659. #endif
  8660. if (result != 0)
  8661. ERROR_OUT(-6310, out);
  8662. if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
  8663. ERROR_OUT(-6311, out);
  8664. #endif /* HAVE_AES_DECRYPT */
  8665. #endif /* BENCH_AESGCM_LARGE */
  8666. #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256)
  8667. /* Variable IV length test */
  8668. for (ivlen=1; ivlen<(int)sizeof(k1); ivlen++) {
  8669. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8670. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
  8671. (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
  8672. #if defined(WOLFSSL_ASYNC_CRYPT)
  8673. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8674. #endif
  8675. if (result != 0)
  8676. ERROR_OUT(-6312, out);
  8677. #ifdef HAVE_AES_DECRYPT
  8678. result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1,
  8679. (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
  8680. #if defined(WOLFSSL_ASYNC_CRYPT)
  8681. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8682. #endif
  8683. if (result != 0)
  8684. ERROR_OUT(-6313, out);
  8685. #endif /* HAVE_AES_DECRYPT */
  8686. }
  8687. #endif
  8688. #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
  8689. /* Variable authenticated data length test */
  8690. for (alen=0; alen<(int)sizeof(p); alen++) {
  8691. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8692. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
  8693. sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
  8694. #if defined(WOLFSSL_ASYNC_CRYPT)
  8695. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8696. #endif
  8697. if (result != 0)
  8698. ERROR_OUT(-6314, out);
  8699. #ifdef HAVE_AES_DECRYPT
  8700. result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
  8701. sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
  8702. #if defined(WOLFSSL_ASYNC_CRYPT)
  8703. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8704. #endif
  8705. if (result != 0)
  8706. ERROR_OUT(-6315, out);
  8707. #endif /* HAVE_AES_DECRYPT */
  8708. }
  8709. #endif
  8710. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  8711. #ifdef BENCH_AESGCM_LARGE
  8712. /* Variable plain text length test */
  8713. for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
  8714. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8715. result = wc_AesGcmEncrypt(enc, large_output, large_input,
  8716. plen, iv1, sizeof(iv1), resultT,
  8717. sizeof(resultT), a, sizeof(a));
  8718. #if defined(WOLFSSL_ASYNC_CRYPT)
  8719. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8720. #endif
  8721. if (result != 0)
  8722. ERROR_OUT(-6316, out);
  8723. #ifdef HAVE_AES_DECRYPT
  8724. result = wc_AesGcmDecrypt(dec, large_outdec, large_output,
  8725. plen, iv1, sizeof(iv1), resultT,
  8726. sizeof(resultT), a, sizeof(a));
  8727. #if defined(WOLFSSL_ASYNC_CRYPT)
  8728. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8729. #endif
  8730. if (result != 0)
  8731. ERROR_OUT(-6317, out);
  8732. #endif /* HAVE_AES_DECRYPT */
  8733. }
  8734. #else /* BENCH_AESGCM_LARGE */
  8735. /* Variable plain text length test */
  8736. for (plen=1; plen<(int)sizeof(p); plen++) {
  8737. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8738. result = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1,
  8739. sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
  8740. #if defined(WOLFSSL_ASYNC_CRYPT)
  8741. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8742. #endif
  8743. if (result != 0)
  8744. ERROR_OUT(-6318, out);
  8745. #ifdef HAVE_AES_DECRYPT
  8746. result = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1,
  8747. sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
  8748. #if defined(WOLFSSL_ASYNC_CRYPT)
  8749. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8750. #endif
  8751. if (result != 0)
  8752. ERROR_OUT(-6319, out);
  8753. #endif /* HAVE_AES_DECRYPT */
  8754. }
  8755. #endif /* BENCH_AESGCM_LARGE */
  8756. #endif
  8757. #endif /* WOLFSSL_AES_256 */
  8758. /* test with IV != 12 bytes */
  8759. #ifdef ENABLE_NON_12BYTE_IV_TEST
  8760. XMEMSET(resultT, 0, sizeof(resultT));
  8761. XMEMSET(resultC, 0, sizeof(resultC));
  8762. XMEMSET(resultP, 0, sizeof(resultP));
  8763. #ifdef WOLFSSL_AES_192
  8764. wc_AesGcmSetKey(enc, k2, sizeof(k2));
  8765. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8766. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
  8767. resultT, sizeof(resultT), a, sizeof(a));
  8768. #if defined(WOLFSSL_ASYNC_CRYPT)
  8769. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8770. #endif
  8771. if (result != 0)
  8772. ERROR_OUT(-6320, out);
  8773. if (XMEMCMP(c2, resultC, sizeof(c2)))
  8774. ERROR_OUT(-6321, out);
  8775. if (XMEMCMP(t2, resultT, sizeof(resultT)))
  8776. ERROR_OUT(-6322, out);
  8777. #ifdef HAVE_AES_DECRYPT
  8778. result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c1),
  8779. iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a));
  8780. #if defined(WOLFSSL_ASYNC_CRYPT)
  8781. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8782. #endif
  8783. if (result != 0)
  8784. ERROR_OUT(-6323, out);
  8785. if (XMEMCMP(p, resultP, sizeof(p)))
  8786. ERROR_OUT(-6324, out);
  8787. #endif /* HAVE_AES_DECRYPT */
  8788. XMEMSET(resultT, 0, sizeof(resultT));
  8789. XMEMSET(resultC, 0, sizeof(resultC));
  8790. XMEMSET(resultP, 0, sizeof(resultP));
  8791. #endif /* WOLFSSL_AES_192 */
  8792. #ifdef WOLFSSL_AES_128
  8793. wc_AesGcmSetKey(enc, k3, sizeof(k3));
  8794. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8795. result = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
  8796. resultT, sizeof(t3), a3, sizeof(a3));
  8797. #if defined(WOLFSSL_ASYNC_CRYPT)
  8798. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8799. #endif
  8800. if (result != 0)
  8801. ERROR_OUT(-6325, out);
  8802. if (XMEMCMP(c3, resultC, sizeof(c3)))
  8803. ERROR_OUT(-6326, out);
  8804. if (XMEMCMP(t3, resultT, sizeof(t3)))
  8805. ERROR_OUT(-6327, out);
  8806. #ifdef HAVE_AES_DECRYPT
  8807. result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
  8808. iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
  8809. #if defined(WOLFSSL_ASYNC_CRYPT)
  8810. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8811. #endif
  8812. if (result != 0)
  8813. ERROR_OUT(-6328, out);
  8814. if (XMEMCMP(p3, resultP, sizeof(p3)))
  8815. ERROR_OUT(-6329, out);
  8816. #endif /* HAVE_AES_DECRYPT */
  8817. #endif /* WOLFSSL_AES_128 */
  8818. #endif /* ENABLE_NON_12BYTE_IV_TEST */
  8819. #if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
  8820. !defined(WOLFSSL_XILINX_CRYPT) && \
  8821. !(defined(WOLF_CRYPTO_CB) && \
  8822. defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))
  8823. XMEMSET(resultT, 0, sizeof(resultT));
  8824. XMEMSET(resultC, 0, sizeof(resultC));
  8825. XMEMSET(resultP, 0, sizeof(resultP));
  8826. wc_AesGcmSetKey(enc, k1, sizeof(k1));
  8827. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8828. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
  8829. resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
  8830. #if defined(WOLFSSL_ASYNC_CRYPT)
  8831. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8832. #endif
  8833. if (result != 0)
  8834. ERROR_OUT(-6330, out);
  8835. if (XMEMCMP(c1, resultC, sizeof(c1)))
  8836. ERROR_OUT(-6331, out);
  8837. if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1))
  8838. ERROR_OUT(-6332, out);
  8839. #ifdef HAVE_AES_DECRYPT
  8840. result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
  8841. iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
  8842. #if defined(WOLFSSL_ASYNC_CRYPT)
  8843. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8844. #endif
  8845. if (result != 0)
  8846. ERROR_OUT(-6333, out);
  8847. if (XMEMCMP(p, resultP, sizeof(p)))
  8848. ERROR_OUT(-6334, out);
  8849. #endif /* HAVE_AES_DECRYPT */
  8850. #endif /* WOLFSSL_AES_256 */
  8851. #if !defined(HAVE_FIPS) || \
  8852. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
  8853. /* Test encrypt with internally generated IV */
  8854. #if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \
  8855. && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC))
  8856. {
  8857. WC_RNG rng;
  8858. byte randIV[12];
  8859. result = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  8860. if (result != 0)
  8861. ERROR_OUT(-6335, out);
  8862. XMEMSET(randIV, 0, sizeof(randIV));
  8863. XMEMSET(resultT, 0, sizeof(resultT));
  8864. XMEMSET(resultC, 0, sizeof(resultC));
  8865. XMEMSET(resultP, 0, sizeof(resultP));
  8866. wc_AesGcmSetKey(enc, k1, sizeof(k1));
  8867. result = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
  8868. if (result != 0)
  8869. ERROR_OUT(-6336, out);
  8870. result = wc_AesGcmEncrypt_ex(enc,
  8871. resultC, p, sizeof(p),
  8872. randIV, sizeof(randIV),
  8873. resultT, sizeof(resultT),
  8874. a, sizeof(a));
  8875. #if defined(WOLFSSL_ASYNC_CRYPT)
  8876. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8877. #endif
  8878. if (result != 0)
  8879. ERROR_OUT(-6337, out);
  8880. /* Check the IV has been set. */
  8881. {
  8882. word32 i, ivSum = 0;
  8883. for (i = 0; i < sizeof(randIV); i++)
  8884. ivSum += randIV[i];
  8885. if (ivSum == 0)
  8886. ERROR_OUT(-6338, out);
  8887. }
  8888. #ifdef HAVE_AES_DECRYPT
  8889. wc_AesGcmSetKey(dec, k1, sizeof(k1));
  8890. result = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
  8891. if (result != 0)
  8892. ERROR_OUT(-6339, out);
  8893. result = wc_AesGcmDecrypt(dec,
  8894. resultP, resultC, sizeof(c1),
  8895. randIV, sizeof(randIV),
  8896. resultT, sizeof(resultT),
  8897. a, sizeof(a));
  8898. #if defined(WOLFSSL_ASYNC_CRYPT)
  8899. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8900. #endif
  8901. if (result != 0)
  8902. ERROR_OUT(-6340, out);
  8903. if (XMEMCMP(p, resultP, sizeof(p)))
  8904. ERROR_OUT(-6341, out);
  8905. #endif /* HAVE_AES_DECRYPT */
  8906. wc_FreeRng(&rng);
  8907. }
  8908. #endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
  8909. #endif /* HAVE_FIPS_VERSION >= 2 */
  8910. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  8911. #ifdef WOLFSSL_AES_256
  8912. #ifdef WOLFSSL_AESGCM_STREAM
  8913. result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  8914. if (result != 0)
  8915. ERROR_OUT(-6360, out);
  8916. result = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
  8917. if (result != 0)
  8918. ERROR_OUT(-6361, out);
  8919. result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
  8920. if (result != 0)
  8921. ERROR_OUT(-6362, out);
  8922. if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
  8923. ERROR_OUT(-6363, out);
  8924. if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
  8925. ERROR_OUT(-6364, out);
  8926. #ifdef HAVE_AES_DECRYPT
  8927. result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  8928. if (result != 0)
  8929. ERROR_OUT(-6370, out);
  8930. result = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
  8931. if (result != 0)
  8932. ERROR_OUT(-6371, out);
  8933. result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
  8934. if (result != 0)
  8935. ERROR_OUT(-6372, out);
  8936. if (XMEMCMP(resultP, p, sizeof(p)) != 0)
  8937. ERROR_OUT(-6373, out);
  8938. #endif
  8939. /* alen is the size to pass in with each update. */
  8940. for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
  8941. result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  8942. if (result != 0)
  8943. ERROR_OUT(-6380, out);
  8944. /* plen is the offset into AAD to update with. */
  8945. for (plen = 0; plen < (int)sizeof(a); plen += alen) {
  8946. int len = sizeof(a) - plen;
  8947. if (len > alen) len = alen;
  8948. result = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
  8949. if (result != 0)
  8950. ERROR_OUT(-6381, out);
  8951. }
  8952. /* plen is the offset into plaintext to update with. */
  8953. for (plen = 0; plen < (int)sizeof(p); plen += alen) {
  8954. int len = sizeof(p) - plen;
  8955. if (len > alen) len = alen;
  8956. result = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
  8957. NULL, 0);
  8958. if (result != 0)
  8959. ERROR_OUT(-6382, out);
  8960. }
  8961. result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
  8962. if (result != 0)
  8963. ERROR_OUT(-6383, out);
  8964. if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
  8965. ERROR_OUT(-6384, out);
  8966. if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
  8967. ERROR_OUT(-6385, out);
  8968. }
  8969. #ifdef HAVE_AES_DECRYPT
  8970. for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
  8971. result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  8972. if (result != 0)
  8973. ERROR_OUT(-6390, out);
  8974. /* plen is the offset into AAD to update with. */
  8975. for (plen = 0; plen < (int)sizeof(a); plen += alen) {
  8976. int len = sizeof(a) - plen;
  8977. if (len > alen) len = alen;
  8978. result = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
  8979. if (result != 0)
  8980. ERROR_OUT(-6391, out);
  8981. }
  8982. /* plen is the offset into cipher text to update with. */
  8983. for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
  8984. int len = sizeof(c1) - plen;
  8985. if (len > alen) len = alen;
  8986. result = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
  8987. NULL, 0);
  8988. if (result != 0)
  8989. ERROR_OUT(-6392, out);
  8990. }
  8991. result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
  8992. if (result != 0)
  8993. ERROR_OUT(-6393, out);
  8994. if (XMEMCMP(resultP, p, sizeof(p)) != 0)
  8995. ERROR_OUT(-6394, out);
  8996. }
  8997. #endif /* HAVE_AES_DECRYPT */
  8998. #endif /* WOLFSSL_AESGCM_STREAM */
  8999. #endif /* WOLFSSL_AES_256 */
  9000. #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
  9001. wc_AesFree(enc);
  9002. wc_AesFree(dec);
  9003. ret = 0;
  9004. out:
  9005. #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
  9006. if (large_input)
  9007. XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9008. if (large_output)
  9009. XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9010. if (large_outdec)
  9011. XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9012. #endif
  9013. #ifdef WOLFSSL_SMALL_STACK
  9014. if (enc)
  9015. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  9016. if (dec)
  9017. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  9018. #endif
  9019. return ret;
  9020. }
  9021. #ifdef WOLFSSL_AES_128
  9022. WOLFSSL_TEST_SUBROUTINE int gmac_test(void)
  9023. {
  9024. int ret;
  9025. #ifdef WOLFSSL_SMALL_STACK
  9026. Gmac *gmac;
  9027. #else
  9028. Gmac gmac[1];
  9029. #endif
  9030. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  9031. {
  9032. 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
  9033. 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
  9034. };
  9035. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  9036. {
  9037. 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
  9038. 0xe2, 0x8c, 0x8f, 0x16
  9039. };
  9040. WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
  9041. {
  9042. 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
  9043. 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
  9044. };
  9045. WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
  9046. {
  9047. 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
  9048. 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
  9049. };
  9050. #if (!defined(HAVE_FIPS) || \
  9051. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
  9052. /* FIPS builds only allow 16-byte auth tags. */
  9053. /* This sample uses a 15-byte auth tag. */
  9054. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  9055. {
  9056. 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
  9057. 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
  9058. };
  9059. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  9060. {
  9061. 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
  9062. 0x1a, 0x60, 0x24, 0xa7
  9063. };
  9064. WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
  9065. {
  9066. 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
  9067. 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
  9068. };
  9069. WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
  9070. {
  9071. 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
  9072. 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
  9073. };
  9074. #endif
  9075. byte tag[16];
  9076. #ifdef WOLFSSL_SMALL_STACK
  9077. if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  9078. return -6409;
  9079. #endif
  9080. XMEMSET(gmac, 0, sizeof *gmac); /* clear context */
  9081. (void)wc_AesInit((Aes*)gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
  9082. XMEMSET(tag, 0, sizeof(tag));
  9083. wc_GmacSetKey(gmac, k1, sizeof(k1));
  9084. wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
  9085. if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
  9086. ERROR_OUT(-6400, out);
  9087. #if (!defined(HAVE_FIPS) || \
  9088. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) )
  9089. XMEMSET(tag, 0, sizeof(tag));
  9090. wc_GmacSetKey(gmac, k2, sizeof(k2));
  9091. wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
  9092. if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
  9093. ERROR_OUT(-6401, out);
  9094. #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
  9095. {
  9096. WOLFSSL_SMALL_STACK_STATIC const byte badT[] =
  9097. {
  9098. 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
  9099. 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
  9100. };
  9101. WC_RNG rng;
  9102. byte iv[12];
  9103. #ifndef HAVE_FIPS
  9104. if (wc_InitRng_ex(&rng, HEAP_HINT, devId) != 0)
  9105. ERROR_OUT(-6402, out);
  9106. #else
  9107. if (wc_InitRng(&rng) != 0)
  9108. ERROR_OUT(-6403, out);
  9109. #endif
  9110. if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
  9111. t1, sizeof(t1)) != 0)
  9112. ERROR_OUT(-6404, out);
  9113. if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
  9114. badT, sizeof(badT)) != AES_GCM_AUTH_E)
  9115. ERROR_OUT(-6405, out);
  9116. if (wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
  9117. t2, sizeof(t2)) != 0)
  9118. ERROR_OUT(-6406, out);
  9119. XMEMSET(tag, 0, sizeof(tag));
  9120. XMEMSET(iv, 0, sizeof(iv));
  9121. if (wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
  9122. tag, sizeof(tag), &rng) != 0)
  9123. ERROR_OUT(-6407, out);
  9124. if (wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
  9125. tag, sizeof(tag)) != 0)
  9126. ERROR_OUT(-6408, out);
  9127. wc_FreeRng(&rng);
  9128. }
  9129. #endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */
  9130. #endif /* HAVE_FIPS */
  9131. ret = 0;
  9132. out:
  9133. #ifdef WOLFSSL_SMALL_STACK
  9134. XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES);
  9135. #endif
  9136. return ret;
  9137. }
  9138. #endif /* WOLFSSL_AES_128 */
  9139. #endif /* HAVE_AESGCM */
  9140. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  9141. WOLFSSL_TEST_SUBROUTINE int aesccm_test(void)
  9142. {
  9143. int ret;
  9144. #ifdef WOLFSSL_SMALL_STACK
  9145. Aes *enc;
  9146. #else
  9147. Aes enc[1];
  9148. #endif
  9149. /* key */
  9150. WOLFSSL_SMALL_STACK_STATIC const byte k[] =
  9151. {
  9152. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  9153. 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
  9154. };
  9155. /* nonce */
  9156. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  9157. {
  9158. 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
  9159. 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
  9160. };
  9161. /* plaintext */
  9162. WOLFSSL_SMALL_STACK_STATIC const byte p[] =
  9163. {
  9164. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  9165. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9166. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
  9167. };
  9168. /* plaintext - long */
  9169. WOLFSSL_SMALL_STACK_STATIC const byte pl[] =
  9170. {
  9171. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  9172. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9173. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  9174. 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  9175. 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  9176. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  9177. 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
  9178. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  9179. 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
  9180. 0x50
  9181. };
  9182. WOLFSSL_SMALL_STACK_STATIC const byte a[] =
  9183. {
  9184. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  9185. };
  9186. /* ciphertext */
  9187. WOLFSSL_SMALL_STACK_STATIC const byte c[] =
  9188. {
  9189. 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
  9190. 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
  9191. 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
  9192. };
  9193. /* tag - authentication */
  9194. WOLFSSL_SMALL_STACK_STATIC const byte t[] =
  9195. {
  9196. 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
  9197. };
  9198. /* ciphertext - long */
  9199. WOLFSSL_SMALL_STACK_STATIC const byte cl[] =
  9200. {
  9201. 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
  9202. 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
  9203. 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
  9204. 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
  9205. 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
  9206. 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
  9207. 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
  9208. 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
  9209. 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
  9210. 0x0b
  9211. };
  9212. /* tag - authentication - long */
  9213. WOLFSSL_SMALL_STACK_STATIC const byte tl[] =
  9214. {
  9215. 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
  9216. };
  9217. /* tag - authentication - empty plaintext */
  9218. WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] =
  9219. {
  9220. 0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5
  9221. };
  9222. byte t2[sizeof(t)];
  9223. byte p2[sizeof(p)];
  9224. byte c2[sizeof(c)];
  9225. byte iv2[sizeof(iv)];
  9226. byte pl2[sizeof(pl)];
  9227. byte cl2[sizeof(cl)];
  9228. byte tl2[sizeof(tl)];
  9229. byte t_empty2[sizeof(t_empty)];
  9230. int result;
  9231. #ifdef WOLFSSL_SMALL_STACK
  9232. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  9233. return -6521;
  9234. #endif
  9235. XMEMSET(enc, 0, sizeof *enc); /* clear context */
  9236. XMEMSET(t2, 0, sizeof(t2));
  9237. XMEMSET(c2, 0, sizeof(c2));
  9238. XMEMSET(p2, 0, sizeof(p2));
  9239. result = wc_AesCcmSetKey(enc, k, sizeof(k));
  9240. if (result != 0)
  9241. ERROR_OUT(-6500, out);
  9242. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  9243. result = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
  9244. t2, sizeof(t2), a, sizeof(a));
  9245. if (result != 0)
  9246. ERROR_OUT(-6501, out);
  9247. if (XMEMCMP(c, c2, sizeof(c2)))
  9248. ERROR_OUT(-6502, out);
  9249. if (XMEMCMP(t, t2, sizeof(t2)))
  9250. ERROR_OUT(-6503, out);
  9251. result = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
  9252. t2, sizeof(t2), a, sizeof(a));
  9253. if (result != 0)
  9254. ERROR_OUT(-6504, out);
  9255. if (XMEMCMP(p, p2, sizeof(p2)))
  9256. ERROR_OUT(-6505, out);
  9257. /* Test the authentication failure */
  9258. t2[0]++; /* Corrupt the authentication tag. */
  9259. result = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv),
  9260. t2, sizeof(t2), a, sizeof(a));
  9261. if (result == 0)
  9262. ERROR_OUT(-6506, out);
  9263. /* Clear c2 to compare against p2. p2 should be set to zero in case of
  9264. * authentication fail. */
  9265. XMEMSET(c2, 0, sizeof(c2));
  9266. if (XMEMCMP(p2, c2, sizeof(p2)))
  9267. ERROR_OUT(-6507, out);
  9268. XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
  9269. XMEMSET(t2, 0, sizeof(t2));
  9270. XMEMSET(c2, 0, sizeof(c2));
  9271. XMEMSET(p2, 0, sizeof(p2));
  9272. XMEMSET(iv2, 0, sizeof(iv2));
  9273. #ifndef HAVE_SELFTEST
  9274. /* selftest build does not have wc_AesCcmSetNonce() or
  9275. * wc_AesCcmEncrypt_ex() */
  9276. if (wc_AesCcmSetKey(enc, k, sizeof(k)) != 0)
  9277. ERROR_OUT(-6508, out);
  9278. if (wc_AesCcmSetNonce(enc, iv, sizeof(iv)) != 0)
  9279. ERROR_OUT(-6509, out);
  9280. if (wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
  9281. t2, sizeof(t2), a, sizeof(a)) != 0)
  9282. ERROR_OUT(-6510, out);
  9283. if (XMEMCMP(iv, iv2, sizeof(iv2)))
  9284. ERROR_OUT(-6511, out);
  9285. if (XMEMCMP(c, c2, sizeof(c2)))
  9286. ERROR_OUT(-6512, out);
  9287. if (XMEMCMP(t, t2, sizeof(t2)))
  9288. ERROR_OUT(-6513, out);
  9289. #endif
  9290. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  9291. /* test fail on invalid IV sizes */
  9292. result = wc_AesCcmSetKey(enc, k, sizeof(k));
  9293. if (result != 0)
  9294. ERROR_OUT(-6514, out);
  9295. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  9296. result = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
  9297. t2, 1, a, sizeof(a));
  9298. if (result == 0) {
  9299. ERROR_OUT(-6515, out);
  9300. }
  9301. #endif
  9302. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  9303. result = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
  9304. tl2, sizeof(tl2), a, sizeof(a));
  9305. if (result != 0)
  9306. ERROR_OUT(-6516, out);
  9307. if (XMEMCMP(cl, cl2, sizeof(cl2)))
  9308. ERROR_OUT(-6517, out);
  9309. if (XMEMCMP(tl, tl2, sizeof(tl2)))
  9310. ERROR_OUT(-6518, out);
  9311. result = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
  9312. tl2, sizeof(tl2), a, sizeof(a));
  9313. if (result != 0)
  9314. ERROR_OUT(-6519, out);
  9315. if (XMEMCMP(pl, pl2, sizeof(pl2)))
  9316. ERROR_OUT(-6520, out);
  9317. /* test empty message as null input or output with nonzero inSz. */
  9318. result = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
  9319. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  9320. a, sizeof(a));
  9321. if (result != BAD_FUNC_ARG)
  9322. ERROR_OUT(-6527, out);
  9323. result = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
  9324. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  9325. a, sizeof(a));
  9326. if (result != BAD_FUNC_ARG)
  9327. ERROR_OUT(-6528, out);
  9328. result = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
  9329. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  9330. sizeof(a));
  9331. if (result != BAD_FUNC_ARG)
  9332. ERROR_OUT(-6529, out);
  9333. result = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
  9334. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  9335. sizeof(a));
  9336. if (result != BAD_FUNC_ARG)
  9337. ERROR_OUT(-6530, out);
  9338. /* test empty message as null input and output with zero inSz --
  9339. * must either succeed, or fail early with BAD_FUNC_ARG.
  9340. */
  9341. result = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
  9342. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  9343. a, sizeof(a));
  9344. if (result != BAD_FUNC_ARG) {
  9345. if (result != 0)
  9346. ERROR_OUT(-6521, out);
  9347. if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
  9348. ERROR_OUT(-6522, out);
  9349. result = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
  9350. 0 /* inSz */, iv, sizeof(iv), t_empty2,
  9351. sizeof(t_empty2), a, sizeof(a));
  9352. if (result != 0)
  9353. ERROR_OUT(-6523, out);
  9354. }
  9355. /* test empty message as zero-length string -- must work. */
  9356. result = wc_AesCcmEncrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv,
  9357. sizeof(iv), t_empty2, sizeof(t_empty2), a,
  9358. sizeof(a));
  9359. if (result != 0)
  9360. ERROR_OUT(-6524, out);
  9361. if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
  9362. ERROR_OUT(-6525, out);
  9363. result = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
  9364. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  9365. sizeof(a));
  9366. if (result != 0)
  9367. ERROR_OUT(-6526, out);
  9368. ret = 0;
  9369. out:
  9370. #ifdef WOLFSSL_SMALL_STACK
  9371. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  9372. #endif
  9373. return ret;
  9374. }
  9375. #endif /* HAVE_AESCCM WOLFSSL_AES_128 */
  9376. #ifdef HAVE_AES_KEYWRAP
  9377. #define MAX_KEYWRAP_TEST_OUTLEN 40
  9378. #define MAX_KEYWRAP_TEST_PLAINLEN 32
  9379. typedef struct keywrapVector {
  9380. const byte* kek;
  9381. const byte* data;
  9382. const byte* verify;
  9383. word32 kekLen;
  9384. word32 dataLen;
  9385. word32 verifyLen;
  9386. } keywrapVector;
  9387. WOLFSSL_TEST_SUBROUTINE int aeskeywrap_test(void)
  9388. {
  9389. int wrapSz, plainSz, testSz, i;
  9390. /* test vectors from RFC 3394 (kek, data, verify) */
  9391. #ifdef WOLFSSL_AES_128
  9392. /* Wrap 128 bits of Key Data with a 128-bit KEK */
  9393. WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
  9394. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9395. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  9396. };
  9397. WOLFSSL_SMALL_STACK_STATIC const byte d1[] = {
  9398. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9399. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  9400. };
  9401. WOLFSSL_SMALL_STACK_STATIC const byte v1[] = {
  9402. 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
  9403. 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
  9404. 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
  9405. };
  9406. #endif /* WOLFSSL_AES_128 */
  9407. #ifdef WOLFSSL_AES_192
  9408. /* Wrap 128 bits of Key Data with a 192-bit KEK */
  9409. WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
  9410. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9411. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9412. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
  9413. };
  9414. WOLFSSL_SMALL_STACK_STATIC const byte d2[] = {
  9415. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9416. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  9417. };
  9418. WOLFSSL_SMALL_STACK_STATIC const byte v2[] = {
  9419. 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
  9420. 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
  9421. 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
  9422. };
  9423. #endif
  9424. #ifdef WOLFSSL_AES_256
  9425. /* Wrap 128 bits of Key Data with a 256-bit KEK */
  9426. WOLFSSL_SMALL_STACK_STATIC const byte k3[] = {
  9427. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9428. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9429. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9430. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  9431. };
  9432. WOLFSSL_SMALL_STACK_STATIC const byte d3[] = {
  9433. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9434. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  9435. };
  9436. WOLFSSL_SMALL_STACK_STATIC const byte v3[] = {
  9437. 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
  9438. 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
  9439. 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
  9440. };
  9441. #endif
  9442. #ifdef WOLFSSL_AES_192
  9443. /* Wrap 192 bits of Key Data with a 192-bit KEK */
  9444. WOLFSSL_SMALL_STACK_STATIC const byte k4[] = {
  9445. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9446. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9447. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
  9448. };
  9449. WOLFSSL_SMALL_STACK_STATIC const byte d4[] = {
  9450. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9451. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  9452. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  9453. };
  9454. WOLFSSL_SMALL_STACK_STATIC const byte v4[] = {
  9455. 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
  9456. 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
  9457. 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
  9458. 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
  9459. };
  9460. #endif
  9461. #ifdef WOLFSSL_AES_256
  9462. /* Wrap 192 bits of Key Data with a 256-bit KEK */
  9463. WOLFSSL_SMALL_STACK_STATIC const byte k5[] = {
  9464. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9465. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9466. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9467. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  9468. };
  9469. WOLFSSL_SMALL_STACK_STATIC const byte d5[] = {
  9470. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9471. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  9472. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  9473. };
  9474. WOLFSSL_SMALL_STACK_STATIC const byte v5[] = {
  9475. 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
  9476. 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
  9477. 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
  9478. 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
  9479. };
  9480. /* Wrap 256 bits of Key Data with a 256-bit KEK */
  9481. WOLFSSL_SMALL_STACK_STATIC const byte k6[] = {
  9482. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9483. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9484. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9485. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  9486. };
  9487. WOLFSSL_SMALL_STACK_STATIC const byte d6[] = {
  9488. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9489. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  9490. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9491. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  9492. };
  9493. WOLFSSL_SMALL_STACK_STATIC const byte v6[] = {
  9494. 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
  9495. 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
  9496. 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
  9497. 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
  9498. 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
  9499. };
  9500. #endif /* WOLFSSL_AES_256 */
  9501. byte output[MAX_KEYWRAP_TEST_OUTLEN];
  9502. byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
  9503. const keywrapVector test_wrap[] =
  9504. {
  9505. #ifdef WOLFSSL_AES_128
  9506. {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
  9507. #endif
  9508. #ifdef WOLFSSL_AES_192
  9509. {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
  9510. #endif
  9511. #ifdef WOLFSSL_AES_256
  9512. {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
  9513. #endif
  9514. #ifdef WOLFSSL_AES_192
  9515. {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
  9516. #endif
  9517. #ifdef WOLFSSL_AES_256
  9518. {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
  9519. {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
  9520. #endif
  9521. };
  9522. testSz = sizeof(test_wrap) / sizeof(keywrapVector);
  9523. XMEMSET(output, 0, sizeof(output));
  9524. XMEMSET(plain, 0, sizeof(plain));
  9525. for (i = 0; i < testSz; i++) {
  9526. wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
  9527. test_wrap[i].data, test_wrap[i].dataLen,
  9528. output, sizeof(output), NULL);
  9529. if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
  9530. return -6600;
  9531. if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
  9532. return -6601;
  9533. plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
  9534. output, wrapSz,
  9535. plain, sizeof(plain), NULL);
  9536. if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
  9537. return -6602;
  9538. if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
  9539. return -6603 - i;
  9540. }
  9541. return 0;
  9542. }
  9543. #endif /* HAVE_AES_KEYWRAP */
  9544. #endif /* NO_AES */
  9545. #ifdef HAVE_CAMELLIA
  9546. enum {
  9547. CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
  9548. };
  9549. typedef struct {
  9550. int type;
  9551. const byte* plaintext;
  9552. const byte* iv;
  9553. const byte* ciphertext;
  9554. const byte* key;
  9555. word32 keySz;
  9556. int errorCode;
  9557. } test_vector_t;
  9558. WOLFSSL_TEST_SUBROUTINE int camellia_test(void)
  9559. {
  9560. /* Camellia ECB Test Plaintext */
  9561. WOLFSSL_SMALL_STACK_STATIC const byte pte[] =
  9562. {
  9563. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  9564. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  9565. };
  9566. /* Camellia ECB Test Initialization Vector */
  9567. WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
  9568. /* Test 1: Camellia ECB 128-bit key */
  9569. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  9570. {
  9571. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  9572. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  9573. };
  9574. WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
  9575. {
  9576. 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
  9577. 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
  9578. };
  9579. /* Test 2: Camellia ECB 192-bit key */
  9580. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  9581. {
  9582. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  9583. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  9584. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  9585. };
  9586. WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
  9587. {
  9588. 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
  9589. 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
  9590. };
  9591. /* Test 3: Camellia ECB 256-bit key */
  9592. WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
  9593. {
  9594. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  9595. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  9596. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9597. 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
  9598. };
  9599. WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
  9600. {
  9601. 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
  9602. 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
  9603. };
  9604. /* Camellia CBC Test Plaintext */
  9605. WOLFSSL_SMALL_STACK_STATIC const byte ptc[] =
  9606. {
  9607. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
  9608. 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
  9609. };
  9610. /* Camellia CBC Test Initialization Vector */
  9611. WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
  9612. {
  9613. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9614. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  9615. };
  9616. /* Test 4: Camellia-CBC 128-bit key */
  9617. WOLFSSL_SMALL_STACK_STATIC const byte k4[] =
  9618. {
  9619. 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
  9620. 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
  9621. };
  9622. WOLFSSL_SMALL_STACK_STATIC const byte c4[] =
  9623. {
  9624. 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
  9625. 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
  9626. };
  9627. /* Test 5: Camellia-CBC 192-bit key */
  9628. WOLFSSL_SMALL_STACK_STATIC const byte k5[] =
  9629. {
  9630. 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
  9631. 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
  9632. 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
  9633. };
  9634. WOLFSSL_SMALL_STACK_STATIC const byte c5[] =
  9635. {
  9636. 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
  9637. 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
  9638. };
  9639. /* Test 6: CBC 256-bit key */
  9640. WOLFSSL_SMALL_STACK_STATIC const byte k6[] =
  9641. {
  9642. 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
  9643. 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
  9644. 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
  9645. 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
  9646. };
  9647. WOLFSSL_SMALL_STACK_STATIC const byte c6[] =
  9648. {
  9649. 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
  9650. 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
  9651. };
  9652. byte out[CAMELLIA_BLOCK_SIZE];
  9653. Camellia cam;
  9654. int i, testsSz, ret;
  9655. WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
  9656. {
  9657. {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
  9658. {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
  9659. {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
  9660. {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
  9661. {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
  9662. {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
  9663. {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
  9664. {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
  9665. {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
  9666. {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
  9667. {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
  9668. {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
  9669. };
  9670. testsSz = sizeof(testVectors)/sizeof(test_vector_t);
  9671. for (i = 0; i < testsSz; i++) {
  9672. if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
  9673. testVectors[i].iv) != 0)
  9674. return testVectors[i].errorCode;
  9675. switch (testVectors[i].type) {
  9676. case CAM_ECB_ENC:
  9677. ret = wc_CamelliaEncryptDirect(&cam, out,
  9678. testVectors[i].plaintext);
  9679. if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
  9680. CAMELLIA_BLOCK_SIZE))
  9681. return testVectors[i].errorCode;
  9682. break;
  9683. case CAM_ECB_DEC:
  9684. ret = wc_CamelliaDecryptDirect(&cam, out,
  9685. testVectors[i].ciphertext);
  9686. if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
  9687. CAMELLIA_BLOCK_SIZE))
  9688. return testVectors[i].errorCode;
  9689. break;
  9690. case CAM_CBC_ENC:
  9691. ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
  9692. CAMELLIA_BLOCK_SIZE);
  9693. if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
  9694. CAMELLIA_BLOCK_SIZE))
  9695. return testVectors[i].errorCode;
  9696. break;
  9697. case CAM_CBC_DEC:
  9698. ret = wc_CamelliaCbcDecrypt(&cam, out,
  9699. testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
  9700. if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
  9701. CAMELLIA_BLOCK_SIZE))
  9702. return testVectors[i].errorCode;
  9703. break;
  9704. default:
  9705. break;
  9706. }
  9707. }
  9708. /* Setting the IV and checking it was actually set. */
  9709. ret = wc_CamelliaSetIV(&cam, ivc);
  9710. if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE))
  9711. return -6700;
  9712. /* Setting the IV to NULL should be same as all zeros IV */
  9713. if (wc_CamelliaSetIV(&cam, NULL) != 0 ||
  9714. XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE))
  9715. return -6701;
  9716. /* First parameter should never be null */
  9717. if (wc_CamelliaSetIV(NULL, NULL) == 0)
  9718. return -6702;
  9719. /* First parameter should never be null, check it fails */
  9720. if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
  9721. return -6703;
  9722. /* Key should have a size of 16, 24, or 32 */
  9723. if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
  9724. return -6704;
  9725. return 0;
  9726. }
  9727. #endif /* HAVE_CAMELLIA */
  9728. #ifdef HAVE_IDEA
  9729. WOLFSSL_TEST_SUBROUTINE int idea_test(void)
  9730. {
  9731. int ret;
  9732. word16 i, j;
  9733. Idea idea;
  9734. byte data[IDEA_BLOCK_SIZE];
  9735. /* Project NESSIE test vectors */
  9736. #define IDEA_NB_TESTS 6
  9737. #define IDEA_NB_TESTS_EXTRA 4
  9738. WOLFSSL_SMALL_STACK_STATIC const byte v_key[IDEA_NB_TESTS][IDEA_KEY_SIZE] = {
  9739. { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
  9740. 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 },
  9741. { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57,
  9742. 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 },
  9743. { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9744. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
  9745. { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
  9746. 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
  9747. { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9748. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
  9749. { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
  9750. 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
  9751. };
  9752. WOLFSSL_SMALL_STACK_STATIC const byte v1_plain[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = {
  9753. { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 },
  9754. { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 },
  9755. { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
  9756. { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 },
  9757. { 0xDB, 0x2D, 0x4A, 0x92, 0xAA, 0x68, 0x27, 0x3F },
  9758. { 0xF1, 0x29, 0xA6, 0x60, 0x1E, 0xF6, 0x2A, 0x47 },
  9759. };
  9760. WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = {
  9761. { 0x54, 0xCF, 0x21, 0xE3, 0x89, 0xD8, 0x73, 0xEC },
  9762. { 0x85, 0x52, 0x4D, 0x41, 0x0E, 0xB4, 0x28, 0xAE },
  9763. { 0xF5, 0x26, 0xAB, 0x9A, 0x62, 0xC0, 0xD2, 0x58 },
  9764. { 0xC8, 0xFB, 0x51, 0xD3, 0x51, 0x66, 0x27, 0xA8 },
  9765. { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
  9766. { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 },
  9767. };
  9768. WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher_100[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = {
  9769. { 0x12, 0x46, 0x2F, 0xD0, 0xFB, 0x3A, 0x63, 0x39 },
  9770. { 0x15, 0x61, 0xE8, 0xC9, 0x04, 0x54, 0x8B, 0xE9 },
  9771. { 0x42, 0x12, 0x2A, 0x94, 0xB0, 0xF6, 0xD2, 0x43 },
  9772. { 0x53, 0x4D, 0xCD, 0x48, 0xDD, 0xD5, 0xF5, 0x9C },
  9773. };
  9774. WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher_1000[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = {
  9775. { 0x44, 0x1B, 0x38, 0x5C, 0x77, 0x29, 0x75, 0x34 },
  9776. { 0xF0, 0x4E, 0x58, 0x88, 0x44, 0x99, 0x22, 0x2D },
  9777. { 0xB3, 0x5F, 0x93, 0x7F, 0x6A, 0xA0, 0xCD, 0x1F },
  9778. { 0x9A, 0xEA, 0x46, 0x8F, 0x42, 0x9B, 0xBA, 0x15 },
  9779. };
  9780. /* CBC test */
  9781. const char *message = "International Data Encryption Algorithm";
  9782. byte msg_enc[40], msg_dec[40];
  9783. for (i = 0; i < IDEA_NB_TESTS; i++) {
  9784. /* Set encryption key */
  9785. XMEMSET(&idea, 0, sizeof(Idea));
  9786. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9787. NULL, IDEA_ENCRYPTION);
  9788. if (ret != 0) {
  9789. printf("wc_IdeaSetKey (enc) failed\n");
  9790. return -6800;
  9791. }
  9792. /* Data encryption */
  9793. ret = wc_IdeaCipher(&idea, data, v1_plain[i]);
  9794. if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) {
  9795. printf("Bad encryption\n");
  9796. return -6801;
  9797. }
  9798. /* Set decryption key */
  9799. XMEMSET(&idea, 0, sizeof(Idea));
  9800. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9801. NULL, IDEA_DECRYPTION);
  9802. if (ret != 0) {
  9803. printf("wc_IdeaSetKey (dec) failed\n");
  9804. return -6802;
  9805. }
  9806. /* Data decryption */
  9807. ret = wc_IdeaCipher(&idea, data, data);
  9808. if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) {
  9809. printf("Bad decryption\n");
  9810. return -6803;
  9811. }
  9812. /* Set encryption key */
  9813. XMEMSET(&idea, 0, sizeof(Idea));
  9814. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9815. v_key[i], IDEA_ENCRYPTION);
  9816. if (ret != 0) {
  9817. printf("wc_IdeaSetKey (enc) failed\n");
  9818. return -6804;
  9819. }
  9820. XMEMSET(msg_enc, 0, sizeof(msg_enc));
  9821. ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message,
  9822. (word32)XSTRLEN(message)+1);
  9823. if (ret != 0) {
  9824. printf("wc_IdeaCbcEncrypt failed\n");
  9825. return -6805;
  9826. }
  9827. /* Set decryption key */
  9828. XMEMSET(&idea, 0, sizeof(Idea));
  9829. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9830. v_key[i], IDEA_DECRYPTION);
  9831. if (ret != 0) {
  9832. printf("wc_IdeaSetKey (dec) failed\n");
  9833. return -6806;
  9834. }
  9835. XMEMSET(msg_dec, 0, sizeof(msg_dec));
  9836. ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc,
  9837. (word32)XSTRLEN(message)+1);
  9838. if (ret != 0) {
  9839. printf("wc_IdeaCbcDecrypt failed\n");
  9840. return -6807;
  9841. }
  9842. if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) {
  9843. printf("Bad CBC decryption\n");
  9844. return -6808;
  9845. }
  9846. }
  9847. for (i = 0; i < IDEA_NB_TESTS_EXTRA; i++) {
  9848. /* Set encryption key */
  9849. XMEMSET(&idea, 0, sizeof(Idea));
  9850. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9851. NULL, IDEA_ENCRYPTION);
  9852. if (ret != 0) {
  9853. printf("wc_IdeaSetKey (enc) failed\n");
  9854. return -6809;
  9855. }
  9856. /* 100 times data encryption */
  9857. XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE);
  9858. for (j = 0; j < 100; j++) {
  9859. ret = wc_IdeaCipher(&idea, data, data);
  9860. if (ret != 0) {
  9861. return -6810;
  9862. }
  9863. }
  9864. if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) {
  9865. printf("Bad encryption (100 times)\n");
  9866. return -6811;
  9867. }
  9868. /* 1000 times data encryption */
  9869. XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE);
  9870. for (j = 0; j < 1000; j++) {
  9871. ret = wc_IdeaCipher(&idea, data, data);
  9872. if (ret != 0) {
  9873. return -6812;
  9874. }
  9875. }
  9876. if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) {
  9877. printf("Bad encryption (100 times)\n");
  9878. return -6813;
  9879. }
  9880. }
  9881. #ifndef WC_NO_RNG
  9882. /* random test for CBC */
  9883. {
  9884. WC_RNG rng;
  9885. byte key[IDEA_KEY_SIZE], iv[IDEA_BLOCK_SIZE],
  9886. *rnd, *enc, *dec;
  9887. #define IDEA_SCRATCH_BUFFER_SIZE 1000
  9888. rnd = (byte *)XMALLOC(IDEA_SCRATCH_BUFFER_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9889. enc = (byte *)XMALLOC(IDEA_SCRATCH_BUFFER_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9890. dec = (byte *)XMALLOC(IDEA_SCRATCH_BUFFER_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9891. if ((rnd == NULL) || (enc == NULL) || (dec == NULL)) {
  9892. if (rnd)
  9893. XFREE(rnd, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9894. if (enc)
  9895. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9896. if (dec)
  9897. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9898. return -6823;
  9899. }
  9900. /* random values */
  9901. #ifndef HAVE_FIPS
  9902. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  9903. #else
  9904. ret = wc_InitRng(&rng);
  9905. #endif
  9906. if (ret != 0)
  9907. return -6814;
  9908. for (i = 0; i < 1000; i++) {
  9909. /* random key */
  9910. ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
  9911. if (ret != 0)
  9912. return -6815;
  9913. /* random iv */
  9914. ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv));
  9915. if (ret != 0)
  9916. return -6816;
  9917. /* random data */
  9918. ret = wc_RNG_GenerateBlock(&rng, rnd, IDEA_SCRATCH_BUFFER_SIZE);
  9919. if (ret != 0)
  9920. return -6817;
  9921. /* Set encryption key */
  9922. XMEMSET(&idea, 0, sizeof(Idea));
  9923. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION);
  9924. if (ret != 0) {
  9925. printf("wc_IdeaSetKey (enc) failed\n");
  9926. return -6818;
  9927. }
  9928. /* Data encryption */
  9929. XMEMSET(enc, 0, IDEA_SCRATCH_BUFFER_SIZE);
  9930. ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, IDEA_SCRATCH_BUFFER_SIZE);
  9931. if (ret != 0) {
  9932. printf("wc_IdeaCbcEncrypt failed\n");
  9933. return -6819;
  9934. }
  9935. /* Set decryption key */
  9936. XMEMSET(&idea, 0, sizeof(Idea));
  9937. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION);
  9938. if (ret != 0) {
  9939. printf("wc_IdeaSetKey (enc) failed\n");
  9940. return -6820;
  9941. }
  9942. /* Data decryption */
  9943. XMEMSET(dec, 0, IDEA_SCRATCH_BUFFER_SIZE);
  9944. ret = wc_IdeaCbcDecrypt(&idea, dec, enc, IDEA_SCRATCH_BUFFER_SIZE);
  9945. if (ret != 0) {
  9946. printf("wc_IdeaCbcDecrypt failed\n");
  9947. return -6821;
  9948. }
  9949. if (XMEMCMP(rnd, dec, IDEA_SCRATCH_BUFFER_SIZE)) {
  9950. printf("Bad CBC decryption\n");
  9951. return -6822;
  9952. }
  9953. }
  9954. XFREE(rnd, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9955. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9956. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9957. #undef IDEA_SCRATCH_BUFFER_SIZE
  9958. wc_FreeRng(&rng);
  9959. }
  9960. #endif /* WC_NO_RNG */
  9961. return 0;
  9962. }
  9963. #endif /* HAVE_IDEA */
  9964. #ifdef HAVE_XCHACHA
  9965. WOLFSSL_TEST_SUBROUTINE int XChaCha_test(void) {
  9966. int ret = -6830;
  9967. WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
  9968. 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
  9969. 0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */
  9970. 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */
  9971. 0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */
  9972. 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */
  9973. 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */
  9974. 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */
  9975. 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */
  9976. 0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */
  9977. 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */
  9978. 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */
  9979. 0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */
  9980. 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */
  9981. 0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */
  9982. 0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */
  9983. 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */
  9984. 0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */
  9985. 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */
  9986. 0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */
  9987. };
  9988. WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
  9989. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  9990. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  9991. };
  9992. WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
  9993. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
  9994. 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */
  9995. WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
  9996. 0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f,
  9997. 0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9,
  9998. 0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa,
  9999. 0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d,
  10000. 0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a,
  10001. 0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda,
  10002. 0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31,
  10003. 0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44,
  10004. 0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b,
  10005. 0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40,
  10006. 0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e,
  10007. 0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c,
  10008. 0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41,
  10009. 0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae,
  10010. 0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa,
  10011. 0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c,
  10012. 0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20,
  10013. 0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63,
  10014. 0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
  10015. };
  10016. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10017. struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
  10018. byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10019. byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10020. if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
  10021. ERROR_OUT(MEMORY_E, out);
  10022. #else
  10023. struct ChaCha chacha[1];
  10024. byte buf1[sizeof Plaintext];
  10025. byte buf2[sizeof Plaintext];
  10026. #endif
  10027. ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
  10028. if (ret < 0)
  10029. ERROR_OUT(-6831, out);
  10030. ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext);
  10031. if (ret < 0)
  10032. ERROR_OUT(-6832, out);
  10033. if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
  10034. ERROR_OUT(-6833, out);
  10035. ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
  10036. if (ret < 0)
  10037. ERROR_OUT(-6834, out);
  10038. ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext);
  10039. if (ret < 0)
  10040. ERROR_OUT(-6835, out);
  10041. if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
  10042. ERROR_OUT(-6836, out);
  10043. out:
  10044. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10045. if (chacha)
  10046. XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
  10047. if (buf1)
  10048. XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10049. if (buf2)
  10050. XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10051. #endif
  10052. return ret;
  10053. }
  10054. #endif /* HAVE_XCHACHA */
  10055. #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
  10056. WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void) {
  10057. int ret;
  10058. WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
  10059. 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
  10060. 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
  10061. 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
  10062. 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
  10063. 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
  10064. 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
  10065. 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
  10066. 0x74, 0x2e }; /* t. */
  10067. WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
  10068. WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
  10069. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  10070. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  10071. };
  10072. WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
  10073. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
  10074. 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
  10075. WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
  10076. 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
  10077. 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
  10078. 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
  10079. 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
  10080. 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
  10081. 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
  10082. 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
  10083. 0xb5, 0x2e };
  10084. WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
  10085. 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
  10086. };
  10087. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10088. byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10089. byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10090. if ((buf1 == NULL) || (buf2 == NULL))
  10091. ERROR_OUT(-6480, out);
  10092. #else
  10093. byte buf1[sizeof Ciphertext + sizeof Tag];
  10094. byte buf2[sizeof Plaintext];
  10095. #endif
  10096. ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
  10097. Plaintext, sizeof Plaintext,
  10098. AAD, sizeof AAD,
  10099. IV, sizeof IV,
  10100. Key, sizeof Key);
  10101. if (ret < 0)
  10102. ERROR_OUT(-6841, out);
  10103. if (XMEMCMP(buf1, Ciphertext, sizeof Ciphertext))
  10104. ERROR_OUT(-6842, out);
  10105. if (XMEMCMP(buf1 + sizeof Ciphertext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
  10106. ERROR_OUT(-6843, out);
  10107. ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
  10108. buf1, sizeof Ciphertext + sizeof Tag,
  10109. AAD, sizeof AAD,
  10110. IV, sizeof IV,
  10111. Key, sizeof Key);
  10112. if (ret < 0)
  10113. ERROR_OUT(-6844, out);
  10114. if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
  10115. ERROR_OUT(-6845, out);
  10116. out:
  10117. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10118. if (buf1 != NULL)
  10119. XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10120. if (buf2 != NULL)
  10121. XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10122. #endif
  10123. return ret;
  10124. }
  10125. #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
  10126. #ifndef WC_NO_RNG
  10127. static int _rng_test(WC_RNG* rng, int errorOffset)
  10128. {
  10129. byte block[32];
  10130. int ret, i;
  10131. XMEMSET(block, 0, sizeof(block));
  10132. ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
  10133. if (ret != 0) {
  10134. ret = -6850;
  10135. goto exit;
  10136. }
  10137. /* Check for 0's */
  10138. for (i=0; i<(int)sizeof(block); i++) {
  10139. if (block[i] == 0) {
  10140. ret++;
  10141. }
  10142. }
  10143. /* All zeros count check */
  10144. if (ret >= (int)sizeof(block)) {
  10145. ret = -6851;
  10146. goto exit;
  10147. }
  10148. ret = wc_RNG_GenerateByte(rng, block);
  10149. if (ret != 0) {
  10150. ret = -6852;
  10151. goto exit;
  10152. }
  10153. /* Parameter validation testing. */
  10154. ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
  10155. if (ret != BAD_FUNC_ARG) {
  10156. ret = -6853;
  10157. goto exit;
  10158. }
  10159. ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
  10160. if (ret != BAD_FUNC_ARG) {
  10161. ret = -6854;
  10162. goto exit;
  10163. }
  10164. ret = wc_RNG_GenerateByte(NULL, block);
  10165. if (ret != BAD_FUNC_ARG) {
  10166. ret = -6855;
  10167. goto exit;
  10168. }
  10169. ret = wc_RNG_GenerateByte(rng, NULL);
  10170. if (ret != BAD_FUNC_ARG) {
  10171. ret = -6856;
  10172. goto exit;
  10173. }
  10174. ret = 0;
  10175. exit:
  10176. if (ret != 0)
  10177. ret += errorOffset;
  10178. return ret;
  10179. }
  10180. static int random_rng_test(void)
  10181. {
  10182. WC_RNG localRng;
  10183. WC_RNG* rng;
  10184. int ret;
  10185. rng = &localRng;
  10186. /* Test stack based RNG. */
  10187. #ifndef HAVE_FIPS
  10188. ret = wc_InitRng_ex(rng, HEAP_HINT, devId);
  10189. #else
  10190. ret = wc_InitRng(rng);
  10191. #endif
  10192. if (ret != 0) return -6900;
  10193. ret = _rng_test(rng, -6300);
  10194. /* Make sure and free RNG */
  10195. wc_FreeRng(rng);
  10196. if (ret != 0) return ret;
  10197. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
  10198. {
  10199. byte nonce[8] = { 0 };
  10200. /* Test dynamic RNG. */
  10201. rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
  10202. if (rng == NULL) return -6901;
  10203. ret = _rng_test(rng, -6310);
  10204. wc_rng_free(rng);
  10205. }
  10206. #endif
  10207. return ret;
  10208. }
  10209. #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
  10210. #ifdef WC_RNG_SEED_CB
  10211. static int seed_cb(OS_Seed* os, byte* output, word32 sz)
  10212. {
  10213. word32 i;
  10214. (void)os;
  10215. /* Known answer test. Set the seed to the same value every time. */
  10216. for (i = 0; i < sz; i++)
  10217. output[i] = (byte)i;
  10218. return 0;
  10219. }
  10220. static int rng_seed_test(void)
  10221. {
  10222. #ifndef HAVE_FIPS
  10223. WOLFSSL_SMALL_STACK_STATIC const byte check[] =
  10224. {
  10225. 0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
  10226. 0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
  10227. 0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
  10228. 0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
  10229. };
  10230. #else
  10231. /* FIPS uses a longer seed, so different check value. */
  10232. WOLFSSL_SMALL_STACK_STATIC const byte check[] =
  10233. {
  10234. 0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
  10235. 0xbd, 0xa5, 0xa3, 0x52, 0x69, 0xf3, 0xb9, 0xb2,
  10236. 0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
  10237. 0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
  10238. };
  10239. #endif
  10240. byte output[WC_SHA256_DIGEST_SIZE];
  10241. WC_RNG rng;
  10242. int ret;
  10243. ret = wc_SetSeed_Cb(seed_cb);
  10244. if (ret != 0) {
  10245. ret = -7007;
  10246. goto exit;
  10247. }
  10248. ret = wc_InitRng(&rng);
  10249. if (ret != 0) {
  10250. ret = -7008;
  10251. goto exit;
  10252. }
  10253. ret = wc_RNG_GenerateBlock(&rng, output, sizeof(output));
  10254. if (ret != 0) {
  10255. ret = -7009;
  10256. goto exit;
  10257. }
  10258. ret = XMEMCMP(output, check, sizeof(output));
  10259. if (ret != 0) {
  10260. ret = -7010;
  10261. goto exit;
  10262. }
  10263. ret = wc_FreeRng(&rng);
  10264. if (ret != 0) {
  10265. ret = -7011;
  10266. goto exit;
  10267. }
  10268. ret = wc_SetSeed_Cb(wc_GenerateSeed);
  10269. if (ret != 0) {
  10270. ret = -7012;
  10271. }
  10272. exit:
  10273. return ret;
  10274. }
  10275. #endif
  10276. WOLFSSL_TEST_SUBROUTINE int random_test(void)
  10277. {
  10278. WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
  10279. {
  10280. 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
  10281. 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
  10282. 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
  10283. 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
  10284. };
  10285. WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] =
  10286. {
  10287. 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
  10288. 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
  10289. 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
  10290. 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
  10291. 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
  10292. 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
  10293. 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
  10294. 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
  10295. 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
  10296. 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
  10297. 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
  10298. };
  10299. WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] =
  10300. {
  10301. 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
  10302. 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
  10303. 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
  10304. 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
  10305. };
  10306. WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] =
  10307. {
  10308. 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
  10309. 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
  10310. 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
  10311. };
  10312. WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] =
  10313. {
  10314. 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
  10315. 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
  10316. 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
  10317. 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
  10318. 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
  10319. 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
  10320. 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
  10321. 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
  10322. 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
  10323. 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
  10324. 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
  10325. };
  10326. byte output[WC_SHA256_DIGEST_SIZE * 4];
  10327. int ret;
  10328. ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
  10329. output, sizeof(output));
  10330. if (ret != 0)
  10331. return -7000;
  10332. if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
  10333. return -7001;
  10334. ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
  10335. test2EntropyB, sizeof(test2EntropyB),
  10336. output, sizeof(output));
  10337. if (ret != 0)
  10338. return -7002;
  10339. if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
  10340. return -7003;
  10341. /* Basic RNG generate block test */
  10342. if ((ret = random_rng_test()) != 0)
  10343. return ret;
  10344. /* Test the seed check function. */
  10345. #if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
  10346. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
  10347. {
  10348. word32 i, outputSz;
  10349. /* Repeat the same byte over and over. Should fail. */
  10350. outputSz = sizeof(output);
  10351. XMEMSET(output, 1, outputSz);
  10352. ret = wc_RNG_TestSeed(output, outputSz);
  10353. if (ret == 0)
  10354. return -7004;
  10355. /* Every byte of the entropy scratch is different,
  10356. * entropy is a single byte that shouldn't match. */
  10357. outputSz = (sizeof(word32) * 2) + 1;
  10358. for (i = 0; i < outputSz; i++)
  10359. output[i] = (byte)i;
  10360. ret = wc_RNG_TestSeed(output, outputSz);
  10361. if (ret != 0)
  10362. return -7005;
  10363. outputSz = sizeof(output);
  10364. for (i = 0; i < outputSz; i++)
  10365. output[i] = (byte)i;
  10366. ret = wc_RNG_TestSeed(output, outputSz);
  10367. if (ret != 0)
  10368. return -7006;
  10369. }
  10370. #endif
  10371. /* Test the seed callback. */
  10372. #ifdef WC_RNG_SEED_CB
  10373. if ((ret = rng_seed_test()) != 0)
  10374. return ret;
  10375. #endif
  10376. return 0;
  10377. }
  10378. #else
  10379. WOLFSSL_TEST_SUBROUTINE int random_test(void)
  10380. {
  10381. /* Basic RNG generate block test */
  10382. return random_rng_test();
  10383. }
  10384. #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
  10385. #endif /* WC_NO_RNG */
  10386. #ifndef MEM_TEST_SZ
  10387. #define MEM_TEST_SZ 1024
  10388. #endif
  10389. #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
  10390. static int simple_mem_test(int sz)
  10391. {
  10392. int ret = 0;
  10393. byte* b;
  10394. int i;
  10395. b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10396. if (b == NULL) {
  10397. return -7110;
  10398. }
  10399. /* utilize memory */
  10400. for (i = 0; i < sz; i++) {
  10401. b[i] = (byte)i;
  10402. }
  10403. /* read back and verify */
  10404. for (i = 0; i < sz; i++) {
  10405. if (b[i] != (byte)i) {
  10406. ret = -7111;
  10407. break;
  10408. }
  10409. }
  10410. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10411. return ret;
  10412. }
  10413. #endif
  10414. WOLFSSL_TEST_SUBROUTINE int memory_test(void)
  10415. {
  10416. int ret = 0;
  10417. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC)
  10418. byte* b = NULL;
  10419. #endif
  10420. #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
  10421. int i;
  10422. #endif
  10423. #ifdef WOLFSSL_STATIC_MEMORY
  10424. word32 size[] = { WOLFMEM_BUCKETS };
  10425. word32 dist[] = { WOLFMEM_DIST };
  10426. byte buffer[30000]; /* make large enough to involve many bucket sizes */
  10427. int pad = -(int)((wc_ptr_t)buffer) & (WOLFSSL_STATIC_ALIGN - 1);
  10428. /* pad to account for if head of buffer is not at set memory
  10429. * alignment when tests are ran */
  10430. #endif
  10431. #ifdef WOLFSSL_STATIC_MEMORY
  10432. /* check macro settings */
  10433. if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
  10434. return -7200;
  10435. }
  10436. if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
  10437. return -7201;
  10438. }
  10439. for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
  10440. if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
  10441. /* each element in array should be divisible by alignment size */
  10442. return -7202;
  10443. }
  10444. }
  10445. for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) {
  10446. if (size[i - 1] >= size[i]) {
  10447. return -7203; /* sizes should be in increasing order */
  10448. }
  10449. }
  10450. /* check that padding size returned is possible */
  10451. if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
  10452. return -7204; /* no room for wc_Memory struct */
  10453. }
  10454. if (wolfSSL_MemoryPaddingSz() < 0) {
  10455. return -7205;
  10456. }
  10457. if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
  10458. return -7206; /* not aligned! */
  10459. }
  10460. /* check function to return optimum buffer size (rounded down) */
  10461. ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
  10462. if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
  10463. return -7207; /* not aligned! */
  10464. }
  10465. if (ret < 0) {
  10466. return -7208;
  10467. }
  10468. if ((unsigned int)ret > sizeof(buffer)) {
  10469. return -7209; /* did not round down as expected */
  10470. }
  10471. if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
  10472. return -7210; /* return value changed when using suggested value */
  10473. }
  10474. ret = wolfSSL_MemoryPaddingSz();
  10475. ret += pad; /* add space that is going to be needed if buffer not aligned */
  10476. if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
  10477. (ret + (int)size[0])) {
  10478. return -7211; /* did not round down to nearest bucket value */
  10479. }
  10480. ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
  10481. if ((ret - pad) < 0) {
  10482. return -7212;
  10483. }
  10484. if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
  10485. return -7213; /* not even chunks of memory for IO size */
  10486. }
  10487. if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
  10488. return -7214; /* memory not aligned */
  10489. }
  10490. /* check for passing bad or unknown arguments to functions */
  10491. if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
  10492. return -7215;
  10493. }
  10494. if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
  10495. return -7216; /* should round to 0 since struct + bucket will not fit */
  10496. }
  10497. (void)dist; /* avoid static analysis warning of variable not used */
  10498. #endif
  10499. #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
  10500. /* simple test */
  10501. ret = simple_mem_test(MEM_TEST_SZ);
  10502. if (ret != 0)
  10503. return ret;
  10504. #endif
  10505. #ifdef COMPLEX_MEM_TEST
  10506. /* test various size blocks */
  10507. for (i = 1; i < MEM_TEST_SZ; i*=2) {
  10508. ret = simple_mem_test(i);
  10509. if (ret != 0)
  10510. return ret;
  10511. }
  10512. #endif
  10513. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC)
  10514. /* realloc test */
  10515. b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10516. if (b) {
  10517. b = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT,
  10518. DYNAMIC_TYPE_TMP_BUFFER);
  10519. }
  10520. if (b == NULL) {
  10521. return -7217;
  10522. }
  10523. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10524. #endif
  10525. return ret;
  10526. }
  10527. #ifndef NO_FILESYSTEM
  10528. /* Cert Paths */
  10529. #ifdef FREESCALE_MQX
  10530. #define CERT_PREFIX "a:\\"
  10531. #define CERT_PATH_SEP "\\"
  10532. #elif defined(WOLFSSL_uTKERNEL2)
  10533. #define CERT_PREFIX "/uda/"
  10534. #define CERT_PATH_SEP "/"
  10535. #elif defined(_WIN32_WCE)
  10536. #define CERT_PREFIX "\\windows\\"
  10537. #define CERT_PATH_SEP "\\"
  10538. #endif
  10539. #ifndef CERT_PREFIX
  10540. #define CERT_PREFIX "./"
  10541. #endif
  10542. #ifndef CERT_PATH_SEP
  10543. #define CERT_PATH_SEP "/"
  10544. #endif
  10545. #ifndef CERT_WRITE_TEMP_DIR
  10546. #define CERT_WRITE_TEMP_DIR CERT_PREFIX
  10547. #endif
  10548. #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
  10549. /* Generated Test Certs */
  10550. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  10551. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  10552. #if !defined(NO_RSA) && !defined(NO_ASN)
  10553. static const char* clientKey = CERT_ROOT "client-key.der";
  10554. static const char* clientCert = CERT_ROOT "client-cert.der";
  10555. #ifdef WOLFSSL_CERT_EXT
  10556. static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
  10557. #endif
  10558. #endif /* !NO_RSA && !NO_ASN */
  10559. #endif
  10560. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  10561. #if !defined(NO_RSA) && !defined(NO_ASN)
  10562. #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7)
  10563. static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
  10564. #ifdef WOLFSSL_CERT_GEN
  10565. static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
  10566. #endif
  10567. #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
  10568. static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
  10569. #endif
  10570. #ifdef HAVE_PKCS7
  10571. static const char* rsaServerCertDerFile =
  10572. CERT_ROOT "server-cert.der";
  10573. static const char* rsaServerKeyDerFile =
  10574. CERT_ROOT "server-key.der";
  10575. #endif
  10576. #endif
  10577. #endif /* !NO_RSA && !NO_ASN */
  10578. #endif /* !USE_CERT_BUFFER_* */
  10579. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  10580. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  10581. #if !defined(NO_ASN) && !defined(NO_DH)
  10582. static const char* dhParamsFile = CERT_ROOT "dh2048.der";
  10583. #endif
  10584. #endif
  10585. #if !defined(NO_ASN) && !defined(NO_DH)
  10586. #if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \
  10587. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  10588. static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der";
  10589. static const char* dhKeyPubFile = CERT_ROOT "statickeys/dh-ffdhe2048-pub.der";
  10590. #endif
  10591. #endif
  10592. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  10593. #ifndef NO_DSA
  10594. static const char* dsaKey = CERT_ROOT "dsa2048.der";
  10595. #endif
  10596. #endif /* !USE_CERT_BUFFER_* */
  10597. #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256)
  10598. #ifdef HAVE_ECC
  10599. /* cert files to be used in rsa cert gen test, check if RSA enabled */
  10600. #ifdef HAVE_ECC_KEY_IMPORT
  10601. static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
  10602. #endif
  10603. #endif
  10604. #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
  10605. #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
  10606. #ifndef NO_RSA
  10607. static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
  10608. #endif
  10609. static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
  10610. static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
  10611. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  10612. static const char* eccCaKey384File =
  10613. CERT_ROOT "ca-ecc384-key.der";
  10614. static const char* eccCaCert384File =
  10615. CERT_ROOT "ca-ecc384-cert.pem";
  10616. #endif
  10617. #endif
  10618. #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
  10619. static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
  10620. static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
  10621. #endif
  10622. #endif /* HAVE_ECC */
  10623. #ifdef HAVE_ED25519
  10624. #ifdef WOLFSSL_TEST_CERT
  10625. static const char* serverEd25519Cert =
  10626. CERT_ROOT "ed25519/server-ed25519.der";
  10627. static const char* caEd25519Cert =
  10628. CERT_ROOT "ed25519/ca-ed25519.der";
  10629. #endif
  10630. #endif
  10631. #ifdef HAVE_ED448
  10632. #ifdef WOLFSSL_TEST_CERT
  10633. static const char* serverEd448Cert =
  10634. CERT_ROOT "ed448/server-ed448.der";
  10635. static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der";
  10636. #endif
  10637. #endif
  10638. #endif /* !USE_CERT_BUFFER_* */
  10639. #ifndef NO_WRITE_TEMP_FILES
  10640. #ifdef HAVE_ECC
  10641. #ifdef WOLFSSL_CERT_GEN
  10642. static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
  10643. #endif
  10644. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
  10645. static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
  10646. static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
  10647. #endif
  10648. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  10649. static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
  10650. static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
  10651. static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
  10652. #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG)
  10653. static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
  10654. #endif
  10655. #endif /* HAVE_ECC_KEY_EXPORT */
  10656. #if defined(WOLFSSL_CERT_GEN) || \
  10657. (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT))
  10658. static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
  10659. #endif
  10660. #endif /* HAVE_ECC */
  10661. #ifndef NO_RSA
  10662. #if defined(WOLFSSL_CERT_GEN) || \
  10663. (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT))
  10664. static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
  10665. static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
  10666. #endif
  10667. #ifdef WOLFSSL_CERT_GEN
  10668. static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
  10669. static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem";
  10670. #endif
  10671. #ifdef WOLFSSL_CERT_REQ
  10672. static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der";
  10673. static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem";
  10674. #endif
  10675. #endif /* !NO_RSA */
  10676. #if !defined(NO_RSA) || !defined(NO_DSA)
  10677. #ifdef WOLFSSL_KEY_GEN
  10678. static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
  10679. static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
  10680. #endif
  10681. #endif
  10682. #endif /* !NO_WRITE_TEMP_FILES */
  10683. #endif /* !NO_FILESYSTEM */
  10684. #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
  10685. (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
  10686. #ifdef WOLFSSL_MULTI_ATTRIB
  10687. static CertName certDefaultName;
  10688. static void initDefaultName(void)
  10689. {
  10690. XMEMCPY(certDefaultName.country, "US", sizeof("US"));
  10691. certDefaultName.countryEnc = CTC_PRINTABLE;
  10692. XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
  10693. certDefaultName.stateEnc = CTC_UTF8;
  10694. XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
  10695. certDefaultName.localityEnc = CTC_UTF8;
  10696. XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
  10697. certDefaultName.surEnc = CTC_UTF8;
  10698. XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
  10699. certDefaultName.orgEnc = CTC_UTF8;
  10700. XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
  10701. certDefaultName.unitEnc = CTC_UTF8;
  10702. XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
  10703. certDefaultName.commonNameEnc = CTC_UTF8;
  10704. XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
  10705. certDefaultName.serialDevEnc = CTC_PRINTABLE;
  10706. #ifdef WOLFSSL_CERT_EXT
  10707. XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
  10708. certDefaultName.busCatEnc = CTC_UTF8;
  10709. #endif
  10710. XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
  10711. #ifdef WOLFSSL_TEST_CERT
  10712. {
  10713. NameAttrib* n;
  10714. /* test having additional OUs and setting DC */
  10715. n = &certDefaultName.name[0];
  10716. n->id = ASN_ORGUNIT_NAME;
  10717. n->type = CTC_UTF8;
  10718. n->sz = sizeof("Development-2");
  10719. XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
  10720. #if CTC_MAX_ATTRIB > 3
  10721. n = &certDefaultName.name[1];
  10722. n->id = ASN_DOMAIN_COMPONENT;
  10723. n->type = CTC_UTF8;
  10724. n->sz = sizeof("com");
  10725. XMEMCPY(n->value, "com", sizeof("com"));
  10726. n = &certDefaultName.name[2];
  10727. n->id = ASN_DOMAIN_COMPONENT;
  10728. n->type = CTC_UTF8;
  10729. n->sz = sizeof("wolfssl");
  10730. XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
  10731. #endif
  10732. }
  10733. #endif /* WOLFSSL_TEST_CERT */
  10734. }
  10735. #else
  10736. static const CertName certDefaultName = {
  10737. "US", CTC_PRINTABLE, /* country */
  10738. "Oregon", CTC_UTF8, /* state */
  10739. "Main St", CTC_UTF8, /* street */
  10740. "Portland", CTC_UTF8, /* locality */
  10741. "Test", CTC_UTF8, /* sur */
  10742. "wolfSSL", CTC_UTF8, /* org */
  10743. "Development", CTC_UTF8, /* unit */
  10744. "www.wolfssl.com", CTC_UTF8, /* commonName */
  10745. "wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
  10746. "12-456", CTC_PRINTABLE, /* Postal Code */
  10747. #ifdef WOLFSSL_CERT_EXT
  10748. "Private Organization", CTC_UTF8, /* businessCategory */
  10749. "US", CTC_PRINTABLE, /* jurisdiction country */
  10750. "Oregon", CTC_PRINTABLE, /* jurisdiction state */
  10751. #endif
  10752. "info@wolfssl.com", /* email */
  10753. };
  10754. #endif /* WOLFSSL_MULTI_ATTRIB */
  10755. #ifdef WOLFSSL_CERT_EXT
  10756. #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
  10757. defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC)
  10758. WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
  10759. "digitalSignature,nonRepudiation";
  10760. #endif
  10761. #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
  10762. WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
  10763. "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
  10764. #endif
  10765. #endif /* WOLFSSL_CERT_EXT */
  10766. #endif /* WOLFSSL_CERT_GEN */
  10767. #ifndef NO_RSA
  10768. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  10769. !defined(NO_FILESYSTEM)
  10770. static byte minSerial[] = { 0x02, 0x01, 0x01 };
  10771. static byte minName[] = { 0x30, 0x00 };
  10772. static byte nameBad[] = {
  10773. 0x30, 0x08,
  10774. 0x31, 0x06,
  10775. 0x30, 0x04,
  10776. 0x06, 0x02,
  10777. 0x55, 0x04,
  10778. };
  10779. static byte minDates[] = {
  10780. 0x30, 0x1e,
  10781. 0x17, 0x0d,
  10782. 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
  10783. 0x32, 0x33, 0x31, 0x30, 0x5a,
  10784. 0x17, 0x0d,
  10785. 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
  10786. 0x32, 0x33, 0x31, 0x30, 0x5a
  10787. };
  10788. static byte minPubKey[] = {
  10789. 0x30, 0x1c,
  10790. 0x30, 0x0d,
  10791. 0x06, 0x09,
  10792. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
  10793. 0x01,
  10794. 0x05, 0x00,
  10795. 0x03, 0x0b,
  10796. 0x00, 0x30, 0x08,
  10797. 0x02, 0x01,
  10798. 0x03,
  10799. 0x02, 0x03,
  10800. 0x01, 0x00, 0x01
  10801. };
  10802. static byte minSigAlg[] = {
  10803. 0x30, 0x0d,
  10804. 0x06, 0x09,
  10805. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
  10806. 0x0b,
  10807. 0x05, 0x00
  10808. };
  10809. static byte minSig[] = {
  10810. 0x03, 0x01,
  10811. 0x00
  10812. };
  10813. static int add_seq(byte* certData, int offset, byte* data, byte length)
  10814. {
  10815. XMEMMOVE(certData + offset + 2, data, length);
  10816. certData[offset++] = 0x30;
  10817. certData[offset++] = length;
  10818. return offset + length;
  10819. }
  10820. static int add_data(byte* certData, int offset, byte* data, byte length)
  10821. {
  10822. XMEMCPY(certData + offset, data, length);
  10823. return offset + length;
  10824. }
  10825. static int cert_asn1_test(void)
  10826. {
  10827. int ret;
  10828. int len[3];
  10829. DecodedCert cert;
  10830. byte certData[106];
  10831. byte* badCert = NULL;
  10832. len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
  10833. len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
  10834. len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
  10835. len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
  10836. len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
  10837. len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
  10838. len[1] = add_seq(certData, 0, certData, len[2]);
  10839. len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
  10840. len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
  10841. len[0] = add_seq(certData, 0, certData, len[1]);
  10842. /* Minimal good certificate */
  10843. InitDecodedCert(&cert, certData, len[0], 0);
  10844. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10845. FreeDecodedCert(&cert);
  10846. if (ret != 0) {
  10847. ERROR_OUT(-7300, done);
  10848. }
  10849. /* Bad issuer name */
  10850. len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
  10851. len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
  10852. len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
  10853. len[1] = add_seq(certData, 0, certData, len[2]);
  10854. len[0] = add_seq(certData, 0, certData, len[1]);
  10855. /* Put data into allocated buffer to allow access error checking. */
  10856. badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10857. XMEMCPY(badCert, certData, len[0]);
  10858. InitDecodedCert(&cert, badCert, len[0], 0);
  10859. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10860. FreeDecodedCert(&cert);
  10861. if (ret != ASN_PARSE_E) {
  10862. ERROR_OUT(-7301, done);
  10863. }
  10864. XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10865. badCert = NULL;
  10866. ret = 0;
  10867. done:
  10868. if (badCert != NULL)
  10869. XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10870. return ret;
  10871. }
  10872. WOLFSSL_TEST_SUBROUTINE int cert_test(void)
  10873. {
  10874. #if !defined(NO_FILESYSTEM)
  10875. DecodedCert cert;
  10876. byte* tmp;
  10877. size_t bytes;
  10878. XFILE file;
  10879. int ret;
  10880. tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10881. if (tmp == NULL)
  10882. return -7400;
  10883. /* Certificate with Name Constraints extension. */
  10884. #ifdef FREESCALE_MQX
  10885. file = XFOPEN(".\\certs\\test\\cert-ext-nc.der", "rb");
  10886. #else
  10887. file = XFOPEN("./certs/test/cert-ext-nc.der", "rb");
  10888. #endif
  10889. if (!file) {
  10890. ERROR_OUT(-7401, done);
  10891. }
  10892. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10893. XFCLOSE(file);
  10894. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10895. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10896. if (ret != 0) {
  10897. ERROR_OUT(-7402, done);
  10898. }
  10899. FreeDecodedCert(&cert);
  10900. /* Certificate with Inhibit Any Policy extension. */
  10901. #ifdef FREESCALE_MQX
  10902. file = XFOPEN(".\\certs\\test\\cert-ext-ia.der", "rb");
  10903. #else
  10904. file = XFOPEN("./certs/test/cert-ext-ia.der", "rb");
  10905. #endif
  10906. if (!file) {
  10907. ERROR_OUT(-7403, done);
  10908. }
  10909. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10910. XFCLOSE(file);
  10911. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10912. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10913. if (ret != 0) {
  10914. ERROR_OUT(-7404, done);
  10915. }
  10916. FreeDecodedCert(&cert);
  10917. /* Certificate with Netscape Certificate Type extension. */
  10918. #ifdef FREESCALE_MQX
  10919. file = XFOPEN(".\\certs\\test\\cert-ext-nct.der", "rb");
  10920. #else
  10921. file = XFOPEN("./certs/test/cert-ext-nct.der", "rb");
  10922. #endif
  10923. if (!file) {
  10924. ERROR_OUT(-7405, done);
  10925. }
  10926. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10927. XFCLOSE(file);
  10928. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10929. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10930. #ifndef IGNORE_NETSCAPE_CERT_TYPE
  10931. if (ret != 0) {
  10932. ERROR_OUT(-7406, done);
  10933. }
  10934. #else
  10935. if (ret != ASN_CRIT_EXT_E) {
  10936. ERROR_OUT(-7407, done);
  10937. }
  10938. ret = 0;
  10939. #endif
  10940. done:
  10941. FreeDecodedCert(&cert);
  10942. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10943. #endif /* !NO_FILESYSTEM */
  10944. if (ret == 0)
  10945. ret = cert_asn1_test();
  10946. return ret;
  10947. }
  10948. #endif /* WOLFSSL_TEST_CERT */
  10949. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  10950. !defined(NO_FILESYSTEM)
  10951. WOLFSSL_TEST_SUBROUTINE int certext_test(void)
  10952. {
  10953. DecodedCert cert;
  10954. byte* tmp;
  10955. size_t bytes;
  10956. XFILE file;
  10957. int ret;
  10958. /* created from rsa_test : othercert.der */
  10959. byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
  10960. "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
  10961. /* created from rsa_test : othercert.der */
  10962. byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
  10963. "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
  10964. #ifdef HAVE_ECC
  10965. /* created from ecc_test_cert_gen : certecc.der */
  10966. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  10967. /* Authority key id from ./certs/ca-ecc384-cert.pem */
  10968. byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
  10969. "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
  10970. #else
  10971. /* Authority key id from ./certs/ca-ecc-cert.pem */
  10972. byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
  10973. "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
  10974. #endif
  10975. #endif /* HAVE_ECC */
  10976. /* created from rsa_test : cert.der */
  10977. byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
  10978. "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
  10979. tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10980. if (tmp == NULL)
  10981. return -7500;
  10982. /* load othercert.der (Cert signed by an authority) */
  10983. file = XFOPEN(otherCertDerFile, "rb");
  10984. if (!file) {
  10985. XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  10986. return -7501;
  10987. }
  10988. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10989. XFCLOSE(file);
  10990. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10991. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  10992. if (ret != 0)
  10993. return -7502;
  10994. /* check the SKID from a RSA certificate */
  10995. if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
  10996. return -7503;
  10997. /* check the AKID from an RSA certificate */
  10998. if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  10999. return -7504;
  11000. /* check the Key Usage from an RSA certificate */
  11001. if (!cert.extKeyUsageSet)
  11002. return -7505;
  11003. if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
  11004. return -7506;
  11005. /* check the CA Basic Constraints from an RSA certificate */
  11006. if (cert.isCA)
  11007. return -7507;
  11008. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  11009. /* check the Certificate Policies Id */
  11010. if (cert.extCertPoliciesNb != 1)
  11011. return -7508;
  11012. if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
  11013. return -7509;
  11014. #endif
  11015. FreeDecodedCert(&cert);
  11016. #ifdef HAVE_ECC
  11017. /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
  11018. file = XFOPEN(certEccDerFile, "rb");
  11019. if (!file) {
  11020. XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  11021. return -7510;
  11022. }
  11023. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  11024. XFCLOSE(file);
  11025. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  11026. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  11027. if (ret != 0)
  11028. return -7511;
  11029. /* check the SKID from a ECC certificate - generated dynamically */
  11030. /* check the AKID from an ECC certificate */
  11031. if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  11032. return -7512;
  11033. /* check the Key Usage from an ECC certificate */
  11034. if (!cert.extKeyUsageSet)
  11035. return -7513;
  11036. if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
  11037. return -7514;
  11038. /* check the CA Basic Constraints from an ECC certificate */
  11039. if (cert.isCA)
  11040. return -7515;
  11041. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  11042. /* check the Certificate Policies Id */
  11043. if (cert.extCertPoliciesNb != 2)
  11044. return -7516;
  11045. if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
  11046. return -7517;
  11047. if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
  11048. return -7518;
  11049. #endif
  11050. FreeDecodedCert(&cert);
  11051. #endif /* HAVE_ECC */
  11052. /* load cert.der (self signed certificate) */
  11053. file = XFOPEN(certDerFile, "rb");
  11054. if (!file) {
  11055. XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  11056. return -7519;
  11057. }
  11058. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  11059. XFCLOSE(file);
  11060. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  11061. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  11062. if (ret != 0)
  11063. return -7520;
  11064. /* check the SKID from a CA certificate */
  11065. if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
  11066. return -7521;
  11067. /* check the AKID from an CA certificate */
  11068. if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  11069. return -7522;
  11070. /* check the Key Usage from CA certificate */
  11071. if (!cert.extKeyUsageSet)
  11072. return -7523;
  11073. if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
  11074. return -7524;
  11075. /* check the CA Basic Constraints CA certificate */
  11076. if (!cert.isCA)
  11077. return -7525;
  11078. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  11079. /* check the Certificate Policies Id */
  11080. if (cert.extCertPoliciesNb != 2)
  11081. return -7526;
  11082. if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
  11083. return -7527;
  11084. if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
  11085. return -7528;
  11086. #endif
  11087. FreeDecodedCert(&cert);
  11088. XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  11089. return 0;
  11090. }
  11091. #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT && !NO_FILESYSTEM */
  11092. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  11093. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  11094. WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void)
  11095. {
  11096. int ret = 0;
  11097. Cert cert;
  11098. FILE* file;
  11099. byte* der;
  11100. word32 derSz;
  11101. derSz = FOURK_BUF;
  11102. der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  11103. if (der == NULL)
  11104. ret = -7600;
  11105. if (ret == 0) {
  11106. /* load cert.der */
  11107. file = XFOPEN(certDerFile, "rb");
  11108. if (file != NULL) {
  11109. derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
  11110. XFCLOSE(file);
  11111. }
  11112. else
  11113. ret = -7601;
  11114. }
  11115. if (ret == 0) {
  11116. if (wc_InitCert_ex(&cert, HEAP_HINT, devId)) {
  11117. ret = -7602;
  11118. }
  11119. }
  11120. if (ret == 0) {
  11121. ret = wc_SetSubjectBuffer(&cert, der, derSz);
  11122. }
  11123. if (ret == 0) {
  11124. if(wc_SetSubjectBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
  11125. ret = -7603;
  11126. }
  11127. if (ret == 0) {
  11128. if (wc_SetSubjectRaw(&cert, der, derSz) != 0)
  11129. ret = -7604;
  11130. }
  11131. if (ret == 0) {
  11132. if(wc_SetSubjectRaw(NULL, der, derSz) != BAD_FUNC_ARG)
  11133. ret = -7605;
  11134. }
  11135. if (ret == 0) {
  11136. if(wc_SetIssuerBuffer(&cert, der, derSz) != 0)
  11137. ret = -7606;
  11138. }
  11139. if (ret == 0) {
  11140. if(wc_SetIssuerBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
  11141. ret = -7607;
  11142. }
  11143. if (ret == 0) {
  11144. if(wc_SetIssuerRaw(&cert, der, derSz) != 0)
  11145. ret = -7608;
  11146. }
  11147. if (ret == 0) {
  11148. if(wc_SetIssuerRaw(NULL, der, derSz) != BAD_FUNC_ARG)
  11149. ret = -7609;
  11150. }
  11151. #ifdef WOLFSSL_ALT_NAMES
  11152. if (ret == 0) {
  11153. if(wc_SetAltNamesBuffer(&cert, der, derSz) != 0)
  11154. ret = -7610;
  11155. }
  11156. if (ret == 0) {
  11157. if(wc_SetAltNamesBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
  11158. ret = -7611;
  11159. }
  11160. if (ret == 0) {
  11161. if(wc_SetDatesBuffer(&cert, der, derSz) != 0)
  11162. ret = -7612;
  11163. }
  11164. if (ret == 0) {
  11165. if(wc_SetDatesBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
  11166. ret = -7613;
  11167. }
  11168. #endif
  11169. if (ret == 0) {
  11170. if(wc_SetAuthKeyIdFromCert(&cert, der, derSz) != 0)
  11171. ret = -7614;
  11172. }
  11173. if (ret == 0) {
  11174. if(wc_SetAuthKeyIdFromCert(NULL, der, derSz) != BAD_FUNC_ARG)
  11175. ret = -7615;
  11176. }
  11177. wc_SetCert_Free(&cert);
  11178. if (ret == 0) {
  11179. if(cert.decodedCert != NULL)
  11180. ret = -7616;
  11181. }
  11182. XFREE(der, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  11183. return ret;
  11184. }
  11185. #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
  11186. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
  11187. #define RSA_TEST_BYTES 512 /* up to 4096-bit key */
  11188. #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  11189. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  11190. static int rsa_flatten_test(RsaKey* key)
  11191. {
  11192. int ret;
  11193. byte e[RSA_TEST_BYTES];
  11194. byte n[RSA_TEST_BYTES];
  11195. word32 eSz = sizeof(e);
  11196. word32 nSz = sizeof(n);
  11197. /* Parameter Validation testing. */
  11198. ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
  11199. #ifdef HAVE_USER_RSA
  11200. /* Implementation using IPP Libraries returns:
  11201. * -101 = USER_CRYPTO_ERROR
  11202. */
  11203. if (ret == 0)
  11204. #else
  11205. if (ret != BAD_FUNC_ARG)
  11206. #endif
  11207. return -7620;
  11208. ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
  11209. #ifdef HAVE_USER_RSA
  11210. /* Implementation using IPP Libraries returns:
  11211. * -101 = USER_CRYPTO_ERROR
  11212. */
  11213. if (ret == 0)
  11214. #else
  11215. if (ret != BAD_FUNC_ARG)
  11216. #endif
  11217. return -7621;
  11218. ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
  11219. #ifdef HAVE_USER_RSA
  11220. /* Implementation using IPP Libraries returns:
  11221. * -101 = USER_CRYPTO_ERROR
  11222. */
  11223. if (ret == 0)
  11224. #else
  11225. if (ret != BAD_FUNC_ARG)
  11226. #endif
  11227. return -7622;
  11228. ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
  11229. #ifdef HAVE_USER_RSA
  11230. /* Implementation using IPP Libraries returns:
  11231. * -101 = USER_CRYPTO_ERROR
  11232. */
  11233. if (ret == 0)
  11234. #else
  11235. if (ret != BAD_FUNC_ARG)
  11236. #endif
  11237. return -7623;
  11238. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
  11239. #ifdef HAVE_USER_RSA
  11240. /* Implementation using IPP Libraries returns:
  11241. * -101 = USER_CRYPTO_ERROR
  11242. */
  11243. if (ret == 0)
  11244. #else
  11245. if (ret != BAD_FUNC_ARG)
  11246. #endif
  11247. return -7624;
  11248. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  11249. if (ret != 0)
  11250. return -7625;
  11251. eSz = 0;
  11252. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  11253. #ifdef HAVE_USER_RSA
  11254. /* Implementation using IPP Libraries returns:
  11255. * -101 = USER_CRYPTO_ERROR
  11256. */
  11257. if (ret == 0)
  11258. #elif defined(HAVE_FIPS) && \
  11259. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
  11260. if (ret != 0)
  11261. #else
  11262. if (ret != RSA_BUFFER_E)
  11263. #endif
  11264. return -7626;
  11265. eSz = sizeof(e);
  11266. nSz = 0;
  11267. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  11268. #ifdef HAVE_USER_RSA
  11269. /* Implementation using IPP Libraries returns:
  11270. * -101 = USER_CRYPTO_ERROR
  11271. */
  11272. if (ret == 0)
  11273. #else
  11274. if (ret != RSA_BUFFER_E)
  11275. #endif
  11276. return -7627;
  11277. return 0;
  11278. }
  11279. #endif /* NO_ASN */
  11280. #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
  11281. && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  11282. static int rsa_export_key_test(RsaKey* key)
  11283. {
  11284. int ret;
  11285. byte e[3];
  11286. word32 eSz = sizeof(e);
  11287. byte n[RSA_TEST_BYTES];
  11288. word32 nSz = sizeof(n);
  11289. byte d[RSA_TEST_BYTES];
  11290. word32 dSz = sizeof(d);
  11291. byte p[RSA_TEST_BYTES/2];
  11292. word32 pSz = sizeof(p);
  11293. byte q[RSA_TEST_BYTES/2];
  11294. word32 qSz = sizeof(q);
  11295. word32 zero = 0;
  11296. ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11297. if (ret != BAD_FUNC_ARG)
  11298. return -7630;
  11299. ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11300. if (ret != BAD_FUNC_ARG)
  11301. return -7631;
  11302. ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11303. if (ret != BAD_FUNC_ARG)
  11304. return -7632;
  11305. ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11306. if (ret != BAD_FUNC_ARG)
  11307. return -7633;
  11308. ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
  11309. if (ret != BAD_FUNC_ARG)
  11310. return -7634;
  11311. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
  11312. if (ret != BAD_FUNC_ARG)
  11313. return -7635;
  11314. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
  11315. if (ret != BAD_FUNC_ARG)
  11316. return -7636;
  11317. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
  11318. if (ret != BAD_FUNC_ARG)
  11319. return -7637;
  11320. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
  11321. if (ret != BAD_FUNC_ARG)
  11322. return -7638;
  11323. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
  11324. if (ret != BAD_FUNC_ARG)
  11325. return -7639;
  11326. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
  11327. if (ret != BAD_FUNC_ARG)
  11328. return -7640;
  11329. ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11330. if (ret != RSA_BUFFER_E)
  11331. return -7641;
  11332. ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
  11333. if (ret != RSA_BUFFER_E)
  11334. return -7642;
  11335. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  11336. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
  11337. if (ret != RSA_BUFFER_E)
  11338. return -7643;
  11339. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
  11340. if (ret != RSA_BUFFER_E)
  11341. return -7644;
  11342. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
  11343. if (ret != RSA_BUFFER_E)
  11344. return -7645;
  11345. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  11346. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11347. if (ret != 0)
  11348. return -7646;
  11349. return 0;
  11350. }
  11351. #endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
  11352. #ifndef NO_SIG_WRAPPER
  11353. static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
  11354. {
  11355. int ret;
  11356. word32 sigSz;
  11357. WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
  11358. WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
  11359. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  11360. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  11361. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  11362. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  11363. };
  11364. WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = {
  11365. 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
  11366. 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
  11367. 0x00, 0x04, 0x20,
  11368. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  11369. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  11370. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  11371. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  11372. };
  11373. word32 inLen = (word32)XSTRLEN((char*)in);
  11374. byte out[RSA_TEST_BYTES];
  11375. /* Parameter Validation testing. */
  11376. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
  11377. if (ret != BAD_FUNC_ARG)
  11378. return -7650;
  11379. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
  11380. if (ret != BAD_FUNC_ARG)
  11381. return -7651;
  11382. sigSz = (word32)modLen;
  11383. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
  11384. inLen, out, &sigSz, key, keyLen, rng);
  11385. if (ret != BAD_FUNC_ARG)
  11386. return -7652;
  11387. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11388. 0, out, &sigSz, key, keyLen, rng);
  11389. if (ret != BAD_FUNC_ARG)
  11390. return -7653;
  11391. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11392. inLen, NULL, &sigSz, key, keyLen, rng);
  11393. if (ret != BAD_FUNC_ARG)
  11394. return -7654;
  11395. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11396. inLen, out, NULL, key, keyLen, rng);
  11397. if (ret != BAD_FUNC_ARG)
  11398. return -7655;
  11399. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11400. inLen, out, &sigSz, NULL, keyLen, rng);
  11401. if (ret != BAD_FUNC_ARG)
  11402. return -7656;
  11403. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11404. inLen, out, &sigSz, key, 0, rng);
  11405. if (ret != BAD_FUNC_ARG)
  11406. return -7657;
  11407. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11408. inLen, out, &sigSz, key, keyLen, NULL);
  11409. #ifdef HAVE_USER_RSA
  11410. /* Implementation using IPP Libraries returns:
  11411. * -101 = USER_CRYPTO_ERROR
  11412. */
  11413. if (ret == 0)
  11414. #elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
  11415. /* blinding / rng handled with hardware acceleration */
  11416. if (ret != 0)
  11417. #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
  11418. /* async may not require RNG */
  11419. if (ret != 0 && ret != MISSING_RNG_E)
  11420. #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
  11421. /* FIPS140 implementation does not do blinding */
  11422. if (ret != 0)
  11423. #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
  11424. if (ret != SIG_TYPE_E)
  11425. #elif defined(WOLFSSL_CRYPTOCELL)
  11426. /* RNG is handled with the cryptocell */
  11427. if (ret != 0)
  11428. #else
  11429. if (ret != MISSING_RNG_E)
  11430. #endif
  11431. return -7658;
  11432. sigSz = 0;
  11433. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11434. inLen, out, &sigSz, key, keyLen, rng);
  11435. if (ret != BAD_FUNC_ARG)
  11436. return -7659;
  11437. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
  11438. inLen, out, (word32)modLen, key, keyLen);
  11439. if (ret != BAD_FUNC_ARG)
  11440. return -7660;
  11441. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11442. 0, out, (word32)modLen, key, keyLen);
  11443. if (ret != BAD_FUNC_ARG)
  11444. return -7661;
  11445. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11446. inLen, NULL, (word32)modLen, key, keyLen);
  11447. if (ret != BAD_FUNC_ARG)
  11448. return -7662;
  11449. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11450. inLen, out, 0, key, keyLen);
  11451. if (ret != BAD_FUNC_ARG)
  11452. return -7663;
  11453. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11454. inLen, out, (word32)modLen, NULL, keyLen);
  11455. if (ret != BAD_FUNC_ARG)
  11456. return -7664;
  11457. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11458. inLen, out, (word32)modLen, key, 0);
  11459. if (ret != BAD_FUNC_ARG)
  11460. return -7665;
  11461. #ifndef HAVE_ECC
  11462. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
  11463. if (ret != SIG_TYPE_E)
  11464. return -7666;
  11465. #endif
  11466. /* Use APIs. */
  11467. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
  11468. if (ret != modLen)
  11469. return -7667;
  11470. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
  11471. if (ret != modLen)
  11472. return -7668;
  11473. sigSz = (word32)ret;
  11474. #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  11475. XMEMSET(out, 0, sizeof(out));
  11476. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11477. inLen, out, &sigSz, key, keyLen, rng);
  11478. if (ret != 0)
  11479. return -7669;
  11480. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11481. inLen, out, (word32)modLen, key, keyLen);
  11482. if (ret != 0)
  11483. return -7670;
  11484. sigSz = (word32)sizeof(out);
  11485. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  11486. in, inLen, out, &sigSz, key, keyLen, rng);
  11487. if (ret != 0)
  11488. return -7671;
  11489. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  11490. in, inLen, out, (word32)modLen, key, keyLen);
  11491. if (ret != 0)
  11492. return -7672;
  11493. /* Wrong signature type. */
  11494. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11495. inLen, out, (word32)modLen, key, keyLen);
  11496. if (ret == 0)
  11497. return -7673;
  11498. /* check hash functions */
  11499. sigSz = (word32)sizeof(out);
  11500. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
  11501. hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
  11502. if (ret != 0)
  11503. return -7674;
  11504. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
  11505. hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
  11506. if (ret != 0)
  11507. return -7675;
  11508. sigSz = (word32)sizeof(out);
  11509. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  11510. hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
  11511. if (ret != 0)
  11512. return -7676;
  11513. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  11514. hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
  11515. if (ret != 0)
  11516. return -7677;
  11517. #else
  11518. (void)hash;
  11519. (void)hashEnc;
  11520. #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
  11521. return 0;
  11522. }
  11523. #endif /* !NO_SIG_WRAPPER */
  11524. #ifdef WC_RSA_NONBLOCK
  11525. static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
  11526. word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng)
  11527. {
  11528. int ret = 0, count;
  11529. int signSz = 0;
  11530. RsaNb nb;
  11531. byte* inlinePlain = NULL;
  11532. /* Enable non-blocking RSA mode - provide context */
  11533. ret = wc_RsaSetNonBlock(key, &nb);
  11534. if (ret != 0)
  11535. return ret;
  11536. #ifdef WC_RSA_NONBLOCK_TIME
  11537. /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */
  11538. ret = wc_RsaSetNonBlockTime(key, 8, 3100);
  11539. if (ret != 0)
  11540. return ret;
  11541. #endif
  11542. count = 0;
  11543. do {
  11544. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
  11545. count++; /* track number of would blocks */
  11546. if (ret == FP_WOULDBLOCK) {
  11547. /* do "other" work here */
  11548. }
  11549. } while (ret == FP_WOULDBLOCK);
  11550. if (ret < 0) {
  11551. return ret;
  11552. }
  11553. #ifdef DEBUG_WOLFSSL
  11554. printf("RSA non-block sign: %d times\n", count);
  11555. #endif
  11556. signSz = ret;
  11557. /* Test non-blocking verify */
  11558. XMEMSET(plain, 0, plainSz);
  11559. count = 0;
  11560. do {
  11561. ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key);
  11562. count++; /* track number of would blocks */
  11563. if (ret == FP_WOULDBLOCK) {
  11564. /* do "other" work here */
  11565. }
  11566. } while (ret == FP_WOULDBLOCK);
  11567. if (ret < 0) {
  11568. return ret;
  11569. }
  11570. #ifdef DEBUG_WOLFSSL
  11571. printf("RSA non-block verify: %d times\n", count);
  11572. #endif
  11573. if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) {
  11574. return SIG_VERIFY_E;
  11575. }
  11576. /* Test inline non-blocking verify */
  11577. count = 0;
  11578. do {
  11579. ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key);
  11580. count++; /* track number of would blocks */
  11581. if (ret == FP_WOULDBLOCK) {
  11582. /* do "other" work here */
  11583. }
  11584. } while (ret == FP_WOULDBLOCK);
  11585. if (ret < 0) {
  11586. return ret;
  11587. }
  11588. #ifdef DEBUG_WOLFSSL
  11589. printf("RSA non-block inline verify: %d times\n", count);
  11590. #endif
  11591. if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) {
  11592. return SIG_VERIFY_E;
  11593. }
  11594. /* Disabling non-block RSA mode */
  11595. ret = wc_RsaSetNonBlock(key, NULL);
  11596. (void)count;
  11597. return 0;
  11598. }
  11599. #endif
  11600. #if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
  11601. static int rsa_decode_test(RsaKey* keyPub)
  11602. {
  11603. int ret;
  11604. word32 inSz;
  11605. word32 inOutIdx;
  11606. WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 };
  11607. WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
  11608. WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
  11609. 0x03 };
  11610. WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
  11611. 0x30, 0x18, 0x30, 0x16,
  11612. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  11613. 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11614. WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
  11615. 0x30, 0x1a, 0x30, 0x18,
  11616. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  11617. 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
  11618. 0x02, 0x1, 0x03 };
  11619. WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
  11620. 0x30, 0x1b, 0x30, 0x19,
  11621. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  11622. 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
  11623. 0x02, 0x1, 0x03 };
  11624. WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
  11625. 0x30, 0x18, 0x30, 0x16,
  11626. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  11627. 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11628. WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
  11629. 0x30, 0x18, 0x30, 0x16,
  11630. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  11631. 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11632. WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
  11633. 0x30, 0x16, 0x30, 0x14,
  11634. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  11635. 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11636. WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
  11637. 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
  11638. 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11639. WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
  11640. 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
  11641. WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
  11642. 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
  11643. WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
  11644. 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11645. WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
  11646. 0x30, 0x17, 0x30, 0x15,
  11647. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  11648. 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11649. ret = wc_InitRsaKey(keyPub, NULL);
  11650. if (ret != 0)
  11651. return -7690;
  11652. /* Parameter Validation testing. */
  11653. ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
  11654. if (ret != BAD_FUNC_ARG) {
  11655. ret = -7691;
  11656. goto done;
  11657. }
  11658. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
  11659. if (ret != BAD_FUNC_ARG) {
  11660. ret = -7692;
  11661. goto done;
  11662. }
  11663. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
  11664. if (ret != BAD_FUNC_ARG) {
  11665. ret = -7693;
  11666. goto done;
  11667. }
  11668. ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
  11669. #if !defined(WOLFSSL_SP_MATH) & !defined(WOLFSSL_SP_MATH_ALL)
  11670. if (ret != 0) {
  11671. #else
  11672. if (ret != ASN_GETINT_E) {
  11673. #endif
  11674. ret = -7694;
  11675. goto done;
  11676. }
  11677. wc_FreeRsaKey(keyPub);
  11678. ret = wc_InitRsaKey(keyPub, NULL);
  11679. if (ret != 0)
  11680. return -7695;
  11681. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
  11682. #if !defined(WOLFSSL_SP_MATH) & !defined(WOLFSSL_SP_MATH_ALL)
  11683. if (ret != 0) {
  11684. #else
  11685. if (ret != ASN_GETINT_E) {
  11686. #endif
  11687. ret = -7696;
  11688. goto done;
  11689. }
  11690. wc_FreeRsaKey(keyPub);
  11691. ret = wc_InitRsaKey(keyPub, NULL);
  11692. if (ret != 0)
  11693. return -7697;
  11694. /* Use API. */
  11695. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
  11696. if (ret != 0) {
  11697. ret = -7698;
  11698. goto done;
  11699. }
  11700. wc_FreeRsaKey(keyPub);
  11701. ret = wc_InitRsaKey(keyPub, NULL);
  11702. if (ret != 0)
  11703. return -7699;
  11704. /* Parameter Validation testing. */
  11705. inSz = sizeof(good);
  11706. ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
  11707. if (ret != BAD_FUNC_ARG) {
  11708. ret = -7700;
  11709. goto done;
  11710. }
  11711. ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
  11712. if (ret != BAD_FUNC_ARG) {
  11713. ret = -7701;
  11714. goto done;
  11715. }
  11716. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
  11717. if (ret != BAD_FUNC_ARG) {
  11718. ret = -7702;
  11719. goto done;
  11720. }
  11721. /* Use good data and offset to bad data. */
  11722. inOutIdx = 2;
  11723. inSz = sizeof(good) - inOutIdx;
  11724. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
  11725. if (ret != ASN_PARSE_E) {
  11726. ret = -7703;
  11727. goto done;
  11728. }
  11729. inOutIdx = 2;
  11730. inSz = sizeof(goodAlgId) - inOutIdx;
  11731. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  11732. if (ret != ASN_PARSE_E) {
  11733. ret = -7704;
  11734. goto done;
  11735. }
  11736. inOutIdx = 2;
  11737. inSz = sizeof(goodAlgId);
  11738. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  11739. #ifndef WOLFSSL_NO_DECODE_EXTRA
  11740. if (ret != ASN_PARSE_E)
  11741. #else
  11742. if (ret != ASN_RSA_KEY_E)
  11743. #endif
  11744. {
  11745. ret = -7705;
  11746. goto done;
  11747. }
  11748. /* Try different bad data. */
  11749. inSz = sizeof(badAlgIdNull);
  11750. inOutIdx = 0;
  11751. ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
  11752. if (ret != ASN_EXPECT_0_E) {
  11753. ret = -7706;
  11754. goto done;
  11755. }
  11756. inSz = sizeof(badNotBitString);
  11757. inOutIdx = 0;
  11758. ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
  11759. if (ret != ASN_BITSTR_E) {
  11760. ret = -7707;
  11761. goto done;
  11762. }
  11763. inSz = sizeof(badBitStringLen);
  11764. inOutIdx = 0;
  11765. ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
  11766. if (ret != ASN_PARSE_E) {
  11767. ret = -7708;
  11768. goto done;
  11769. }
  11770. inSz = sizeof(badNoSeq);
  11771. inOutIdx = 0;
  11772. ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
  11773. if (ret != ASN_PARSE_E) {
  11774. ret = -7709;
  11775. goto done;
  11776. }
  11777. inSz = sizeof(badNoObj);
  11778. inOutIdx = 0;
  11779. ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
  11780. if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
  11781. ret = -7710;
  11782. goto done;
  11783. }
  11784. inSz = sizeof(badIntN);
  11785. inOutIdx = 0;
  11786. ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
  11787. if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
  11788. ret = -7711;
  11789. goto done;
  11790. }
  11791. inSz = sizeof(badNotIntE);
  11792. inOutIdx = 0;
  11793. ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
  11794. if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
  11795. ret = -7712;
  11796. goto done;
  11797. }
  11798. /* TODO: Shouldn't pass as the sequence length is too small. */
  11799. inSz = sizeof(badLength);
  11800. inOutIdx = 0;
  11801. ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
  11802. #ifndef WOLFSSL_ASN_TEMPLATE
  11803. if (ret != 0)
  11804. #else
  11805. if (ret != ASN_PARSE_E)
  11806. #endif
  11807. {
  11808. ret = -7713;
  11809. goto done;
  11810. }
  11811. /* TODO: Shouldn't ignore object id's data. */
  11812. wc_FreeRsaKey(keyPub);
  11813. ret = wc_InitRsaKey(keyPub, NULL);
  11814. if (ret != 0)
  11815. return -7714;
  11816. inSz = sizeof(badBitStrNoZero);
  11817. inOutIdx = 0;
  11818. ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
  11819. if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
  11820. ret = -7715;
  11821. goto done;
  11822. }
  11823. wc_FreeRsaKey(keyPub);
  11824. ret = wc_InitRsaKey(keyPub, NULL);
  11825. if (ret != 0)
  11826. return -7716;
  11827. /* Valid data cases. */
  11828. inSz = sizeof(good);
  11829. inOutIdx = 0;
  11830. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
  11831. if (ret != 0) {
  11832. ret = -7717;
  11833. goto done;
  11834. }
  11835. if (inOutIdx != inSz) {
  11836. ret = -7718;
  11837. goto done;
  11838. }
  11839. wc_FreeRsaKey(keyPub);
  11840. ret = wc_InitRsaKey(keyPub, NULL);
  11841. if (ret != 0)
  11842. return -7719;
  11843. inSz = sizeof(goodAlgId);
  11844. inOutIdx = 0;
  11845. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  11846. if (ret != 0) {
  11847. ret = -7720;
  11848. goto done;
  11849. }
  11850. if (inOutIdx != inSz) {
  11851. ret = -7721;
  11852. goto done;
  11853. }
  11854. wc_FreeRsaKey(keyPub);
  11855. ret = wc_InitRsaKey(keyPub, NULL);
  11856. if (ret != 0)
  11857. return -7722;
  11858. inSz = sizeof(goodAlgIdNull);
  11859. inOutIdx = 0;
  11860. ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
  11861. if (ret != 0) {
  11862. ret = -7723;
  11863. goto done;
  11864. }
  11865. if (inOutIdx != inSz) {
  11866. ret = -7724;
  11867. goto done;
  11868. }
  11869. done:
  11870. wc_FreeRsaKey(keyPub);
  11871. return ret;
  11872. }
  11873. #endif
  11874. #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
  11875. /* Need to create known good signatures to test with this. */
  11876. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  11877. static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
  11878. {
  11879. byte digest[WC_MAX_DIGEST_SIZE];
  11880. int ret = 0;
  11881. const char inStr[] = TEST_STRING;
  11882. word32 inLen = (word32)TEST_STRING_SZ;
  11883. word32 outSz;
  11884. word32 plainSz;
  11885. word32 digestSz;
  11886. int i, j;
  11887. #ifdef RSA_PSS_TEST_WRONG_PARAMS
  11888. int k, l;
  11889. #endif
  11890. int len;
  11891. byte* plain;
  11892. int mgf[] = {
  11893. #ifndef NO_SHA
  11894. WC_MGF1SHA1,
  11895. #endif
  11896. #ifdef WOLFSSL_SHA224
  11897. WC_MGF1SHA224,
  11898. #endif
  11899. WC_MGF1SHA256,
  11900. #ifdef WOLFSSL_SHA384
  11901. WC_MGF1SHA384,
  11902. #endif
  11903. #ifdef WOLFSSL_SHA512
  11904. WC_MGF1SHA512
  11905. #endif
  11906. };
  11907. enum wc_HashType hash[] = {
  11908. #ifndef NO_SHA
  11909. WC_HASH_TYPE_SHA,
  11910. #endif
  11911. #ifdef WOLFSSL_SHA224
  11912. WC_HASH_TYPE_SHA224,
  11913. #endif
  11914. WC_HASH_TYPE_SHA256,
  11915. #ifdef WOLFSSL_SHA384
  11916. WC_HASH_TYPE_SHA384,
  11917. #endif
  11918. #ifdef WOLFSSL_SHA512
  11919. WC_HASH_TYPE_SHA512,
  11920. #endif
  11921. };
  11922. DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
  11923. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  11924. DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
  11925. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  11926. if (in == NULL || out == NULL || sig == NULL)
  11927. ERROR_OUT(MEMORY_E, exit_rsa_pss);
  11928. #endif
  11929. XMEMCPY(in, inStr, inLen);
  11930. /* Test all combinations of hash and MGF. */
  11931. for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
  11932. /* Calculate hash of message. */
  11933. ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
  11934. if (ret != 0)
  11935. ERROR_OUT(-7730, exit_rsa_pss);
  11936. digestSz = wc_HashGetDigestSize(hash[j]);
  11937. for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
  11938. outSz = RSA_TEST_BYTES;
  11939. do {
  11940. #if defined(WOLFSSL_ASYNC_CRYPT)
  11941. ret = wc_AsyncWait(ret, &key->asyncDev,
  11942. WC_ASYNC_FLAG_CALL_AGAIN);
  11943. #endif
  11944. if (ret >= 0) {
  11945. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
  11946. hash[j], mgf[i], -1, key, rng);
  11947. }
  11948. } while (ret == WC_PENDING_E);
  11949. if (ret <= 0)
  11950. ERROR_OUT(-7731, exit_rsa_pss);
  11951. outSz = ret;
  11952. XMEMCPY(sig, out, outSz);
  11953. plain = NULL;
  11954. TEST_SLEEP();
  11955. do {
  11956. #if defined(WOLFSSL_ASYNC_CRYPT)
  11957. ret = wc_AsyncWait(ret, &key->asyncDev,
  11958. WC_ASYNC_FLAG_CALL_AGAIN);
  11959. #endif
  11960. if (ret >= 0) {
  11961. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
  11962. mgf[i], -1, key);
  11963. }
  11964. } while (ret == WC_PENDING_E);
  11965. if (ret <= 0)
  11966. ERROR_OUT(-7732, exit_rsa_pss);
  11967. plainSz = ret;
  11968. TEST_SLEEP();
  11969. #if defined(HAVE_SELFTEST) && \
  11970. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  11971. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  11972. hash[j], -1);
  11973. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  11974. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  11975. hash[j], -1, 0);
  11976. #else
  11977. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz,
  11978. hash[j], -1, wc_RsaEncryptSize(key)*8, HEAP_HINT);
  11979. #endif
  11980. if (ret != 0)
  11981. ERROR_OUT(-7733, exit_rsa_pss);
  11982. #ifdef RSA_PSS_TEST_WRONG_PARAMS
  11983. for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
  11984. for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
  11985. if (i == k && j == l)
  11986. continue;
  11987. XMEMCPY(sig, out, outSz);
  11988. do {
  11989. #if defined(WOLFSSL_ASYNC_CRYPT)
  11990. ret = wc_AsyncWait(ret, &key->asyncDev,
  11991. WC_ASYNC_FLAG_CALL_AGAIN);
  11992. #endif
  11993. if (ret >= 0) {
  11994. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
  11995. (byte**)&plain, hash[l], mgf[k], -1, key);
  11996. }
  11997. } while (ret == WC_PENDING_E);
  11998. if (ret >= 0)
  11999. ERROR_OUT(-7734, exit_rsa_pss);
  12000. }
  12001. }
  12002. #endif
  12003. }
  12004. }
  12005. /* Test that a salt length of zero works. */
  12006. digestSz = wc_HashGetDigestSize(hash[0]);
  12007. outSz = RSA_TEST_BYTES;
  12008. do {
  12009. #if defined(WOLFSSL_ASYNC_CRYPT)
  12010. ret = wc_AsyncWait(ret, &key->asyncDev,
  12011. WC_ASYNC_FLAG_CALL_AGAIN);
  12012. #endif
  12013. if (ret >= 0) {
  12014. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  12015. mgf[0], 0, key, rng);
  12016. }
  12017. } while (ret == WC_PENDING_E);
  12018. if (ret <= 0)
  12019. ERROR_OUT(-7735, exit_rsa_pss);
  12020. outSz = ret;
  12021. TEST_SLEEP();
  12022. do {
  12023. #if defined(WOLFSSL_ASYNC_CRYPT)
  12024. ret = wc_AsyncWait(ret, &key->asyncDev,
  12025. WC_ASYNC_FLAG_CALL_AGAIN);
  12026. #endif
  12027. if (ret >= 0) {
  12028. ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
  12029. 0, key);
  12030. }
  12031. } while (ret == WC_PENDING_E);
  12032. if (ret <= 0)
  12033. ERROR_OUT(-7736, exit_rsa_pss);
  12034. plainSz = ret;
  12035. TEST_SLEEP();
  12036. do {
  12037. #if defined(WOLFSSL_ASYNC_CRYPT)
  12038. ret = wc_AsyncWait(ret, &key->asyncDev,
  12039. WC_ASYNC_FLAG_CALL_AGAIN);
  12040. #endif
  12041. if (ret >= 0) {
  12042. #if defined(HAVE_SELFTEST) && \
  12043. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  12044. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
  12045. hash[0], 0);
  12046. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  12047. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
  12048. hash[0], 0, 0);
  12049. #else
  12050. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, sig, plainSz,
  12051. hash[0], 0, 0, HEAP_HINT);
  12052. #endif
  12053. }
  12054. } while (ret == WC_PENDING_E);
  12055. if (ret != 0)
  12056. ERROR_OUT(-7737, exit_rsa_pss);
  12057. XMEMCPY(sig, out, outSz);
  12058. plain = NULL;
  12059. do {
  12060. #if defined(WOLFSSL_ASYNC_CRYPT)
  12061. ret = wc_AsyncWait(ret, &key->asyncDev,
  12062. WC_ASYNC_FLAG_CALL_AGAIN);
  12063. #endif
  12064. if (ret >= 0) {
  12065. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
  12066. 0, key);
  12067. }
  12068. } while (ret == WC_PENDING_E);
  12069. if (ret <= 0)
  12070. ERROR_OUT(-7738, exit_rsa_pss);
  12071. plainSz = ret;
  12072. TEST_SLEEP();
  12073. #if defined(HAVE_SELFTEST) && \
  12074. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  12075. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  12076. hash[0], 0);
  12077. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  12078. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  12079. hash[0], 0, 0);
  12080. #else
  12081. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
  12082. 0, 0, HEAP_HINT);
  12083. #endif
  12084. if (ret != 0)
  12085. ERROR_OUT(-7739, exit_rsa_pss);
  12086. /* Test bad salt lengths in various APIs. */
  12087. digestSz = wc_HashGetDigestSize(hash[0]);
  12088. outSz = RSA_TEST_BYTES;
  12089. #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
  12090. len = -2;
  12091. #else
  12092. len = -3;
  12093. #endif
  12094. do {
  12095. #if defined(WOLFSSL_ASYNC_CRYPT)
  12096. ret = wc_AsyncWait(ret, &key->asyncDev,
  12097. WC_ASYNC_FLAG_CALL_AGAIN);
  12098. #endif
  12099. if (ret >= 0) {
  12100. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  12101. mgf[0], len, key, rng);
  12102. }
  12103. } while (ret == WC_PENDING_E);
  12104. if (ret != PSS_SALTLEN_E)
  12105. ERROR_OUT(-7740, exit_rsa_pss);
  12106. do {
  12107. #if defined(WOLFSSL_ASYNC_CRYPT)
  12108. ret = wc_AsyncWait(ret, &key->asyncDev,
  12109. WC_ASYNC_FLAG_CALL_AGAIN);
  12110. #endif
  12111. if (ret >= 0) {
  12112. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  12113. mgf[0], digestSz + 1, key, rng);
  12114. }
  12115. } while (ret == WC_PENDING_E);
  12116. if (ret != PSS_SALTLEN_E)
  12117. ERROR_OUT(-7741, exit_rsa_pss);
  12118. TEST_SLEEP();
  12119. do {
  12120. #if defined(WOLFSSL_ASYNC_CRYPT)
  12121. ret = wc_AsyncWait(ret, &key->asyncDev,
  12122. WC_ASYNC_FLAG_CALL_AGAIN);
  12123. #endif
  12124. if (ret >= 0) {
  12125. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
  12126. mgf[0], -2, key);
  12127. }
  12128. } while (ret == WC_PENDING_E);
  12129. if (ret != PSS_SALTLEN_E)
  12130. ERROR_OUT(-7742, exit_rsa_pss);
  12131. TEST_SLEEP();
  12132. do {
  12133. #if defined(WOLFSSL_ASYNC_CRYPT)
  12134. ret = wc_AsyncWait(ret, &key->asyncDev,
  12135. WC_ASYNC_FLAG_CALL_AGAIN);
  12136. #endif
  12137. if (ret >= 0) {
  12138. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
  12139. digestSz + 1, key);
  12140. }
  12141. } while (ret == WC_PENDING_E);
  12142. if (ret != PSS_SALTLEN_E)
  12143. ERROR_OUT(-7743, exit_rsa_pss);
  12144. TEST_SLEEP();
  12145. #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
  12146. len = -2;
  12147. #else
  12148. len = -3;
  12149. #endif
  12150. #if defined(HAVE_SELFTEST) && \
  12151. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  12152. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  12153. hash[0], len);
  12154. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  12155. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  12156. hash[0], len, 0);
  12157. #else
  12158. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
  12159. len, 0, HEAP_HINT);
  12160. #endif
  12161. if (ret != PSS_SALTLEN_E)
  12162. ERROR_OUT(-7744, exit_rsa_pss);
  12163. #ifndef WOLFSSL_PSS_LONG_SALT
  12164. len = digestSz + 1;
  12165. #else
  12166. len = plainSz - digestSz - 1;
  12167. #endif
  12168. #if defined(HAVE_SELFTEST) && \
  12169. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  12170. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  12171. hash[0], len);
  12172. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  12173. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  12174. hash[0], len, 0);
  12175. #else
  12176. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
  12177. len, 0, HEAP_HINT);
  12178. #endif
  12179. if (ret != PSS_SALTLEN_E)
  12180. ERROR_OUT(-7745, exit_rsa_pss);
  12181. ret = 0;
  12182. exit_rsa_pss:
  12183. FREE_VAR(sig, HEAP_HINT);
  12184. FREE_VAR(in, HEAP_HINT);
  12185. FREE_VAR(out, HEAP_HINT);
  12186. return ret;
  12187. }
  12188. #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */
  12189. #endif
  12190. #ifdef WC_RSA_NO_PADDING
  12191. WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void)
  12192. {
  12193. WC_RNG rng;
  12194. byte* tmp = NULL;
  12195. size_t bytes;
  12196. int ret;
  12197. word32 inLen = 0;
  12198. word32 idx = 0;
  12199. word32 outSz = RSA_TEST_BYTES;
  12200. word32 plainSz = RSA_TEST_BYTES;
  12201. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  12202. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
  12203. !defined(NO_FILESYSTEM)
  12204. XFILE file;
  12205. #endif
  12206. DECLARE_VAR(key, RsaKey, 1, HEAP_HINT);
  12207. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  12208. DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  12209. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  12210. if (key == NULL || out == NULL || plain == NULL)
  12211. ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
  12212. #endif
  12213. /* initialize stack structures */
  12214. XMEMSET(&rng, 0, sizeof(rng));
  12215. XMEMSET(key, 0, sizeof(RsaKey));
  12216. #ifdef USE_CERT_BUFFERS_1024
  12217. bytes = (size_t)sizeof_client_key_der_1024;
  12218. if (bytes < (size_t)sizeof_client_cert_der_1024)
  12219. bytes = (size_t)sizeof_client_cert_der_1024;
  12220. #elif defined(USE_CERT_BUFFERS_2048)
  12221. bytes = (size_t)sizeof_client_key_der_2048;
  12222. if (bytes < (size_t)sizeof_client_cert_der_2048)
  12223. bytes = (size_t)sizeof_client_cert_der_2048;
  12224. #else
  12225. bytes = FOURK_BUF;
  12226. #endif
  12227. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12228. if (tmp == NULL
  12229. #ifdef WOLFSSL_ASYNC_CRYPT
  12230. || out == NULL || plain == NULL
  12231. #endif
  12232. ) {
  12233. ERROR_OUT(-7800, exit_rsa_nopadding);
  12234. }
  12235. #ifdef USE_CERT_BUFFERS_1024
  12236. XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
  12237. #elif defined(USE_CERT_BUFFERS_2048)
  12238. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  12239. #elif defined(USE_CERT_BUFFERS_3072)
  12240. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  12241. #elif defined(USE_CERT_BUFFERS_4096)
  12242. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  12243. #elif !defined(NO_FILESYSTEM)
  12244. file = XFOPEN(clientKey, "rb");
  12245. if (!file) {
  12246. err_sys("can't open clientKey, Please run from wolfSSL home dir", -40);
  12247. ERROR_OUT(-7801, exit_rsa_nopadding);
  12248. }
  12249. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  12250. XFCLOSE(file);
  12251. #else
  12252. /* No key to use. */
  12253. ERROR_OUT(-7802, exit_rsa_nopadding);
  12254. #endif /* USE_CERT_BUFFERS */
  12255. ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
  12256. if (ret != 0) {
  12257. ERROR_OUT(-7803, exit_rsa_nopadding);
  12258. }
  12259. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  12260. if (ret != 0) {
  12261. ERROR_OUT(-7804, exit_rsa_nopadding);
  12262. }
  12263. /* after loading in key use tmp as the test buffer */
  12264. #ifndef HAVE_FIPS
  12265. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  12266. #else
  12267. ret = wc_InitRng(&rng);
  12268. #endif
  12269. if (ret != 0) {
  12270. ERROR_OUT(-7805, exit_rsa_nopadding);
  12271. }
  12272. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  12273. inLen = wc_RsaEncryptSize(key);
  12274. outSz = inLen;
  12275. plainSz = inLen;
  12276. XMEMSET(tmp, 7, inLen);
  12277. do {
  12278. #if defined(WOLFSSL_ASYNC_CRYPT)
  12279. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12280. #endif
  12281. if (ret >= 0) {
  12282. ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
  12283. RSA_PRIVATE_ENCRYPT, &rng);
  12284. }
  12285. } while (ret == WC_PENDING_E);
  12286. if (ret <= 0) {
  12287. ERROR_OUT(-7806, exit_rsa_nopadding);
  12288. }
  12289. /* encrypted result should not be the same as input */
  12290. if (XMEMCMP(out, tmp, inLen) == 0) {
  12291. ERROR_OUT(-7807, exit_rsa_nopadding);
  12292. }
  12293. TEST_SLEEP();
  12294. /* decrypt with public key and compare result */
  12295. do {
  12296. #if defined(WOLFSSL_ASYNC_CRYPT)
  12297. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12298. #endif
  12299. if (ret >= 0) {
  12300. ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
  12301. RSA_PUBLIC_DECRYPT, &rng);
  12302. }
  12303. } while (ret == WC_PENDING_E);
  12304. if (ret <= 0) {
  12305. ERROR_OUT(-7808, exit_rsa_nopadding);
  12306. }
  12307. if (XMEMCMP(plain, tmp, inLen) != 0) {
  12308. ERROR_OUT(-7809, exit_rsa_nopadding);
  12309. }
  12310. TEST_SLEEP();
  12311. #endif
  12312. #ifdef WC_RSA_BLINDING
  12313. ret = wc_RsaSetRNG(NULL, &rng);
  12314. if (ret != BAD_FUNC_ARG) {
  12315. ERROR_OUT(-7810, exit_rsa_nopadding);
  12316. }
  12317. ret = wc_RsaSetRNG(key, &rng);
  12318. if (ret < 0) {
  12319. ERROR_OUT(-7811, exit_rsa_nopadding);
  12320. }
  12321. #endif
  12322. /* test encrypt and decrypt using WC_RSA_NO_PAD */
  12323. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  12324. do {
  12325. #if defined(WOLFSSL_ASYNC_CRYPT)
  12326. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12327. #endif
  12328. if (ret >= 0) {
  12329. ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, key, &rng,
  12330. WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
  12331. }
  12332. } while (ret == WC_PENDING_E);
  12333. if (ret < 0) {
  12334. ERROR_OUT(-7812, exit_rsa_nopadding);
  12335. }
  12336. TEST_SLEEP();
  12337. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  12338. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12339. do {
  12340. #if defined(WOLFSSL_ASYNC_CRYPT)
  12341. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12342. #endif
  12343. if (ret >= 0) {
  12344. ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, key,
  12345. WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
  12346. }
  12347. } while (ret == WC_PENDING_E);
  12348. if (ret < 0) {
  12349. ERROR_OUT(-7813, exit_rsa_nopadding);
  12350. }
  12351. if (XMEMCMP(plain, tmp, inLen) != 0) {
  12352. ERROR_OUT(-7814, exit_rsa_nopadding);
  12353. }
  12354. TEST_SLEEP();
  12355. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  12356. /* test some bad arguments */
  12357. ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
  12358. &rng);
  12359. if (ret != BAD_FUNC_ARG) {
  12360. ERROR_OUT(-7815, exit_rsa_nopadding);
  12361. }
  12362. ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
  12363. &rng);
  12364. if (ret != BAD_FUNC_ARG) {
  12365. ERROR_OUT(-7816, exit_rsa_nopadding);
  12366. }
  12367. ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
  12368. &rng);
  12369. if (ret != LENGTH_ONLY_E || plainSz != inLen) {
  12370. ERROR_OUT(-7817, exit_rsa_nopadding);
  12371. }
  12372. ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
  12373. RSA_PUBLIC_DECRYPT, &rng);
  12374. if (ret != BAD_FUNC_ARG) {
  12375. ERROR_OUT(-7818, exit_rsa_nopadding);
  12376. }
  12377. /* if making it to this point of code without hitting an ERROR_OUT then
  12378. * all tests have passed */
  12379. ret = 0;
  12380. exit_rsa_nopadding:
  12381. wc_FreeRsaKey(key);
  12382. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12383. FREE_VAR(key, HEAP_HINT);
  12384. FREE_VAR(out, HEAP_HINT);
  12385. FREE_VAR(plain, HEAP_HINT);
  12386. wc_FreeRng(&rng);
  12387. return ret;
  12388. }
  12389. #endif /* WC_RSA_NO_PADDING */
  12390. #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
  12391. static int rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
  12392. {
  12393. byte* tmp = NULL;
  12394. size_t bytes;
  12395. int ret;
  12396. word32 inLen = 0;
  12397. #ifndef NO_ASN
  12398. word32 idx = 0;
  12399. #endif
  12400. word32 outSz = RSA_TEST_BYTES;
  12401. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12402. word32 plainSz = RSA_TEST_BYTES;
  12403. #endif
  12404. #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \
  12405. !defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM)
  12406. XFILE file;
  12407. #endif
  12408. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  12409. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12410. DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  12411. #endif
  12412. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  12413. if (out == NULL
  12414. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12415. || plain == NULL
  12416. #endif
  12417. ) {
  12418. ERROR_OUT(MEMORY_E, exit_rsa_even_mod);
  12419. }
  12420. #endif
  12421. #if defined(USE_CERT_BUFFERS_2048)
  12422. bytes = (size_t)sizeof_client_key_der_2048;
  12423. if (bytes < (size_t)sizeof_client_cert_der_2048)
  12424. bytes = (size_t)sizeof_client_cert_der_2048;
  12425. #else
  12426. bytes = FOURK_BUF;
  12427. #endif
  12428. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12429. if (tmp == NULL
  12430. #ifdef WOLFSSL_ASYNC_CRYPT
  12431. || out == NULL || plain == NULL
  12432. #endif
  12433. ) {
  12434. ERROR_OUT(-7800, exit_rsa_even_mod);
  12435. }
  12436. #if defined(USE_CERT_BUFFERS_2048)
  12437. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  12438. #elif defined(USE_CERT_BUFFERS_3072)
  12439. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  12440. #elif defined(USE_CERT_BUFFERS_4096)
  12441. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  12442. #elif !defined(NO_FILESYSTEM)
  12443. file = XFOPEN(clientKey, "rb");
  12444. if (!file) {
  12445. err_sys("can't open ./certs/client-key.der, "
  12446. "Please run from wolfSSL home dir", -40);
  12447. ERROR_OUT(-7801, exit_rsa_even_mod);
  12448. }
  12449. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  12450. XFCLOSE(file);
  12451. #else
  12452. /* No key to use. */
  12453. ERROR_OUT(-7802, exit_rsa_even_mod);
  12454. #endif /* USE_CERT_BUFFERS */
  12455. #ifndef NO_ASN
  12456. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  12457. if (ret != 0) {
  12458. ERROR_OUT(-7804, exit_rsa_even_mod);
  12459. }
  12460. #else
  12461. #ifdef USE_CERT_BUFFERS_2048
  12462. ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
  12463. if (ret != 0) {
  12464. ERROR_OUT(-7804, exit_rsa_even_mod);
  12465. }
  12466. ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
  12467. if (ret != 0) {
  12468. ERROR_OUT(-7804, exit_rsa_even_mod);
  12469. }
  12470. #ifndef NO_SIG_WRAPPER
  12471. modLen = 2048;
  12472. #endif
  12473. #else
  12474. #error Not supported yet!
  12475. #endif
  12476. #endif
  12477. key->n.dp[0] &= (mp_digit)-2;
  12478. if (ret != 0) {
  12479. ERROR_OUT(-7804, exit_rsa_even_mod);
  12480. }
  12481. /* after loading in key use tmp as the test buffer */
  12482. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
  12483. !defined(WOLFSSL_SP_ARM64_ASM)
  12484. /* The ARM64_ASM code that was FIPS validated did not return these expected
  12485. * failure codes. These tests cases were added after the assembly was
  12486. * in-lined in the module and validated, these tests will be available in
  12487. * the 140-3 module */
  12488. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  12489. inLen = 32;
  12490. outSz = wc_RsaEncryptSize(key);
  12491. XMEMSET(tmp, 7, plainSz);
  12492. ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
  12493. if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
  12494. ERROR_OUT(-7806, exit_rsa_even_mod);
  12495. }
  12496. ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
  12497. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  12498. ERROR_OUT(-7808, exit_rsa_even_mod);
  12499. }
  12500. #endif
  12501. #ifdef WC_RSA_BLINDING
  12502. ret = wc_RsaSetRNG(key, rng);
  12503. if (ret < 0) {
  12504. ERROR_OUT(-7811, exit_rsa_even_mod);
  12505. }
  12506. #endif
  12507. /* test encrypt and decrypt using WC_RSA_NO_PAD */
  12508. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  12509. ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
  12510. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  12511. ERROR_OUT(-7812, exit_rsa_even_mod);
  12512. }
  12513. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  12514. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12515. ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
  12516. if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
  12517. ERROR_OUT(-7813, exit_rsa_even_mod);
  12518. }
  12519. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  12520. #endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */
  12521. /* if making it to this point of code without hitting an ERROR_OUT then
  12522. * all tests have passed */
  12523. ret = 0;
  12524. exit_rsa_even_mod:
  12525. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12526. FREE_VAR(out, HEAP_HINT);
  12527. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12528. FREE_VAR(plain, HEAP_HINT);
  12529. #endif
  12530. (void)out;
  12531. (void)outSz;
  12532. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12533. (void)plain;
  12534. (void)plainSz;
  12535. #endif
  12536. (void)inLen;
  12537. (void)rng;
  12538. return ret;
  12539. }
  12540. #endif /* WOLFSSL_HAVE_SP_RSA */
  12541. #ifdef WOLFSSL_CERT_GEN
  12542. static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
  12543. {
  12544. #ifdef WOLFSSL_SMALL_STACK
  12545. RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12546. #ifdef WOLFSSL_TEST_CERT
  12547. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12548. #endif
  12549. #else
  12550. RsaKey caKey[1];
  12551. #ifdef WOLFSSL_TEST_CERT
  12552. DecodedCert decode[1];
  12553. #endif
  12554. #endif
  12555. byte* der = NULL;
  12556. int ret;
  12557. Cert* myCert = NULL;
  12558. int certSz;
  12559. size_t bytes3;
  12560. word32 idx3 = 0;
  12561. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  12562. XFILE file3;
  12563. #endif
  12564. #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
  12565. struct tm beforeTime;
  12566. struct tm afterTime;
  12567. #endif
  12568. const byte mySerial[8] = {1,2,3,4,5,6,7,8};
  12569. (void)keypub;
  12570. #ifdef WOLFSSL_SMALL_STACK
  12571. if (caKey == NULL)
  12572. ERROR_OUT(MEMORY_E, exit_rsa);
  12573. #ifdef WOLFSSL_TEST_CERT
  12574. if (decode == NULL)
  12575. ERROR_OUT(MEMORY_E, exit_rsa);
  12576. #endif
  12577. #endif
  12578. XMEMSET(caKey, 0, sizeof *caKey);
  12579. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12580. if (der == NULL) {
  12581. ERROR_OUT(-7820, exit_rsa);
  12582. }
  12583. myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12584. if (myCert == NULL) {
  12585. ERROR_OUT(-7821, exit_rsa);
  12586. }
  12587. /* self signed */
  12588. if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
  12589. ERROR_OUT(-7822, exit_rsa);
  12590. }
  12591. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  12592. XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
  12593. myCert->serialSz = (int)sizeof(mySerial);
  12594. myCert->isCA = 1;
  12595. #ifndef NO_SHA256
  12596. myCert->sigType = CTC_SHA256wRSA;
  12597. #else
  12598. myCert->sigType = CTC_SHAwRSA;
  12599. #endif
  12600. #ifdef WOLFSSL_CERT_EXT
  12601. /* add Policies */
  12602. XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
  12603. CTC_MAX_CERTPOL_SZ);
  12604. XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
  12605. CTC_MAX_CERTPOL_SZ);
  12606. myCert->certPoliciesNb = 2;
  12607. /* add SKID from the Public Key */
  12608. if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
  12609. ERROR_OUT(-7823, exit_rsa);
  12610. }
  12611. /* add AKID from the Public Key */
  12612. if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
  12613. ERROR_OUT(-7824, exit_rsa);
  12614. }
  12615. /* add Key Usage */
  12616. if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) {
  12617. ERROR_OUT(-7825, exit_rsa);
  12618. }
  12619. #ifdef WOLFSSL_EKU_OID
  12620. {
  12621. const char unique[] = "2.16.840.1.111111.100.1.10.1";
  12622. if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
  12623. HEAP_HINT) != 0) {
  12624. ERROR_OUT(-7826, exit_rsa);
  12625. }
  12626. }
  12627. #endif /* WOLFSSL_EKU_OID */
  12628. #endif /* WOLFSSL_CERT_EXT */
  12629. ret = 0;
  12630. do {
  12631. #if defined(WOLFSSL_ASYNC_CRYPT)
  12632. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12633. #endif
  12634. if (ret >= 0) {
  12635. ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
  12636. }
  12637. } while (ret == WC_PENDING_E);
  12638. if (ret < 0) {
  12639. ERROR_OUT(-7827, exit_rsa);
  12640. }
  12641. certSz = ret;
  12642. #ifdef WOLFSSL_TEST_CERT
  12643. InitDecodedCert(decode, der, certSz, HEAP_HINT);
  12644. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  12645. if (ret != 0) {
  12646. FreeDecodedCert(decode);
  12647. ERROR_OUT(-7828, exit_rsa);
  12648. }
  12649. FreeDecodedCert(decode);
  12650. #endif
  12651. ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
  12652. CERT_TYPE, -5578);
  12653. if (ret != 0) {
  12654. goto exit_rsa;
  12655. }
  12656. /* Setup Certificate */
  12657. if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
  12658. ERROR_OUT(-7829, exit_rsa);
  12659. }
  12660. #ifdef WOLFSSL_ALT_NAMES
  12661. /* Get CA Cert for testing */
  12662. #ifdef USE_CERT_BUFFERS_1024
  12663. XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
  12664. bytes3 = sizeof_ca_cert_der_1024;
  12665. #elif defined(USE_CERT_BUFFERS_2048)
  12666. XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
  12667. bytes3 = sizeof_ca_cert_der_2048;
  12668. #else
  12669. file3 = XFOPEN(rsaCaCertDerFile, "rb");
  12670. if (!file3) {
  12671. ERROR_OUT(-7830, exit_rsa);
  12672. }
  12673. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  12674. XFCLOSE(file3);
  12675. #endif /* USE_CERT_BUFFERS */
  12676. #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
  12677. !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
  12678. ret = wc_SetAltNames(myCert, rsaCaCertFile);
  12679. if (ret != 0) {
  12680. ERROR_OUT(-7831, exit_rsa);
  12681. }
  12682. #endif
  12683. /* get alt names from der */
  12684. ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
  12685. if (ret != 0) {
  12686. ERROR_OUT(-7832, exit_rsa);
  12687. }
  12688. /* get dates from der */
  12689. ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
  12690. if (ret != 0) {
  12691. ERROR_OUT(-7833, exit_rsa);
  12692. }
  12693. #ifndef NO_ASN_TIME
  12694. ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
  12695. if (ret < 0) {
  12696. ERROR_OUT(-7834, exit_rsa);
  12697. }
  12698. #endif
  12699. #endif /* WOLFSSL_ALT_NAMES */
  12700. /* Get CA Key */
  12701. #ifdef USE_CERT_BUFFERS_1024
  12702. XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
  12703. bytes3 = sizeof_ca_key_der_1024;
  12704. #elif defined(USE_CERT_BUFFERS_2048)
  12705. XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
  12706. bytes3 = sizeof_ca_key_der_2048;
  12707. #else
  12708. file3 = XFOPEN(rsaCaKeyFile, "rb");
  12709. if (!file3) {
  12710. ERROR_OUT(-7835, exit_rsa);
  12711. }
  12712. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  12713. XFCLOSE(file3);
  12714. #endif /* USE_CERT_BUFFERS */
  12715. ret = wc_InitRsaKey(caKey, HEAP_HINT);
  12716. if (ret != 0) {
  12717. ERROR_OUT(-7836, exit_rsa);
  12718. }
  12719. ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
  12720. if (ret != 0) {
  12721. ERROR_OUT(-7837, exit_rsa);
  12722. }
  12723. #ifndef NO_SHA256
  12724. myCert->sigType = CTC_SHA256wRSA;
  12725. #else
  12726. myCert->sigType = CTC_SHAwRSA;
  12727. #endif
  12728. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  12729. #ifdef WOLFSSL_CERT_EXT
  12730. /* add Policies */
  12731. XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
  12732. CTC_MAX_CERTPOL_SZ);
  12733. myCert->certPoliciesNb =1;
  12734. /* add SKID from the Public Key */
  12735. if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) {
  12736. ERROR_OUT(-7838, exit_rsa);
  12737. }
  12738. /* add AKID from the CA certificate */
  12739. #if defined(USE_CERT_BUFFERS_2048)
  12740. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
  12741. sizeof_ca_cert_der_2048);
  12742. #elif defined(USE_CERT_BUFFERS_1024)
  12743. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
  12744. sizeof_ca_cert_der_1024);
  12745. #else
  12746. ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
  12747. #endif
  12748. if (ret != 0) {
  12749. ERROR_OUT(-7839, exit_rsa);
  12750. }
  12751. /* add Key Usage */
  12752. if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) {
  12753. ERROR_OUT(-7840, exit_rsa);
  12754. }
  12755. #endif /* WOLFSSL_CERT_EXT */
  12756. #if defined(USE_CERT_BUFFERS_2048)
  12757. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
  12758. sizeof_ca_cert_der_2048);
  12759. #elif defined(USE_CERT_BUFFERS_1024)
  12760. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
  12761. sizeof_ca_cert_der_1024);
  12762. #else
  12763. ret = wc_SetIssuer(myCert, rsaCaCertFile);
  12764. #endif
  12765. if (ret < 0) {
  12766. ERROR_OUT(-7841, exit_rsa);
  12767. }
  12768. certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
  12769. if (certSz < 0) {
  12770. ERROR_OUT(-7842, exit_rsa);
  12771. }
  12772. ret = 0;
  12773. do {
  12774. #if defined(WOLFSSL_ASYNC_CRYPT)
  12775. ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12776. #endif
  12777. if (ret >= 0) {
  12778. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
  12779. caKey, NULL, rng);
  12780. }
  12781. } while (ret == WC_PENDING_E);
  12782. if (ret < 0) {
  12783. ERROR_OUT(-7843, exit_rsa);
  12784. }
  12785. certSz = ret;
  12786. #ifdef WOLFSSL_TEST_CERT
  12787. InitDecodedCert(decode, der, certSz, HEAP_HINT);
  12788. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  12789. if (ret != 0) {
  12790. FreeDecodedCert(decode);
  12791. ERROR_OUT(-7844, exit_rsa);
  12792. }
  12793. FreeDecodedCert(decode);
  12794. #endif
  12795. ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
  12796. CERT_TYPE, -5598);
  12797. if (ret != 0) {
  12798. goto exit_rsa;
  12799. }
  12800. exit_rsa:
  12801. #ifdef WOLFSSL_SMALL_STACK
  12802. if (caKey != NULL) {
  12803. wc_FreeRsaKey(caKey);
  12804. XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12805. }
  12806. #ifdef WOLFSSL_TEST_CERT
  12807. if (decode != NULL)
  12808. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12809. #endif
  12810. #else
  12811. wc_FreeRsaKey(caKey);
  12812. #endif
  12813. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12814. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12815. return ret;
  12816. }
  12817. #endif
  12818. #if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
  12819. /* Make Cert / Sign example for ECC cert and RSA CA */
  12820. static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
  12821. {
  12822. #ifdef WOLFSSL_SMALL_STACK
  12823. RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12824. ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12825. ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12826. #ifdef WOLFSSL_TEST_CERT
  12827. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12828. #endif
  12829. #else
  12830. RsaKey caKey[1];
  12831. ecc_key caEccKey[1];
  12832. ecc_key caEccKeyPub[1];
  12833. #ifdef WOLFSSL_TEST_CERT
  12834. DecodedCert decode[1];
  12835. #endif
  12836. #endif
  12837. byte* der = NULL;
  12838. Cert* myCert = NULL;
  12839. int certSz;
  12840. size_t bytes3;
  12841. word32 idx3 = 0;
  12842. #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
  12843. || !defined(USE_CERT_BUFFERS_256)
  12844. XFILE file3;
  12845. #endif
  12846. int ret;
  12847. #ifdef WOLFSSL_SMALL_STACK
  12848. if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL)
  12849. #ifdef WOLFSSL_TEST_CERT
  12850. || (decode == NULL)
  12851. #endif
  12852. )
  12853. ERROR_OUT(MEMORY_E, exit_rsa);
  12854. #endif
  12855. XMEMSET(caKey, 0, sizeof *caKey);
  12856. XMEMSET(caEccKey, 0, sizeof *caEccKey);
  12857. XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub);
  12858. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12859. if (der == NULL) {
  12860. ERROR_OUT(-7850, exit_rsa);
  12861. }
  12862. myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12863. if (myCert == NULL) {
  12864. ERROR_OUT(-7851, exit_rsa);
  12865. }
  12866. /* Get CA Key */
  12867. #ifdef USE_CERT_BUFFERS_1024
  12868. XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
  12869. bytes3 = sizeof_ca_key_der_1024;
  12870. #elif defined(USE_CERT_BUFFERS_2048)
  12871. XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
  12872. bytes3 = sizeof_ca_key_der_2048;
  12873. #else
  12874. file3 = XFOPEN(rsaCaKeyFile, "rb");
  12875. if (!file3) {
  12876. ERROR_OUT(-7852, exit_rsa);
  12877. }
  12878. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  12879. XFCLOSE(file3);
  12880. #endif /* USE_CERT_BUFFERS */
  12881. ret = wc_InitRsaKey(caKey, HEAP_HINT);
  12882. if (ret != 0) {
  12883. ERROR_OUT(-7853, exit_rsa);
  12884. }
  12885. ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
  12886. if (ret != 0) {
  12887. ERROR_OUT(-7854, exit_rsa);
  12888. }
  12889. /* Get Cert Key */
  12890. #ifdef USE_CERT_BUFFERS_256
  12891. XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
  12892. bytes3 = sizeof_ecc_key_pub_der_256;
  12893. #else
  12894. file3 = XFOPEN(eccKeyPubFileDer, "rb");
  12895. if (!file3) {
  12896. ERROR_OUT(-7855, exit_rsa);
  12897. }
  12898. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  12899. XFCLOSE(file3);
  12900. #endif
  12901. ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
  12902. if (ret != 0) {
  12903. ERROR_OUT(-7856, exit_rsa);
  12904. }
  12905. idx3 = 0;
  12906. ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3);
  12907. if (ret != 0) {
  12908. ERROR_OUT(-7857, exit_rsa);
  12909. }
  12910. /* Setup Certificate */
  12911. if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
  12912. ERROR_OUT(-7858, exit_rsa);
  12913. }
  12914. #ifndef NO_SHA256
  12915. myCert->sigType = CTC_SHA256wRSA;
  12916. #else
  12917. myCert->sigType = CTC_SHAwRSA;
  12918. #endif
  12919. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  12920. #ifdef WOLFSSL_CERT_EXT
  12921. /* add Policies */
  12922. XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
  12923. CTC_MAX_CERTPOL_SZ);
  12924. XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
  12925. CTC_MAX_CERTPOL_SZ);
  12926. myCert->certPoliciesNb = 2;
  12927. /* add SKID from the Public Key */
  12928. if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub) != 0) {
  12929. ERROR_OUT(-7859, exit_rsa);
  12930. }
  12931. /* add AKID from the CA certificate */
  12932. #if defined(USE_CERT_BUFFERS_2048)
  12933. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
  12934. sizeof_ca_cert_der_2048);
  12935. #elif defined(USE_CERT_BUFFERS_1024)
  12936. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
  12937. sizeof_ca_cert_der_1024);
  12938. #else
  12939. ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
  12940. #endif
  12941. if (ret != 0) {
  12942. ERROR_OUT(-7860, exit_rsa);
  12943. }
  12944. /* add Key Usage */
  12945. if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
  12946. ERROR_OUT(-7861, exit_rsa);
  12947. }
  12948. #endif /* WOLFSSL_CERT_EXT */
  12949. #if defined(USE_CERT_BUFFERS_2048)
  12950. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
  12951. sizeof_ca_cert_der_2048);
  12952. #elif defined(USE_CERT_BUFFERS_1024)
  12953. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
  12954. sizeof_ca_cert_der_1024);
  12955. #else
  12956. ret = wc_SetIssuer(myCert, rsaCaCertFile);
  12957. #endif
  12958. if (ret < 0) {
  12959. ERROR_OUT(-7862, exit_rsa);
  12960. }
  12961. certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng);
  12962. if (certSz < 0) {
  12963. ERROR_OUT(-7863, exit_rsa);
  12964. }
  12965. ret = 0;
  12966. do {
  12967. #if defined(WOLFSSL_ASYNC_CRYPT)
  12968. ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12969. #endif
  12970. if (ret >= 0) {
  12971. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
  12972. FOURK_BUF, caKey, NULL, rng);
  12973. }
  12974. } while (ret == WC_PENDING_E);
  12975. if (ret < 0) {
  12976. ERROR_OUT(-7864, exit_rsa);
  12977. }
  12978. certSz = ret;
  12979. #ifdef WOLFSSL_TEST_CERT
  12980. InitDecodedCert(decode, der, certSz, 0);
  12981. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  12982. if (ret != 0) {
  12983. FreeDecodedCert(decode);
  12984. ERROR_OUT(-7865, exit_rsa);
  12985. }
  12986. FreeDecodedCert(decode);
  12987. #endif
  12988. ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
  12989. CERT_TYPE, -5616);
  12990. if (ret != 0) {
  12991. goto exit_rsa;
  12992. }
  12993. exit_rsa:
  12994. #ifdef WOLFSSL_SMALL_STACK
  12995. if (caKey != NULL) {
  12996. wc_FreeRsaKey(caKey);
  12997. XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12998. }
  12999. if (caEccKey != NULL) {
  13000. wc_ecc_free(caEccKey);
  13001. XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13002. }
  13003. if (caEccKeyPub != NULL) {
  13004. wc_ecc_free(caEccKeyPub);
  13005. XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13006. }
  13007. #ifdef WOLFSSL_TEST_CERT
  13008. if (decode != NULL)
  13009. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13010. #endif
  13011. #else
  13012. wc_FreeRsaKey(caKey);
  13013. wc_ecc_free(caEccKey);
  13014. wc_ecc_free(caEccKeyPub);
  13015. #endif
  13016. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13017. myCert = NULL;
  13018. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13019. der = NULL;
  13020. if (ret >= 0)
  13021. ret = 0;
  13022. return ret;
  13023. }
  13024. #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
  13025. #ifdef WOLFSSL_KEY_GEN
  13026. static int rsa_keygen_test(WC_RNG* rng)
  13027. {
  13028. #ifdef WOLFSSL_SMALL_STACK
  13029. RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13030. #else
  13031. RsaKey genKey[1];
  13032. #endif
  13033. int ret;
  13034. byte* der = NULL;
  13035. #ifndef WOLFSSL_CRYPTOCELL
  13036. word32 idx = 0;
  13037. #endif
  13038. int derSz = 0;
  13039. #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
  13040. int keySz = 1024;
  13041. #else
  13042. int keySz = 2048;
  13043. #endif
  13044. #ifdef WOLFSSL_SMALL_STACK
  13045. if (! genKey)
  13046. ERROR_OUT(MEMORY_E, exit_rsa);
  13047. #endif
  13048. XMEMSET(genKey, 0, sizeof *genKey);
  13049. ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId);
  13050. if (ret != 0) {
  13051. ERROR_OUT(-7870, exit_rsa);
  13052. }
  13053. #ifdef HAVE_FIPS
  13054. for (;;) {
  13055. #endif
  13056. ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng);
  13057. #if defined(WOLFSSL_ASYNC_CRYPT)
  13058. ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
  13059. #endif
  13060. #ifdef HAVE_FIPS
  13061. if (ret == PRIME_GEN_E)
  13062. continue;
  13063. break;
  13064. }
  13065. #endif
  13066. if (ret != 0) {
  13067. ERROR_OUT(-7871, exit_rsa);
  13068. }
  13069. TEST_SLEEP();
  13070. /* If not using old FIPS, or not using FAST or USER RSA... */
  13071. #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
  13072. (!defined(HAVE_FIPS) || \
  13073. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
  13074. !defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA) \
  13075. && !defined(WOLFSSL_NO_RSA_KEY_CHECK)
  13076. ret = wc_CheckRsaKey(genKey);
  13077. if (ret != 0) {
  13078. ERROR_OUT(-7872, exit_rsa);
  13079. }
  13080. #endif
  13081. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13082. if (der == NULL) {
  13083. ERROR_OUT(-7873, exit_rsa);
  13084. }
  13085. derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
  13086. if (derSz < 0) {
  13087. ERROR_OUT(-7874, exit_rsa);
  13088. }
  13089. ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
  13090. PRIVATEKEY_TYPE, -5555);
  13091. if (ret != 0) {
  13092. goto exit_rsa;
  13093. }
  13094. wc_FreeRsaKey(genKey);
  13095. ret = wc_InitRsaKey(genKey, HEAP_HINT);
  13096. if (ret != 0) {
  13097. ERROR_OUT(-7875, exit_rsa);
  13098. }
  13099. #ifndef WOLFSSL_CRYPTOCELL
  13100. idx = 0;
  13101. /* The private key part of the key gen pairs from cryptocell can't be exported */
  13102. ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
  13103. if (ret != 0) {
  13104. ERROR_OUT(-7876, exit_rsa);
  13105. }
  13106. #endif /* WOLFSSL_CRYPTOCELL */
  13107. exit_rsa:
  13108. #ifdef WOLFSSL_SMALL_STACK
  13109. if (genKey) {
  13110. wc_FreeRsaKey(genKey);
  13111. XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13112. }
  13113. #else
  13114. wc_FreeRsaKey(genKey);
  13115. #endif
  13116. if (der != NULL) {
  13117. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13118. der = NULL;
  13119. }
  13120. return ret;
  13121. }
  13122. #endif
  13123. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13124. #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
  13125. !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
  13126. (!defined(HAVE_FIPS) || \
  13127. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
  13128. static int rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
  13129. {
  13130. int ret = 0;
  13131. word32 idx = 0;
  13132. const char inStr[] = TEST_STRING;
  13133. const word32 inLen = (word32)TEST_STRING_SZ;
  13134. const word32 outSz = RSA_TEST_BYTES;
  13135. const word32 plainSz = RSA_TEST_BYTES;
  13136. byte* res = NULL;
  13137. DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
  13138. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  13139. DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  13140. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  13141. if (in == NULL || out == NULL || plain == NULL)
  13142. ERROR_OUT(MEMORY_E, exit_rsa);
  13143. #endif
  13144. XMEMCPY(in, inStr, inLen);
  13145. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  13146. if (in == NULL || out == NULL || plain == NULL)
  13147. ERROR_OUT(MEMORY_E, exit_rsa);
  13148. #endif
  13149. #ifndef NO_SHA
  13150. do {
  13151. #if defined(WOLFSSL_ASYNC_CRYPT)
  13152. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13153. #endif
  13154. if (ret >= 0) {
  13155. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  13156. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  13157. }
  13158. } while (ret == WC_PENDING_E);
  13159. if (ret < 0) {
  13160. ERROR_OUT(-7918, exit_rsa);
  13161. }
  13162. TEST_SLEEP();
  13163. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13164. idx = (word32)ret;
  13165. do {
  13166. #if defined(WOLFSSL_ASYNC_CRYPT)
  13167. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13168. #endif
  13169. if (ret >= 0) {
  13170. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13171. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  13172. }
  13173. } while (ret == WC_PENDING_E);
  13174. if (ret < 0) {
  13175. ERROR_OUT(-7919, exit_rsa);
  13176. }
  13177. if (XMEMCMP(plain, in, inLen)) {
  13178. ERROR_OUT(-7920, exit_rsa);
  13179. }
  13180. TEST_SLEEP();
  13181. #endif /* NO_SHA */
  13182. #endif
  13183. #ifndef NO_SHA256
  13184. XMEMSET(plain, 0, plainSz);
  13185. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13186. do {
  13187. #if defined(WOLFSSL_ASYNC_CRYPT)
  13188. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13189. #endif
  13190. if (ret >= 0) {
  13191. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  13192. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  13193. }
  13194. } while (ret == WC_PENDING_E);
  13195. if (ret < 0) {
  13196. ERROR_OUT(-7921, exit_rsa);
  13197. }
  13198. TEST_SLEEP();
  13199. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13200. idx = (word32)ret;
  13201. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13202. do {
  13203. #if defined(WOLFSSL_ASYNC_CRYPT)
  13204. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13205. #endif
  13206. if (ret >= 0) {
  13207. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13208. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  13209. }
  13210. } while (ret == WC_PENDING_E);
  13211. if (ret < 0) {
  13212. ERROR_OUT(-7922, exit_rsa);
  13213. }
  13214. if (XMEMCMP(plain, in, inLen)) {
  13215. ERROR_OUT(-7923, exit_rsa);
  13216. }
  13217. TEST_SLEEP();
  13218. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13219. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13220. do {
  13221. #if defined(WOLFSSL_ASYNC_CRYPT)
  13222. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13223. #endif
  13224. if (ret >= 0) {
  13225. ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
  13226. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  13227. }
  13228. } while (ret == WC_PENDING_E);
  13229. if (ret < 0) {
  13230. ERROR_OUT(-7924, exit_rsa);
  13231. }
  13232. if (ret != (int)inLen) {
  13233. ERROR_OUT(-7925, exit_rsa);
  13234. }
  13235. if (XMEMCMP(res, in, inLen)) {
  13236. ERROR_OUT(-7926, exit_rsa);
  13237. }
  13238. TEST_SLEEP();
  13239. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13240. /* check fails if not using the same optional label */
  13241. XMEMSET(plain, 0, plainSz);
  13242. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13243. do {
  13244. #if defined(WOLFSSL_ASYNC_CRYPT)
  13245. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13246. #endif
  13247. if (ret >= 0) {
  13248. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  13249. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  13250. }
  13251. } while (ret == WC_PENDING_E);
  13252. if (ret < 0) {
  13253. ERROR_OUT(-7927, exit_rsa);
  13254. }
  13255. TEST_SLEEP();
  13256. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13257. /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
  13258. #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  13259. !defined(WOLFSSL_CRYPTOCELL)
  13260. /* label is unused in cryptocell so it won't detect decrypt error due to label */
  13261. idx = (word32)ret;
  13262. do {
  13263. #if defined(WOLFSSL_ASYNC_CRYPT)
  13264. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13265. #endif
  13266. if (ret >= 0) {
  13267. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13268. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  13269. }
  13270. } while (ret == WC_PENDING_E);
  13271. if (ret > 0) { /* in this case decrypt should fail */
  13272. ERROR_OUT(-7928, exit_rsa);
  13273. }
  13274. ret = 0;
  13275. TEST_SLEEP();
  13276. #endif /* !HAVE_CAVIUM */
  13277. /* check using optional label with encrypt/decrypt */
  13278. XMEMSET(plain, 0, plainSz);
  13279. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13280. do {
  13281. #if defined(WOLFSSL_ASYNC_CRYPT)
  13282. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13283. #endif
  13284. if (ret >= 0) {
  13285. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  13286. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  13287. }
  13288. } while (ret == WC_PENDING_E);
  13289. if (ret < 0) {
  13290. ERROR_OUT(-7929, exit_rsa);
  13291. }
  13292. TEST_SLEEP();
  13293. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13294. idx = (word32)ret;
  13295. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13296. do {
  13297. #if defined(WOLFSSL_ASYNC_CRYPT)
  13298. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13299. #endif
  13300. if (ret >= 0) {
  13301. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13302. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  13303. }
  13304. } while (ret == WC_PENDING_E);
  13305. if (ret < 0) {
  13306. ERROR_OUT(-7930, exit_rsa);
  13307. }
  13308. if (XMEMCMP(plain, in, inLen)) {
  13309. ERROR_OUT(-7931, exit_rsa);
  13310. }
  13311. TEST_SLEEP();
  13312. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13313. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13314. #ifndef NO_SHA
  13315. /* check fail using mismatch hash algorithms */
  13316. XMEMSET(plain, 0, plainSz);
  13317. do {
  13318. #if defined(WOLFSSL_ASYNC_CRYPT)
  13319. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13320. #endif
  13321. if (ret >= 0) {
  13322. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  13323. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
  13324. }
  13325. } while (ret == WC_PENDING_E);
  13326. if (ret < 0) {
  13327. ERROR_OUT(-7932, exit_rsa);
  13328. }
  13329. TEST_SLEEP();
  13330. /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
  13331. #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  13332. !defined(WOLFSSL_CRYPTOCELL)
  13333. idx = (word32)ret;
  13334. do {
  13335. #if defined(WOLFSSL_ASYNC_CRYPT)
  13336. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13337. #endif
  13338. if (ret >= 0) {
  13339. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13340. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
  13341. in, inLen);
  13342. }
  13343. } while (ret == WC_PENDING_E);
  13344. if (ret > 0) { /* should fail */
  13345. ERROR_OUT(-7933, exit_rsa);
  13346. }
  13347. ret = 0;
  13348. TEST_SLEEP();
  13349. #endif /* !HAVE_CAVIUM */
  13350. #endif /* NO_SHA */
  13351. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13352. #endif /* NO_SHA256 */
  13353. #ifdef WOLFSSL_SHA512
  13354. /* Check valid RSA key size is used while using hash length of SHA512
  13355. If key size is less than (hash length * 2) + 2 then is invalid use
  13356. and test, since OAEP padding requires this.
  13357. BAD_FUNC_ARG is returned when this case is not met */
  13358. if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
  13359. XMEMSET(plain, 0, plainSz);
  13360. do {
  13361. #if defined(WOLFSSL_ASYNC_CRYPT)
  13362. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13363. #endif
  13364. if (ret >= 0) {
  13365. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  13366. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
  13367. }
  13368. } while (ret == WC_PENDING_E);
  13369. if (ret < 0) {
  13370. ERROR_OUT(-7934, exit_rsa);
  13371. }
  13372. TEST_SLEEP();
  13373. idx = ret;
  13374. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13375. do {
  13376. #if defined(WOLFSSL_ASYNC_CRYPT)
  13377. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13378. #endif
  13379. if (ret >= 0) {
  13380. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13381. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
  13382. }
  13383. } while (ret == WC_PENDING_E);
  13384. if (ret < 0) {
  13385. ERROR_OUT(-7935, exit_rsa);
  13386. }
  13387. if (XMEMCMP(plain, in, inLen)) {
  13388. ERROR_OUT(-7936, exit_rsa);
  13389. }
  13390. TEST_SLEEP();
  13391. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13392. }
  13393. #endif /* WOLFSSL_SHA512 */
  13394. /* check using pkcsv15 padding with _ex API */
  13395. XMEMSET(plain, 0, plainSz);
  13396. do {
  13397. #if defined(WOLFSSL_ASYNC_CRYPT)
  13398. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13399. #endif
  13400. if (ret >= 0) {
  13401. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  13402. WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
  13403. }
  13404. } while (ret == WC_PENDING_E);
  13405. if (ret < 0) {
  13406. ERROR_OUT(-7937, exit_rsa);
  13407. }
  13408. TEST_SLEEP();
  13409. idx = (word32)ret;
  13410. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13411. do {
  13412. #if defined(WOLFSSL_ASYNC_CRYPT)
  13413. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13414. #endif
  13415. if (ret >= 0) {
  13416. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13417. WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
  13418. }
  13419. } while (ret == WC_PENDING_E);
  13420. if (ret < 0) {
  13421. ERROR_OUT(-7938, exit_rsa);
  13422. }
  13423. if (XMEMCMP(plain, in, inLen)) {
  13424. ERROR_OUT(-7939, exit_rsa);
  13425. }
  13426. TEST_SLEEP();
  13427. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13428. exit_rsa:
  13429. FREE_VAR(in, HEAP_HINT);
  13430. FREE_VAR(out, HEAP_HINT);
  13431. FREE_VAR(plain, HEAP_HINT);
  13432. (void)idx;
  13433. (void)inStr;
  13434. (void)res;
  13435. if (ret >= 0)
  13436. ret = 0;
  13437. return ret;
  13438. }
  13439. #endif
  13440. #endif
  13441. WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
  13442. {
  13443. int ret;
  13444. byte* tmp = NULL;
  13445. byte* der = NULL;
  13446. size_t bytes;
  13447. WC_RNG rng;
  13448. #ifdef WOLFSSL_SMALL_STACK
  13449. RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13450. #else
  13451. RsaKey key[1];
  13452. #endif
  13453. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  13454. #ifdef WOLFSSL_SMALL_STACK
  13455. RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13456. #else
  13457. RsaKey keypub[1];
  13458. #endif
  13459. #endif
  13460. word32 idx = 0;
  13461. const char inStr[] = TEST_STRING;
  13462. const word32 inLen = (word32)TEST_STRING_SZ;
  13463. const word32 outSz = RSA_TEST_BYTES;
  13464. const word32 plainSz = RSA_TEST_BYTES;
  13465. byte* res = NULL;
  13466. #ifndef NO_SIG_WRAPPER
  13467. int modLen;
  13468. #endif
  13469. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  13470. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
  13471. !defined(NO_FILESYSTEM)
  13472. XFILE file;
  13473. #ifdef WOLFSSL_TEST_CERT
  13474. XFILE file2;
  13475. #endif
  13476. #endif
  13477. #ifdef WOLFSSL_TEST_CERT
  13478. #ifdef WOLFSSL_SMALL_STACK
  13479. DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13480. #else
  13481. DecodedCert cert[1];
  13482. #endif
  13483. #ifndef NO_ASN_TIME
  13484. struct tm timearg;
  13485. const byte* date;
  13486. byte dateFormat;
  13487. int dateLength;
  13488. #endif
  13489. #endif
  13490. DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
  13491. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  13492. DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  13493. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  13494. if (in == NULL || out == NULL || plain == NULL)
  13495. ERROR_OUT(MEMORY_E, exit_rsa);
  13496. #endif
  13497. XMEMCPY(in, inStr, inLen);
  13498. #ifdef WOLFSSL_SMALL_STACK
  13499. if (key == NULL)
  13500. ERROR_OUT(MEMORY_E, exit_rsa);
  13501. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  13502. if (keypub == NULL)
  13503. ERROR_OUT(MEMORY_E, exit_rsa);
  13504. #endif
  13505. #ifdef WOLFSSL_TEST_CERT
  13506. if (cert == NULL)
  13507. ERROR_OUT(MEMORY_E, exit_rsa);
  13508. #endif
  13509. #endif /* WOLFSSL_SMALL_STACK */
  13510. /* initialize stack structures */
  13511. XMEMSET(&rng, 0, sizeof(rng));
  13512. XMEMSET(key, 0, sizeof *key);
  13513. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  13514. XMEMSET(keypub, 0, sizeof *keypub);
  13515. #endif
  13516. #if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
  13517. ret = rsa_decode_test(key);
  13518. if (ret != 0)
  13519. ERROR_OUT(ret, exit_rsa);
  13520. #endif
  13521. #ifdef USE_CERT_BUFFERS_1024
  13522. bytes = (size_t)sizeof_client_key_der_1024;
  13523. if (bytes < (size_t)sizeof_client_cert_der_1024)
  13524. bytes = (size_t)sizeof_client_cert_der_1024;
  13525. #elif defined(USE_CERT_BUFFERS_2048)
  13526. bytes = (size_t)sizeof_client_key_der_2048;
  13527. if (bytes < (size_t)sizeof_client_cert_der_2048)
  13528. bytes = (size_t)sizeof_client_cert_der_2048;
  13529. #elif defined(USE_CERT_BUFFERS_3072)
  13530. bytes = (size_t)sizeof_client_key_der_3072;
  13531. if (bytes < (size_t)sizeof_client_cert_der_3072)
  13532. bytes = (size_t)sizeof_client_cert_der_3072;
  13533. #elif defined(USE_CERT_BUFFERS_4096)
  13534. bytes = (size_t)sizeof_client_key_der_4096;
  13535. if (bytes < (size_t)sizeof_client_cert_der_4096)
  13536. bytes = (size_t)sizeof_client_cert_der_4096;
  13537. #else
  13538. bytes = FOURK_BUF;
  13539. #endif
  13540. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13541. if (tmp == NULL)
  13542. ERROR_OUT(-7900, exit_rsa);
  13543. #ifdef USE_CERT_BUFFERS_1024
  13544. XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
  13545. #elif defined(USE_CERT_BUFFERS_2048)
  13546. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  13547. #elif defined(USE_CERT_BUFFERS_3072)
  13548. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  13549. #elif defined(USE_CERT_BUFFERS_4096)
  13550. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  13551. #elif !defined(NO_FILESYSTEM)
  13552. file = XFOPEN(clientKey, "rb");
  13553. if (!file) {
  13554. err_sys("can't open ./certs/client-key.der, "
  13555. "Please run from wolfSSL home dir", -40);
  13556. ERROR_OUT(-7901, exit_rsa);
  13557. }
  13558. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  13559. XFCLOSE(file);
  13560. #else
  13561. /* No key to use. */
  13562. ERROR_OUT(-7902, exit_rsa);
  13563. #endif /* USE_CERT_BUFFERS */
  13564. ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
  13565. if (ret != 0) {
  13566. ERROR_OUT(-7903, exit_rsa);
  13567. }
  13568. #ifndef NO_ASN
  13569. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  13570. if (ret != 0) {
  13571. ERROR_OUT(-7904, exit_rsa);
  13572. }
  13573. #ifndef NO_SIG_WRAPPER
  13574. modLen = wc_RsaEncryptSize(key);
  13575. #endif
  13576. #else
  13577. #ifdef USE_CERT_BUFFERS_2048
  13578. ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
  13579. if (ret != 0) {
  13580. ERROR_OUT(-7905, exit_rsa);
  13581. }
  13582. ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
  13583. if (ret != 0) {
  13584. ERROR_OUT(-7906, exit_rsa);
  13585. }
  13586. #ifndef NO_SIG_WRAPPER
  13587. modLen = 2048;
  13588. #endif
  13589. #else
  13590. #error Not supported yet!
  13591. #endif
  13592. #endif
  13593. #ifndef WC_NO_RNG
  13594. #ifndef HAVE_FIPS
  13595. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  13596. #else
  13597. ret = wc_InitRng(&rng);
  13598. #endif
  13599. if (ret != 0) {
  13600. ERROR_OUT(-7907, exit_rsa);
  13601. }
  13602. #endif
  13603. #ifndef NO_SIG_WRAPPER
  13604. ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
  13605. if (ret != 0)
  13606. goto exit_rsa;
  13607. #endif
  13608. #ifdef WC_RSA_NONBLOCK
  13609. ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
  13610. if (ret != 0)
  13611. goto exit_rsa;
  13612. #endif
  13613. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  13614. !defined(WC_NO_RNG)
  13615. do {
  13616. #if defined(WOLFSSL_ASYNC_CRYPT)
  13617. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13618. #endif
  13619. if (ret >= 0) {
  13620. ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
  13621. }
  13622. } while (ret == WC_PENDING_E);
  13623. if (ret < 0) {
  13624. ERROR_OUT(-7908, exit_rsa);
  13625. }
  13626. TEST_SLEEP();
  13627. #ifdef WC_RSA_BLINDING
  13628. {
  13629. int tmpret = ret;
  13630. ret = wc_RsaSetRNG(key, &rng);
  13631. if (ret < 0) {
  13632. ERROR_OUT(-7909, exit_rsa);
  13633. }
  13634. ret = tmpret;
  13635. }
  13636. #endif
  13637. idx = (word32)ret; /* save off encrypted length */
  13638. do {
  13639. #if defined(WOLFSSL_ASYNC_CRYPT)
  13640. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13641. #endif
  13642. if (ret >= 0) {
  13643. ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
  13644. }
  13645. } while (ret == WC_PENDING_E);
  13646. if (ret < 0) {
  13647. ERROR_OUT(-7910, exit_rsa);
  13648. }
  13649. if (XMEMCMP(plain, in, inLen)) {
  13650. ERROR_OUT(-7911, exit_rsa);
  13651. }
  13652. TEST_SLEEP();
  13653. do {
  13654. #if defined(WOLFSSL_ASYNC_CRYPT)
  13655. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13656. #endif
  13657. if (ret >= 0) {
  13658. ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
  13659. }
  13660. } while (ret == WC_PENDING_E);
  13661. if (ret < 0) {
  13662. ERROR_OUT(-7912, exit_rsa);
  13663. }
  13664. if (ret != (int)inLen) {
  13665. ERROR_OUT(-7913, exit_rsa);
  13666. }
  13667. if (XMEMCMP(res, in, inLen)) {
  13668. ERROR_OUT(-7914, exit_rsa);
  13669. }
  13670. TEST_SLEEP();
  13671. do {
  13672. #if defined(WOLFSSL_ASYNC_CRYPT)
  13673. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13674. #endif
  13675. if (ret >= 0) {
  13676. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
  13677. }
  13678. } while (ret == WC_PENDING_E);
  13679. if (ret < 0) {
  13680. ERROR_OUT(-7915, exit_rsa);
  13681. }
  13682. TEST_SLEEP();
  13683. #elif defined(WOLFSSL_PUBLIC_MP)
  13684. {
  13685. static byte signature_2048[] = {
  13686. 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
  13687. 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
  13688. 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
  13689. 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
  13690. 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
  13691. 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
  13692. 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
  13693. 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
  13694. 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
  13695. 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
  13696. 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
  13697. 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
  13698. 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
  13699. 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
  13700. 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
  13701. 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
  13702. 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
  13703. 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
  13704. 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
  13705. 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
  13706. 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
  13707. 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
  13708. 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
  13709. 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
  13710. 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
  13711. 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
  13712. 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
  13713. 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
  13714. 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
  13715. 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
  13716. 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
  13717. 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
  13718. };
  13719. ret = sizeof(signature_2048);
  13720. XMEMCPY(out, signature_2048, ret);
  13721. }
  13722. #endif
  13723. #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
  13724. ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
  13725. defined(WOLFSSL_PUBLIC_MP))
  13726. idx = (word32)ret;
  13727. XMEMSET(plain, 0, plainSz);
  13728. do {
  13729. #if defined(WOLFSSL_ASYNC_CRYPT)
  13730. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13731. #endif
  13732. if (ret >= 0) {
  13733. #ifndef WOLFSSL_RSA_VERIFY_INLINE
  13734. #if defined(WOLFSSL_CRYPTOCELL)
  13735. /*
  13736. Cryptocell requires the input data and signature byte array to verify.
  13737. first argument must be the input data
  13738. second argument must be the length of input data
  13739. third argument must be the signature byte array or the output from
  13740. wc_RsaSSL_Sign()
  13741. fourth argument must be the length of the signature byte array
  13742. */
  13743. ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key);
  13744. #else
  13745. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key);
  13746. #endif /* WOLFSSL_CRYPTOCELL */
  13747. #else
  13748. byte* dec = NULL;
  13749. ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key);
  13750. if (ret > 0) {
  13751. XMEMCPY(plain, dec, ret);
  13752. }
  13753. #endif
  13754. }
  13755. } while (ret == WC_PENDING_E);
  13756. if (ret < 0) {
  13757. ERROR_OUT(-7916, exit_rsa);
  13758. }
  13759. if (XMEMCMP(plain, in, (size_t)ret)) {
  13760. ERROR_OUT(-7917, exit_rsa);
  13761. }
  13762. TEST_SLEEP();
  13763. #endif
  13764. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13765. #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
  13766. #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
  13767. (!defined(HAVE_FIPS) || \
  13768. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
  13769. ret = rsa_oaep_padding_test(key, &rng);
  13770. if (ret != 0)
  13771. return ret;
  13772. #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
  13773. #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
  13774. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13775. #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
  13776. && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  13777. ret = rsa_export_key_test(key);
  13778. if (ret != 0)
  13779. return ret;
  13780. #endif
  13781. #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  13782. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  13783. ret = rsa_flatten_test(key);
  13784. if (ret != 0)
  13785. return ret;
  13786. #endif
  13787. #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
  13788. !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  13789. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  13790. (void)clientCert;
  13791. #endif
  13792. #ifdef WOLFSSL_TEST_CERT
  13793. #if defined(WOLFSSL_MDK_ARM)
  13794. #define sizeof(s) XSTRLEN((char *)(s))
  13795. #endif
  13796. #ifdef USE_CERT_BUFFERS_1024
  13797. XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
  13798. bytes = (size_t)sizeof_client_cert_der_1024;
  13799. #elif defined(USE_CERT_BUFFERS_2048)
  13800. XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
  13801. bytes = (size_t)sizeof_client_cert_der_2048;
  13802. #elif defined(USE_CERT_BUFFERS_3072)
  13803. XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072);
  13804. bytes = (size_t)sizeof_client_cert_der_3072;
  13805. #elif defined(USE_CERT_BUFFERS_4096)
  13806. XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096);
  13807. bytes = (size_t)sizeof_client_cert_der_4096;
  13808. #elif !defined(NO_FILESYSTEM)
  13809. file2 = XFOPEN(clientCert, "rb");
  13810. if (!file2) {
  13811. ERROR_OUT(-7940, exit_rsa);
  13812. }
  13813. bytes = XFREAD(tmp, 1, FOURK_BUF, file2);
  13814. XFCLOSE(file2);
  13815. #else
  13816. /* No certificate to use. */
  13817. ERROR_OUT(-7941, exit_rsa);
  13818. #endif
  13819. #ifdef sizeof
  13820. #undef sizeof
  13821. #endif
  13822. InitDecodedCert(cert, tmp, (word32)bytes, NULL);
  13823. ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL);
  13824. if (ret != 0) {
  13825. FreeDecodedCert(cert);
  13826. ERROR_OUT(-7942, exit_rsa);
  13827. }
  13828. #ifndef NO_ASN_TIME
  13829. ret = wc_GetDateInfo(cert->afterDate, cert->afterDateLen, &date,
  13830. &dateFormat, &dateLength);
  13831. if (ret != 0) {
  13832. FreeDecodedCert(cert);
  13833. ERROR_OUT(-7943, exit_rsa);
  13834. }
  13835. ret = wc_GetDateAsCalendarTime(date, dateLength, dateFormat, &timearg);
  13836. if (ret != 0) {
  13837. FreeDecodedCert(cert);
  13838. ERROR_OUT(-7944, exit_rsa);
  13839. }
  13840. #endif
  13841. FreeDecodedCert(cert);
  13842. #endif /* WOLFSSL_TEST_CERT */
  13843. #ifdef WOLFSSL_CERT_EXT
  13844. #ifdef USE_CERT_BUFFERS_1024
  13845. XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  13846. bytes = sizeof_client_keypub_der_1024;
  13847. #elif defined(USE_CERT_BUFFERS_2048)
  13848. XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  13849. bytes = sizeof_client_keypub_der_2048;
  13850. #elif defined(USE_CERT_BUFFERS_3072)
  13851. XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
  13852. bytes = sizeof_client_keypub_der_3072;
  13853. #elif defined(USE_CERT_BUFFERS_4096)
  13854. XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096);
  13855. bytes = sizeof_client_keypub_der_4096;
  13856. #else
  13857. file = XFOPEN(clientKeyPub, "rb");
  13858. if (!file) {
  13859. err_sys("can't open ./certs/client-keyPub.der, "
  13860. "Please run from wolfSSL home dir", -40);
  13861. ERROR_OUT(-7945, exit_rsa);
  13862. }
  13863. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  13864. XFCLOSE(file);
  13865. #endif /* USE_CERT_BUFFERS */
  13866. ret = wc_InitRsaKey(keypub, HEAP_HINT);
  13867. if (ret != 0) {
  13868. ERROR_OUT(-7946, exit_rsa);
  13869. }
  13870. idx = 0;
  13871. ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes);
  13872. if (ret != 0) {
  13873. ERROR_OUT(-7947, exit_rsa);
  13874. }
  13875. #endif /* WOLFSSL_CERT_EXT */
  13876. #ifdef WOLFSSL_KEY_GEN
  13877. ret = rsa_keygen_test(&rng);
  13878. if (ret != 0)
  13879. goto exit_rsa;
  13880. #endif
  13881. #ifdef WOLFSSL_CERT_GEN
  13882. /* Make Cert / Sign example for RSA cert and RSA CA */
  13883. ret = rsa_certgen_test(key, keypub, &rng, tmp);
  13884. if (ret != 0)
  13885. goto exit_rsa;
  13886. #if !defined(NO_RSA) && defined(HAVE_ECC)
  13887. ret = rsa_ecc_certgen_test(&rng, tmp);
  13888. if (ret != 0)
  13889. goto exit_rsa;
  13890. #endif
  13891. #ifdef WOLFSSL_CERT_REQ
  13892. {
  13893. Cert *req;
  13894. int derSz;
  13895. req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13896. if (! req)
  13897. ERROR_OUT(MEMORY_E, exit_rsa);
  13898. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
  13899. if (der == NULL) {
  13900. ERROR_OUT(-7964, exit_rsa);
  13901. }
  13902. if (wc_InitCert_ex(req, HEAP_HINT, devId)) {
  13903. ERROR_OUT(-7965, exit_rsa);
  13904. }
  13905. req->version = 0;
  13906. req->isCA = 1;
  13907. XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE);
  13908. XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName));
  13909. #ifndef NO_SHA256
  13910. req->sigType = CTC_SHA256wRSA;
  13911. #else
  13912. req->sigType = CTC_SHAwRSA;
  13913. #endif
  13914. #ifdef WOLFSSL_CERT_EXT
  13915. /* add SKID from the Public Key */
  13916. if (wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL) != 0) {
  13917. ERROR_OUT(-7966, exit_rsa);
  13918. }
  13919. /* add Key Usage */
  13920. if (wc_SetKeyUsage(req, certKeyUsage2) != 0) {
  13921. ERROR_OUT(-7967, exit_rsa);
  13922. }
  13923. /* add Extended Key Usage */
  13924. if (wc_SetExtKeyUsage(req, "serverAuth,clientAuth,codeSigning,"
  13925. "emailProtection,timeStamping,OCSPSigning") != 0) {
  13926. ERROR_OUT(-7968, exit_rsa);
  13927. }
  13928. #ifdef WOLFSSL_EKU_OID
  13929. {
  13930. WOLFSSL_SMALL_STACK_STATIC const char unique[] = "2.16.840.1.111111.100.1.10.1";
  13931. if (wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0,
  13932. HEAP_HINT) != 0) {
  13933. ERROR_OUT(-7969, exit_rsa);
  13934. }
  13935. }
  13936. #endif /* WOLFSSL_EKU_OID */
  13937. #endif /* WOLFSSL_CERT_EXT */
  13938. derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
  13939. if (derSz < 0) {
  13940. ERROR_OUT(-7970, exit_rsa);
  13941. }
  13942. #ifdef WOLFSSL_CERT_EXT
  13943. /* Try again with "any" flag set, will override all others */
  13944. if (wc_SetExtKeyUsage(req, "any") != 0) {
  13945. ERROR_OUT(-7971, exit_rsa);
  13946. }
  13947. derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
  13948. if (derSz < 0) {
  13949. ERROR_OUT(-7972, exit_rsa);
  13950. }
  13951. #endif /* WOLFSSL_CERT_EXT */
  13952. ret = 0;
  13953. do {
  13954. #if defined(WOLFSSL_ASYNC_CRYPT)
  13955. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13956. #endif
  13957. if (ret >= 0) {
  13958. ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
  13959. key, NULL, &rng);
  13960. }
  13961. } while (ret == WC_PENDING_E);
  13962. if (ret < 0) {
  13963. ERROR_OUT(-7973, exit_rsa);
  13964. }
  13965. derSz = ret;
  13966. ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
  13967. CERTREQ_TYPE, -5650);
  13968. if (ret != 0) {
  13969. goto exit_rsa;
  13970. }
  13971. derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key);
  13972. if (derSz < 0) {
  13973. ERROR_OUT(-7974, exit_rsa);
  13974. }
  13975. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13976. XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13977. der = NULL;
  13978. }
  13979. #endif /* WOLFSSL_CERT_REQ */
  13980. #endif /* WOLFSSL_CERT_GEN */
  13981. #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
  13982. /* Need to create known good signatures to test with this. */
  13983. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  13984. ret = rsa_pss_test(&rng, key);
  13985. if (ret != 0)
  13986. goto exit_rsa;
  13987. #endif
  13988. #endif
  13989. #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
  13990. #ifdef WOLFSSL_SMALL_STACK
  13991. /* New key to be loaded in rsa_even_mod_test(). */
  13992. if (key != NULL)
  13993. #endif
  13994. wc_FreeRsaKey(key);
  13995. /* New key to be loaded in rsa_even_mod_test(). */
  13996. ret = rsa_even_mod_test(&rng, key);
  13997. #endif
  13998. exit_rsa:
  13999. #ifdef WOLFSSL_SMALL_STACK
  14000. if (key != NULL) {
  14001. wc_FreeRsaKey(key);
  14002. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14003. }
  14004. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  14005. if (keypub != NULL) {
  14006. wc_FreeRsaKey(keypub);
  14007. XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14008. }
  14009. #endif
  14010. #ifdef WOLFSSL_TEST_CERT
  14011. if (cert != NULL)
  14012. XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14013. #endif
  14014. #else
  14015. wc_FreeRsaKey(key);
  14016. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  14017. wc_FreeRsaKey(keypub);
  14018. #endif
  14019. #endif /* WOLFSSL_SMALL_STACK */
  14020. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14021. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14022. wc_FreeRng(&rng);
  14023. FREE_VAR(in, HEAP_HINT);
  14024. FREE_VAR(out, HEAP_HINT);
  14025. FREE_VAR(plain, HEAP_HINT);
  14026. (void)res;
  14027. (void)bytes;
  14028. (void)idx;
  14029. (void)in;
  14030. (void)out;
  14031. (void)plain;
  14032. (void)idx;
  14033. (void)inStr;
  14034. (void)inLen;
  14035. (void)outSz;
  14036. (void)plainSz;
  14037. /* ret can be greater then 0 with certgen but all negative values should
  14038. * be returned and treated as an error */
  14039. if (ret >= 0) {
  14040. return 0;
  14041. }
  14042. else {
  14043. return ret;
  14044. }
  14045. }
  14046. #endif /* !NO_RSA */
  14047. #ifndef NO_DH
  14048. static int dh_fips_generate_test(WC_RNG *rng)
  14049. {
  14050. int ret = 0;
  14051. #ifdef WOLFSSL_SMALL_STACK
  14052. DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);;
  14053. #else
  14054. DhKey key[1];
  14055. #endif
  14056. WOLFSSL_SMALL_STACK_STATIC const byte p[] = {
  14057. 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
  14058. 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
  14059. 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
  14060. 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
  14061. 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
  14062. 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
  14063. 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
  14064. 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
  14065. 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
  14066. 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
  14067. 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
  14068. 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
  14069. 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
  14070. 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
  14071. 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
  14072. 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
  14073. 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
  14074. 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
  14075. 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
  14076. 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
  14077. 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
  14078. 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
  14079. 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
  14080. 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
  14081. 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
  14082. 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
  14083. 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
  14084. 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
  14085. 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
  14086. 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
  14087. 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
  14088. 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
  14089. };
  14090. WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
  14091. 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
  14092. 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
  14093. 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
  14094. 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
  14095. 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
  14096. 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
  14097. 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
  14098. 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
  14099. 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
  14100. 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
  14101. 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
  14102. 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
  14103. 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
  14104. 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
  14105. 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
  14106. 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
  14107. 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
  14108. 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
  14109. 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
  14110. 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
  14111. 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
  14112. 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
  14113. 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
  14114. 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
  14115. 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
  14116. 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
  14117. 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
  14118. 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
  14119. 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
  14120. 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
  14121. 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
  14122. 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
  14123. };
  14124. WOLFSSL_SMALL_STACK_STATIC const byte q[] = {
  14125. 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
  14126. 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
  14127. 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
  14128. 0x40, 0x52, 0xed, 0x41
  14129. };
  14130. WOLFSSL_SMALL_STACK_STATIC const byte q0[] = {
  14131. 0x00,
  14132. 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
  14133. 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
  14134. 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
  14135. 0x40, 0x52, 0xed, 0x41
  14136. };
  14137. byte priv[256];
  14138. byte pub[256];
  14139. word32 privSz = sizeof(priv);
  14140. word32 pubSz = sizeof(pub);
  14141. #ifdef WOLFSSL_SMALL_STACK
  14142. if (key == NULL)
  14143. ERROR_OUT(MEMORY_E, exit_gen_test);
  14144. #endif
  14145. /* Parameter Validation testing. */
  14146. ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
  14147. if (ret != BAD_FUNC_ARG)
  14148. ERROR_OUT(-7980, exit_gen_test);
  14149. ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
  14150. if (ret != BAD_FUNC_ARG)
  14151. ERROR_OUT(-7981, exit_gen_test);
  14152. ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
  14153. if (ret != BAD_FUNC_ARG)
  14154. ERROR_OUT(-7982, exit_gen_test);
  14155. ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
  14156. if (ret != BAD_FUNC_ARG)
  14157. ERROR_OUT(-7983, exit_gen_test);
  14158. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
  14159. if (ret != BAD_FUNC_ARG)
  14160. ERROR_OUT(-7984, exit_gen_test);
  14161. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
  14162. if (ret != BAD_FUNC_ARG)
  14163. ERROR_OUT(-7985, exit_gen_test);
  14164. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14165. if (ret != 0)
  14166. ERROR_OUT(-7986, exit_gen_test);
  14167. ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
  14168. if (ret != 0) {
  14169. ERROR_OUT(-7987, exit_gen_test);
  14170. }
  14171. wc_FreeDhKey(key);
  14172. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14173. if (ret != 0)
  14174. ERROR_OUT(-7988, exit_gen_test);
  14175. ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
  14176. if (ret != 0) {
  14177. ERROR_OUT(-7989, exit_gen_test);
  14178. }
  14179. /* Use API. */
  14180. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  14181. #if defined(WOLFSSL_ASYNC_CRYPT)
  14182. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14183. #endif
  14184. if (ret != 0) {
  14185. ERROR_OUT(-7990, exit_gen_test);
  14186. }
  14187. ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0));
  14188. if (ret != 0) {
  14189. ERROR_OUT(-7991, exit_gen_test);
  14190. }
  14191. wc_FreeDhKey(key);
  14192. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14193. if (ret != 0)
  14194. ERROR_OUT(-7992, exit_gen_test);
  14195. ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g));
  14196. if (ret != 0) {
  14197. ERROR_OUT(-7993, exit_gen_test);
  14198. }
  14199. ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q));
  14200. if (ret != 0) {
  14201. ERROR_OUT(-7994, exit_gen_test);
  14202. }
  14203. #ifndef HAVE_SELFTEST
  14204. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  14205. if (ret != 0) {
  14206. ERROR_OUT(-7995, exit_gen_test);
  14207. }
  14208. /* Taint the public key so the check fails. */
  14209. pub[0]++;
  14210. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  14211. if (ret != MP_CMP_E) {
  14212. ERROR_OUT(-7996, exit_gen_test);
  14213. }
  14214. #ifdef WOLFSSL_KEY_GEN
  14215. wc_FreeDhKey(key);
  14216. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14217. if (ret != 0)
  14218. ERROR_OUT(-7997, exit_gen_test);
  14219. ret = wc_DhGenerateParams(rng, 2048, key);
  14220. if (ret != 0) {
  14221. ERROR_OUT(-7998, exit_gen_test);
  14222. }
  14223. privSz = sizeof(priv);
  14224. pubSz = sizeof(pub);
  14225. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  14226. #if defined(WOLFSSL_ASYNC_CRYPT)
  14227. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14228. #endif
  14229. if (ret != 0) {
  14230. ERROR_OUT(-7999, exit_gen_test);
  14231. }
  14232. #endif /* WOLFSSL_KEY_GEN */
  14233. #endif /* HAVE_SELFTEST */
  14234. ret = 0;
  14235. exit_gen_test:
  14236. #ifdef WOLFSSL_SMALL_STACK
  14237. if (key) {
  14238. wc_FreeDhKey(key);
  14239. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14240. }
  14241. #else
  14242. wc_FreeDhKey(key);
  14243. #endif
  14244. return ret;
  14245. }
  14246. static int dh_generate_test(WC_RNG *rng)
  14247. {
  14248. int ret = 0;
  14249. #ifdef WOLFSSL_SMALL_STACK
  14250. DhKey *smallKey = NULL;
  14251. #else
  14252. DhKey smallKey[1];
  14253. #endif
  14254. byte p[2] = { 1, 7 }; /* 263 in decimal */
  14255. byte g[2] = { 0, 2 };
  14256. #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
  14257. #ifdef WOLFSSL_DH_CONST
  14258. /* the table for constant DH lookup will round to the lowest byte size 21 */
  14259. byte priv[21];
  14260. byte pub[21];
  14261. #else
  14262. byte priv[2];
  14263. byte pub[2];
  14264. #endif
  14265. word32 privSz = sizeof(priv);
  14266. word32 pubSz = sizeof(pub);
  14267. #endif
  14268. int smallKey_inited = 0;
  14269. #ifdef WOLFSSL_SMALL_STACK
  14270. if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
  14271. return -8019;
  14272. #endif
  14273. ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
  14274. if (ret != 0)
  14275. ERROR_OUT(-8010, exit_gen_test);
  14276. smallKey_inited = 1;
  14277. /* Parameter Validation testing. */
  14278. ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
  14279. if (ret != BAD_FUNC_ARG)
  14280. return -8011;
  14281. wc_FreeDhKey(NULL);
  14282. ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
  14283. if (ret != BAD_FUNC_ARG) {
  14284. ERROR_OUT(-8012, exit_gen_test);
  14285. }
  14286. ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
  14287. if (ret != BAD_FUNC_ARG) {
  14288. ERROR_OUT(-8013, exit_gen_test);
  14289. }
  14290. ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
  14291. if (ret != BAD_FUNC_ARG) {
  14292. ERROR_OUT(-8014, exit_gen_test);
  14293. }
  14294. ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
  14295. if (ret != BAD_FUNC_ARG) {
  14296. ERROR_OUT(-8015, exit_gen_test);
  14297. }
  14298. ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
  14299. if (ret != BAD_FUNC_ARG) {
  14300. ERROR_OUT(-8016, exit_gen_test);
  14301. }
  14302. ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
  14303. if (ret != 0) {
  14304. ERROR_OUT(-8017, exit_gen_test);
  14305. }
  14306. #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
  14307. /* Use API. */
  14308. ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
  14309. #if defined(WOLFSSL_ASYNC_CRYPT)
  14310. ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
  14311. #endif
  14312. if (ret != 0) {
  14313. ret = -8018;
  14314. }
  14315. #else
  14316. (void)rng;
  14317. ret = 0;
  14318. #endif
  14319. exit_gen_test:
  14320. if (smallKey_inited)
  14321. wc_FreeDhKey(smallKey);
  14322. #ifdef WOLFSSL_SMALL_STACK
  14323. if (smallKey != NULL)
  14324. XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14325. #endif
  14326. return ret;
  14327. }
  14328. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  14329. typedef struct dh_pubvalue_test {
  14330. const byte* data;
  14331. word32 len;
  14332. } dh_pubvalue_test;
  14333. static int dh_test_check_pubvalue(void)
  14334. {
  14335. int ret;
  14336. word32 i;
  14337. WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01};
  14338. WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 };
  14339. WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 };
  14340. WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 };
  14341. WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 };
  14342. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 };
  14343. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01};
  14344. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 };
  14345. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
  14346. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
  14347. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
  14348. const dh_pubvalue_test dh_pubval_fail[] = {
  14349. { prime, sizeof(prime) },
  14350. { pubValZero, sizeof(pubValZero) },
  14351. { pubValZeroLong, sizeof(pubValZeroLong) },
  14352. { pubValOne, sizeof(pubValOne) },
  14353. { pubValOneLong, sizeof(pubValOneLong) },
  14354. { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
  14355. { pubValPrimeLong, sizeof(pubValPrimeLong) },
  14356. { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
  14357. { pubValTooBig0, sizeof(pubValTooBig0) },
  14358. { pubValTooBig1, sizeof(pubValTooBig1) },
  14359. { pubValTooLong, sizeof(pubValTooLong) },
  14360. };
  14361. WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
  14362. WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
  14363. WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
  14364. WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
  14365. WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
  14366. const dh_pubvalue_test dh_pubval_pass[] = {
  14367. { pubValTwo, sizeof(pubValTwo) },
  14368. { pubValTwoLong, sizeof(pubValTwoLong) },
  14369. { pubValGood, sizeof(pubValGood) },
  14370. { pubValGoodLen, sizeof(pubValGoodLen) },
  14371. { pubValGoodLong, sizeof(pubValGoodLong) },
  14372. };
  14373. for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
  14374. ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
  14375. dh_pubval_fail[i].len);
  14376. if (ret != MP_VAL)
  14377. return -8020 - (int)i;
  14378. }
  14379. for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) {
  14380. ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data,
  14381. dh_pubval_pass[i].len);
  14382. if (ret != 0)
  14383. return -8030 - (int)i;
  14384. }
  14385. return 0;
  14386. }
  14387. #endif
  14388. #if defined(HAVE_FFDHE)
  14389. #if defined(HAVE_FFDHE_4096)
  14390. #define MAX_DH_PRIV_SZ 39
  14391. #define MAX_DH_KEY_SZ 512
  14392. #elif defined(HAVE_FFDHE_3072)
  14393. #define MAX_DH_PRIV_SZ 34
  14394. #define MAX_DH_KEY_SZ 384
  14395. #else
  14396. #define MAX_DH_PRIV_SZ 29
  14397. #define MAX_DH_KEY_SZ 256
  14398. #endif
  14399. #ifndef WC_NO_RNG
  14400. #ifdef HAVE_PUBLIC_FFDHE
  14401. static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
  14402. #else
  14403. static int dh_ffdhe_test(WC_RNG *rng, int name)
  14404. #endif
  14405. {
  14406. int ret;
  14407. word32 privSz, pubSz, privSz2, pubSz2;
  14408. #ifdef WOLFSSL_SMALL_STACK
  14409. byte *priv = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14410. byte *pub = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14411. byte *priv2 = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14412. byte *pub2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14413. byte *agree = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14414. byte *agree2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14415. DhKey *key = (DhKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14416. DhKey *key2 = (DhKey*)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14417. #else
  14418. byte priv[MAX_DH_PRIV_SZ];
  14419. byte pub[MAX_DH_KEY_SZ];
  14420. byte priv2[MAX_DH_PRIV_SZ];
  14421. byte pub2[MAX_DH_KEY_SZ];
  14422. byte agree[MAX_DH_KEY_SZ];
  14423. byte agree2[MAX_DH_KEY_SZ];
  14424. DhKey key[1];
  14425. DhKey key2[1];
  14426. #endif
  14427. word32 agreeSz = MAX_DH_KEY_SZ;
  14428. word32 agreeSz2 = MAX_DH_KEY_SZ;
  14429. #ifdef WOLFSSL_SMALL_STACK
  14430. if ((priv == NULL) ||
  14431. (pub == NULL) ||
  14432. (priv2 == NULL) ||
  14433. (pub2 == NULL) ||
  14434. (agree == NULL) ||
  14435. (agree2 == NULL) ||
  14436. (key == NULL) ||
  14437. (key2 == NULL))
  14438. ERROR_OUT(-8050, done);
  14439. #endif
  14440. pubSz = MAX_DH_KEY_SZ;
  14441. pubSz2 = MAX_DH_KEY_SZ;
  14442. #ifdef HAVE_PUBLIC_FFDHE
  14443. privSz = MAX_DH_PRIV_SZ;
  14444. privSz2 = MAX_DH_PRIV_SZ;
  14445. #else
  14446. privSz = wc_DhGetNamedKeyMinSize(name);
  14447. privSz2 = privSz;
  14448. #endif
  14449. XMEMSET(key, 0, sizeof(*key));
  14450. XMEMSET(key2, 0, sizeof(*key2));
  14451. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14452. if (ret != 0) {
  14453. ERROR_OUT(-8051, done);
  14454. }
  14455. ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
  14456. if (ret != 0) {
  14457. ERROR_OUT(-8052, done);
  14458. }
  14459. #ifdef HAVE_PUBLIC_FFDHE
  14460. ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
  14461. #else
  14462. ret = wc_DhSetNamedKey(key, name);
  14463. #endif
  14464. if (ret != 0) {
  14465. ERROR_OUT(-8053, done);
  14466. }
  14467. #ifdef HAVE_PUBLIC_FFDHE
  14468. ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
  14469. params->g_len);
  14470. #else
  14471. ret = wc_DhSetNamedKey(key2, name);
  14472. #endif
  14473. if (ret != 0) {
  14474. ERROR_OUT(-8054, done);
  14475. }
  14476. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  14477. #if defined(WOLFSSL_ASYNC_CRYPT)
  14478. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14479. #endif
  14480. if (ret != 0) {
  14481. ERROR_OUT(-8055, done);
  14482. }
  14483. ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2);
  14484. #if defined(WOLFSSL_ASYNC_CRYPT)
  14485. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  14486. #endif
  14487. if (ret != 0) {
  14488. ERROR_OUT(-8056, done);
  14489. }
  14490. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  14491. #if defined(WOLFSSL_ASYNC_CRYPT)
  14492. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14493. #endif
  14494. if (ret != 0) {
  14495. ERROR_OUT(-8057, done);
  14496. }
  14497. ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
  14498. #if defined(WOLFSSL_ASYNC_CRYPT)
  14499. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  14500. #endif
  14501. if (ret != 0) {
  14502. ERROR_OUT(-8058, done);
  14503. }
  14504. if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
  14505. ERROR_OUT(-8059, done);
  14506. }
  14507. #if defined(WOLFSSL_HAVE_SP_DH) && defined(USE_FAST_MATH)
  14508. /* Make p even */
  14509. key->p.dp[0] &= (mp_digit)-2;
  14510. if (ret != 0) {
  14511. ERROR_OUT(-8058, done);
  14512. }
  14513. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  14514. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  14515. ERROR_OUT(-8058, done);
  14516. }
  14517. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  14518. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  14519. ERROR_OUT(-8057, done);
  14520. }
  14521. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  14522. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  14523. ERROR_OUT(-8057, done);
  14524. }
  14525. /* Getting here means success - set ret to 0. */
  14526. ret = 0;
  14527. #endif
  14528. done:
  14529. #if defined(WOLFSSL_SMALL_STACK) && !defined(WC_NO_RNG)
  14530. if (priv)
  14531. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14532. if (pub)
  14533. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14534. if (priv2)
  14535. XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14536. if (pub2)
  14537. XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14538. if (agree)
  14539. XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14540. if (agree2)
  14541. XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14542. if (key) {
  14543. wc_FreeDhKey(key);
  14544. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14545. }
  14546. if (key2) {
  14547. wc_FreeDhKey(key2);
  14548. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14549. }
  14550. #else
  14551. wc_FreeDhKey(key);
  14552. wc_FreeDhKey(key2);
  14553. #endif
  14554. return ret;
  14555. }
  14556. #endif /* !WC_NO_RNG */
  14557. #endif /* HAVE_FFDHE */
  14558. WOLFSSL_TEST_SUBROUTINE int dh_test(void)
  14559. {
  14560. int ret;
  14561. word32 bytes;
  14562. word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
  14563. #ifndef WC_NO_RNG
  14564. WC_RNG rng;
  14565. #endif
  14566. int keyInit = 0;
  14567. #define DH_TEST_TMP_SIZE 1024
  14568. #if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  14569. #define DH_TEST_BUF_SIZE 256
  14570. #else
  14571. #define DH_TEST_BUF_SIZE 512
  14572. #endif
  14573. #ifndef WC_NO_RNG
  14574. word32 agreeSz = DH_TEST_BUF_SIZE;
  14575. word32 agreeSz2 = DH_TEST_BUF_SIZE;
  14576. #endif
  14577. #ifdef WOLFSSL_SMALL_STACK
  14578. DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14579. DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14580. byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14581. #else
  14582. DhKey key[1];
  14583. DhKey key2[1];
  14584. byte tmp[DH_TEST_TMP_SIZE];
  14585. #endif
  14586. #ifndef WC_NO_RNG
  14587. #ifdef WOLFSSL_SMALL_STACK
  14588. byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14589. byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14590. byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14591. byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14592. byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14593. byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14594. if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
  14595. agree == NULL || agree2 == NULL) {
  14596. ERROR_OUT(-8100, done);
  14597. }
  14598. #else
  14599. byte priv[DH_TEST_BUF_SIZE];
  14600. byte pub[DH_TEST_BUF_SIZE];
  14601. byte priv2[DH_TEST_BUF_SIZE];
  14602. byte pub2[DH_TEST_BUF_SIZE];
  14603. byte agree[DH_TEST_BUF_SIZE];
  14604. byte agree2[DH_TEST_BUF_SIZE];
  14605. #endif
  14606. #endif /* !WC_NO_RNG */
  14607. #ifdef WOLFSSL_SMALL_STACK
  14608. if (key == NULL || key2 == NULL || tmp == NULL) {
  14609. ERROR_OUT(-8100, done);
  14610. }
  14611. #endif
  14612. #ifdef USE_CERT_BUFFERS_1024
  14613. XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
  14614. bytes = (size_t)sizeof_dh_key_der_1024;
  14615. #elif defined(USE_CERT_BUFFERS_2048)
  14616. XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
  14617. bytes = (size_t)sizeof_dh_key_der_2048;
  14618. #elif defined(USE_CERT_BUFFERS_3072)
  14619. XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072);
  14620. bytes = (size_t)sizeof_dh_key_der_3072;
  14621. #elif defined(USE_CERT_BUFFERS_4096)
  14622. XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096);
  14623. bytes = (size_t)sizeof_dh_key_der_4096;
  14624. #elif defined(NO_ASN)
  14625. /* don't use file, no DER parsing */
  14626. #elif !defined(NO_FILESYSTEM)
  14627. {
  14628. XFILE file = XFOPEN(dhParamsFile, "rb");
  14629. if (! file)
  14630. ERROR_OUT(-8101, done);
  14631. bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
  14632. XFCLOSE(file);
  14633. }
  14634. #else
  14635. /* No DH key to use. */
  14636. ERROR_OUT(-8102, done);
  14637. #endif /* USE_CERT_BUFFERS */
  14638. (void)idx;
  14639. (void)tmp;
  14640. (void)bytes;
  14641. pubSz = DH_TEST_BUF_SIZE;
  14642. pubSz2 = DH_TEST_BUF_SIZE;
  14643. privSz = DH_TEST_BUF_SIZE;
  14644. privSz2 = DH_TEST_BUF_SIZE;
  14645. #ifndef WC_NO_RNG
  14646. XMEMSET(&rng, 0, sizeof(rng));
  14647. #endif
  14648. /* Use API for coverage. */
  14649. ret = wc_InitDhKey(key);
  14650. if (ret != 0) {
  14651. ERROR_OUT(-8103, done);
  14652. }
  14653. wc_FreeDhKey(key);
  14654. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14655. if (ret != 0) {
  14656. ERROR_OUT(-8104, done);
  14657. }
  14658. keyInit = 1;
  14659. ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
  14660. if (ret != 0) {
  14661. ERROR_OUT(-8105, done);
  14662. }
  14663. #ifdef NO_ASN
  14664. ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  14665. if (ret != 0) {
  14666. ERROR_OUT(-8106, done);
  14667. }
  14668. ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  14669. if (ret != 0) {
  14670. ERROR_OUT(-8107, done);
  14671. }
  14672. #else
  14673. ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
  14674. if (ret != 0) {
  14675. ERROR_OUT(-8108, done);
  14676. }
  14677. idx = 0;
  14678. ret = wc_DhKeyDecode(tmp, &idx, key2, bytes);
  14679. if (ret != 0) {
  14680. ERROR_OUT(-8109, done);
  14681. }
  14682. #endif
  14683. #ifndef WC_NO_RNG
  14684. #ifndef HAVE_FIPS
  14685. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  14686. #else
  14687. ret = wc_InitRng(&rng);
  14688. #endif
  14689. if (ret != 0) {
  14690. ERROR_OUT(-8110, done);
  14691. }
  14692. ret = wc_DhGenerateKeyPair(key, &rng, priv, &privSz, pub, &pubSz);
  14693. #if defined(WOLFSSL_ASYNC_CRYPT)
  14694. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14695. #endif
  14696. if (ret != 0) {
  14697. ERROR_OUT(-8111, done);
  14698. }
  14699. ret = wc_DhGenerateKeyPair(key2, &rng, priv2, &privSz2, pub2, &pubSz2);
  14700. #if defined(WOLFSSL_ASYNC_CRYPT)
  14701. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  14702. #endif
  14703. if (ret != 0) {
  14704. ERROR_OUT(-8112, done);
  14705. }
  14706. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  14707. #if defined(WOLFSSL_ASYNC_CRYPT)
  14708. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14709. #endif
  14710. if (ret != 0) {
  14711. ERROR_OUT(-8113, done);
  14712. }
  14713. ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
  14714. #if defined(WOLFSSL_ASYNC_CRYPT)
  14715. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  14716. #endif
  14717. if (ret != 0) {
  14718. ERROR_OUT(-8114, done);
  14719. }
  14720. if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
  14721. ERROR_OUT(-8115, done);
  14722. }
  14723. #endif /* !WC_NO_RNG */
  14724. #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  14725. if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG)
  14726. ERROR_OUT(-8116, done);
  14727. if (wc_DhCheckPrivKey(key, priv, privSz) != 0)
  14728. ERROR_OUT(-8117, done);
  14729. if (wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL) != BAD_FUNC_ARG)
  14730. ERROR_OUT(-8118, done);
  14731. {
  14732. word32 pSz, qSz, gSz;
  14733. if (wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz) != LENGTH_ONLY_E)
  14734. ERROR_OUT(-8119, done);
  14735. }
  14736. #endif
  14737. /* Test DH key import / export */
  14738. #if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
  14739. (!defined(HAVE_FIPS) || \
  14740. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  14741. wc_FreeDhKey(key);
  14742. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14743. if (ret != 0) {
  14744. ERROR_OUT(-8120, done);
  14745. }
  14746. #ifndef NO_ASN
  14747. {
  14748. /* DH Private - Key Export / Import */
  14749. #ifdef WOLFSSL_SMALL_STACK
  14750. byte *tmp2;
  14751. #else
  14752. byte tmp2[DH_TEST_TMP_SIZE];
  14753. #endif
  14754. XFILE file = XFOPEN(dhKeyFile, "rb");
  14755. if (!file)
  14756. ERROR_OUT(-8130, done);
  14757. bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
  14758. XFCLOSE(file);
  14759. #ifdef WOLFSSL_SMALL_STACK
  14760. tmp2 = (byte*)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14761. if (tmp2 == NULL)
  14762. ERROR_OUT(-8131, done);
  14763. #endif
  14764. idx = 0;
  14765. XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
  14766. /* Import DH Private key as DER */
  14767. ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
  14768. if (ret == 0) {
  14769. /* Export as DER */
  14770. idx = DH_TEST_TMP_SIZE;
  14771. ret = wc_DhPrivKeyToDer(key, tmp2, &idx);
  14772. }
  14773. /* Verify export matches original */
  14774. if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
  14775. ERROR_OUT(-8132, done);
  14776. }
  14777. /* DH Public Key - Export / Import */
  14778. file = XFOPEN(dhKeyPubFile, "rb");
  14779. if (!file)
  14780. ERROR_OUT(-8133, done);
  14781. bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
  14782. XFCLOSE(file);
  14783. /* for HAVE_WOLF_BIGINT prevent leak */
  14784. wc_FreeDhKey(key);
  14785. (void)wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14786. idx = 0;
  14787. XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
  14788. /* Import DH Public key as DER */
  14789. ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
  14790. if (ret == 0) {
  14791. /* Export as DER */
  14792. idx = DH_TEST_TMP_SIZE;
  14793. ret = wc_DhPubKeyToDer(key, tmp2, &idx);
  14794. }
  14795. /* Verify export matches original */
  14796. if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
  14797. ERROR_OUT(-8134, done);
  14798. }
  14799. #ifdef WOLFSSL_SMALL_STACK
  14800. XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14801. #endif
  14802. }
  14803. #else
  14804. ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  14805. if (ret != 0) {
  14806. ERROR_OUT(-8121, done);
  14807. }
  14808. #endif /* !NO_ASN */
  14809. privSz = DH_TEST_BUF_SIZE;
  14810. pubSz = DH_TEST_BUF_SIZE;
  14811. ret = wc_DhExportKeyPair(key, priv, &privSz, pub, &pubSz);
  14812. if (ret != 0) {
  14813. ERROR_OUT(-8122, done);
  14814. }
  14815. ret = wc_DhImportKeyPair(key2, priv, privSz, pub, pubSz);
  14816. if (ret != 0) {
  14817. ERROR_OUT(-8125, done);
  14818. }
  14819. #endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM && !FIPS <= 2 */
  14820. #ifndef WC_NO_RNG
  14821. ret = dh_generate_test(&rng);
  14822. if (ret != 0)
  14823. ERROR_OUT(-8123, done);
  14824. ret = dh_fips_generate_test(&rng);
  14825. if (ret != 0)
  14826. ERROR_OUT(-8124, done);
  14827. #endif /* !WC_NO_RNG */
  14828. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  14829. ret = dh_test_check_pubvalue();
  14830. if (ret != 0)
  14831. ERROR_OUT(-8125, done);
  14832. #endif
  14833. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
  14834. !defined(WOLFSSL_SP_ARM64_ASM)
  14835. /* RNG with DH and SP_ASM code not supported in the in-lined FIPS ASM code,
  14836. * this will be available for testing in the 140-3 module */
  14837. #ifndef WC_NO_RNG
  14838. /* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */
  14839. #ifdef HAVE_FFDHE_2048
  14840. #ifdef HAVE_PUBLIC_FFDHE
  14841. ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
  14842. #else
  14843. ret = dh_ffdhe_test(&rng, WC_FFDHE_2048);
  14844. #endif
  14845. if (ret != 0)
  14846. ERROR_OUT(-8126, done);
  14847. #endif
  14848. #ifdef HAVE_FFDHE_3072
  14849. #ifdef HAVE_PUBLIC_FFDHE
  14850. ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get());
  14851. #else
  14852. ret = dh_ffdhe_test(&rng, WC_FFDHE_3072);
  14853. #endif
  14854. if (ret != 0)
  14855. ERROR_OUT(-8127, done);
  14856. #endif
  14857. #ifdef HAVE_FFDHE_4096
  14858. #ifdef HAVE_PUBLIC_FFDHE
  14859. ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get());
  14860. if (ret != 0)
  14861. ERROR_OUT(-8128, done);
  14862. #else
  14863. ret = dh_ffdhe_test(&rng, WC_FFDHE_4096);
  14864. #endif
  14865. #endif
  14866. #endif /* !WC_NO_RNG */
  14867. #endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */
  14868. wc_FreeDhKey(key);
  14869. keyInit = 0;
  14870. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  14871. !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
  14872. /* Test Check Key */
  14873. ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
  14874. NULL, 0, 0, &rng);
  14875. if (ret != 0)
  14876. ERROR_OUT(-8129, done);
  14877. keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
  14878. #endif
  14879. done:
  14880. #ifndef WC_NO_RNG
  14881. wc_FreeRng(&rng);
  14882. #endif
  14883. #ifdef WOLFSSL_SMALL_STACK
  14884. if (key) {
  14885. if (keyInit)
  14886. wc_FreeDhKey(key);
  14887. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14888. }
  14889. if (key2) {
  14890. wc_FreeDhKey(key2);
  14891. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14892. }
  14893. if (tmp)
  14894. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14895. if (priv)
  14896. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14897. if (pub)
  14898. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14899. if (priv2)
  14900. XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14901. if (pub2)
  14902. XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14903. if (agree)
  14904. XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14905. if (agree2)
  14906. XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14907. #else
  14908. if (keyInit)
  14909. wc_FreeDhKey(key);
  14910. wc_FreeDhKey(key2);
  14911. #endif
  14912. (void)privSz;
  14913. (void)pubSz;
  14914. (void)pubSz2;
  14915. (void)privSz2;
  14916. return ret;
  14917. #undef DH_TEST_BUF_SIZE
  14918. #undef DH_TEST_TMP_SIZE
  14919. }
  14920. #endif /* NO_DH */
  14921. #ifndef NO_DSA
  14922. WOLFSSL_TEST_SUBROUTINE int dsa_test(void)
  14923. {
  14924. int ret = 0, answer;
  14925. word32 bytes;
  14926. word32 idx = 0;
  14927. WC_RNG rng;
  14928. wc_Sha sha;
  14929. byte hash[WC_SHA_DIGEST_SIZE];
  14930. byte signature[40];
  14931. #ifdef WOLFSSL_KEY_GEN
  14932. byte* der = 0;
  14933. #endif
  14934. #define DSA_TEST_TMP_SIZE 1024
  14935. #ifdef WOLFSSL_SMALL_STACK
  14936. byte *tmp = (byte *)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14937. DsaKey *key = (DsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14938. #ifdef WOLFSSL_KEY_GEN
  14939. DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14940. DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14941. #endif
  14942. if ((tmp == NULL) ||
  14943. (key == NULL)
  14944. #ifdef WOLFSSL_KEY_GEN
  14945. || (derIn == NULL)
  14946. || (genKey == NULL)
  14947. #endif
  14948. ) {
  14949. ret = -8216;
  14950. goto out;
  14951. }
  14952. #else
  14953. byte tmp[1024];
  14954. DsaKey key[1];
  14955. #ifdef WOLFSSL_KEY_GEN
  14956. DsaKey derIn[1];
  14957. DsaKey genKey[1];
  14958. #endif
  14959. #endif
  14960. #ifdef USE_CERT_BUFFERS_1024
  14961. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  14962. bytes = sizeof_dsa_key_der_1024;
  14963. #elif defined(USE_CERT_BUFFERS_2048)
  14964. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  14965. bytes = sizeof_dsa_key_der_2048;
  14966. #else
  14967. {
  14968. XFILE file = XFOPEN(dsaKey, "rb");
  14969. if (!file)
  14970. ERROR_OUT(-8200, out);
  14971. bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file);
  14972. XFCLOSE(file);
  14973. }
  14974. #endif /* USE_CERT_BUFFERS */
  14975. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  14976. if (ret != 0)
  14977. ERROR_OUT(-8201, out);
  14978. wc_ShaUpdate(&sha, tmp, bytes);
  14979. wc_ShaFinal(&sha, hash);
  14980. wc_ShaFree(&sha);
  14981. ret = wc_InitDsaKey(key);
  14982. if (ret != 0)
  14983. ERROR_OUT(-8202, out);
  14984. ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes);
  14985. if (ret != 0)
  14986. ERROR_OUT(-8203, out);
  14987. #ifndef HAVE_FIPS
  14988. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  14989. #else
  14990. ret = wc_InitRng(&rng);
  14991. #endif
  14992. if (ret != 0)
  14993. ERROR_OUT(-8204, out);
  14994. ret = wc_DsaSign(hash, signature, key, &rng);
  14995. if (ret != 0)
  14996. ERROR_OUT(-8205, out);
  14997. ret = wc_DsaVerify(hash, signature, key, &answer);
  14998. if (ret != 0)
  14999. ERROR_OUT(-8206, out);
  15000. if (answer != 1)
  15001. ERROR_OUT(-8207, out);
  15002. wc_FreeDsaKey(key);
  15003. #ifdef WOLFSSL_KEY_GEN
  15004. {
  15005. int derSz = 0;
  15006. ret = wc_InitDsaKey(genKey);
  15007. if (ret != 0)
  15008. ERROR_OUT(-8208, out);
  15009. ret = wc_MakeDsaParameters(&rng, 1024, genKey);
  15010. if (ret != 0) {
  15011. wc_FreeDsaKey(genKey);
  15012. ERROR_OUT(-8209, out);
  15013. }
  15014. ret = wc_MakeDsaKey(&rng, genKey);
  15015. if (ret != 0) {
  15016. wc_FreeDsaKey(genKey);
  15017. ERROR_OUT(-8210, out);
  15018. }
  15019. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15020. if (der == NULL) {
  15021. wc_FreeDsaKey(genKey);
  15022. ERROR_OUT(-8211, out);
  15023. }
  15024. derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF);
  15025. if (derSz < 0) {
  15026. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15027. ERROR_OUT(-8212, out);
  15028. }
  15029. ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
  15030. DSA_PRIVATEKEY_TYPE, -5814);
  15031. if (ret != 0) {
  15032. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15033. wc_FreeDsaKey(genKey);
  15034. goto out;
  15035. }
  15036. ret = wc_InitDsaKey(derIn);
  15037. if (ret != 0) {
  15038. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15039. wc_FreeDsaKey(genKey);
  15040. ERROR_OUT(-8213, out);
  15041. }
  15042. idx = 0;
  15043. ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, derSz);
  15044. if (ret != 0) {
  15045. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15046. wc_FreeDsaKey(derIn);
  15047. wc_FreeDsaKey(genKey);
  15048. ERROR_OUT(-8214, out);
  15049. }
  15050. }
  15051. #endif /* WOLFSSL_KEY_GEN */
  15052. out:
  15053. #ifdef WOLFSSL_SMALL_STACK
  15054. if (key) {
  15055. #endif
  15056. if (wc_InitDsaKey_h(key, NULL) != 0)
  15057. ret = -8215;
  15058. #ifdef WOLFSSL_SMALL_STACK
  15059. }
  15060. #endif
  15061. #ifdef WOLFSSL_KEY_GEN
  15062. if (der)
  15063. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15064. #endif
  15065. #ifdef WOLFSSL_SMALL_STACK
  15066. if (tmp)
  15067. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15068. if (key)
  15069. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15070. #ifdef WOLFSSL_KEY_GEN
  15071. if (derIn) {
  15072. wc_FreeDsaKey(derIn);
  15073. XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15074. }
  15075. if (genKey) {
  15076. wc_FreeDsaKey(genKey);
  15077. XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15078. }
  15079. #endif
  15080. #else /* !WOLFSSL_SMALL_STACK */
  15081. #ifdef WOLFSSL_KEY_GEN
  15082. wc_FreeDsaKey(derIn);
  15083. wc_FreeDsaKey(genKey);
  15084. #endif
  15085. #endif
  15086. wc_FreeRng(&rng);
  15087. return ret;
  15088. }
  15089. #endif /* NO_DSA */
  15090. #ifdef WOLFCRYPT_HAVE_SRP
  15091. static int generate_random_salt(byte *buf, word32 size)
  15092. {
  15093. int ret = -8220;
  15094. WC_RNG rng;
  15095. if(NULL == buf || !size)
  15096. return -8221;
  15097. if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
  15098. ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
  15099. wc_FreeRng(&rng);
  15100. }
  15101. return ret;
  15102. }
  15103. static int srp_test_digest(SrpType dgstType)
  15104. {
  15105. int r;
  15106. byte clientPubKey[192]; /* A */
  15107. byte serverPubKey[192]; /* B */
  15108. word32 clientPubKeySz = 192;
  15109. word32 serverPubKeySz = 192;
  15110. byte username[] = "user";
  15111. word32 usernameSz = 4;
  15112. byte password[] = "password";
  15113. word32 passwordSz = 8;
  15114. WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
  15115. 0xfc, 0x58, 0x7a, 0x8a, 0x70, 0xfb, 0x5a, 0x9a,
  15116. 0x5d, 0x39, 0x48, 0xbf, 0x1c, 0x46, 0xd8, 0x3b,
  15117. 0x7a, 0xe9, 0x1f, 0x85, 0x36, 0x18, 0xc4, 0x35,
  15118. 0x3f, 0xf8, 0x8a, 0x8f, 0x8c, 0x10, 0x2e, 0x01,
  15119. 0x58, 0x1d, 0x41, 0xcb, 0xc4, 0x47, 0xa8, 0xaf,
  15120. 0x9a, 0x6f, 0x58, 0x14, 0xa4, 0x68, 0xf0, 0x9c,
  15121. 0xa6, 0xe7, 0xbf, 0x0d, 0xe9, 0x62, 0x0b, 0xd7,
  15122. 0x26, 0x46, 0x5b, 0x27, 0xcb, 0x4c, 0xf9, 0x7e,
  15123. 0x1e, 0x8b, 0xe6, 0xdd, 0x29, 0xb7, 0xb7, 0x15,
  15124. 0x2e, 0xcf, 0x23, 0xa6, 0x4b, 0x97, 0x9f, 0x89,
  15125. 0xd4, 0x86, 0xc4, 0x90, 0x63, 0x92, 0xf4, 0x30,
  15126. 0x26, 0x69, 0x48, 0x9d, 0x7a, 0x4f, 0xad, 0xb5,
  15127. 0x6a, 0x51, 0xad, 0xeb, 0xf9, 0x90, 0x31, 0x77,
  15128. 0x53, 0x30, 0x2a, 0x85, 0xf7, 0x11, 0x21, 0x0c,
  15129. 0xb8, 0x4b, 0x56, 0x03, 0x5e, 0xbb, 0x25, 0x33,
  15130. 0x7c, 0xd9, 0x5a, 0xd1, 0x5c, 0xb2, 0xd4, 0x53,
  15131. 0xc5, 0x16, 0x68, 0xf0, 0xdf, 0x48, 0x55, 0x3e,
  15132. 0xd4, 0x59, 0x87, 0x64, 0x59, 0xaa, 0x39, 0x01,
  15133. 0x45, 0x89, 0x9c, 0x72, 0xff, 0xdd, 0x8f, 0x6d,
  15134. 0xa0, 0x42, 0xbc, 0x6f, 0x6e, 0x62, 0x18, 0x2d,
  15135. 0x50, 0xe8, 0x18, 0x97, 0x87, 0xfc, 0xef, 0x1f,
  15136. 0xf5, 0x53, 0x68, 0xe8, 0x49, 0xd1, 0xa2, 0xe8,
  15137. 0xb9, 0x26, 0x03, 0xba, 0xb5, 0x58, 0x6f, 0x6c,
  15138. 0x8b, 0x08, 0xa1, 0x7b, 0x6f, 0x42, 0xc9, 0x53
  15139. };
  15140. WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
  15141. 0x02
  15142. };
  15143. byte salt[10];
  15144. byte verifier[192];
  15145. word32 v_size = sizeof(verifier);
  15146. word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
  15147. word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
  15148. #ifdef WOLFSSL_SMALL_STACK
  15149. Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15150. Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15151. byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
  15152. DYNAMIC_TYPE_TMP_BUFFER); /* M1 */
  15153. byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
  15154. DYNAMIC_TYPE_TMP_BUFFER); /* M2 */
  15155. if ((cli == NULL) ||
  15156. (srv == NULL) ||
  15157. (clientProof == NULL) ||
  15158. (serverProof == NULL)) {
  15159. r = -8222;
  15160. goto out;
  15161. }
  15162. #else
  15163. Srp cli[1], srv[1];
  15164. byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
  15165. byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
  15166. #endif
  15167. /* set as 0's so if second init on srv not called SrpTerm is not on
  15168. * garbage values */
  15169. XMEMSET(srv, 0, sizeof *srv);
  15170. XMEMSET(cli, 0, sizeof *cli);
  15171. /* generating random salt */
  15172. r = generate_random_salt(salt, sizeof(salt));
  15173. /* client knows username and password. */
  15174. /* server knows N, g, salt and verifier. */
  15175. if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId);
  15176. if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
  15177. /* loading N, g and salt in advance to generate the verifier. */
  15178. if (!r) r = wc_SrpSetParams(cli, N, sizeof(N),
  15179. g, sizeof(g),
  15180. salt, sizeof(salt));
  15181. if (!r) r = wc_SrpSetPassword(cli, password, passwordSz);
  15182. if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size);
  15183. /* client sends username to server */
  15184. if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId);
  15185. if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
  15186. if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
  15187. g, sizeof(g),
  15188. salt, sizeof(salt));
  15189. if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size);
  15190. if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz);
  15191. /* server sends N, g, salt and B to client */
  15192. if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz);
  15193. if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz,
  15194. serverPubKey, serverPubKeySz);
  15195. if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz);
  15196. /* client sends A and M1 to server */
  15197. if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz,
  15198. serverPubKey, serverPubKeySz);
  15199. if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz);
  15200. if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz);
  15201. /* server sends M2 to client */
  15202. if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz);
  15203. wc_SrpTerm(cli);
  15204. wc_SrpTerm(srv);
  15205. #ifdef WOLFSSL_SMALL_STACK
  15206. out:
  15207. if (cli)
  15208. XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15209. if (srv)
  15210. XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15211. if (clientProof)
  15212. XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15213. if (serverProof)
  15214. XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15215. #endif
  15216. return r;
  15217. }
  15218. WOLFSSL_TEST_SUBROUTINE int srp_test(void)
  15219. {
  15220. int ret;
  15221. #ifndef NO_SHA
  15222. ret = srp_test_digest(SRP_TYPE_SHA);
  15223. if (ret != 0)
  15224. return ret;
  15225. #endif
  15226. #ifndef NO_SHA256
  15227. ret = srp_test_digest(SRP_TYPE_SHA256);
  15228. if (ret != 0)
  15229. return ret;
  15230. #endif
  15231. #ifdef WOLFSSL_SHA384
  15232. ret = srp_test_digest(SRP_TYPE_SHA384);
  15233. if (ret != 0)
  15234. return ret;
  15235. #endif
  15236. #ifdef WOLFSSL_SHA512
  15237. ret = srp_test_digest(SRP_TYPE_SHA512);
  15238. if (ret != 0)
  15239. return ret;
  15240. #endif
  15241. return ret;
  15242. }
  15243. #endif /* WOLFCRYPT_HAVE_SRP */
  15244. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  15245. #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
  15246. static int openssl_aes_test(void)
  15247. {
  15248. #ifdef HAVE_AES_CBC
  15249. #ifdef WOLFSSL_AES_128
  15250. {
  15251. /* EVP_CipherUpdate test */
  15252. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  15253. {
  15254. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15255. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  15256. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  15257. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  15258. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  15259. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  15260. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  15261. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  15262. };
  15263. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15264. "0123456789abcdef "; /* align */
  15265. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  15266. "1234567890abcdef "; /* align */
  15267. byte cipher[AES_BLOCK_SIZE * 4];
  15268. byte plain [AES_BLOCK_SIZE * 4];
  15269. #ifdef WOLFSSL_SMALL_STACK
  15270. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  15271. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  15272. #else
  15273. EVP_CIPHER_CTX en[1];
  15274. EVP_CIPHER_CTX de[1];
  15275. #endif
  15276. int outlen ;
  15277. int total = 0;
  15278. int i;
  15279. #ifdef WOLFSSL_SMALL_STACK
  15280. if ((en == NULL) || (de == NULL))
  15281. return MEMORY_E;
  15282. #endif
  15283. EVP_CIPHER_CTX_init(en);
  15284. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15285. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15286. return -8400;
  15287. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  15288. (byte*)cbcPlain, 9) == 0)
  15289. return -8401;
  15290. if (outlen != 0)
  15291. return -8402;
  15292. total += outlen;
  15293. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  15294. (byte*)&cbcPlain[9] , 9) == 0)
  15295. return -8403;
  15296. if (outlen != 16)
  15297. return -8404;
  15298. total += outlen;
  15299. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  15300. return -8405;
  15301. if (outlen != 16)
  15302. return -8406;
  15303. total += outlen;
  15304. if (total != 32)
  15305. return 3408;
  15306. total = 0;
  15307. EVP_CIPHER_CTX_init(de);
  15308. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15309. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15310. return -8407;
  15311. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  15312. return -8408;
  15313. if (outlen != 0)
  15314. return -8409;
  15315. total += outlen;
  15316. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  15317. (byte*)&cipher[6], 12) == 0)
  15318. return -8410;
  15319. if (outlen != 0)
  15320. total += outlen;
  15321. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  15322. (byte*)&cipher[6+12], 14) == 0)
  15323. return -8411;
  15324. if (outlen != 16)
  15325. return -8412;
  15326. total += outlen;
  15327. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  15328. return -8413;
  15329. if (outlen != 2)
  15330. return -8414;
  15331. total += outlen;
  15332. if (total != 18)
  15333. return 3427;
  15334. if (XMEMCMP(plain, cbcPlain, 18))
  15335. return -8415;
  15336. /* test with encrypting/decrypting more than 16 bytes at once */
  15337. total = 0;
  15338. EVP_CIPHER_CTX_init(en);
  15339. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15340. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15341. return -8416;
  15342. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  15343. (byte*)cbcPlain, 17) == 0)
  15344. return -8417;
  15345. if (outlen != 16)
  15346. return -8418;
  15347. total += outlen;
  15348. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  15349. (byte*)&cbcPlain[17] , 1) == 0)
  15350. return -8419;
  15351. if (outlen != 0)
  15352. return -8420;
  15353. total += outlen;
  15354. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  15355. return -8421;
  15356. if (outlen != 16)
  15357. return -8422;
  15358. total += outlen;
  15359. if (total != 32)
  15360. return -8423;
  15361. total = 0;
  15362. EVP_CIPHER_CTX_init(de);
  15363. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15364. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15365. return -8424;
  15366. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
  15367. return -8425;
  15368. if (outlen != 16)
  15369. return -8426;
  15370. total += outlen;
  15371. /* final call on non block size should fail */
  15372. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
  15373. return -8427;
  15374. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  15375. (byte*)&cipher[17], 1) == 0)
  15376. return -8428;
  15377. if (outlen != 0)
  15378. total += outlen;
  15379. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  15380. (byte*)&cipher[17+1], 14) == 0)
  15381. return -8429;
  15382. if (outlen != 0)
  15383. return -8430;
  15384. total += outlen;
  15385. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  15386. return -8431;
  15387. if (outlen != 2)
  15388. return -8432;
  15389. total += outlen;
  15390. if (total != 18)
  15391. return -8433;
  15392. if (XMEMCMP(plain, cbcPlain, 18))
  15393. return -8434;
  15394. /* test byte by byte decrypt */
  15395. for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
  15396. plain[i] = i;
  15397. }
  15398. total = 0;
  15399. EVP_CIPHER_CTX_init(en);
  15400. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15401. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15402. return -8435;
  15403. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  15404. (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
  15405. return -8436;
  15406. if (outlen != AES_BLOCK_SIZE * 3)
  15407. return -8437;
  15408. total += outlen;
  15409. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  15410. return -8438;
  15411. if (outlen != AES_BLOCK_SIZE)
  15412. return -8439;
  15413. total += outlen;
  15414. if (total != sizeof(plain))
  15415. return -8440;
  15416. total = 0;
  15417. EVP_CIPHER_CTX_init(de);
  15418. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15419. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15420. return -8441;
  15421. for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
  15422. if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
  15423. (byte*)cipher + i, 1) == 0)
  15424. return -8442;
  15425. if (outlen > 0) {
  15426. int j;
  15427. total += outlen;
  15428. for (j = 0; j < total; j++) {
  15429. if (plain[j] != j) {
  15430. return -8443;
  15431. }
  15432. }
  15433. }
  15434. }
  15435. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  15436. return -8444;
  15437. total += outlen;
  15438. if (total != AES_BLOCK_SIZE * 3) {
  15439. return -8445;
  15440. }
  15441. for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
  15442. if (plain[i] != i) {
  15443. return -8446;
  15444. }
  15445. }
  15446. #ifdef WOLFSSL_SMALL_STACK
  15447. wolfSSL_EVP_CIPHER_CTX_free(en);
  15448. wolfSSL_EVP_CIPHER_CTX_free(de);
  15449. #endif
  15450. }
  15451. /* set buffers to be exact size to catch potential over read/write */
  15452. {
  15453. /* EVP_CipherUpdate test */
  15454. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  15455. {
  15456. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15457. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  15458. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  15459. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  15460. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  15461. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  15462. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  15463. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  15464. };
  15465. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15466. "0123456789abcdef "; /* align */
  15467. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  15468. "1234567890abcdef "; /* align */
  15469. #define EVP_TEST_BUF_SZ 18
  15470. #define EVP_TEST_BUF_PAD 32
  15471. byte cipher[EVP_TEST_BUF_SZ];
  15472. byte plain [EVP_TEST_BUF_SZ];
  15473. byte padded[EVP_TEST_BUF_PAD];
  15474. #ifdef WOLFSSL_SMALL_STACK
  15475. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  15476. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  15477. #else
  15478. EVP_CIPHER_CTX en[1];
  15479. EVP_CIPHER_CTX de[1];
  15480. #endif
  15481. int outlen ;
  15482. int total = 0;
  15483. #ifdef WOLFSSL_SMALL_STACK
  15484. if ((en == NULL) || (de == NULL))
  15485. return MEMORY_E;
  15486. #endif
  15487. EVP_CIPHER_CTX_init(en);
  15488. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15489. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15490. return -8447;
  15491. if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
  15492. return -8448;
  15493. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  15494. (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
  15495. return -8449;
  15496. if (outlen != 16)
  15497. return -8450;
  15498. total += outlen;
  15499. /* should fail here */
  15500. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
  15501. return -8451;
  15502. /* turn padding back on and do successful encrypt */
  15503. total = 0;
  15504. EVP_CIPHER_CTX_init(en);
  15505. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15506. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15507. return -8452;
  15508. if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
  15509. return -8453;
  15510. if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
  15511. (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
  15512. return -8454;
  15513. if (outlen != 16)
  15514. return -8455;
  15515. total += outlen;
  15516. if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
  15517. return -8456;
  15518. total += outlen;
  15519. if (total != 32)
  15520. return -8457;
  15521. XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
  15522. /* test out of bounds read on buffers w/o padding during decryption */
  15523. total = 0;
  15524. EVP_CIPHER_CTX_init(de);
  15525. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15526. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15527. return -8458;
  15528. if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
  15529. return -8459;
  15530. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
  15531. EVP_TEST_BUF_SZ) == 0)
  15532. return -8460;
  15533. if (outlen != 16)
  15534. return -8461;
  15535. total += outlen;
  15536. /* should fail since not using padding */
  15537. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
  15538. return -8462;
  15539. total = 0;
  15540. EVP_CIPHER_CTX_init(de);
  15541. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15542. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15543. return -8463;
  15544. if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
  15545. return -8464;
  15546. if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
  15547. EVP_TEST_BUF_PAD) == 0)
  15548. return -8465;
  15549. if (outlen != 16)
  15550. return -8466;
  15551. total += outlen;
  15552. if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
  15553. return -8467;
  15554. if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
  15555. return -8468;
  15556. #ifdef WOLFSSL_SMALL_STACK
  15557. wolfSSL_EVP_CIPHER_CTX_free(en);
  15558. wolfSSL_EVP_CIPHER_CTX_free(de);
  15559. #endif
  15560. }
  15561. { /* evp_cipher test: EVP_aes_128_cbc */
  15562. #ifdef WOLFSSL_SMALL_STACK
  15563. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  15564. #else
  15565. EVP_CIPHER_CTX ctx[1];
  15566. #endif
  15567. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  15568. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  15569. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  15570. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  15571. };
  15572. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  15573. {
  15574. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  15575. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
  15576. };
  15577. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15578. "0123456789abcdef "; /* align */
  15579. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  15580. "1234567890abcdef "; /* align */
  15581. byte cipher[AES_BLOCK_SIZE * 4];
  15582. byte plain [AES_BLOCK_SIZE * 4];
  15583. #ifdef WOLFSSL_SMALL_STACK
  15584. if (ctx == NULL)
  15585. return MEMORY_E;
  15586. #endif
  15587. EVP_CIPHER_CTX_init(ctx);
  15588. if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
  15589. return -8469;
  15590. if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
  15591. return -8470;
  15592. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  15593. return -8471;
  15594. EVP_CIPHER_CTX_init(ctx);
  15595. if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
  15596. return -8472;
  15597. if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
  15598. return -8473;
  15599. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  15600. return -8474;
  15601. #ifdef WOLFSSL_SMALL_STACK
  15602. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  15603. #endif
  15604. } /* end evp_cipher test: EVP_aes_128_cbc*/
  15605. #endif /* WOLFSSL_AES_128 */
  15606. #endif /* HAVE_AES_CBC */
  15607. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
  15608. { /* evp_cipher test: EVP_aes_256_ecb*/
  15609. #ifdef WOLFSSL_SMALL_STACK
  15610. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  15611. #else
  15612. EVP_CIPHER_CTX ctx[1];
  15613. #endif
  15614. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  15615. {
  15616. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15617. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  15618. };
  15619. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  15620. {
  15621. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  15622. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  15623. };
  15624. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15625. {
  15626. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  15627. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  15628. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  15629. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  15630. };
  15631. byte cipher[AES_BLOCK_SIZE * 4];
  15632. byte plain [AES_BLOCK_SIZE * 4];
  15633. #ifdef WOLFSSL_SMALL_STACK
  15634. if (ctx == NULL)
  15635. return MEMORY_E;
  15636. #endif
  15637. EVP_CIPHER_CTX_init(ctx);
  15638. if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
  15639. return -8475;
  15640. if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
  15641. return -8476;
  15642. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  15643. return -8477;
  15644. EVP_CIPHER_CTX_init(ctx);
  15645. if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
  15646. return -8478;
  15647. if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
  15648. return -8479;
  15649. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  15650. return -8480;
  15651. #ifdef WOLFSSL_SMALL_STACK
  15652. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  15653. #endif
  15654. } /* end evp_cipher test */
  15655. #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
  15656. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  15657. /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
  15658. {
  15659. /* Test: AES_encrypt/decrypt/set Key */
  15660. #ifdef WOLFSSL_SMALL_STACK
  15661. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  15662. #ifdef HAVE_AES_DECRYPT
  15663. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  15664. #endif
  15665. #else
  15666. AES_KEY enc[1];
  15667. #ifdef HAVE_AES_DECRYPT
  15668. AES_KEY dec[1];
  15669. #endif
  15670. #endif
  15671. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  15672. {
  15673. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15674. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  15675. };
  15676. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  15677. {
  15678. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  15679. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  15680. };
  15681. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15682. {
  15683. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  15684. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  15685. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  15686. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  15687. };
  15688. byte plain[sizeof(msg)];
  15689. byte cipher[sizeof(msg)];
  15690. #ifdef WOLFSSL_SMALL_STACK
  15691. if (enc == NULL)
  15692. return MEMORY_E;
  15693. #ifdef HAVE_AES_DECRYPT
  15694. if (dec == NULL)
  15695. return MEMORY_E;
  15696. #endif
  15697. #endif
  15698. AES_set_encrypt_key(key, sizeof(key)*8, enc);
  15699. AES_set_decrypt_key(key, sizeof(key)*8, dec);
  15700. AES_encrypt(msg, cipher, enc);
  15701. #ifdef HAVE_AES_DECRYPT
  15702. AES_decrypt(cipher, plain, dec);
  15703. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  15704. return -8481;
  15705. #endif /* HAVE_AES_DECRYPT */
  15706. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  15707. return -8482;
  15708. #ifdef WOLFSSL_SMALL_STACK
  15709. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  15710. #ifdef HAVE_AES_DECRYPT
  15711. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  15712. #endif
  15713. #endif
  15714. }
  15715. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  15716. /* EVP_Cipher with EVP_aes_xxx_ctr() */
  15717. #ifdef WOLFSSL_AES_COUNTER
  15718. {
  15719. byte plainBuff [64];
  15720. byte cipherBuff[64];
  15721. #ifdef WOLFSSL_AES_128
  15722. WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
  15723. {
  15724. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  15725. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  15726. };
  15727. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  15728. {
  15729. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  15730. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  15731. };
  15732. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  15733. {
  15734. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15735. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  15736. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  15737. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  15738. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  15739. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  15740. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  15741. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  15742. };
  15743. WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
  15744. {
  15745. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  15746. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  15747. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  15748. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  15749. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  15750. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  15751. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  15752. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  15753. };
  15754. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  15755. {
  15756. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  15757. 0xc2
  15758. };
  15759. #endif
  15760. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  15761. * NIST Special Publication 800-38A */
  15762. #ifdef WOLFSSL_AES_192
  15763. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  15764. {
  15765. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  15766. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  15767. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  15768. };
  15769. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
  15770. {
  15771. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  15772. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  15773. };
  15774. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
  15775. {
  15776. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15777. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  15778. };
  15779. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  15780. {
  15781. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  15782. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
  15783. };
  15784. #endif /* WOLFSSL_AES_192 */
  15785. #ifdef WOLFSSL_AES_256
  15786. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  15787. * NIST Special Publication 800-38A */
  15788. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  15789. {
  15790. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  15791. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  15792. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  15793. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  15794. };
  15795. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
  15796. {
  15797. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  15798. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  15799. };
  15800. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
  15801. {
  15802. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15803. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  15804. };
  15805. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  15806. {
  15807. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  15808. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
  15809. };
  15810. #endif /* WOLFSSL_AES_256 */
  15811. #ifdef WOLFSSL_SMALL_STACK
  15812. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  15813. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  15814. #else
  15815. EVP_CIPHER_CTX en[1];
  15816. EVP_CIPHER_CTX de[1];
  15817. #endif
  15818. #ifdef WOLFSSL_AES_128
  15819. #ifndef WOLFSSL_SMALL_STACK
  15820. EVP_CIPHER_CTX *p_en;
  15821. EVP_CIPHER_CTX *p_de;
  15822. #endif
  15823. #ifdef WOLFSSL_SMALL_STACK
  15824. if ((en == NULL) || (de == NULL))
  15825. return MEMORY_E;
  15826. #endif
  15827. EVP_CIPHER_CTX_init(en);
  15828. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  15829. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15830. return -8483;
  15831. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
  15832. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  15833. return -8484;
  15834. EVP_CIPHER_CTX_init(de);
  15835. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  15836. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15837. return -8485;
  15838. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  15839. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  15840. return -8486;
  15841. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  15842. return -8487;
  15843. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  15844. return -8488;
  15845. #ifndef WOLFSSL_SMALL_STACK
  15846. p_en = wolfSSL_EVP_CIPHER_CTX_new();
  15847. if (p_en == NULL)
  15848. return -8489;
  15849. p_de = wolfSSL_EVP_CIPHER_CTX_new();
  15850. if (p_de == NULL)
  15851. return -8490;
  15852. if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
  15853. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15854. return -8491;
  15855. if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
  15856. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  15857. return -8492;
  15858. if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
  15859. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15860. return -8493;
  15861. if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
  15862. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  15863. return -8494;
  15864. wolfSSL_EVP_CIPHER_CTX_free(p_en);
  15865. wolfSSL_EVP_CIPHER_CTX_free(p_de);
  15866. #endif /* !WOLFSSL_SMALL_STACK */
  15867. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  15868. return -8495;
  15869. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  15870. return -8496;
  15871. EVP_CIPHER_CTX_init(en);
  15872. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  15873. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15874. return -8497;
  15875. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  15876. return -8498;
  15877. EVP_CIPHER_CTX_init(de);
  15878. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  15879. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15880. return -8499;
  15881. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  15882. return -8500;
  15883. if (XMEMCMP(plainBuff, ctrPlain, 9))
  15884. return -8501;
  15885. if (XMEMCMP(cipherBuff, ctrCipher, 9))
  15886. return -8502;
  15887. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  15888. return -8503;
  15889. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  15890. return -8504;
  15891. if (XMEMCMP(plainBuff, ctrPlain, 9))
  15892. return -8505;
  15893. if (XMEMCMP(cipherBuff, oddCipher, 9))
  15894. return -8506;
  15895. #endif /* WOLFSSL_AES_128 */
  15896. #ifdef WOLFSSL_AES_192
  15897. EVP_CIPHER_CTX_init(en);
  15898. if (EVP_CipherInit(en, EVP_aes_192_ctr(),
  15899. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  15900. return -8507;
  15901. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
  15902. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  15903. return -8508;
  15904. EVP_CIPHER_CTX_init(de);
  15905. if (EVP_CipherInit(de, EVP_aes_192_ctr(),
  15906. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  15907. return -8509;
  15908. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  15909. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  15910. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  15911. return -8510;
  15912. if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
  15913. return -8511;
  15914. if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
  15915. return -8512;
  15916. #endif /* WOLFSSL_AES_192 */
  15917. #ifdef WOLFSSL_AES_256
  15918. EVP_CIPHER_CTX_init(en);
  15919. if (EVP_CipherInit(en, EVP_aes_256_ctr(),
  15920. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  15921. return -8513;
  15922. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
  15923. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  15924. return -8514;
  15925. EVP_CIPHER_CTX_init(de);
  15926. if (EVP_CipherInit(de, EVP_aes_256_ctr(),
  15927. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  15928. return -8515;
  15929. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  15930. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  15931. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  15932. return -8516;
  15933. if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
  15934. return -8517;
  15935. if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
  15936. return -8518;
  15937. #ifdef WOLFSSL_SMALL_STACK
  15938. wolfSSL_EVP_CIPHER_CTX_free(en);
  15939. wolfSSL_EVP_CIPHER_CTX_free(de);
  15940. #endif
  15941. #endif /* WOLFSSL_AES_256 */
  15942. }
  15943. #endif /* HAVE_AES_COUNTER */
  15944. #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
  15945. {
  15946. #ifdef WOLFSSL_SMALL_STACK
  15947. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  15948. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  15949. #else
  15950. AES_KEY enc[1];
  15951. AES_KEY dec[1];
  15952. #endif
  15953. WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
  15954. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  15955. 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
  15956. };
  15957. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15958. {
  15959. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  15960. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  15961. };
  15962. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  15963. {
  15964. 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
  15965. 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
  15966. 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
  15967. 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
  15968. };
  15969. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  15970. {
  15971. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15972. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  15973. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  15974. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
  15975. };
  15976. byte cipher[AES_BLOCK_SIZE * 2];
  15977. byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
  15978. int num = 0;
  15979. #ifdef WOLFSSL_SMALL_STACK
  15980. if ((enc == NULL) || (dec == NULL))
  15981. return MEMORY_E;
  15982. #endif
  15983. XMEMCPY(iv, setIv, sizeof(setIv));
  15984. wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
  15985. wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
  15986. wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
  15987. &num, AES_ENCRYPT);
  15988. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
  15989. return -8519;
  15990. if (num != 15) /* should have used 15 of the 16 bytes */
  15991. return -8520;
  15992. wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
  15993. cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
  15994. &num, AES_ENCRYPT);
  15995. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  15996. return -8521;
  15997. if (num != 0)
  15998. return -8522;
  15999. #ifdef WOLFSSL_SMALL_STACK
  16000. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  16001. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  16002. #endif
  16003. }
  16004. #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
  16005. return 0;
  16006. }
  16007. #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
  16008. WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
  16009. {
  16010. int ret;
  16011. EVP_MD_CTX md_ctx;
  16012. testVector a, b, c, d, e, f;
  16013. byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
  16014. a.inLen = 0;
  16015. b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
  16016. (void)a;
  16017. (void)b;
  16018. (void)c;
  16019. (void)d;
  16020. (void)e;
  16021. (void)f;
  16022. /* test malloc / free , 10 is an arbitrary amount of memory chosen */
  16023. {
  16024. byte* p;
  16025. p = (byte*)CRYPTO_malloc(10, "", 0);
  16026. if (p == NULL) {
  16027. return -8600;
  16028. }
  16029. XMEMSET(p, 0, 10);
  16030. CRYPTO_free(p, "", 0);
  16031. }
  16032. #ifndef NO_MD5
  16033. a.input = "1234567890123456789012345678901234567890123456789012345678"
  16034. "9012345678901234567890";
  16035. a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
  16036. "\x7a";
  16037. a.inLen = XSTRLEN(a.input);
  16038. a.outLen = WC_MD5_DIGEST_SIZE;
  16039. EVP_MD_CTX_init(&md_ctx);
  16040. ret = EVP_DigestInit(&md_ctx, EVP_md5());
  16041. if (ret == WOLFSSL_SUCCESS) {
  16042. ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
  16043. }
  16044. if (ret == WOLFSSL_SUCCESS) {
  16045. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16046. }
  16047. EVP_MD_CTX_cleanup(&md_ctx);
  16048. if (ret != WOLFSSL_SUCCESS ||
  16049. XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
  16050. return -8601;
  16051. }
  16052. #endif /* NO_MD5 */
  16053. #ifndef NO_SHA
  16054. b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  16055. "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  16056. "aaaaaaaaaa";
  16057. b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
  16058. "\x53\x99\x5E\x26\xA0";
  16059. b.inLen = XSTRLEN(b.input);
  16060. b.outLen = WC_SHA_DIGEST_SIZE;
  16061. EVP_MD_CTX_init(&md_ctx);
  16062. ret = EVP_DigestInit(&md_ctx, EVP_sha1());
  16063. if (ret == WOLFSSL_SUCCESS) {
  16064. ret = EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
  16065. if (ret == WOLFSSL_SUCCESS)
  16066. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16067. }
  16068. EVP_MD_CTX_cleanup(&md_ctx);
  16069. if (ret != WOLFSSL_SUCCESS ||
  16070. XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) {
  16071. return -8602;
  16072. }
  16073. #endif /* NO_SHA */
  16074. #ifdef WOLFSSL_SHA224
  16075. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16076. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16077. e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
  16078. "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
  16079. e.inLen = XSTRLEN(e.input);
  16080. e.outLen = WC_SHA224_DIGEST_SIZE;
  16081. EVP_MD_CTX_init(&md_ctx);
  16082. ret = EVP_DigestInit(&md_ctx, EVP_sha224());
  16083. if (ret == WOLFSSL_SUCCESS) {
  16084. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  16085. if (ret == WOLFSSL_SUCCESS)
  16086. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16087. }
  16088. EVP_MD_CTX_cleanup(&md_ctx);
  16089. if (ret != WOLFSSL_SUCCESS ||
  16090. XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) {
  16091. return -8603;
  16092. }
  16093. #endif /* WOLFSSL_SHA224 */
  16094. #ifndef NO_SHA256
  16095. d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  16096. d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
  16097. "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
  16098. "\x06\xC1";
  16099. d.inLen = XSTRLEN(d.input);
  16100. d.outLen = WC_SHA256_DIGEST_SIZE;
  16101. EVP_MD_CTX_init(&md_ctx);
  16102. ret = EVP_DigestInit(&md_ctx, EVP_sha256());
  16103. if (ret == WOLFSSL_SUCCESS) {
  16104. ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
  16105. if (ret == WOLFSSL_SUCCESS)
  16106. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16107. }
  16108. EVP_MD_CTX_cleanup(&md_ctx);
  16109. if (ret != WOLFSSL_SUCCESS ||
  16110. XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) {
  16111. return -8604;
  16112. }
  16113. #endif /* !NO_SHA256 */
  16114. #ifdef WOLFSSL_SHA384
  16115. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16116. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16117. e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
  16118. "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
  16119. "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
  16120. "\x74\x60\x39";
  16121. e.inLen = XSTRLEN(e.input);
  16122. e.outLen = WC_SHA384_DIGEST_SIZE;
  16123. EVP_MD_CTX_init(&md_ctx);
  16124. ret = EVP_DigestInit(&md_ctx, EVP_sha384());
  16125. if (ret == WOLFSSL_SUCCESS) {
  16126. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  16127. if (ret == WOLFSSL_SUCCESS)
  16128. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16129. }
  16130. EVP_MD_CTX_cleanup(&md_ctx);
  16131. if (ret != WOLFSSL_SUCCESS ||
  16132. XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) {
  16133. return -8605;
  16134. }
  16135. #endif /* WOLFSSL_SHA384 */
  16136. #ifdef WOLFSSL_SHA512
  16137. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16138. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16139. f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
  16140. "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
  16141. "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
  16142. "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
  16143. "\x87\x4b\xe9\x09";
  16144. f.inLen = XSTRLEN(f.input);
  16145. f.outLen = WC_SHA512_DIGEST_SIZE;
  16146. EVP_MD_CTX_init(&md_ctx);
  16147. ret = EVP_DigestInit(&md_ctx, EVP_sha512());
  16148. if (ret == WOLFSSL_SUCCESS) {
  16149. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  16150. if (ret == WOLFSSL_SUCCESS)
  16151. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16152. }
  16153. EVP_MD_CTX_cleanup(&md_ctx);
  16154. if (ret != WOLFSSL_SUCCESS ||
  16155. XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) {
  16156. return -8606;
  16157. }
  16158. #endif /* WOLFSSL_SHA512 */
  16159. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  16160. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
  16161. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16162. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16163. f.output = "\x23\xfe\xc5\xbb\x94\xd6\x0b\x23\x30\x81\x92\x64\x0b\x0c\x45"
  16164. "\x33\x35\xd6\x64\x73\x4f\xe4\x0e\x72\x68\x67\x4a\xf9";
  16165. f.inLen = XSTRLEN(f.input);
  16166. f.outLen = WC_SHA512_224_DIGEST_SIZE;
  16167. EVP_MD_CTX_init(&md_ctx);
  16168. ret = EVP_DigestInit(&md_ctx, EVP_sha512_224());
  16169. if (ret == WOLFSSL_SUCCESS) {
  16170. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  16171. if (ret == WOLFSSL_SUCCESS)
  16172. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16173. }
  16174. EVP_MD_CTX_cleanup(&md_ctx);
  16175. if (ret != WOLFSSL_SUCCESS ||
  16176. XMEMCMP(hash, f.output, WC_SHA512_224_DIGEST_SIZE) != 0) {
  16177. return -8722;
  16178. }
  16179. #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
  16180. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  16181. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  16182. #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
  16183. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16184. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16185. f.output = "\x39\x28\xe1\x84\xfb\x86\x90\xf8\x40\xda\x39\x88\x12\x1d\x31"
  16186. "\xbe\x65\xcb\x9d\x3e\xf8\x3e\xe6\x14\x6f\xea\xc8\x61\xe1\x9b"
  16187. "\x56\x3a";
  16188. f.inLen = XSTRLEN(f.input);
  16189. f.outLen = WC_SHA512_256_DIGEST_SIZE;
  16190. EVP_MD_CTX_init(&md_ctx);
  16191. ret = EVP_DigestInit(&md_ctx, EVP_sha512_256());
  16192. if (ret == WOLFSSL_SUCCESS) {
  16193. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  16194. if (ret == WOLFSSL_SUCCESS)
  16195. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16196. }
  16197. EVP_MD_CTX_cleanup(&md_ctx);
  16198. if (ret != WOLFSSL_SUCCESS ||
  16199. XMEMCMP(hash, f.output, WC_SHA512_256_DIGEST_SIZE) != 0) {
  16200. return -8723;
  16201. }
  16202. #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
  16203. #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
  16204. #ifdef WOLFSSL_SHA3
  16205. #ifndef WOLFSSL_NOSHA3_224
  16206. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16207. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16208. e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a"
  16209. "\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc";
  16210. e.inLen = XSTRLEN(e.input);
  16211. e.outLen = WC_SHA3_224_DIGEST_SIZE;
  16212. EVP_MD_CTX_init(&md_ctx);
  16213. ret = EVP_DigestInit(&md_ctx, EVP_sha3_224());
  16214. if (ret == WOLFSSL_SUCCESS) {
  16215. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  16216. if (ret == WOLFSSL_SUCCESS)
  16217. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16218. }
  16219. EVP_MD_CTX_cleanup(&md_ctx);
  16220. if (ret != WOLFSSL_SUCCESS ||
  16221. XMEMCMP(hash, e.output, WC_SHA3_224_DIGEST_SIZE) != 0) {
  16222. return -8607;
  16223. }
  16224. #endif /* WOLFSSL_NOSHA3_224 */
  16225. #ifndef WOLFSSL_NOSHA3_256
  16226. d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16227. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16228. d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf"
  16229. "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad"
  16230. "\x1d\x18";
  16231. d.inLen = XSTRLEN(d.input);
  16232. d.outLen = WC_SHA3_256_DIGEST_SIZE;
  16233. EVP_MD_CTX_init(&md_ctx);
  16234. ret = EVP_DigestInit(&md_ctx, EVP_sha3_256());
  16235. if (ret == WOLFSSL_SUCCESS) {
  16236. ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
  16237. if (ret == WOLFSSL_SUCCESS)
  16238. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16239. }
  16240. EVP_MD_CTX_cleanup(&md_ctx);
  16241. if (ret != WOLFSSL_SUCCESS ||
  16242. XMEMCMP(hash, d.output, WC_SHA3_256_DIGEST_SIZE) != 0) {
  16243. return -8608;
  16244. }
  16245. #endif /* WOLFSSL_NOSHA3_256 */
  16246. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16247. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16248. e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47"
  16249. "\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6"
  16250. "\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79"
  16251. "\xaa\x7f\xc7";
  16252. e.inLen = XSTRLEN(e.input);
  16253. e.outLen = WC_SHA3_384_DIGEST_SIZE;
  16254. EVP_MD_CTX_init(&md_ctx);
  16255. ret = EVP_DigestInit(&md_ctx, EVP_sha3_384());
  16256. if (ret == WOLFSSL_SUCCESS) {
  16257. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  16258. if (ret == WOLFSSL_SUCCESS)
  16259. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16260. }
  16261. EVP_MD_CTX_cleanup(&md_ctx);
  16262. if (ret != WOLFSSL_SUCCESS ||
  16263. XMEMCMP(hash, e.output, WC_SHA3_384_DIGEST_SIZE) != 0) {
  16264. return -8609;
  16265. }
  16266. #ifndef WOLFSSL_NOSHA3_512
  16267. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  16268. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  16269. f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78"
  16270. "\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18"
  16271. "\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8"
  16272. "\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55"
  16273. "\xf2\x1d\xd1\x85";
  16274. f.inLen = XSTRLEN(f.input);
  16275. f.outLen = WC_SHA3_512_DIGEST_SIZE;
  16276. EVP_MD_CTX_init(&md_ctx);
  16277. ret = EVP_DigestInit(&md_ctx, EVP_sha3_512());
  16278. if (ret == WOLFSSL_SUCCESS) {
  16279. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  16280. if (ret == WOLFSSL_SUCCESS)
  16281. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  16282. }
  16283. EVP_MD_CTX_cleanup(&md_ctx);
  16284. if (ret != WOLFSSL_SUCCESS ||
  16285. XMEMCMP(hash, f.output, WC_SHA3_512_DIGEST_SIZE) != 0) {
  16286. return -8610;
  16287. }
  16288. #endif /* WOLFSSL_NOSHA3_512 */
  16289. #endif /* WOLFSSL_SHA3 */
  16290. #ifndef WC_NO_RNG
  16291. if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
  16292. return -8611;
  16293. #endif
  16294. #ifndef NO_MD5
  16295. c.input = "what do ya want for nothing?";
  16296. c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
  16297. "\x76";
  16298. c.inLen = XSTRLEN(c.input);
  16299. c.outLen = WC_MD5_DIGEST_SIZE;
  16300. if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
  16301. hash, 0) == NULL ||
  16302. XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0)
  16303. {
  16304. return -8612;
  16305. }
  16306. #endif /* NO_MD5 */
  16307. #ifndef NO_DES3
  16308. { /* des test */
  16309. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
  16310. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  16311. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  16312. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  16313. };
  16314. byte plain[24];
  16315. byte cipher[24];
  16316. const_DES_cblock key = {
  16317. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  16318. };
  16319. DES_cblock iv = {
  16320. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
  16321. };
  16322. DES_key_schedule sched;
  16323. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  16324. 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
  16325. 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
  16326. 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
  16327. };
  16328. DES_key_sched(&key, &sched);
  16329. DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
  16330. DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
  16331. if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
  16332. return -8613;
  16333. if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
  16334. return -8614;
  16335. /* test changing iv */
  16336. DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
  16337. DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
  16338. if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
  16339. return -8615;
  16340. } /* end des test */
  16341. #endif /* NO_DES3 */
  16342. #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
  16343. if (openssl_aes_test() != 0) {
  16344. return -8616;
  16345. }
  16346. #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
  16347. { /* evp_cipher test: EVP_aes_128_cbc */
  16348. #ifdef WOLFSSL_SMALL_STACK
  16349. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  16350. #else
  16351. EVP_CIPHER_CTX ctx[1];
  16352. #endif
  16353. int idx, cipherSz, plainSz;
  16354. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  16355. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  16356. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  16357. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  16358. };
  16359. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  16360. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  16361. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
  16362. 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
  16363. 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
  16364. };
  16365. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  16366. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  16367. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
  16368. 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
  16369. 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
  16370. };
  16371. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  16372. "0123456789abcdef "; /* align */
  16373. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  16374. "1234567890abcdef "; /* align */
  16375. byte cipher[AES_BLOCK_SIZE * 4];
  16376. byte plain [AES_BLOCK_SIZE * 4];
  16377. #ifdef WOLFSSL_SMALL_STACK
  16378. if (ctx == NULL)
  16379. return MEMORY_E;
  16380. #endif
  16381. cipherSz = 0;
  16382. EVP_CIPHER_CTX_init(ctx);
  16383. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
  16384. if (ret == WOLFSSL_SUCCESS) {
  16385. ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
  16386. if (ret == WOLFSSL_SUCCESS)
  16387. cipherSz += idx;
  16388. }
  16389. if (ret == WOLFSSL_SUCCESS) {
  16390. ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
  16391. if (ret == WOLFSSL_SUCCESS)
  16392. cipherSz += idx;
  16393. }
  16394. EVP_CIPHER_CTX_cleanup(ctx);
  16395. if (ret != WOLFSSL_SUCCESS)
  16396. return -8617;
  16397. if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
  16398. return -8618;
  16399. /* check partial decrypt (not enough padding for full block) */
  16400. plainSz = 0;
  16401. EVP_CIPHER_CTX_init(ctx);
  16402. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
  16403. if (ret == WOLFSSL_SUCCESS) {
  16404. ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
  16405. if (ret == WOLFSSL_SUCCESS)
  16406. plainSz += idx;
  16407. }
  16408. if (ret == WOLFSSL_SUCCESS) {
  16409. /* this test should fail... not enough padding for full block */
  16410. ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
  16411. if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
  16412. ret = WOLFSSL_SUCCESS;
  16413. else
  16414. ret = -8619;
  16415. }
  16416. else
  16417. ret = -8620;
  16418. EVP_CIPHER_CTX_cleanup(ctx);
  16419. if (ret != WOLFSSL_SUCCESS)
  16420. return ret;
  16421. plainSz = 0;
  16422. EVP_CIPHER_CTX_init(ctx);
  16423. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
  16424. if (ret == WOLFSSL_SUCCESS) {
  16425. ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
  16426. if (ret == WOLFSSL_SUCCESS)
  16427. plainSz += idx;
  16428. }
  16429. if (ret == WOLFSSL_SUCCESS) {
  16430. ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
  16431. if (ret == WOLFSSL_SUCCESS)
  16432. plainSz += idx;
  16433. }
  16434. EVP_CIPHER_CTX_cleanup(ctx);
  16435. if (ret != WOLFSSL_SUCCESS)
  16436. return -8621;
  16437. if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
  16438. return -8622;
  16439. cipherSz = 0;
  16440. EVP_CIPHER_CTX_init(ctx);
  16441. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
  16442. if (ret == WOLFSSL_SUCCESS) {
  16443. ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
  16444. if (ret == WOLFSSL_SUCCESS)
  16445. cipherSz += idx;
  16446. }
  16447. if (ret == WOLFSSL_SUCCESS) {
  16448. ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
  16449. if (ret == WOLFSSL_SUCCESS)
  16450. cipherSz += idx;
  16451. }
  16452. EVP_CIPHER_CTX_cleanup(ctx);
  16453. if (ret != WOLFSSL_SUCCESS)
  16454. return -8623;
  16455. if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
  16456. return -8624;
  16457. #ifdef WOLFSSL_SMALL_STACK
  16458. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  16459. #endif
  16460. } /* end evp_cipher test: EVP_aes_128_cbc*/
  16461. #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
  16462. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
  16463. { /* evp_cipher test: EVP_aes_256_ecb*/
  16464. #ifdef WOLFSSL_SMALL_STACK
  16465. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  16466. #else
  16467. EVP_CIPHER_CTX ctx[1];
  16468. #endif
  16469. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  16470. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16471. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  16472. };
  16473. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  16474. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  16475. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  16476. };
  16477. WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
  16478. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  16479. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  16480. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  16481. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  16482. };
  16483. byte cipher[AES_BLOCK_SIZE * 4];
  16484. byte plain [AES_BLOCK_SIZE * 4];
  16485. #ifdef WOLFSSL_SMALL_STACK
  16486. if (ctx == NULL)
  16487. return MEMORY_E;
  16488. #endif
  16489. EVP_CIPHER_CTX_init(ctx);
  16490. ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
  16491. if (ret == WOLFSSL_SUCCESS)
  16492. ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
  16493. EVP_CIPHER_CTX_cleanup(ctx);
  16494. if (ret != 16)
  16495. return -8625;
  16496. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  16497. return -8626;
  16498. EVP_CIPHER_CTX_init(ctx);
  16499. ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
  16500. if (ret == WOLFSSL_SUCCESS)
  16501. ret = EVP_Cipher(ctx, plain, cipher, 16);
  16502. EVP_CIPHER_CTX_cleanup(ctx);
  16503. if (ret != 16)
  16504. return -8627;
  16505. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  16506. return -8628;
  16507. #ifdef WOLFSSL_SMALL_STACK
  16508. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  16509. #endif
  16510. } /* end evp_cipher test */
  16511. #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
  16512. #define OPENSSL_TEST_ERROR (-10000)
  16513. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  16514. /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
  16515. {
  16516. /* Test: AES_encrypt/decrypt/set Key */
  16517. #ifdef WOLFSSL_SMALL_STACK
  16518. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  16519. #ifdef HAVE_AES_DECRYPT
  16520. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  16521. #endif
  16522. #else
  16523. AES_KEY enc[1];
  16524. #ifdef HAVE_AES_DECRYPT
  16525. AES_KEY dec[1];
  16526. #endif
  16527. #endif
  16528. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  16529. {
  16530. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16531. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  16532. };
  16533. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  16534. {
  16535. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  16536. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  16537. };
  16538. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  16539. {
  16540. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  16541. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  16542. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  16543. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  16544. };
  16545. byte plain[sizeof(msg)];
  16546. byte cipher[sizeof(msg)];
  16547. printf("openSSL extra test\n") ;
  16548. #ifdef WOLFSSL_SMALL_STACK
  16549. if (enc == NULL)
  16550. return MEMORY_E;
  16551. #ifdef HAVE_AES_DECRYPT
  16552. if (dec == NULL)
  16553. return MEMORY_E;
  16554. #endif
  16555. #endif
  16556. AES_set_encrypt_key(key, sizeof(key)*8, enc);
  16557. AES_set_decrypt_key(key, sizeof(key)*8, dec);
  16558. AES_encrypt(msg, cipher, enc);
  16559. #ifdef HAVE_AES_DECRYPT
  16560. AES_decrypt(cipher, plain, dec);
  16561. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  16562. return OPENSSL_TEST_ERROR-60;
  16563. #endif /* HAVE_AES_DECRYPT */
  16564. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  16565. return OPENSSL_TEST_ERROR-61;
  16566. #ifdef WOLFSSL_SMALL_STACK
  16567. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  16568. #ifdef HAVE_AES_DECRYPT
  16569. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  16570. #endif
  16571. #endif
  16572. }
  16573. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  16574. /* EVP_Cipher with EVP_aes_xxx_ctr() */
  16575. #ifdef WOLFSSL_AES_COUNTER
  16576. {
  16577. byte plainBuff [64];
  16578. byte cipherBuff[64];
  16579. #ifdef WOLFSSL_AES_128
  16580. WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
  16581. {
  16582. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  16583. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  16584. };
  16585. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  16586. {
  16587. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  16588. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  16589. };
  16590. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  16591. {
  16592. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16593. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  16594. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  16595. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  16596. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  16597. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  16598. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  16599. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  16600. };
  16601. WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
  16602. {
  16603. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  16604. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  16605. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  16606. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  16607. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  16608. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  16609. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  16610. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  16611. };
  16612. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  16613. {
  16614. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  16615. 0xc2
  16616. };
  16617. #endif /* WOLFSSL_AES_128 */
  16618. #ifdef WOLFSSL_AES_192
  16619. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  16620. * NIST Special Publication 800-38A */
  16621. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  16622. {
  16623. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  16624. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  16625. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  16626. };
  16627. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
  16628. {
  16629. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  16630. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  16631. };
  16632. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
  16633. {
  16634. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16635. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  16636. };
  16637. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  16638. {
  16639. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  16640. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
  16641. };
  16642. #endif /* WOLFSSL_AES_192 */
  16643. #ifdef WOLFSSL_AES_256
  16644. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  16645. * NIST Special Publication 800-38A */
  16646. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  16647. {
  16648. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  16649. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  16650. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  16651. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  16652. };
  16653. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
  16654. {
  16655. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  16656. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  16657. };
  16658. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
  16659. {
  16660. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16661. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  16662. };
  16663. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  16664. {
  16665. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  16666. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
  16667. };
  16668. #endif /* WOLFSSL_AES_256 */
  16669. #ifdef WOLFSSL_SMALL_STACK
  16670. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  16671. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  16672. if ((en == NULL) || (de == NULL))
  16673. return MEMORY_E;
  16674. #else
  16675. EVP_CIPHER_CTX en[1];
  16676. EVP_CIPHER_CTX de[1];
  16677. #endif
  16678. #ifdef WOLFSSL_AES_128
  16679. #ifndef WOLFSSL_SMALL_STACK
  16680. EVP_CIPHER_CTX *p_en;
  16681. EVP_CIPHER_CTX *p_de;
  16682. #endif
  16683. EVP_CIPHER_CTX_init(en);
  16684. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  16685. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16686. return -8629;
  16687. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
  16688. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  16689. return -8630;
  16690. EVP_CIPHER_CTX_init(de);
  16691. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  16692. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16693. return -8631;
  16694. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  16695. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  16696. return -8632;
  16697. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  16698. return -8633;
  16699. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  16700. return -8634;
  16701. #ifndef WOLFSSL_SMALL_STACK
  16702. p_en = wolfSSL_EVP_CIPHER_CTX_new();
  16703. if(p_en == NULL)return -8635;
  16704. p_de = wolfSSL_EVP_CIPHER_CTX_new();
  16705. if(p_de == NULL)return -8636;
  16706. if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
  16707. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16708. return -8637;
  16709. if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
  16710. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  16711. return -8638;
  16712. if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
  16713. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16714. return -8639;
  16715. if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
  16716. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  16717. return -8640;
  16718. wolfSSL_EVP_CIPHER_CTX_free(p_en);
  16719. wolfSSL_EVP_CIPHER_CTX_free(p_de);
  16720. #endif /* !WOLFSSL_SMALL_STACK */
  16721. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  16722. return -8641;
  16723. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  16724. return -8642;
  16725. EVP_CIPHER_CTX_init(en);
  16726. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  16727. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16728. return -8643;
  16729. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  16730. return -8644;
  16731. EVP_CIPHER_CTX_init(de);
  16732. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  16733. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16734. return -8645;
  16735. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  16736. return -8646;
  16737. if (XMEMCMP(plainBuff, ctrPlain, 9))
  16738. return -8647;
  16739. if (XMEMCMP(cipherBuff, ctrCipher, 9))
  16740. return -8648;
  16741. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  16742. return -8649;
  16743. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  16744. return -8650;
  16745. if (XMEMCMP(plainBuff, ctrPlain, 9))
  16746. return -8651;
  16747. if (XMEMCMP(cipherBuff, oddCipher, 9))
  16748. return -8652;
  16749. #endif /* WOLFSSL_AES_128 */
  16750. #ifdef WOLFSSL_AES_192
  16751. EVP_CIPHER_CTX_init(en);
  16752. if (EVP_CipherInit(en, EVP_aes_192_ctr(),
  16753. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  16754. return -8653;
  16755. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
  16756. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  16757. return -8654;
  16758. EVP_CIPHER_CTX_init(de);
  16759. if (EVP_CipherInit(de, EVP_aes_192_ctr(),
  16760. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  16761. return -8655;
  16762. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  16763. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  16764. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  16765. return -8656;
  16766. if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
  16767. return -8657;
  16768. if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
  16769. return -8658;
  16770. #endif /* WOLFSSL_AES_192 */
  16771. #ifdef WOLFSSL_AES_256
  16772. EVP_CIPHER_CTX_init(en);
  16773. if (EVP_CipherInit(en, EVP_aes_256_ctr(),
  16774. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  16775. return -8659;
  16776. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
  16777. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  16778. return -8660;
  16779. EVP_CIPHER_CTX_init(de);
  16780. if (EVP_CipherInit(de, EVP_aes_256_ctr(),
  16781. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  16782. return -8661;
  16783. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  16784. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  16785. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  16786. return -8662;
  16787. if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
  16788. return -8663;
  16789. if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
  16790. return -8664;
  16791. #endif /* WOLFSSL_AES_256 */
  16792. #ifdef WOLFSSL_SMALL_STACK
  16793. wolfSSL_EVP_CIPHER_CTX_free(en);
  16794. wolfSSL_EVP_CIPHER_CTX_free(de);
  16795. #endif
  16796. }
  16797. #endif /* HAVE_AES_COUNTER */
  16798. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  16799. {
  16800. /* EVP_CipherUpdate test */
  16801. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  16802. {
  16803. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16804. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  16805. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  16806. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  16807. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  16808. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  16809. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  16810. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  16811. };
  16812. byte key[] = "0123456789abcdef "; /* align */
  16813. byte iv[] = "1234567890abcdef "; /* align */
  16814. byte cipher[AES_BLOCK_SIZE * 4];
  16815. byte plain [AES_BLOCK_SIZE * 4];
  16816. #ifdef WOLFSSL_SMALL_STACK
  16817. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  16818. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  16819. #else
  16820. EVP_CIPHER_CTX en[1];
  16821. EVP_CIPHER_CTX de[1];
  16822. #endif
  16823. int outlen ;
  16824. int total = 0;
  16825. #ifdef WOLFSSL_SMALL_STACK
  16826. if ((en == NULL) || (de == NULL))
  16827. return MEMORY_E;
  16828. #endif
  16829. EVP_CIPHER_CTX_init(en);
  16830. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  16831. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  16832. return -8665;
  16833. /* openSSL compatibility, if(inlen == 0)return 1; */
  16834. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  16835. (byte*)cbcPlain, 0) != 1)
  16836. return -8666;
  16837. EVP_CIPHER_CTX_init(en);
  16838. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  16839. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  16840. return -8667;
  16841. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  16842. (byte*)cbcPlain, 9) == 0)
  16843. return -8668;
  16844. if(outlen != 0)
  16845. return -8669;
  16846. total += outlen;
  16847. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  16848. (byte*)&cbcPlain[9] , 9) == 0)
  16849. return -8670;
  16850. if(outlen != 16)
  16851. return -8671;
  16852. total += outlen;
  16853. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  16854. return -8672;
  16855. if(outlen != 16)
  16856. return -8673;
  16857. total += outlen;
  16858. if(total != 32)
  16859. return -8674;
  16860. total = 0;
  16861. EVP_CIPHER_CTX_init(de);
  16862. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  16863. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  16864. return -8675;
  16865. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  16866. return -8676;
  16867. if(outlen != 0)
  16868. return -8677;
  16869. total += outlen;
  16870. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  16871. (byte*)&cipher[6], 12) == 0)
  16872. return -8678;
  16873. if(outlen != 0)
  16874. total += outlen;
  16875. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  16876. (byte*)&cipher[6+12], 14) == 0)
  16877. return -8679;
  16878. if(outlen != 16)
  16879. return -8680;
  16880. total += outlen;
  16881. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  16882. return -8681;
  16883. if(outlen != 2)
  16884. return -8682;
  16885. total += outlen;
  16886. if(total != 18)
  16887. return -8683;
  16888. if (XMEMCMP(plain, cbcPlain, 18))
  16889. return -8684;
  16890. total = 0;
  16891. EVP_CIPHER_CTX_init(en);
  16892. if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
  16893. (unsigned char*)key, (unsigned char*)iv) == 0)
  16894. return -8685;
  16895. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
  16896. return -8686;
  16897. if(outlen != 0)
  16898. return -8687;
  16899. total += outlen;
  16900. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
  16901. return -8688;
  16902. if(outlen != 16)
  16903. return -8689;
  16904. total += outlen;
  16905. if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
  16906. return -8690;
  16907. if(outlen != 16)
  16908. return -8691;
  16909. total += outlen;
  16910. if(total != 32)
  16911. return 3438;
  16912. total = 0;
  16913. EVP_CIPHER_CTX_init(de);
  16914. if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
  16915. (unsigned char*)key, (unsigned char*)iv) == 0)
  16916. return -8692;
  16917. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  16918. return -8693;
  16919. if(outlen != 0)
  16920. return -8694;
  16921. total += outlen;
  16922. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
  16923. return -8695;
  16924. if(outlen != 0)
  16925. total += outlen;
  16926. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
  16927. return -8696;
  16928. if(outlen != 16)
  16929. return -8697;
  16930. total += outlen;
  16931. if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
  16932. return -8698;
  16933. if(outlen != 2)
  16934. return -8699;
  16935. total += outlen;
  16936. if(total != 18)
  16937. return 3447;
  16938. if (XMEMCMP(plain, cbcPlain, 18))
  16939. return -8700;
  16940. if (EVP_CIPHER_key_length(NULL) != 0)
  16941. return -8701;
  16942. if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
  16943. return -8702;
  16944. if (EVP_CIPHER_CTX_mode(NULL) != 0)
  16945. return -8703;
  16946. if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
  16947. return -8704;
  16948. EVP_CIPHER_CTX_init(en);
  16949. if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
  16950. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  16951. return -8705;
  16952. EVP_CIPHER_CTX_init(en);
  16953. if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
  16954. (unsigned char*)key, (unsigned char*)iv) == 0)
  16955. return -8706;
  16956. if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  16957. return -8707;
  16958. if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  16959. return -8708;
  16960. EVP_CIPHER_CTX_init(de);
  16961. if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
  16962. (unsigned char*)key, (unsigned char*)iv) == 0)
  16963. return -8709;
  16964. if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  16965. return -8710;
  16966. if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  16967. return -8711;
  16968. if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
  16969. return -8712;
  16970. EVP_CIPHER_CTX_init(en);
  16971. EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
  16972. (unsigned char*)key, (unsigned char*)iv);
  16973. if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
  16974. return -8713;
  16975. if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
  16976. return -8714;
  16977. if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
  16978. return -8715;
  16979. if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
  16980. return -8716;
  16981. if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
  16982. return -8717;
  16983. EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
  16984. EVP_CIPHER_CTX_set_flags(en, 42);
  16985. if (en->flags != 42)
  16986. return -8718;
  16987. if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
  16988. return -8719;
  16989. if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
  16990. return -8720;
  16991. if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
  16992. return -8721;
  16993. #ifdef WOLFSSL_SMALL_STACK
  16994. wolfSSL_EVP_CIPHER_CTX_free(en);
  16995. wolfSSL_EVP_CIPHER_CTX_free(de);
  16996. #endif
  16997. }
  16998. #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
  16999. #endif /* ifndef NO_AES */
  17000. return 0;
  17001. }
  17002. WOLFSSL_TEST_SUBROUTINE int openSSL_evpMD_test(void)
  17003. {
  17004. int ret = 0;
  17005. #if !defined(NO_SHA256) && !defined(NO_SHA)
  17006. WOLFSSL_EVP_MD_CTX* ctx;
  17007. WOLFSSL_EVP_MD_CTX* ctx2;
  17008. ctx = EVP_MD_CTX_create();
  17009. ctx2 = EVP_MD_CTX_create();
  17010. ret = EVP_DigestInit(ctx, EVP_sha256());
  17011. if (ret != SSL_SUCCESS) {
  17012. ret = -8800;
  17013. goto openSSL_evpMD_test_done;
  17014. }
  17015. ret = EVP_MD_CTX_copy(ctx2, ctx);
  17016. if (ret != SSL_SUCCESS) {
  17017. ret = -8801;
  17018. goto openSSL_evpMD_test_done;
  17019. }
  17020. if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
  17021. ret = -8802;
  17022. goto openSSL_evpMD_test_done;
  17023. }
  17024. ret = EVP_DigestInit(ctx, EVP_sha1());
  17025. if (ret != SSL_SUCCESS) {
  17026. ret = -8803;
  17027. goto openSSL_evpMD_test_done;
  17028. }
  17029. if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
  17030. ret = -8804;
  17031. goto openSSL_evpMD_test_done;
  17032. }
  17033. ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
  17034. if (ret != SSL_SUCCESS) {
  17035. ret = -8805;
  17036. goto openSSL_evpMD_test_done;
  17037. }
  17038. if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
  17039. ret = -8806;
  17040. goto openSSL_evpMD_test_done;
  17041. }
  17042. if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
  17043. ret = -8807;
  17044. goto openSSL_evpMD_test_done;
  17045. }
  17046. if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
  17047. ret = -8808;
  17048. goto openSSL_evpMD_test_done;
  17049. }
  17050. if (EVP_add_digest(NULL) != 0) {
  17051. ret = -8809;
  17052. goto openSSL_evpMD_test_done;
  17053. }
  17054. if (wolfSSL_EVP_add_cipher(NULL) != 0) {
  17055. ret = -8810;
  17056. goto openSSL_evpMD_test_done;
  17057. }
  17058. ret = 0; /* got to success state without jumping to end with a fail */
  17059. openSSL_evpMD_test_done:
  17060. EVP_MD_CTX_destroy(ctx);
  17061. EVP_MD_CTX_destroy(ctx2);
  17062. #endif /* NO_SHA256 */
  17063. return ret;
  17064. }
  17065. #ifdef DEBUG_SIGN
  17066. static void show(const char *title, const char *p, unsigned int s) {
  17067. char* i;
  17068. printf("%s: ", title);
  17069. for (i = p;
  17070. i < p + s;
  17071. printf("%c", *i), i++);
  17072. printf("\n");
  17073. }
  17074. #else
  17075. #define show(a,b,c)
  17076. #endif
  17077. #define FOURK_BUFF 4096
  17078. #define ERR_BASE_PKEY -5000
  17079. WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void)
  17080. {
  17081. int ret = 0;
  17082. #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA)
  17083. byte* prvTmp;
  17084. byte* pubTmp;
  17085. int prvBytes;
  17086. int pubBytes;
  17087. RSA *prvRsa = NULL;
  17088. RSA *pubRsa = NULL;
  17089. EVP_PKEY *prvPkey = NULL;
  17090. EVP_PKEY *pubPkey = NULL;
  17091. EVP_PKEY_CTX *enc = NULL;
  17092. EVP_PKEY_CTX *dec = NULL;
  17093. byte in[] = TEST_STRING;
  17094. byte out[256];
  17095. size_t outlen;
  17096. size_t keySz;
  17097. byte plain[256];
  17098. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  17099. XFILE keyFile;
  17100. XFILE keypubFile;
  17101. char cliKey[] = "./certs/client-key.der";
  17102. char cliKeypub[] = "./certs/client-keyPub.der";
  17103. #endif
  17104. prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17105. if (prvTmp == NULL)
  17106. return ERR_BASE_PKEY-1;
  17107. pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17108. if (pubTmp == NULL) {
  17109. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17110. return ERR_BASE_PKEY-2;
  17111. }
  17112. #ifdef USE_CERT_BUFFERS_1024
  17113. XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
  17114. prvBytes = sizeof_client_key_der_1024;
  17115. XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  17116. pubBytes = sizeof_client_keypub_der_1024;
  17117. #elif defined(USE_CERT_BUFFERS_2048)
  17118. XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
  17119. prvBytes = sizeof_client_key_der_2048;
  17120. XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  17121. pubBytes = sizeof_client_keypub_der_2048;
  17122. #else
  17123. keyFile = XFOPEN(cliKey, "rb");
  17124. if (!keyFile) {
  17125. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17126. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17127. err_sys("can't open ./certs/client-key.der, "
  17128. "Please run from wolfSSL home dir", ERR_BASE_PKEY-3);
  17129. return ERR_BASE_PKEY-3;
  17130. }
  17131. prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
  17132. XFCLOSE(keyFile);
  17133. keypubFile = XFOPEN(cliKeypub, "rb");
  17134. if (!keypubFile) {
  17135. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17136. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17137. err_sys("can't open ./certs/client-cert.der, "
  17138. "Please run from wolfSSL home dir", -4);
  17139. return ERR_BASE_PKEY-4;
  17140. }
  17141. pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
  17142. XFCLOSE(keypubFile);
  17143. #endif /* USE_CERT_BUFFERS */
  17144. prvRsa = wolfSSL_RSA_new();
  17145. pubRsa = wolfSSL_RSA_new();
  17146. if((prvRsa == NULL) || (pubRsa == NULL)){
  17147. printf("error with RSA_new\n");
  17148. ret = ERR_BASE_PKEY-10;
  17149. goto openssl_pkey0_test_done;
  17150. }
  17151. ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
  17152. if(ret != SSL_SUCCESS){
  17153. printf("error with RSA_LoadDer_ex\n");
  17154. ret = ERR_BASE_PKEY-11;
  17155. goto openssl_pkey0_test_done;
  17156. }
  17157. ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
  17158. if(ret != SSL_SUCCESS){
  17159. printf("error with RSA_LoadDer_ex\n");
  17160. ret = ERR_BASE_PKEY-12;
  17161. goto openssl_pkey0_test_done;
  17162. }
  17163. keySz = (size_t)RSA_size(pubRsa);
  17164. prvPkey = wolfSSL_EVP_PKEY_new();
  17165. pubPkey = wolfSSL_EVP_PKEY_new();
  17166. if((prvPkey == NULL) || (pubPkey == NULL)){
  17167. printf("error with PKEY_new\n");
  17168. ret = ERR_BASE_PKEY-13;
  17169. goto openssl_pkey0_test_done;
  17170. }
  17171. ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
  17172. ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
  17173. if(ret != 2){
  17174. printf("error with PKEY_set1_RSA\n");
  17175. ret = ERR_BASE_PKEY-14;
  17176. goto openssl_pkey0_test_done;
  17177. }
  17178. dec = EVP_PKEY_CTX_new(prvPkey, NULL);
  17179. enc = EVP_PKEY_CTX_new(pubPkey, NULL);
  17180. if((dec == NULL)||(enc==NULL)){
  17181. printf("error with EVP_PKEY_CTX_new\n");
  17182. ret = ERR_BASE_PKEY-15;
  17183. goto openssl_pkey0_test_done;
  17184. }
  17185. ret = EVP_PKEY_decrypt_init(dec);
  17186. if (ret != 1) {
  17187. printf("error with decrypt init\n");
  17188. ret = ERR_BASE_PKEY-16;
  17189. goto openssl_pkey0_test_done;
  17190. }
  17191. ret = EVP_PKEY_encrypt_init(enc);
  17192. if (ret != 1) {
  17193. printf("error with encrypt init\n");
  17194. ret = ERR_BASE_PKEY-17;
  17195. goto openssl_pkey0_test_done;
  17196. }
  17197. XMEMSET(out, 0, sizeof(out));
  17198. ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
  17199. if (ret != 1) {
  17200. printf("error encrypting msg\n");
  17201. ret = ERR_BASE_PKEY-18;
  17202. goto openssl_pkey0_test_done;
  17203. }
  17204. show("encrypted msg", out, outlen);
  17205. XMEMSET(plain, 0, sizeof(plain));
  17206. ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
  17207. if (ret != 1) {
  17208. printf("error decrypting msg\n");
  17209. ret = ERR_BASE_PKEY-19;
  17210. goto openssl_pkey0_test_done;
  17211. }
  17212. show("decrypted msg", plain, outlen);
  17213. /* RSA_PKCS1_OAEP_PADDING test */
  17214. ret = EVP_PKEY_decrypt_init(dec);
  17215. if (ret != 1) {
  17216. printf("error with decrypt init\n");
  17217. ret = ERR_BASE_PKEY-30;
  17218. goto openssl_pkey0_test_done;
  17219. }
  17220. ret = EVP_PKEY_encrypt_init(enc);
  17221. if (ret != 1) {
  17222. printf("error with encrypt init\n");
  17223. ret = ERR_BASE_PKEY-31;
  17224. goto openssl_pkey0_test_done;
  17225. }
  17226. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
  17227. printf("first set rsa padding error\n");
  17228. ret = ERR_BASE_PKEY-32;
  17229. goto openssl_pkey0_test_done;
  17230. }
  17231. #ifndef HAVE_FIPS
  17232. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
  17233. printf("second set rsa padding error\n");
  17234. ret = ERR_BASE_PKEY-33;
  17235. goto openssl_pkey0_test_done;
  17236. }
  17237. if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
  17238. printf("third set rsa padding error\n");
  17239. ret = ERR_BASE_PKEY-34;
  17240. goto openssl_pkey0_test_done;
  17241. }
  17242. #endif
  17243. XMEMSET(out, 0, sizeof(out));
  17244. ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
  17245. if (ret != 1) {
  17246. printf("error encrypting msg\n");
  17247. ret = ERR_BASE_PKEY-35;
  17248. goto openssl_pkey0_test_done;
  17249. }
  17250. show("encrypted msg", out, outlen);
  17251. XMEMSET(plain, 0, sizeof(plain));
  17252. ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
  17253. if (ret != 1) {
  17254. printf("error decrypting msg\n");
  17255. ret = ERR_BASE_PKEY-36;
  17256. goto openssl_pkey0_test_done;
  17257. }
  17258. show("decrypted msg", plain, outlen);
  17259. ret = 0; /* made it to this point without error then set success */
  17260. openssl_pkey0_test_done:
  17261. wolfSSL_RSA_free(prvRsa);
  17262. wolfSSL_RSA_free(pubRsa);
  17263. EVP_PKEY_free(pubPkey);
  17264. EVP_PKEY_free(prvPkey);
  17265. EVP_PKEY_CTX_free(dec);
  17266. EVP_PKEY_CTX_free(enc);
  17267. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17268. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17269. #endif /* NO_RSA */
  17270. return ret;
  17271. }
  17272. WOLFSSL_TEST_SUBROUTINE int openssl_pkey1_test(void)
  17273. {
  17274. int ret = 0;
  17275. #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
  17276. !defined(NO_SHA)
  17277. EVP_PKEY_CTX* dec = NULL;
  17278. EVP_PKEY_CTX* enc = NULL;
  17279. EVP_PKEY* pubKey = NULL;
  17280. EVP_PKEY* prvKey = NULL;
  17281. X509* x509 = NULL;
  17282. WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
  17283. const unsigned char* clikey;
  17284. long cliKeySz;
  17285. size_t outlen;
  17286. int keyLenBits = 2048;
  17287. #ifdef WOLFSSL_SMALL_STACK
  17288. unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17289. unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17290. unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17291. if ((tmp == NULL) ||
  17292. (cipher == NULL) ||
  17293. (plain == NULL)) {
  17294. ret = -9015;
  17295. goto openssl_pkey1_test_done;
  17296. }
  17297. #else
  17298. unsigned char tmp[FOURK_BUF];
  17299. unsigned char cipher[RSA_TEST_BYTES];
  17300. unsigned char plain[RSA_TEST_BYTES];
  17301. #endif
  17302. #if defined(USE_CERT_BUFFERS_1024)
  17303. XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
  17304. cliKeySz = (long)sizeof_client_key_der_1024;
  17305. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
  17306. sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
  17307. keyLenBits = 1024;
  17308. #elif defined(USE_CERT_BUFFERS_2048)
  17309. XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
  17310. cliKeySz = (long)sizeof_client_key_der_2048;
  17311. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
  17312. sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
  17313. #elif defined(USE_CERT_BUFFERS_3072)
  17314. XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
  17315. cliKeySz = (long)sizeof_client_key_der_3072;
  17316. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
  17317. sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
  17318. keyLenBits = 3072;
  17319. #elif defined(USE_CERT_BUFFERS_4096)
  17320. XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096);
  17321. cliKeySz = (long)sizeof_client_key_der_4096;
  17322. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096,
  17323. sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1);
  17324. keyLenBits = 4096;
  17325. #else
  17326. XFILE f;
  17327. f = XFOPEN(clientKey, "rb");
  17328. if (!f) {
  17329. err_sys("can't open ./certs/client-key.der, "
  17330. "Please run from wolfSSL home dir", -41);
  17331. ret = -9000;
  17332. goto openssl_pkey1_test_done;
  17333. }
  17334. cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f);
  17335. XFCLOSE(f);
  17336. /* using existing wolfSSL api to get public and private key */
  17337. x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
  17338. #endif /* USE_CERT_BUFFERS */
  17339. clikey = tmp;
  17340. if ((prvKey = EVP_PKEY_new()) == NULL) {
  17341. ret = -9001;
  17342. goto openssl_pkey1_test_done;
  17343. }
  17344. EVP_PKEY_free(prvKey);
  17345. prvKey = NULL;
  17346. if (x509 == NULL) {
  17347. ret = -9002;
  17348. goto openssl_pkey1_test_done;
  17349. }
  17350. pubKey = X509_get_pubkey(x509);
  17351. if (pubKey == NULL) {
  17352. ret = -9003;
  17353. goto openssl_pkey1_test_done;
  17354. }
  17355. prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
  17356. if (prvKey == NULL) {
  17357. ret = -9004;
  17358. goto openssl_pkey1_test_done;
  17359. }
  17360. /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
  17361. if (EVP_PKEY_bits(prvKey) != keyLenBits) {
  17362. ret = -9005;
  17363. goto openssl_pkey1_test_done;
  17364. }
  17365. if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
  17366. ret = -9006;
  17367. goto openssl_pkey1_test_done;
  17368. }
  17369. dec = EVP_PKEY_CTX_new(prvKey, NULL);
  17370. enc = EVP_PKEY_CTX_new(pubKey, NULL);
  17371. if (dec == NULL || enc == NULL) {
  17372. ret = -9007;
  17373. goto openssl_pkey1_test_done;
  17374. }
  17375. if (EVP_PKEY_decrypt_init(dec) != 1) {
  17376. ret = -9008;
  17377. goto openssl_pkey1_test_done;
  17378. }
  17379. if (EVP_PKEY_encrypt_init(enc) != 1) {
  17380. ret = -9009;
  17381. goto openssl_pkey1_test_done;
  17382. }
  17383. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
  17384. ret = -9010;
  17385. goto openssl_pkey1_test_done;
  17386. }
  17387. #ifndef HAVE_FIPS
  17388. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
  17389. ret = -9011;
  17390. goto openssl_pkey1_test_done;
  17391. }
  17392. if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
  17393. ret = -9012;
  17394. goto openssl_pkey1_test_done;
  17395. }
  17396. #endif
  17397. XMEMSET(cipher, 0, RSA_TEST_BYTES);
  17398. outlen = keyLenBits/8;
  17399. if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
  17400. ret = -9013;
  17401. goto openssl_pkey1_test_done;
  17402. }
  17403. XMEMSET(plain, 0, RSA_TEST_BYTES);
  17404. if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
  17405. ret = -9014;
  17406. goto openssl_pkey1_test_done;
  17407. }
  17408. openssl_pkey1_test_done:
  17409. if (pubKey != NULL) {
  17410. EVP_PKEY_free(pubKey);
  17411. }
  17412. if (prvKey != NULL) {
  17413. EVP_PKEY_free(prvKey);
  17414. }
  17415. if (dec != NULL) {
  17416. EVP_PKEY_CTX_free(dec);
  17417. }
  17418. if (enc != NULL) {
  17419. EVP_PKEY_CTX_free(enc);
  17420. }
  17421. if (x509 != NULL) {
  17422. X509_free(x509);
  17423. }
  17424. #ifdef WOLFSSL_SMALL_STACK
  17425. if (tmp != NULL)
  17426. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17427. if (cipher != NULL)
  17428. XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17429. if (plain != NULL)
  17430. XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17431. #endif
  17432. #endif
  17433. return ret;
  17434. }
  17435. #define ERR_BASE_EVPSIG -5100
  17436. WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void)
  17437. {
  17438. #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
  17439. byte* prvTmp;
  17440. byte* pubTmp;
  17441. int prvBytes;
  17442. int pubBytes;
  17443. RSA *prvRsa;
  17444. RSA *pubRsa;
  17445. EVP_PKEY *prvPkey;
  17446. EVP_PKEY *pubPkey;
  17447. EVP_MD_CTX* sign;
  17448. EVP_MD_CTX* verf;
  17449. char msg[] = "see spot run";
  17450. unsigned char sig[256];
  17451. unsigned int sigSz;
  17452. const void* pt;
  17453. unsigned int count;
  17454. int ret, ret1, ret2;
  17455. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  17456. XFILE keyFile;
  17457. XFILE keypubFile;
  17458. char cliKey[] = "./certs/client-key.der";
  17459. char cliKeypub[] = "./certs/client-keyPub.der";
  17460. #endif
  17461. prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17462. if (prvTmp == NULL)
  17463. return ERR_BASE_EVPSIG-1;
  17464. pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17465. if (pubTmp == NULL) {
  17466. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17467. return ERR_BASE_EVPSIG-2;
  17468. }
  17469. #ifdef USE_CERT_BUFFERS_1024
  17470. XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
  17471. prvBytes = sizeof_client_key_der_1024;
  17472. XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  17473. pubBytes = sizeof_client_keypub_der_1024;
  17474. #elif defined(USE_CERT_BUFFERS_2048)
  17475. XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
  17476. prvBytes = sizeof_client_key_der_2048;
  17477. XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  17478. pubBytes = sizeof_client_keypub_der_2048;
  17479. #else
  17480. keyFile = XFOPEN(cliKey, "rb");
  17481. if (!keyFile) {
  17482. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17483. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17484. err_sys("can't open ./certs/client-key.der, "
  17485. "Please run from wolfSSL home dir", -40);
  17486. return ERR_BASE_EVPSIG-3;
  17487. }
  17488. prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
  17489. XFCLOSE(keyFile);
  17490. keypubFile = XFOPEN(cliKeypub, "rb");
  17491. if (!keypubFile) {
  17492. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17493. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17494. err_sys("can't open ./certs/client-cert.der, "
  17495. "Please run from wolfSSL home dir", -41);
  17496. return ERR_BASE_EVPSIG-4;
  17497. }
  17498. pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
  17499. XFCLOSE(keypubFile);
  17500. #endif /* USE_CERT_BUFFERS */
  17501. prvRsa = wolfSSL_RSA_new();
  17502. pubRsa = wolfSSL_RSA_new();
  17503. if((prvRsa == NULL) || (pubRsa == NULL)){
  17504. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17505. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17506. err_sys("ERROR with RSA_new", -9100);
  17507. return ERR_BASE_EVPSIG-5;
  17508. }
  17509. ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
  17510. ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
  17511. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  17512. printf("error with RSA_LoadDer_ex\n");
  17513. return ERR_BASE_EVPSIG-6;
  17514. }
  17515. prvPkey = wolfSSL_EVP_PKEY_new();
  17516. pubPkey = wolfSSL_EVP_PKEY_new();
  17517. if((prvPkey == NULL) || (pubPkey == NULL)){
  17518. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17519. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17520. printf("error with KEY_new\n");
  17521. return ERR_BASE_EVPSIG-7;
  17522. }
  17523. ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
  17524. ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
  17525. if((ret1 != 1) || (ret2 != 1)){
  17526. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17527. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17528. printf("error with EVP_PKEY_set1_RSA\n");
  17529. return ERR_BASE_EVPSIG-8;
  17530. }
  17531. /****************** sign and verify *******************/
  17532. sign = EVP_MD_CTX_create();
  17533. verf = EVP_MD_CTX_create();
  17534. if((sign == NULL)||(verf == NULL)){
  17535. printf("error with EVP_MD_CTX_create\n");
  17536. EVP_MD_CTX_destroy(sign);
  17537. EVP_MD_CTX_destroy(verf);
  17538. return ERR_BASE_EVPSIG-10;
  17539. }
  17540. ret = EVP_SignInit(sign, EVP_sha1());
  17541. if (ret != SSL_SUCCESS){
  17542. printf("error with EVP_SignInit\n");
  17543. EVP_MD_CTX_destroy(sign);
  17544. EVP_MD_CTX_destroy(verf);
  17545. return ERR_BASE_EVPSIG-11;
  17546. }
  17547. count = sizeof(msg);
  17548. show("message = ", (char *)msg, count);
  17549. /* sign */
  17550. XMEMSET(sig, 0, sizeof(sig));
  17551. pt = (const void*)msg;
  17552. ret1 = EVP_SignUpdate(sign, pt, count);
  17553. ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
  17554. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  17555. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17556. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17557. EVP_MD_CTX_destroy(sign);
  17558. EVP_MD_CTX_destroy(verf);
  17559. printf("error with EVP_MD_CTX_create\n");
  17560. return ERR_BASE_EVPSIG-12;
  17561. }
  17562. show("signature = ", (char *)sig, sigSz);
  17563. /* verify */
  17564. pt = (const void*)msg;
  17565. ret1 = EVP_VerifyInit(verf, EVP_sha1());
  17566. ret2 = EVP_VerifyUpdate(verf, pt, count);
  17567. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  17568. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17569. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17570. EVP_MD_CTX_destroy(sign);
  17571. EVP_MD_CTX_destroy(verf);
  17572. printf("error with EVP_Verify\n");
  17573. return ERR_BASE_EVPSIG-13;
  17574. }
  17575. if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
  17576. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17577. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17578. EVP_MD_CTX_destroy(sign);
  17579. EVP_MD_CTX_destroy(verf);
  17580. printf("error with EVP_VerifyFinal\n");
  17581. return ERR_BASE_EVPSIG-14;
  17582. }
  17583. /* expect fail without update */
  17584. EVP_VerifyInit(verf, EVP_sha1());
  17585. if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
  17586. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17587. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17588. EVP_MD_CTX_destroy(sign);
  17589. EVP_MD_CTX_destroy(verf);
  17590. printf("EVP_VerifyInit without update not detected\n");
  17591. return ERR_BASE_EVPSIG-15;
  17592. }
  17593. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17594. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17595. EVP_MD_CTX_destroy(sign);
  17596. EVP_MD_CTX_destroy(verf);
  17597. wolfSSL_RSA_free(prvRsa);
  17598. wolfSSL_RSA_free(pubRsa);
  17599. EVP_PKEY_free(pubPkey);
  17600. EVP_PKEY_free(prvPkey);
  17601. #endif /* NO_RSA */
  17602. return 0;
  17603. }
  17604. #endif /* OPENSSL_EXTRA */
  17605. #ifndef NO_PWDBASED
  17606. #ifdef HAVE_SCRYPT
  17607. /* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
  17608. WOLFSSL_TEST_SUBROUTINE int scrypt_test(void)
  17609. {
  17610. #ifdef HAVE_FIPS
  17611. /* RFC 7914 test vector keys are too short for FIPS. */
  17612. #else
  17613. int ret;
  17614. byte derived[64];
  17615. WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = {
  17616. 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
  17617. 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
  17618. 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
  17619. 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
  17620. 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
  17621. 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
  17622. 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
  17623. 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
  17624. };
  17625. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  17626. 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
  17627. 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
  17628. 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
  17629. 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
  17630. 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
  17631. 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
  17632. 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
  17633. 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
  17634. };
  17635. #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
  17636. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
  17637. 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
  17638. 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
  17639. 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
  17640. 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
  17641. 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
  17642. 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
  17643. 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
  17644. 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
  17645. };
  17646. #endif
  17647. #ifdef SCRYPT_TEST_ALL
  17648. /* Test case is very slow.
  17649. * Use for confirmation after code change or new platform.
  17650. */
  17651. WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
  17652. 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
  17653. 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
  17654. 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
  17655. 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
  17656. 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
  17657. 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
  17658. 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
  17659. 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
  17660. };
  17661. #endif
  17662. ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
  17663. if (ret != 0)
  17664. return -9200;
  17665. if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
  17666. return -9201;
  17667. ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
  17668. sizeof(verify2));
  17669. if (ret != 0)
  17670. return -9202;
  17671. if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
  17672. return -9203;
  17673. /* Test case with parallel overflowing */
  17674. ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
  17675. sizeof(verify2));
  17676. if (ret != BAD_FUNC_ARG)
  17677. return -9210;
  17678. /* Don't run these test on embedded, since they use large mallocs */
  17679. #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
  17680. ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
  17681. (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
  17682. if (ret != 0)
  17683. return -9204;
  17684. if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
  17685. return -9205;
  17686. #ifdef SCRYPT_TEST_ALL
  17687. ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
  17688. (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
  17689. if (ret != 0)
  17690. return -9206;
  17691. if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
  17692. return -9207;
  17693. #endif
  17694. #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
  17695. ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
  17696. 8, 16, sizeof(verify2));
  17697. if (ret != 0)
  17698. return -9208;
  17699. if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
  17700. return -9209;
  17701. #endif /* !HAVE_FIPS */
  17702. return 0;
  17703. }
  17704. #endif
  17705. #ifdef HAVE_PKCS12
  17706. WOLFSSL_TEST_SUBROUTINE int pkcs12_test(void)
  17707. {
  17708. WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
  17709. 0x00, 0x00 };
  17710. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
  17711. WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
  17712. 0x00, 0x67, 0x00, 0x00 };
  17713. WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
  17714. byte derived[64];
  17715. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  17716. 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
  17717. 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
  17718. 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
  17719. };
  17720. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  17721. 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
  17722. 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
  17723. 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
  17724. };
  17725. int id = 1;
  17726. int kLen = 24;
  17727. int iterations = 1;
  17728. int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
  17729. iterations, kLen, WC_SHA256, id);
  17730. if (ret < 0)
  17731. return -9300;
  17732. if (XMEMCMP(derived, verify, kLen) != 0)
  17733. return -9301;
  17734. iterations = 1000;
  17735. ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
  17736. iterations, kLen, WC_SHA256, id);
  17737. if (ret < 0)
  17738. return -9302;
  17739. ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
  17740. iterations, kLen, WC_SHA256, id, HEAP_HINT);
  17741. if (ret < 0)
  17742. return -9303;
  17743. if (XMEMCMP(derived, verify2, 24) != 0)
  17744. return -9304;
  17745. return 0;
  17746. }
  17747. #endif /* HAVE_PKCS12 */
  17748. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
  17749. WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void)
  17750. {
  17751. char passwd[] = "passwordpassword";
  17752. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
  17753. int iterations = 2048;
  17754. int kLen = 24;
  17755. byte derived[64];
  17756. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  17757. 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
  17758. 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
  17759. };
  17760. int ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt,
  17761. (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId);
  17762. if (ret != 0)
  17763. return ret;
  17764. if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
  17765. return -9400;
  17766. return 0;
  17767. }
  17768. #endif /* HAVE_PBKDF2 && !NO_SHA256 */
  17769. #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
  17770. WOLFSSL_TEST_SUBROUTINE int pbkdf1_test(void)
  17771. {
  17772. char passwd[] = "password";
  17773. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
  17774. int iterations = 1000;
  17775. int kLen = 16;
  17776. byte derived[16];
  17777. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  17778. 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F,
  17779. 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
  17780. };
  17781. int ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
  17782. (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
  17783. HEAP_HINT);
  17784. if (ret != 0)
  17785. return ret;
  17786. if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
  17787. return -9500;
  17788. return 0;
  17789. }
  17790. #endif /* HAVE_PBKDF2 && !NO_SHA */
  17791. WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void)
  17792. {
  17793. int ret = 0;
  17794. #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
  17795. ret = pbkdf1_test();
  17796. if (ret != 0)
  17797. return ret;
  17798. #endif
  17799. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
  17800. ret = pbkdf2_test();
  17801. if (ret != 0)
  17802. return ret;
  17803. #endif
  17804. #ifdef HAVE_PKCS12
  17805. ret = pkcs12_test();
  17806. if (ret != 0)
  17807. return ret;
  17808. #endif
  17809. #ifdef HAVE_SCRYPT
  17810. ret = scrypt_test();
  17811. if (ret != 0)
  17812. return ret;
  17813. #endif
  17814. return ret;
  17815. }
  17816. #endif /* NO_PWDBASED */
  17817. #if defined(HAVE_HKDF) && !defined(NO_HMAC)
  17818. /* WOLFSSL_TEST_SUBROUTINE */ static int hkdf_test(void)
  17819. {
  17820. int ret = 0;
  17821. #if !defined(NO_SHA) || !defined(NO_SHA256)
  17822. int L = 42;
  17823. byte okm1[42];
  17824. byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  17825. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  17826. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
  17827. #ifndef HAVE_FIPS
  17828. byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  17829. 0x08, 0x09, 0x0a, 0x0b, 0x0c };
  17830. byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
  17831. 0xf8, 0xf9 };
  17832. #endif
  17833. #ifndef NO_SHA
  17834. byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
  17835. 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
  17836. 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
  17837. 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
  17838. 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
  17839. 0x49, 0x18 };
  17840. #ifndef HAVE_FIPS
  17841. byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
  17842. 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
  17843. 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
  17844. 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
  17845. 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
  17846. 0xf8, 0x96 };
  17847. #endif
  17848. #endif /* !NO_SHA */
  17849. #ifndef NO_SHA256
  17850. byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
  17851. 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
  17852. 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
  17853. 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
  17854. 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
  17855. 0x96, 0xc8 };
  17856. #ifndef HAVE_FIPS
  17857. byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
  17858. 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
  17859. 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
  17860. 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
  17861. 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
  17862. 0x58, 0x65 };
  17863. #endif
  17864. #endif /* !NO_SHA256 */
  17865. #ifndef NO_SHA
  17866. ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
  17867. if (ret != 0)
  17868. return -9700;
  17869. if (XMEMCMP(okm1, res1, L) != 0)
  17870. return -9701;
  17871. #ifndef HAVE_FIPS
  17872. /* fips can't have key size under 14 bytes, salt is key too */
  17873. ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
  17874. if (ret != 0)
  17875. return -9702;
  17876. if (XMEMCMP(okm1, res2, L) != 0)
  17877. return -9703;
  17878. #endif /* HAVE_FIPS */
  17879. #endif /* !NO_SHA */
  17880. #ifndef NO_SHA256
  17881. ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
  17882. if (ret != 0)
  17883. return -9704;
  17884. if (XMEMCMP(okm1, res3, L) != 0)
  17885. return -9705;
  17886. #ifndef HAVE_FIPS
  17887. /* fips can't have key size under 14 bytes, salt is key too */
  17888. ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
  17889. if (ret != 0)
  17890. return -9706;
  17891. if (XMEMCMP(okm1, res4, L) != 0)
  17892. return -9707;
  17893. #endif /* HAVE_FIPS */
  17894. #endif /* !NO_SHA256 */
  17895. #endif /* !NO_SHA || !NO_SHA256 */
  17896. return ret;
  17897. }
  17898. #endif /* HAVE_HKDF */
  17899. #ifdef WOLFSSL_WOLFSSH
  17900. typedef struct {
  17901. byte hashId;
  17902. byte keyId;
  17903. const byte* k;
  17904. word32 kSz;
  17905. const byte* h;
  17906. word32 hSz;
  17907. const byte* sessionId;
  17908. word32 sessionIdSz;
  17909. const byte* expectedKey;
  17910. word32 expectedKeySz;
  17911. } SshKdfTestVector;
  17912. /** Test Vector Set #3: SHA-256 **/
  17913. static const byte sshKdfTvSet3k[] = {
  17914. 0x6A, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1,
  17915. 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64,
  17916. 0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C,
  17917. 0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22,
  17918. 0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE,
  17919. 0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76,
  17920. 0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75,
  17921. 0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0,
  17922. 0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3,
  17923. 0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E,
  17924. 0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56,
  17925. 0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C,
  17926. 0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63,
  17927. 0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF,
  17928. 0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81,
  17929. 0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD,
  17930. 0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC,
  17931. 0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78,
  17932. 0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA,
  17933. 0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24,
  17934. 0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3,
  17935. 0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60,
  17936. 0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE,
  17937. 0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04,
  17938. 0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7,
  17939. 0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE,
  17940. 0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD,
  17941. 0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F,
  17942. 0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F,
  17943. 0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22,
  17944. 0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56,
  17945. 0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22
  17946. };
  17947. static const byte sshKdfTvSet3h[] = {
  17948. 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
  17949. 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
  17950. 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
  17951. 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
  17952. };
  17953. static const byte sshKdfTvSet3sid[] = {
  17954. 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
  17955. 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
  17956. 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
  17957. 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
  17958. };
  17959. static const byte sshKdfTvSet3a[] = {
  17960. 0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61,
  17961. 0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9
  17962. };
  17963. static const byte sshKdfTvSet3b[] = {
  17964. 0x3F, 0x6F, 0xD2, 0x06, 0x5E, 0xEB, 0x2B, 0x0B,
  17965. 0x1D, 0x93, 0x19, 0x5A, 0x1F, 0xED, 0x48, 0xA5
  17966. };
  17967. static const byte sshKdfTvSet3c[] = {
  17968. 0xC3, 0x54, 0x71, 0x03, 0x4E, 0x6F, 0xD6, 0x54,
  17969. 0x76, 0x13, 0x17, 0x8E, 0x23, 0x43, 0x5F, 0x21
  17970. };
  17971. static const byte sshKdfTvSet3d[] = {
  17972. 0x7E, 0x9D, 0x79, 0x03, 0x20, 0x90, 0xD9, 0x9F,
  17973. 0x98, 0xB0, 0x15, 0x63, 0x4D, 0xD9, 0xF4, 0x62
  17974. };
  17975. static const byte sshKdfTvSet3e[] = {
  17976. 0x24, 0xEE, 0x55, 0x9A, 0xD7, 0xCE, 0x71, 0x2B,
  17977. 0x68, 0x5D, 0x0B, 0x22, 0x71, 0xE4, 0x43, 0xC1,
  17978. 0x7A, 0xB1, 0xD1, 0xDC, 0xEB, 0x5A, 0x36, 0x05,
  17979. 0x69, 0xD2, 0x5D, 0x5D, 0xC2, 0x43, 0x00, 0x2F
  17980. };
  17981. static const byte sshKdfTvSet3f[] = {
  17982. 0xC3, 0x41, 0x9C, 0x2B, 0x96, 0x62, 0x35, 0x86,
  17983. 0x9D, 0x71, 0x4B, 0xA5, 0xAC, 0x48, 0xDD, 0xB7,
  17984. 0xD9, 0xE3, 0x5C, 0x8C, 0x19, 0xAA, 0xC7, 0x34,
  17985. 0x22, 0x33, 0x7A, 0x37, 0x34, 0x53, 0x60, 0x7E
  17986. };
  17987. static const SshKdfTestVector sshKdfTestVectors[] = {
  17988. {WC_HASH_TYPE_SHA256, 'A',
  17989. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  17990. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  17991. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  17992. sshKdfTvSet3a, sizeof(sshKdfTvSet3a)},
  17993. {WC_HASH_TYPE_SHA256, 'B',
  17994. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  17995. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  17996. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  17997. sshKdfTvSet3b, sizeof(sshKdfTvSet3b)},
  17998. {WC_HASH_TYPE_SHA256, 'C',
  17999. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  18000. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  18001. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  18002. sshKdfTvSet3c, sizeof(sshKdfTvSet3c)},
  18003. {WC_HASH_TYPE_SHA256, 'D',
  18004. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  18005. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  18006. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  18007. sshKdfTvSet3d, sizeof(sshKdfTvSet3d)},
  18008. {WC_HASH_TYPE_SHA256, 'E',
  18009. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  18010. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  18011. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  18012. sshKdfTvSet3e, sizeof(sshKdfTvSet3e)},
  18013. {WC_HASH_TYPE_SHA256, 'F',
  18014. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  18015. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  18016. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  18017. sshKdfTvSet3f, sizeof(sshKdfTvSet3f)},
  18018. };
  18019. int sshkdf_test(void)
  18020. {
  18021. int result = 0;
  18022. word32 i;
  18023. word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
  18024. const SshKdfTestVector* tv = NULL;
  18025. byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
  18026. /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
  18027. for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) {
  18028. result = wc_SSH_KDF(tv->hashId, tv->keyId,
  18029. cKey, tv->expectedKeySz,
  18030. tv->k, tv->kSz, tv->h, tv->hSz,
  18031. tv->sessionId, tv->sessionIdSz);
  18032. if (result != 0) {
  18033. printf("KDF: Could not derive key.\n");
  18034. result = -101;
  18035. }
  18036. else {
  18037. if (memcmp(cKey, tv->expectedKey, tv->expectedKeySz) != 0) {
  18038. printf("KDF: Calculated Key does not match Expected Key.\n");
  18039. result = -102;
  18040. }
  18041. }
  18042. if (result != 0) break;
  18043. }
  18044. return result;
  18045. }
  18046. #endif /* WOLFSSL_WOLFSSH */
  18047. #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
  18048. WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void)
  18049. {
  18050. int ret;
  18051. byte kek[128];
  18052. #ifndef NO_SHA
  18053. /* SHA-1, COUNT = 0
  18054. * shared secret length: 192
  18055. * SharedInfo length: 0
  18056. * key data length: 128
  18057. */
  18058. WOLFSSL_SMALL_STACK_STATIC const byte Z[] = {
  18059. 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
  18060. 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
  18061. 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
  18062. };
  18063. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  18064. 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
  18065. 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
  18066. };
  18067. #endif
  18068. #ifndef NO_SHA256
  18069. /* SHA-256, COUNT = 3
  18070. * shared secret length: 192
  18071. * SharedInfo length: 0
  18072. * key data length: 128
  18073. */
  18074. WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = {
  18075. 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
  18076. 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
  18077. 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
  18078. };
  18079. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  18080. 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
  18081. 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
  18082. };
  18083. #endif
  18084. #ifdef WOLFSSL_SHA512
  18085. /* SHA-512, COUNT = 0
  18086. * shared secret length: 192
  18087. * SharedInfo length: 0
  18088. * key data length: 128
  18089. */
  18090. WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = {
  18091. 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
  18092. 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
  18093. 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
  18094. };
  18095. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
  18096. 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
  18097. 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
  18098. };
  18099. /* SHA-512, COUNT = 0
  18100. * shared secret length: 521
  18101. * SharedInfo length: 128
  18102. * key data length: 1024
  18103. */
  18104. WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = {
  18105. 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
  18106. 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
  18107. 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
  18108. 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
  18109. 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
  18110. 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
  18111. 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
  18112. 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
  18113. 0x5a, 0x2d
  18114. };
  18115. WOLFSSL_SMALL_STACK_STATIC const byte info4[] = {
  18116. 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
  18117. 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
  18118. };
  18119. WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
  18120. 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
  18121. 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
  18122. 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
  18123. 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
  18124. 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
  18125. 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
  18126. 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
  18127. 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
  18128. 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
  18129. 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
  18130. 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
  18131. 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
  18132. 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
  18133. 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
  18134. 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
  18135. 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
  18136. };
  18137. #endif
  18138. #ifndef NO_SHA
  18139. ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
  18140. kek, sizeof(verify));
  18141. if (ret != 0)
  18142. return -9800;
  18143. if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
  18144. return -9801;
  18145. #endif
  18146. #ifndef NO_SHA256
  18147. ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
  18148. kek, sizeof(verify2));
  18149. if (ret != 0)
  18150. return -9802;
  18151. if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
  18152. return -9803;
  18153. #endif
  18154. #ifdef WOLFSSL_SHA512
  18155. ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
  18156. kek, sizeof(verify3));
  18157. if (ret != 0)
  18158. return -9804;
  18159. if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
  18160. return -9805;
  18161. ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
  18162. sizeof(info4), kek, sizeof(verify4));
  18163. if (ret != 0)
  18164. return -9806;
  18165. if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
  18166. return -9807;
  18167. #endif
  18168. return 0;
  18169. }
  18170. #endif /* HAVE_X963_KDF */
  18171. #ifdef HAVE_ECC
  18172. /* size to use for ECC key gen tests */
  18173. #ifndef ECC_KEYGEN_SIZE
  18174. #ifndef NO_ECC256
  18175. #define ECC_KEYGEN_SIZE 32
  18176. #elif defined(HAVE_ECC384)
  18177. #define ECC_KEYGEN_SIZE 48
  18178. #elif defined(HAVE_ECC224)
  18179. #define ECC_KEYGEN_SIZE 28
  18180. #elif defined(HAVE_ECC521)
  18181. #define ECC_KEYGEN_SIZE 66
  18182. #else
  18183. #error No ECC keygen size defined for test
  18184. #endif
  18185. #endif
  18186. #ifdef BENCH_EMBEDDED
  18187. #define ECC_SHARED_SIZE 128
  18188. #else
  18189. #define ECC_SHARED_SIZE MAX_ECC_BYTES
  18190. #endif
  18191. #define ECC_DIGEST_SIZE MAX_ECC_BYTES
  18192. #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
  18193. #ifndef NO_ECC_VECTOR_TEST
  18194. #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
  18195. !defined(NO_ECC256) || defined(HAVE_ECC384) ||\
  18196. defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
  18197. #define HAVE_ECC_VECTOR_TEST
  18198. #endif
  18199. #endif
  18200. #ifdef HAVE_ECC_VECTOR_TEST
  18201. typedef struct eccVector {
  18202. const char* msg; /* SHA-1 Encoded Message */
  18203. const char* Qx;
  18204. const char* Qy;
  18205. const char* d; /* Private Key */
  18206. const char* R;
  18207. const char* S;
  18208. const char* curveName;
  18209. word32 msgLen;
  18210. word32 keySize;
  18211. #ifndef NO_ASN
  18212. const byte* r;
  18213. word32 rSz;
  18214. const byte* s;
  18215. word32 sSz;
  18216. #endif
  18217. } eccVector;
  18218. static int ecc_test_vector_item(const eccVector* vector)
  18219. {
  18220. int ret = 0, verify = 0;
  18221. word32 sigSz;
  18222. #ifdef WOLFSSL_SMALL_STACK
  18223. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18224. #else
  18225. ecc_key userA[1];
  18226. #endif
  18227. DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  18228. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  18229. word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES;
  18230. DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
  18231. DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
  18232. DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
  18233. #endif
  18234. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  18235. if (sig == NULL)
  18236. ERROR_OUT(MEMORY_E, done);
  18237. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  18238. if (sigRaw == NULL || r == NULL || s == NULL)
  18239. ERROR_OUT(MEMORY_E, done);
  18240. #endif
  18241. #endif
  18242. #ifdef WOLFSSL_SMALL_STACK
  18243. if (userA == NULL)
  18244. ERROR_OUT(MEMORY_E, done);
  18245. #endif
  18246. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  18247. if (ret != 0)
  18248. goto done;
  18249. ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
  18250. vector->d, vector->curveName);
  18251. if (ret != 0)
  18252. goto done;
  18253. XMEMSET(sig, 0, ECC_SIG_SIZE);
  18254. sigSz = ECC_SIG_SIZE;
  18255. ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
  18256. if (ret != 0)
  18257. goto done;
  18258. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  18259. XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
  18260. sigRawSz = ECC_SIG_SIZE;
  18261. ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
  18262. sigRaw, &sigRawSz);
  18263. if (ret != 0)
  18264. goto done;
  18265. if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
  18266. ret = -9810;
  18267. goto done;
  18268. }
  18269. ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
  18270. if (ret != 0)
  18271. goto done;
  18272. if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
  18273. sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
  18274. ret = -9811;
  18275. goto done;
  18276. }
  18277. #endif
  18278. do {
  18279. #if defined(WOLFSSL_ASYNC_CRYPT)
  18280. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18281. #endif
  18282. if (ret == 0)
  18283. ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
  18284. vector->msgLen, &verify, userA);
  18285. } while (ret == WC_PENDING_E);
  18286. if (ret != 0)
  18287. goto done;
  18288. TEST_SLEEP();
  18289. if (verify != 1)
  18290. ret = -9812;
  18291. done:
  18292. #ifdef WOLFSSL_SMALL_STACK
  18293. if (userA != NULL) {
  18294. wc_ecc_free(userA);
  18295. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18296. }
  18297. #else
  18298. wc_ecc_free(userA);
  18299. #endif
  18300. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  18301. FREE_VAR(sigRaw, HEAP_HINT);
  18302. FREE_VAR(r, HEAP_HINT);
  18303. FREE_VAR(s, HEAP_HINT);
  18304. #endif
  18305. FREE_VAR(sig, HEAP_HINT);
  18306. return ret;
  18307. }
  18308. static int ecc_test_vector(int keySize)
  18309. {
  18310. int ret;
  18311. eccVector vec;
  18312. XMEMSET(&vec, 0, sizeof(vec));
  18313. vec.keySize = (word32)keySize;
  18314. switch(keySize) {
  18315. #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
  18316. case 14:
  18317. return 0;
  18318. #endif /* HAVE_ECC112 */
  18319. #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
  18320. case 16:
  18321. return 0;
  18322. #endif /* HAVE_ECC128 */
  18323. #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
  18324. case 20:
  18325. return 0;
  18326. #endif /* HAVE_ECC160 */
  18327. #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
  18328. case 24:
  18329. /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
  18330. #if 1
  18331. vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
  18332. vec.msgLen = 20;
  18333. #else
  18334. /* This is the raw message prior to SHA-1 */
  18335. vec.msg =
  18336. "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
  18337. "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
  18338. "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
  18339. "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
  18340. "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
  18341. "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
  18342. "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
  18343. "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
  18344. vec.msgLen = 128;
  18345. #endif
  18346. vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
  18347. vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
  18348. vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
  18349. vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
  18350. vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
  18351. vec.curveName = "SECP192R1";
  18352. #ifndef NO_ASN
  18353. vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
  18354. "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
  18355. vec.rSz = 24;
  18356. vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
  18357. "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
  18358. vec.sSz = 24;
  18359. #endif
  18360. break;
  18361. #endif /* HAVE_ECC192 */
  18362. #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
  18363. case 28:
  18364. /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
  18365. #if 1
  18366. vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
  18367. vec.msgLen = 20;
  18368. #else
  18369. /* This is the raw message prior to SHA-1 */
  18370. vec.msg =
  18371. "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
  18372. "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
  18373. "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
  18374. "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
  18375. "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
  18376. "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
  18377. "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
  18378. "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
  18379. vec.msgLen = 128;
  18380. #endif
  18381. vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
  18382. vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
  18383. vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
  18384. vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
  18385. vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
  18386. vec.curveName = "SECP224R1";
  18387. #ifndef NO_ASN
  18388. vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
  18389. "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
  18390. "\xbc\x16\x71\xa7";
  18391. vec.rSz = 28;
  18392. vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
  18393. "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
  18394. "\x6a\xf3\xad\x5b";
  18395. vec.sSz = 28;
  18396. #endif
  18397. break;
  18398. #endif /* HAVE_ECC224 */
  18399. #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
  18400. case 30:
  18401. return 0;
  18402. #endif /* HAVE_ECC239 */
  18403. #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
  18404. case 32:
  18405. /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
  18406. #if 1
  18407. vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
  18408. vec.msgLen = 20;
  18409. #else
  18410. /* This is the raw message prior to SHA-1 */
  18411. vec.msg =
  18412. "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
  18413. "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
  18414. "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
  18415. "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
  18416. "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
  18417. "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
  18418. "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
  18419. "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
  18420. vec.msgLen = 128;
  18421. #endif
  18422. vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
  18423. vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
  18424. vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
  18425. vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
  18426. vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
  18427. #ifndef NO_ASN
  18428. vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
  18429. "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
  18430. "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
  18431. vec.rSz = 32;
  18432. vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
  18433. "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
  18434. "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
  18435. vec.sSz = 32;
  18436. #endif
  18437. vec.curveName = "SECP256R1";
  18438. break;
  18439. #endif /* !NO_ECC256 */
  18440. #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
  18441. case 40:
  18442. return 0;
  18443. #endif /* HAVE_ECC320 */
  18444. #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
  18445. case 48:
  18446. /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
  18447. #if 1
  18448. vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
  18449. vec.msgLen = 20;
  18450. #else
  18451. /* This is the raw message prior to SHA-1 */
  18452. vec.msg =
  18453. "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
  18454. "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
  18455. "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
  18456. "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
  18457. "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
  18458. "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
  18459. "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
  18460. "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
  18461. vec.msgLen = 128;
  18462. #endif
  18463. vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
  18464. vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
  18465. vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
  18466. vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
  18467. vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
  18468. vec.curveName = "SECP384R1";
  18469. #ifndef NO_ASN
  18470. vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
  18471. "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
  18472. "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
  18473. "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
  18474. vec.rSz = 48;
  18475. vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
  18476. "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
  18477. "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
  18478. "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
  18479. vec.sSz = 48;
  18480. #endif
  18481. break;
  18482. #endif /* HAVE_ECC384 */
  18483. #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
  18484. case 64:
  18485. return 0;
  18486. #endif /* HAVE_ECC512 */
  18487. #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
  18488. case 66:
  18489. /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
  18490. #if 1
  18491. vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
  18492. vec.msgLen = 20;
  18493. #else
  18494. /* This is the raw message prior to SHA-1 */
  18495. vec.msg =
  18496. "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
  18497. "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
  18498. "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
  18499. "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
  18500. "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
  18501. "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
  18502. "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
  18503. "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
  18504. vec.msgLen = 128;
  18505. #endif
  18506. vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
  18507. vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
  18508. vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
  18509. vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
  18510. vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
  18511. vec.curveName = "SECP521R1";
  18512. #ifndef NO_ASN
  18513. vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
  18514. "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
  18515. "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
  18516. "\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6"
  18517. "\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a"
  18518. "\xa3\xbb\x15\x21\xbe";
  18519. vec.rSz = 65;
  18520. vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23"
  18521. "\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5"
  18522. "\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b"
  18523. "\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11"
  18524. "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
  18525. "\x3d\x22\xf2\x48\x0c";
  18526. vec.sSz = 65;
  18527. #endif
  18528. break;
  18529. #endif /* HAVE_ECC521 */
  18530. default:
  18531. return NOT_COMPILED_IN; /* Invalid key size / Not supported */
  18532. }; /* Switch */
  18533. ret = ecc_test_vector_item(&vec);
  18534. if (ret < 0) {
  18535. return ret;
  18536. }
  18537. return 0;
  18538. }
  18539. #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
  18540. static int ecc_test_deterministic_k(WC_RNG* rng)
  18541. {
  18542. int ret;
  18543. ecc_key key;
  18544. byte sig[72];
  18545. word32 sigSz;
  18546. unsigned char msg[] = "sample";
  18547. unsigned char hash[32];
  18548. const char* dIUT =
  18549. "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
  18550. const char* QIUTx =
  18551. "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
  18552. const char* QIUTy =
  18553. "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
  18554. const byte expSig[] = {
  18555. 0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B,
  18556. 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD,
  18557. 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87,
  18558. 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E,
  18559. 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0x02, 0x21, 0x00,
  18560. 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41,
  18561. 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65,
  18562. 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06,
  18563. 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8
  18564. };
  18565. ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
  18566. if (ret != 0) {
  18567. return ret;
  18568. }
  18569. ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1");
  18570. if (ret != 0) {
  18571. goto done;
  18572. }
  18573. ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
  18574. (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
  18575. if (ret != 0) {
  18576. goto done;
  18577. }
  18578. ret = wc_ecc_set_deterministic(&key, 1);
  18579. if (ret != 0) {
  18580. goto done;
  18581. }
  18582. sigSz = sizeof(sig);
  18583. do {
  18584. #if defined(WOLFSSL_ASYNC_CRYPT)
  18585. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18586. #endif
  18587. if (ret == 0)
  18588. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key);
  18589. } while (ret == WC_PENDING_E);
  18590. if (ret != 0) {
  18591. goto done;
  18592. }
  18593. TEST_SLEEP();
  18594. if (sigSz != sizeof(expSig)) {
  18595. ret = -9830;
  18596. goto done;
  18597. }
  18598. if (XMEMCMP(sig, expSig, sigSz) != 0) {
  18599. ret = -9831;
  18600. goto done;
  18601. }
  18602. sigSz = sizeof(sig);
  18603. do {
  18604. #if defined(WOLFSSL_ASYNC_CRYPT)
  18605. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18606. #endif
  18607. if (ret == 0)
  18608. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key);
  18609. } while (ret == WC_PENDING_E);
  18610. if (ret != 0) {
  18611. goto done;
  18612. }
  18613. TEST_SLEEP();
  18614. done:
  18615. wc_ecc_free(&key);
  18616. return ret;
  18617. }
  18618. #endif
  18619. #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K)
  18620. static int ecc_test_sign_vectors(WC_RNG* rng)
  18621. {
  18622. int ret;
  18623. #ifdef WOLFSSL_SMALL_STACK
  18624. ecc_key *key = NULL;
  18625. #else
  18626. ecc_key key[1];
  18627. #endif
  18628. int key_inited = 0;
  18629. byte sig[72];
  18630. word32 sigSz;
  18631. WOLFSSL_SMALL_STACK_STATIC const unsigned char hash[32] = "test wolfSSL deterministic sign";
  18632. WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
  18633. WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
  18634. WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
  18635. WOLFSSL_SMALL_STACK_STATIC const byte k[1] = { 0x02 };
  18636. WOLFSSL_SMALL_STACK_STATIC const byte expSig[71] = {
  18637. 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18,
  18638. 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03,
  18639. 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2,
  18640. 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc,
  18641. 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8,
  18642. 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53,
  18643. 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f,
  18644. 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf,
  18645. 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81
  18646. };
  18647. #ifdef WOLFSSL_SMALL_STACK
  18648. if ((key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
  18649. return MEMORY_E;
  18650. #endif
  18651. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  18652. if (ret != 0) {
  18653. goto done;
  18654. }
  18655. key_inited = 1;
  18656. ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
  18657. if (ret != 0) {
  18658. goto done;
  18659. }
  18660. wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
  18661. ret = wc_ecc_sign_set_k(k, sizeof(k), key);
  18662. if (ret != 0) {
  18663. goto done;
  18664. }
  18665. sigSz = sizeof(sig);
  18666. do {
  18667. #if defined(WOLFSSL_ASYNC_CRYPT)
  18668. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18669. #endif
  18670. if (ret == 0)
  18671. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
  18672. } while (ret == WC_PENDING_E);
  18673. if (ret != 0) {
  18674. goto done;
  18675. }
  18676. TEST_SLEEP();
  18677. if (sigSz != sizeof(expSig)) {
  18678. ret = -9830;
  18679. goto done;
  18680. }
  18681. if (XMEMCMP(sig, expSig, sigSz) != 0) {
  18682. ret = -9831;
  18683. goto done;
  18684. }
  18685. sigSz = sizeof(sig);
  18686. do {
  18687. #if defined(WOLFSSL_ASYNC_CRYPT)
  18688. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18689. #endif
  18690. if (ret == 0)
  18691. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
  18692. } while (ret == WC_PENDING_E);
  18693. if (ret != 0) {
  18694. goto done;
  18695. }
  18696. TEST_SLEEP();
  18697. done:
  18698. if (key_inited)
  18699. wc_ecc_free(key);
  18700. #ifdef WOLFSSL_SMALL_STACK
  18701. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18702. #endif
  18703. return ret;
  18704. }
  18705. #endif
  18706. #ifdef HAVE_ECC_CDH
  18707. static int ecc_test_cdh_vectors(WC_RNG* rng)
  18708. {
  18709. int ret;
  18710. #ifdef WOLFSSL_SMALL_STACK
  18711. ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18712. ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18713. #else
  18714. ecc_key pub_key[1], priv_key[1];
  18715. #endif
  18716. byte sharedA[32] = {0}, sharedB[32] = {0};
  18717. word32 x, z;
  18718. WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
  18719. WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
  18720. WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
  18721. WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
  18722. WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
  18723. WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
  18724. #ifdef WOLFSSL_SMALL_STACK
  18725. if ((pub_key == NULL) ||
  18726. (priv_key == NULL)) {
  18727. ret = MEMORY_E;
  18728. goto done;
  18729. }
  18730. #endif
  18731. XMEMSET(pub_key, 0, sizeof *pub_key);
  18732. XMEMSET(priv_key, 0, sizeof *priv_key);
  18733. /* setup private and public keys */
  18734. ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
  18735. if (ret != 0)
  18736. goto done;
  18737. ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
  18738. if (ret != 0)
  18739. goto done;
  18740. #ifdef HAVE_ECC_CDH
  18741. wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
  18742. wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
  18743. #endif
  18744. ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
  18745. if (ret != 0)
  18746. goto done;
  18747. ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
  18748. if (ret != 0)
  18749. goto done;
  18750. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  18751. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  18752. !defined(HAVE_SELFTEST)
  18753. ret = wc_ecc_set_rng(priv_key, rng);
  18754. if (ret != 0)
  18755. goto done;
  18756. #else
  18757. (void)rng;
  18758. #endif
  18759. /* compute ECC Cofactor shared secret */
  18760. x = sizeof(sharedA);
  18761. do {
  18762. #if defined(WOLFSSL_ASYNC_CRYPT)
  18763. ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18764. #endif
  18765. if (ret == 0)
  18766. ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
  18767. } while (ret == WC_PENDING_E);
  18768. if (ret != 0) {
  18769. goto done;
  18770. }
  18771. TEST_SLEEP();
  18772. /* read in expected Z */
  18773. z = sizeof(sharedB);
  18774. ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
  18775. if (ret != 0)
  18776. goto done;
  18777. /* compare results */
  18778. if (x != z || XMEMCMP(sharedA, sharedB, x)) {
  18779. ERROR_OUT(-9840, done);
  18780. }
  18781. done:
  18782. #ifdef WOLFSSL_SMALL_STACK
  18783. if (priv_key) {
  18784. wc_ecc_free(priv_key);
  18785. XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18786. }
  18787. if (pub_key) {
  18788. wc_ecc_free(pub_key);
  18789. XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18790. }
  18791. #else
  18792. wc_ecc_free(priv_key);
  18793. wc_ecc_free(pub_key);
  18794. #endif
  18795. return ret;
  18796. }
  18797. #endif /* HAVE_ECC_CDH */
  18798. #endif /* HAVE_ECC_VECTOR_TEST */
  18799. #ifdef HAVE_ECC_KEY_IMPORT
  18800. /* returns 0 on success */
  18801. static int ecc_test_make_pub(WC_RNG* rng)
  18802. {
  18803. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18804. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18805. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  18806. ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18807. #endif
  18808. byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18809. byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18810. #else
  18811. ecc_key key[1];
  18812. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  18813. ecc_key pub[1];
  18814. #endif
  18815. byte exportBuf[ECC_BUFSIZE];
  18816. byte tmp[ECC_BUFSIZE];
  18817. #endif
  18818. const byte* msg = (const byte*)"test wolfSSL ECC public gen";
  18819. word32 x;
  18820. word32 tmpSz;
  18821. int ret = 0;
  18822. ecc_point* pubPoint = NULL;
  18823. #ifdef HAVE_ECC_VERIFY
  18824. int verify = 0;
  18825. #endif
  18826. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18827. if ((key == NULL) ||
  18828. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  18829. (pub == NULL) ||
  18830. #endif
  18831. (exportBuf == NULL) ||
  18832. (tmp == NULL))
  18833. ERROR_OUT(MEMORY_E, done);
  18834. #endif
  18835. (void)msg;
  18836. (void)verify;
  18837. (void)exportBuf;
  18838. (void)rng;
  18839. wc_ecc_init_ex(key, HEAP_HINT, devId);
  18840. #ifndef NO_ECC256
  18841. #ifdef USE_CERT_BUFFERS_256
  18842. XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
  18843. tmpSz = (size_t)sizeof_ecc_key_der_256;
  18844. #else
  18845. {
  18846. XFILE file = XFOPEN(eccKeyDerFile, "rb");
  18847. if (!file) {
  18848. ERROR_OUT(-9850, done);
  18849. }
  18850. tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file);
  18851. XFCLOSE(file);
  18852. }
  18853. #endif /* USE_CERT_BUFFERS_256 */
  18854. /* import private only then test with */
  18855. ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
  18856. if (ret == 0) {
  18857. ERROR_OUT(-9851, done);
  18858. }
  18859. ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key);
  18860. if (ret == 0) {
  18861. ERROR_OUT(-9852, done);
  18862. }
  18863. x = 0;
  18864. ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
  18865. if (ret != 0) {
  18866. ERROR_OUT(-9853, done);
  18867. }
  18868. #ifdef HAVE_ECC_KEY_EXPORT
  18869. x = ECC_BUFSIZE;
  18870. ret = wc_ecc_export_private_only(key, exportBuf, &x);
  18871. if (ret != 0) {
  18872. ERROR_OUT(-9854, done);
  18873. }
  18874. /* make private only key */
  18875. wc_ecc_free(key);
  18876. wc_ecc_init_ex(key, HEAP_HINT, devId);
  18877. ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
  18878. if (ret != 0) {
  18879. ERROR_OUT(-9855, done);
  18880. }
  18881. x = ECC_BUFSIZE;
  18882. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  18883. if (ret == 0) {
  18884. ERROR_OUT(-9856, done);
  18885. }
  18886. #endif /* HAVE_ECC_KEY_EXPORT */
  18887. ret = wc_ecc_make_pub(NULL, NULL);
  18888. if (ret == 0) {
  18889. ERROR_OUT(-9857, done);
  18890. }
  18891. TEST_SLEEP();
  18892. #ifndef WOLFSSL_NO_MALLOC
  18893. pubPoint = wc_ecc_new_point_h(HEAP_HINT);
  18894. if (pubPoint == NULL) {
  18895. ERROR_OUT(-9858, done);
  18896. }
  18897. ret = wc_ecc_make_pub(key, pubPoint);
  18898. if (ret != 0) {
  18899. ERROR_OUT(-9859, done);
  18900. }
  18901. TEST_SLEEP();
  18902. #ifdef HAVE_ECC_KEY_EXPORT
  18903. /* export should still fail, is private only key */
  18904. x = ECC_BUFSIZE;
  18905. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  18906. if (ret == 0) {
  18907. ERROR_OUT(-9860, done);
  18908. }
  18909. #endif /* HAVE_ECC_KEY_EXPORT */
  18910. #endif /* !WOLFSSL_NO_MALLOC */
  18911. #endif /* !NO_ECC256 */
  18912. /* create a new key since above test for loading key is not supported */
  18913. #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
  18914. defined(WOLFSSL_QNX_CAAM)
  18915. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  18916. if (ret != 0) {
  18917. ERROR_OUT(-9861, done);
  18918. }
  18919. #endif
  18920. #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
  18921. (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
  18922. tmpSz = ECC_BUFSIZE;
  18923. ret = 0;
  18924. do {
  18925. #if defined(WOLFSSL_ASYNC_CRYPT)
  18926. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18927. #endif
  18928. if (ret == 0)
  18929. ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp, &tmpSz, rng, key);
  18930. } while (ret == WC_PENDING_E);
  18931. if (ret != 0) {
  18932. ERROR_OUT(-9862, done);
  18933. }
  18934. TEST_SLEEP();
  18935. #ifdef HAVE_ECC_VERIFY
  18936. /* try verify with private only key */
  18937. ret = 0;
  18938. do {
  18939. #if defined(WOLFSSL_ASYNC_CRYPT)
  18940. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18941. #endif
  18942. if (ret == 0)
  18943. ret = wc_ecc_verify_hash(tmp, tmpSz, msg, (word32)XSTRLEN((const char* )msg), &verify, key);
  18944. } while (ret == WC_PENDING_E);
  18945. if (ret != 0) {
  18946. ERROR_OUT(-9863, done);
  18947. }
  18948. if (verify != 1) {
  18949. ERROR_OUT(-9864, done);
  18950. }
  18951. TEST_SLEEP();
  18952. #ifdef HAVE_ECC_KEY_EXPORT
  18953. /* exporting the public part should now work */
  18954. x = ECC_BUFSIZE;
  18955. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  18956. if (ret != 0) {
  18957. ERROR_OUT(-9865, done);
  18958. }
  18959. #endif /* HAVE_ECC_KEY_EXPORT */
  18960. #endif /* HAVE_ECC_VERIFY */
  18961. #endif /* HAVE_ECC_SIGN */
  18962. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  18963. /* now test private only key with creating a shared secret */
  18964. x = ECC_BUFSIZE;
  18965. ret = wc_ecc_export_private_only(key, exportBuf, &x);
  18966. if (ret != 0) {
  18967. ERROR_OUT(-9866, done);
  18968. }
  18969. #ifndef WOLFSSL_QNX_CAAM
  18970. /* make private only key */
  18971. wc_ecc_free(key);
  18972. wc_ecc_init_ex(key, HEAP_HINT, devId);
  18973. ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
  18974. if (ret != 0) {
  18975. ERROR_OUT(-9867, done);
  18976. }
  18977. /* check that public export fails with private only key */
  18978. x = ECC_BUFSIZE;
  18979. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  18980. if (ret == 0) {
  18981. ERROR_OUT(-9868, done);
  18982. }
  18983. #endif /* WOLFSSL_QNX_CAAM */
  18984. /* make public key for shared secret */
  18985. wc_ecc_init_ex(pub, HEAP_HINT, devId);
  18986. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
  18987. #ifdef HAVE_ECC_CDH
  18988. wc_ecc_set_flags(key, WC_ECC_FLAG_COFACTOR);
  18989. #endif
  18990. #if defined(WOLFSSL_ASYNC_CRYPT)
  18991. ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE);
  18992. #endif
  18993. if (ret != 0) {
  18994. ERROR_OUT(-9869, done);
  18995. }
  18996. TEST_SLEEP();
  18997. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  18998. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  18999. !defined(HAVE_SELFTEST)
  19000. ret = wc_ecc_set_rng(key, rng);
  19001. if (ret != 0)
  19002. goto done;
  19003. #endif
  19004. x = ECC_BUFSIZE;
  19005. do {
  19006. #if defined(WOLFSSL_ASYNC_CRYPT)
  19007. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19008. #endif
  19009. if (ret == 0) {
  19010. ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
  19011. }
  19012. } while (ret == WC_PENDING_E);
  19013. wc_ecc_free(pub);
  19014. if (ret != 0) {
  19015. ERROR_OUT(-9870, done);
  19016. }
  19017. TEST_SLEEP();
  19018. #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
  19019. ret = 0;
  19020. done:
  19021. wc_ecc_del_point_h(pubPoint, HEAP_HINT);
  19022. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19023. if (key != NULL) {
  19024. wc_ecc_free(key);
  19025. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19026. }
  19027. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  19028. if (pub != NULL)
  19029. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19030. #endif
  19031. if (exportBuf != NULL)
  19032. XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19033. if (tmp != NULL)
  19034. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19035. #else
  19036. wc_ecc_free(key);
  19037. #endif
  19038. return ret;
  19039. }
  19040. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  19041. static int ecc_test_key_decode(WC_RNG* rng, int keySize)
  19042. {
  19043. int ret;
  19044. #ifdef WOLFSSL_SMALL_STACK
  19045. ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19046. byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19047. #else
  19048. ecc_key eccKey[1];
  19049. byte tmpBuf[ECC_BUFSIZE];
  19050. #endif
  19051. word32 tmpSz;
  19052. word32 idx;
  19053. #ifdef WOLFSSL_SMALL_STACK
  19054. if ((eccKey == NULL) || (tmpBuf == NULL))
  19055. ERROR_OUT(MEMORY_E, done);
  19056. #endif
  19057. ret = wc_ecc_init(eccKey);
  19058. if (ret != 0) {
  19059. goto done;
  19060. }
  19061. ret = wc_ecc_make_key(rng, keySize, eccKey);
  19062. #if defined(WOLFSSL_ASYNC_CRYPT)
  19063. ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
  19064. #endif
  19065. if (ret != 0) {
  19066. goto done;
  19067. }
  19068. tmpSz = ECC_BUFSIZE;
  19069. ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz);
  19070. wc_ecc_free(eccKey);
  19071. if (ret < 0) {
  19072. goto done;
  19073. }
  19074. tmpSz = ret;
  19075. ret = wc_ecc_init(eccKey);
  19076. if (ret != 0) {
  19077. goto done;
  19078. }
  19079. idx = 0;
  19080. ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
  19081. if (ret != 0) {
  19082. goto done;
  19083. }
  19084. wc_ecc_free(eccKey);
  19085. ret = wc_ecc_init(eccKey);
  19086. if (ret != 0) {
  19087. goto done;
  19088. }
  19089. idx = 0;
  19090. ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
  19091. if (ret != 0) {
  19092. goto done;
  19093. }
  19094. ret = 0;
  19095. done:
  19096. #ifdef WOLFSSL_SMALL_STACK
  19097. if (eccKey != NULL) {
  19098. wc_ecc_free(eccKey);
  19099. XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19100. }
  19101. if (tmpBuf != NULL)
  19102. XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19103. #else
  19104. wc_ecc_free(eccKey);
  19105. #endif
  19106. return ret;
  19107. }
  19108. #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
  19109. #endif /* HAVE_ECC_KEY_IMPORT */
  19110. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  19111. static int ecc_test_key_gen(WC_RNG* rng, int keySize)
  19112. {
  19113. int ret = 0;
  19114. int derSz;
  19115. #ifdef HAVE_PKCS8
  19116. word32 pkcs8Sz;
  19117. #endif
  19118. #ifdef WOLFSSL_SMALL_STACK
  19119. byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19120. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19121. #else
  19122. byte der[ECC_BUFSIZE];
  19123. ecc_key userA[1];
  19124. #endif
  19125. #ifdef WOLFSSL_SMALL_STACK
  19126. if ((der == NULL) || (userA == NULL))
  19127. ERROR_OUT(MEMORY_E, done);
  19128. #endif
  19129. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  19130. if (ret != 0)
  19131. goto done;
  19132. ret = wc_ecc_make_key(rng, keySize, userA);
  19133. #if defined(WOLFSSL_ASYNC_CRYPT)
  19134. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  19135. #endif
  19136. if (ret != 0)
  19137. goto done;
  19138. TEST_SLEEP();
  19139. ret = wc_ecc_check_key(userA);
  19140. if (ret != 0)
  19141. goto done;
  19142. TEST_SLEEP();
  19143. derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE);
  19144. if (derSz < 0) {
  19145. ERROR_OUT(derSz, done);
  19146. }
  19147. ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
  19148. ECC_PRIVATEKEY_TYPE, -8347);
  19149. if (ret != 0) {
  19150. goto done;
  19151. }
  19152. /* test export of public key */
  19153. derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1);
  19154. if (derSz < 0) {
  19155. ERROR_OUT(derSz, done);
  19156. }
  19157. if (derSz == 0) {
  19158. ERROR_OUT(-9890, done);
  19159. }
  19160. ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0, -8348);
  19161. if (ret != 0) {
  19162. goto done;
  19163. }
  19164. #ifdef HAVE_PKCS8
  19165. /* test export of PKCS#8 unencrypted private key */
  19166. pkcs8Sz = FOURK_BUF;
  19167. derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz);
  19168. if (derSz < 0) {
  19169. ERROR_OUT(derSz, done);
  19170. }
  19171. if (derSz == 0) {
  19172. ERROR_OUT(-9891, done);
  19173. }
  19174. ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0, -8349);
  19175. if (ret != 0) {
  19176. goto done;
  19177. }
  19178. #endif /* HAVE_PKCS8 */
  19179. done:
  19180. #ifdef WOLFSSL_SMALL_STACK
  19181. if (der != NULL)
  19182. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19183. if (userA != NULL) {
  19184. wc_ecc_free(userA);
  19185. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19186. }
  19187. #else
  19188. wc_ecc_free(userA);
  19189. #endif
  19190. return ret;
  19191. }
  19192. #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
  19193. static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
  19194. int curve_id, const ecc_set_type* dp)
  19195. {
  19196. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
  19197. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  19198. DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
  19199. DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
  19200. #endif
  19201. #ifdef HAVE_ECC_KEY_EXPORT
  19202. #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
  19203. DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
  19204. #endif
  19205. word32 x = 0;
  19206. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
  19207. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  19208. word32 y;
  19209. #endif
  19210. #ifdef HAVE_ECC_SIGN
  19211. DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  19212. DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
  19213. int i;
  19214. #ifdef HAVE_ECC_VERIFY
  19215. int verify;
  19216. #endif /* HAVE_ECC_VERIFY */
  19217. #endif /* HAVE_ECC_SIGN */
  19218. int ret;
  19219. #ifdef WOLFSSL_SMALL_STACK
  19220. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19221. ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19222. ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19223. #else
  19224. ecc_key userA[1];
  19225. ecc_key userB[1];
  19226. ecc_key pubKey[1];
  19227. #endif
  19228. #ifndef WC_NO_RNG
  19229. int curveSize;
  19230. #endif
  19231. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  19232. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
  19233. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  19234. if (sharedA == NULL || sharedB == NULL)
  19235. ERROR_OUT(-9900, done);
  19236. #endif
  19237. #ifdef HAVE_ECC_KEY_EXPORT
  19238. if (exportBuf == NULL)
  19239. ERROR_OUT(-9901, done);
  19240. #endif
  19241. #ifdef HAVE_ECC_SIGN
  19242. if (sig == NULL || digest == NULL)
  19243. ERROR_OUT(-9902, done);
  19244. #endif
  19245. #endif /* WOLFSSL_SMALL_STACK */
  19246. (void)testVerifyCount;
  19247. (void)dp;
  19248. (void)x;
  19249. #ifdef WOLFSSL_SMALL_STACK
  19250. if ((userA == NULL) ||
  19251. (userB == NULL) ||
  19252. (pubKey == NULL))
  19253. ERROR_OUT(-9903, done);
  19254. #endif
  19255. XMEMSET(userA, 0, sizeof *userA);
  19256. XMEMSET(userB, 0, sizeof *userB);
  19257. XMEMSET(pubKey, 0, sizeof *pubKey);
  19258. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  19259. if (ret != 0)
  19260. ERROR_OUT(-9904, done);
  19261. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  19262. if (ret != 0)
  19263. ERROR_OUT(-9905, done);
  19264. ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
  19265. if (ret != 0)
  19266. ERROR_OUT(-9906, done);
  19267. #ifdef WOLFSSL_CUSTOM_CURVES
  19268. if (dp != NULL) {
  19269. ret = wc_ecc_set_custom_curve(userA, dp);
  19270. if (ret != 0)
  19271. ERROR_OUT(-9907, done);
  19272. ret = wc_ecc_set_custom_curve(userB, dp);
  19273. if (ret != 0)
  19274. ERROR_OUT(-9908, done);
  19275. }
  19276. #endif
  19277. #ifndef WC_NO_RNG
  19278. ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
  19279. #if defined(WOLFSSL_ASYNC_CRYPT)
  19280. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  19281. #endif
  19282. if (ret == ECC_CURVE_OID_E)
  19283. goto done; /* catch case, where curve is not supported */
  19284. if (ret != 0)
  19285. ERROR_OUT(-9910, done);
  19286. TEST_SLEEP();
  19287. if (wc_ecc_get_curve_idx(curve_id) != -1) {
  19288. curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
  19289. if (curveSize != userA->dp->size)
  19290. ERROR_OUT(-9911, done);
  19291. }
  19292. ret = wc_ecc_check_key(userA);
  19293. if (ret != 0)
  19294. ERROR_OUT(-9912, done);
  19295. TEST_SLEEP();
  19296. /* ATECC508/608 configuration may not support more than one ECDH key */
  19297. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  19298. ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
  19299. #if defined(WOLFSSL_ASYNC_CRYPT)
  19300. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
  19301. #endif
  19302. if (ret != 0)
  19303. ERROR_OUT(-9914, done);
  19304. TEST_SLEEP();
  19305. /* only perform the below tests if the key size matches */
  19306. if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
  19307. ERROR_OUT(ECC_CURVE_OID_E, done);
  19308. #ifdef HAVE_ECC_DHE
  19309. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  19310. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  19311. !defined(HAVE_SELFTEST)
  19312. ret = wc_ecc_set_rng(userA, rng);
  19313. if (ret != 0)
  19314. ERROR_OUT(-9915, done);
  19315. ret = wc_ecc_set_rng(userB, rng);
  19316. if (ret != 0)
  19317. ERROR_OUT(-9916, done);
  19318. #endif
  19319. x = ECC_SHARED_SIZE;
  19320. do {
  19321. #if defined(WOLFSSL_ASYNC_CRYPT)
  19322. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19323. #endif
  19324. if (ret == 0)
  19325. ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
  19326. } while (ret == WC_PENDING_E);
  19327. if (ret != 0) {
  19328. ERROR_OUT(-9917, done);
  19329. }
  19330. TEST_SLEEP();
  19331. y = ECC_SHARED_SIZE;
  19332. do {
  19333. #if defined(WOLFSSL_ASYNC_CRYPT)
  19334. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19335. #endif
  19336. if (ret == 0)
  19337. ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
  19338. } while (ret == WC_PENDING_E);
  19339. if (ret != 0)
  19340. ERROR_OUT(-9918, done);
  19341. if (y != x)
  19342. ERROR_OUT(-9919, done);
  19343. if (XMEMCMP(sharedA, sharedB, x))
  19344. ERROR_OUT(-9920, done);
  19345. TEST_SLEEP();
  19346. #endif /* HAVE_ECC_DHE */
  19347. #ifdef HAVE_ECC_CDH
  19348. /* add cofactor flag */
  19349. wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR);
  19350. wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR);
  19351. x = ECC_SHARED_SIZE;
  19352. do {
  19353. #if defined(WOLFSSL_ASYNC_CRYPT)
  19354. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19355. #endif
  19356. if (ret == 0)
  19357. ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
  19358. } while (ret == WC_PENDING_E);
  19359. if (ret != 0)
  19360. ERROR_OUT(-9921, done);
  19361. TEST_SLEEP();
  19362. y = ECC_SHARED_SIZE;
  19363. do {
  19364. #if defined(WOLFSSL_ASYNC_CRYPT)
  19365. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19366. #endif
  19367. if (ret == 0)
  19368. ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
  19369. } while (ret == WC_PENDING_E);
  19370. if (ret != 0)
  19371. ERROR_OUT(-9922, done);
  19372. if (y != x)
  19373. ERROR_OUT(-9923, done);
  19374. if (XMEMCMP(sharedA, sharedB, x))
  19375. ERROR_OUT(-9924, done);
  19376. TEST_SLEEP();
  19377. /* remove cofactor flag */
  19378. wc_ecc_set_flags(userA, 0);
  19379. wc_ecc_set_flags(userB, 0);
  19380. #endif /* HAVE_ECC_CDH */
  19381. #endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
  19382. #ifdef HAVE_ECC_KEY_EXPORT
  19383. x = ECC_KEY_EXPORT_BUF_SIZE;
  19384. ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
  19385. if (ret != 0)
  19386. ERROR_OUT(-9925, done);
  19387. #ifdef HAVE_ECC_KEY_IMPORT
  19388. #ifdef WOLFSSL_CUSTOM_CURVES
  19389. if (dp != NULL) {
  19390. ret = wc_ecc_set_custom_curve(pubKey, dp);
  19391. if (ret != 0)
  19392. ERROR_OUT(-9926, done);
  19393. }
  19394. #endif
  19395. ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
  19396. if (ret != 0)
  19397. ERROR_OUT(-9927, done);
  19398. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  19399. #ifdef HAVE_ECC_DHE
  19400. y = ECC_SHARED_SIZE;
  19401. do {
  19402. #if defined(WOLFSSL_ASYNC_CRYPT)
  19403. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19404. #endif
  19405. if (ret == 0)
  19406. ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
  19407. } while (ret == WC_PENDING_E);
  19408. if (ret != 0)
  19409. ERROR_OUT(-9928, done);
  19410. if (XMEMCMP(sharedA, sharedB, y))
  19411. ERROR_OUT(-9929, done);
  19412. TEST_SLEEP();
  19413. #endif /* HAVE_ECC_DHE */
  19414. #ifdef HAVE_COMP_KEY
  19415. /* try compressed export / import too */
  19416. x = ECC_KEY_EXPORT_BUF_SIZE;
  19417. ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
  19418. if (ret != 0)
  19419. ERROR_OUT(-9930, done);
  19420. wc_ecc_free(pubKey);
  19421. ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
  19422. if (ret != 0)
  19423. ERROR_OUT(-9931, done);
  19424. #ifdef WOLFSSL_CUSTOM_CURVES
  19425. if (dp != NULL) {
  19426. ret = wc_ecc_set_custom_curve(pubKey, dp);
  19427. if (ret != 0)
  19428. ERROR_OUT(-9932, done);
  19429. }
  19430. #endif
  19431. ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
  19432. if (ret != 0)
  19433. ERROR_OUT(-9933, done);
  19434. #ifdef HAVE_ECC_DHE
  19435. y = ECC_SHARED_SIZE;
  19436. do {
  19437. #if defined(WOLFSSL_ASYNC_CRYPT)
  19438. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19439. #endif
  19440. if (ret == 0)
  19441. ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
  19442. } while (ret == WC_PENDING_E);
  19443. if (ret != 0)
  19444. ERROR_OUT(-9934, done);
  19445. if (XMEMCMP(sharedA, sharedB, y))
  19446. ERROR_OUT(-9935, done);
  19447. TEST_SLEEP();
  19448. #endif /* HAVE_ECC_DHE */
  19449. #endif /* HAVE_COMP_KEY */
  19450. #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
  19451. #endif /* !WC_NO_RNG */
  19452. #endif /* HAVE_ECC_KEY_IMPORT */
  19453. #endif /* HAVE_ECC_KEY_EXPORT */
  19454. #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))
  19455. #ifdef HAVE_ECC_SIGN
  19456. /* ECC w/out Shamir has issue with all 0 digest */
  19457. /* WC_BIGINT doesn't have 0 len well on hardware */
  19458. /* Cryptocell has issues with all 0 digest */
  19459. #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
  19460. !defined(WOLFSSL_CRYPTOCELL)
  19461. /* test DSA sign hash with zeros */
  19462. for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
  19463. digest[i] = 0;
  19464. }
  19465. x = ECC_SIG_SIZE;
  19466. do {
  19467. #if defined(WOLFSSL_ASYNC_CRYPT)
  19468. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19469. #endif
  19470. if (ret == 0)
  19471. ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
  19472. userA);
  19473. } while (ret == WC_PENDING_E);
  19474. if (ret != 0)
  19475. ERROR_OUT(-9936, done);
  19476. TEST_SLEEP();
  19477. #ifdef HAVE_ECC_VERIFY
  19478. for (i=0; i<testVerifyCount; i++) {
  19479. verify = 0;
  19480. do {
  19481. #if defined(WOLFSSL_ASYNC_CRYPT)
  19482. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19483. #endif
  19484. if (ret == 0)
  19485. ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
  19486. &verify, userA);
  19487. } while (ret == WC_PENDING_E);
  19488. if (ret != 0)
  19489. ERROR_OUT(-9937, done);
  19490. if (verify != 1)
  19491. ERROR_OUT(-9938, done);
  19492. TEST_SLEEP();
  19493. }
  19494. #endif /* HAVE_ECC_VERIFY */
  19495. #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
  19496. /* test DSA sign hash with sequence (0,1,2,3,4,...) */
  19497. for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
  19498. digest[i] = (byte)i;
  19499. }
  19500. x = ECC_SIG_SIZE;
  19501. do {
  19502. #if defined(WOLFSSL_ASYNC_CRYPT)
  19503. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19504. #endif
  19505. if (ret == 0)
  19506. ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
  19507. userA);
  19508. } while (ret == WC_PENDING_E);
  19509. if (ret != 0)
  19510. ERROR_OUT(-9939, done);
  19511. TEST_SLEEP();
  19512. #ifdef HAVE_ECC_VERIFY
  19513. for (i=0; i<testVerifyCount; i++) {
  19514. verify = 0;
  19515. do {
  19516. #if defined(WOLFSSL_ASYNC_CRYPT)
  19517. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19518. #endif
  19519. if (ret == 0)
  19520. ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
  19521. &verify, userA);
  19522. } while (ret == WC_PENDING_E);
  19523. if (ret != 0)
  19524. ERROR_OUT(-9940, done);
  19525. if (verify != 1)
  19526. ERROR_OUT(-9941, done);
  19527. TEST_SLEEP();
  19528. }
  19529. #endif /* HAVE_ECC_VERIFY */
  19530. #endif /* HAVE_ECC_SIGN */
  19531. #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
  19532. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
  19533. !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A)
  19534. x = ECC_KEY_EXPORT_BUF_SIZE;
  19535. ret = wc_ecc_export_private_only(userA, exportBuf, &x);
  19536. if (ret != 0)
  19537. ERROR_OUT(-9942, done);
  19538. #elif defined(HAVE_ECC_KEY_EXPORT)
  19539. (void)exportBuf;
  19540. #endif /* HAVE_ECC_KEY_EXPORT */
  19541. done:
  19542. #ifdef WOLFSSL_SMALL_STACK
  19543. if (userA != NULL) {
  19544. wc_ecc_free(userA);
  19545. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19546. }
  19547. if (userB != NULL) {
  19548. wc_ecc_free(userB);
  19549. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19550. }
  19551. if (pubKey != NULL) {
  19552. wc_ecc_free(pubKey);
  19553. XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19554. }
  19555. #else
  19556. wc_ecc_free(pubKey);
  19557. wc_ecc_free(userB);
  19558. wc_ecc_free(userA);
  19559. #endif
  19560. #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
  19561. FREE_VAR(sharedA, HEAP_HINT);
  19562. FREE_VAR(sharedB, HEAP_HINT);
  19563. #endif
  19564. #ifdef HAVE_ECC_KEY_EXPORT
  19565. FREE_VAR(exportBuf, HEAP_HINT);
  19566. #endif
  19567. #ifdef HAVE_ECC_SIGN
  19568. FREE_VAR(sig, HEAP_HINT);
  19569. FREE_VAR(digest, HEAP_HINT);
  19570. #endif
  19571. (void)keySize;
  19572. (void)curve_id;
  19573. (void)rng;
  19574. return ret;
  19575. }
  19576. #undef ECC_TEST_VERIFY_COUNT
  19577. #define ECC_TEST_VERIFY_COUNT 2
  19578. static int ecc_test_curve(WC_RNG* rng, int keySize)
  19579. {
  19580. int ret;
  19581. ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT,
  19582. ECC_CURVE_DEF, NULL);
  19583. if (ret < 0) {
  19584. if (ret == ECC_CURVE_OID_E) {
  19585. /* ignore error for curves not found */
  19586. /* some curve sizes are only available with:
  19587. HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
  19588. and HAVE_ECC_KOBLITZ */
  19589. }
  19590. else {
  19591. printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret);
  19592. return ret;
  19593. }
  19594. }
  19595. #ifdef HAVE_ECC_VECTOR_TEST
  19596. ret = ecc_test_vector(keySize);
  19597. if (ret < 0) {
  19598. printf("ecc_test_vector %d failed!: %d\n", keySize, ret);
  19599. return ret;
  19600. }
  19601. #endif
  19602. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  19603. !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  19604. ret = ecc_test_key_decode(rng, keySize);
  19605. if (ret < 0) {
  19606. if (ret == ECC_CURVE_OID_E) {
  19607. /* ignore error for curves not found */
  19608. }
  19609. else {
  19610. printf("ecc_test_key_decode %d failed!: %d\n", keySize, ret);
  19611. return ret;
  19612. }
  19613. }
  19614. #endif
  19615. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  19616. ret = ecc_test_key_gen(rng, keySize);
  19617. if (ret < 0) {
  19618. if (ret == ECC_CURVE_OID_E) {
  19619. /* ignore error for curves not found */
  19620. }
  19621. else {
  19622. printf("ecc_test_key_gen %d failed!: %d\n", keySize, ret);
  19623. return ret;
  19624. }
  19625. }
  19626. #endif
  19627. return 0;
  19628. }
  19629. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  19630. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  19631. defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  19632. !defined(WOLFSSL_NO_MALLOC)
  19633. static int ecc_point_test(void)
  19634. {
  19635. int ret;
  19636. ecc_point* point;
  19637. ecc_point* point2;
  19638. #ifdef HAVE_COMP_KEY
  19639. ecc_point* point3;
  19640. ecc_point* point4;
  19641. #endif
  19642. word32 outLen;
  19643. byte out[65];
  19644. byte der[] = { 0x04, /* = Uncompressed */
  19645. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19646. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19647. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19648. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19649. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19650. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19651. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19652. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  19653. #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
  19654. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  19655. byte derComp0[] = { 0x02, /* = Compressed, y even */
  19656. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19657. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19658. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19659. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  19660. byte derComp1[] = { 0x03, /* = Compressed, y odd */
  19661. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19662. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19663. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19664. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  19665. #endif
  19666. byte altDer[] = { 0x04, /* = Uncompressed */
  19667. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19668. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19669. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19670. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19671. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19672. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19673. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19674. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
  19675. int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
  19676. /* if curve P256 is not enabled then test should not fail */
  19677. if (curve_idx == ECC_CURVE_INVALID)
  19678. return 0;
  19679. outLen = sizeof(out);
  19680. point = wc_ecc_new_point();
  19681. if (point == NULL)
  19682. return -10000;
  19683. point2 = wc_ecc_new_point();
  19684. if (point2 == NULL) {
  19685. wc_ecc_del_point(point);
  19686. return -10001;
  19687. }
  19688. #ifdef HAVE_COMP_KEY
  19689. point3 = wc_ecc_new_point();
  19690. if (point3 == NULL) {
  19691. wc_ecc_del_point(point2);
  19692. wc_ecc_del_point(point);
  19693. return -10002;
  19694. }
  19695. point4 = wc_ecc_new_point();
  19696. if (point4 == NULL) {
  19697. wc_ecc_del_point(point3);
  19698. wc_ecc_del_point(point2);
  19699. wc_ecc_del_point(point);
  19700. return -10003;
  19701. }
  19702. #endif
  19703. /* Parameter Validation testing. */
  19704. wc_ecc_del_point(NULL);
  19705. ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
  19706. if (ret != ECC_BAD_ARG_E) {
  19707. ret = -10004;
  19708. goto done;
  19709. }
  19710. ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
  19711. if (ret != ECC_BAD_ARG_E) {
  19712. ret = -10005;
  19713. goto done;
  19714. }
  19715. ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
  19716. if (ret != ECC_BAD_ARG_E) {
  19717. ret = -10006;
  19718. goto done;
  19719. }
  19720. ret = wc_ecc_export_point_der(-1, point, out, &outLen);
  19721. if (ret != ECC_BAD_ARG_E) {
  19722. ret = -10007;
  19723. goto done;
  19724. }
  19725. ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
  19726. if (ret != ECC_BAD_ARG_E) {
  19727. ret = -10008;
  19728. goto done;
  19729. }
  19730. ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
  19731. if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
  19732. ret = -10009;
  19733. goto done;
  19734. }
  19735. ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
  19736. if (ret != ECC_BAD_ARG_E) {
  19737. ret = -10010;
  19738. goto done;
  19739. }
  19740. outLen = 0;
  19741. ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
  19742. if (ret != BUFFER_E) {
  19743. ret = -10011;
  19744. goto done;
  19745. }
  19746. ret = wc_ecc_copy_point(NULL, NULL);
  19747. if (ret != ECC_BAD_ARG_E) {
  19748. ret = -10012;
  19749. goto done;
  19750. }
  19751. ret = wc_ecc_copy_point(NULL, point2);
  19752. if (ret != ECC_BAD_ARG_E) {
  19753. ret = -10013;
  19754. goto done;
  19755. }
  19756. ret = wc_ecc_copy_point(point, NULL);
  19757. if (ret != ECC_BAD_ARG_E) {
  19758. ret = -10014;
  19759. goto done;
  19760. }
  19761. ret = wc_ecc_cmp_point(NULL, NULL);
  19762. if (ret != BAD_FUNC_ARG) {
  19763. ret = -10015;
  19764. goto done;
  19765. }
  19766. ret = wc_ecc_cmp_point(NULL, point2);
  19767. if (ret != BAD_FUNC_ARG) {
  19768. ret = -10016;
  19769. goto done;
  19770. }
  19771. ret = wc_ecc_cmp_point(point, NULL);
  19772. if (ret != BAD_FUNC_ARG) {
  19773. ret = -10017;
  19774. goto done;
  19775. }
  19776. /* Use API. */
  19777. ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
  19778. if (ret != 0) {
  19779. ret = -10018;
  19780. goto done;
  19781. }
  19782. outLen = sizeof(out);
  19783. ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
  19784. if (ret != 0) {
  19785. ret = -10019;
  19786. goto done;
  19787. }
  19788. if (outLen != sizeof(der)) {
  19789. ret = -10020;
  19790. goto done;
  19791. }
  19792. if (XMEMCMP(out, der, outLen) != 0) {
  19793. ret = -10021;
  19794. goto done;
  19795. }
  19796. ret = wc_ecc_copy_point(point2, point);
  19797. if (ret != MP_OKAY) {
  19798. ret = -10022;
  19799. goto done;
  19800. }
  19801. ret = wc_ecc_cmp_point(point2, point);
  19802. if (ret != MP_EQ) {
  19803. ret = -10023;
  19804. goto done;
  19805. }
  19806. ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
  19807. if (ret != 0) {
  19808. ret = -10024;
  19809. goto done;
  19810. }
  19811. ret = wc_ecc_cmp_point(point2, point);
  19812. if (ret != MP_GT) {
  19813. ret = -10025;
  19814. goto done;
  19815. }
  19816. #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
  19817. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  19818. ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
  19819. if (ret != 0) {
  19820. ret = -10026;
  19821. goto done;
  19822. }
  19823. ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
  19824. if (ret != 0) {
  19825. ret = -10027;
  19826. goto done;
  19827. }
  19828. ret = wc_ecc_cmp_point(point3, point4);
  19829. if (ret != MP_EQ) {
  19830. ret = -10028;
  19831. goto done;
  19832. }
  19833. ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
  19834. if (ret != 0) {
  19835. ret = -10029;
  19836. goto done;
  19837. }
  19838. ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
  19839. if (ret != 0) {
  19840. ret = -10030;
  19841. goto done;
  19842. }
  19843. ret = wc_ecc_cmp_point(point3, point4);
  19844. if (ret != MP_EQ) {
  19845. ret = -10031;
  19846. goto done;
  19847. }
  19848. #endif
  19849. done:
  19850. #ifdef HAVE_COMP_KEY
  19851. wc_ecc_del_point(point4);
  19852. wc_ecc_del_point(point3);
  19853. #endif
  19854. wc_ecc_del_point(point2);
  19855. wc_ecc_del_point(point);
  19856. return ret;
  19857. }
  19858. #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
  19859. #ifndef NO_SIG_WRAPPER
  19860. static int ecc_sig_test(WC_RNG* rng, ecc_key* key)
  19861. {
  19862. int ret;
  19863. word32 sigSz;
  19864. int size;
  19865. byte out[ECC_MAX_SIG_SIZE];
  19866. byte in[] = TEST_STRING;
  19867. WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
  19868. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  19869. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  19870. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  19871. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  19872. };
  19873. word32 inLen = (word32)XSTRLEN((char*)in);
  19874. size = wc_ecc_sig_size(key);
  19875. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
  19876. if (ret != size)
  19877. return -10040;
  19878. sigSz = (word32)ret;
  19879. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
  19880. inLen, out, &sigSz, key, sizeof(*key), rng);
  19881. if (ret != 0)
  19882. return -10041;
  19883. TEST_SLEEP();
  19884. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
  19885. inLen, out, sigSz, key, sizeof(*key));
  19886. if (ret != 0)
  19887. return -10042;
  19888. TEST_SLEEP();
  19889. sigSz = (word32)sizeof(out);
  19890. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
  19891. hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
  19892. if (ret != 0)
  19893. return -10043;
  19894. TEST_SLEEP();
  19895. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
  19896. hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
  19897. if (ret != 0)
  19898. return -10044;
  19899. TEST_SLEEP();
  19900. return 0;
  19901. }
  19902. #endif
  19903. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
  19904. static int ecc_exp_imp_test(ecc_key* key)
  19905. {
  19906. int ret;
  19907. int curve_id;
  19908. #ifdef WOLFSSL_SMALL_STACK
  19909. ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);;
  19910. #else
  19911. ecc_key keyImp[1];
  19912. #endif
  19913. byte priv[32];
  19914. word32 privLen;
  19915. byte pub[65];
  19916. word32 pubLen, pubLenX, pubLenY;
  19917. const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
  19918. "ce46cbc947616d0cbaa82323818a793d";
  19919. const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
  19920. "922f8b30ea6e8811742ac7238fe87308";
  19921. const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
  19922. "2e7a493ec1153b3a95feb8a4873f8d08";
  19923. #ifdef WOLFSSL_SMALL_STACK
  19924. if (keyImp == NULL)
  19925. ERROR_OUT(-10050, done);
  19926. #endif
  19927. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19928. privLen = sizeof(priv);
  19929. ret = wc_ecc_export_private_only(key, priv, &privLen);
  19930. if (ret != 0) {
  19931. ret = -10051;
  19932. goto done;
  19933. }
  19934. pubLen = sizeof(pub);
  19935. ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
  19936. if (ret != 0) {
  19937. ret = -10052;
  19938. goto done;
  19939. }
  19940. ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
  19941. if (ret != 0) {
  19942. ret = -10053;
  19943. goto done;
  19944. }
  19945. wc_ecc_free(keyImp);
  19946. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19947. ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
  19948. if (ret != 0) {
  19949. ret = -10054;
  19950. goto done;
  19951. }
  19952. wc_ecc_free(keyImp);
  19953. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19954. curve_id = wc_ecc_get_curve_id(key->idx);
  19955. if (curve_id < 0) {
  19956. ret = -10055;
  19957. goto done;
  19958. }
  19959. /* test import private only */
  19960. ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
  19961. curve_id);
  19962. if (ret != 0) {
  19963. ret = -10056;
  19964. goto done;
  19965. }
  19966. wc_ecc_free(keyImp);
  19967. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19968. /* test export public raw */
  19969. pubLenX = pubLenY = 32;
  19970. ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
  19971. if (ret != 0) {
  19972. ret = -10057;
  19973. goto done;
  19974. }
  19975. #ifndef HAVE_SELFTEST
  19976. /* test import of public */
  19977. ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
  19978. if (ret != 0) {
  19979. ret = -10058;
  19980. goto done;
  19981. }
  19982. #endif
  19983. wc_ecc_free(keyImp);
  19984. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19985. /* test export private and public raw */
  19986. pubLenX = pubLenY = privLen = 32;
  19987. ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
  19988. priv, &privLen);
  19989. if (ret != 0) {
  19990. ret = -10059;
  19991. goto done;
  19992. }
  19993. #ifndef HAVE_SELFTEST
  19994. /* test import of private and public */
  19995. ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
  19996. if (ret != 0) {
  19997. ret = -10060;
  19998. goto done;
  19999. }
  20000. #endif
  20001. done:
  20002. #ifdef WOLFSSL_SMALL_STACK
  20003. if (keyImp != NULL) {
  20004. wc_ecc_free(keyImp);
  20005. XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20006. }
  20007. #else
  20008. wc_ecc_free(keyImp);
  20009. #endif
  20010. return ret;
  20011. }
  20012. #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
  20013. #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
  20014. static int ecc_mulmod_test(ecc_key* key1)
  20015. {
  20016. int ret;
  20017. #ifdef WOLFSSL_SMALL_STACK
  20018. ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20019. ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20020. #else
  20021. ecc_key key2[1];
  20022. ecc_key key3[1];
  20023. #endif
  20024. #ifdef WOLFSSL_SMALL_STACK
  20025. if ((key2 == NULL) || (key3 == NULL))
  20026. ERROR_OUT(MEMORY_E, done);
  20027. #endif
  20028. wc_ecc_init_ex(key2, HEAP_HINT, devId);
  20029. wc_ecc_init_ex(key3, HEAP_HINT, devId);
  20030. /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
  20031. /* Need base point (Gx,Gy) and parameter A - load them as the public and
  20032. * private key in key2.
  20033. */
  20034. ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
  20035. ECC_SECP256R1);
  20036. if (ret != 0)
  20037. goto done;
  20038. /* Need a point (Gx,Gy) and prime - load them as the public and private key
  20039. * in key3.
  20040. */
  20041. ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy,
  20042. key1->dp->prime, ECC_SECP256R1);
  20043. if (ret != 0)
  20044. goto done;
  20045. ret = wc_ecc_mulmod(&key1->k, &key2->pubkey, &key3->pubkey, &key2->k, &key3->k,
  20046. 1);
  20047. if (ret != 0) {
  20048. ret = -10070;
  20049. goto done;
  20050. }
  20051. done:
  20052. #ifdef WOLFSSL_SMALL_STACK
  20053. if (key2 != NULL) {
  20054. wc_ecc_free(key2);
  20055. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20056. }
  20057. if (key3 != NULL) {
  20058. wc_ecc_free(key3);
  20059. XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20060. }
  20061. #else
  20062. wc_ecc_free(key3);
  20063. wc_ecc_free(key2);
  20064. #endif
  20065. return ret;
  20066. }
  20067. #endif
  20068. #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
  20069. static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
  20070. {
  20071. int ret;
  20072. byte out[128];
  20073. word32 outLen = sizeof(out);
  20074. /* Parameter Validation testing. */
  20075. ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
  20076. if (ret != BAD_FUNC_ARG)
  20077. return -10080;
  20078. ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
  20079. if (ret != BAD_FUNC_ARG)
  20080. return -10081;
  20081. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
  20082. if (ret != BAD_FUNC_ARG)
  20083. return -10082;
  20084. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
  20085. if (ret != BAD_FUNC_ARG)
  20086. return -10083;
  20087. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  20088. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  20089. !defined(HAVE_SELFTEST)
  20090. ret = wc_ecc_set_rng(key, rng);
  20091. if (ret != 0)
  20092. return -10084;
  20093. #else
  20094. (void)rng;
  20095. #endif
  20096. /* Use API. */
  20097. ret = 0;
  20098. do {
  20099. #if defined(WOLFSSL_ASYNC_CRYPT)
  20100. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  20101. #endif
  20102. if (ret == 0)
  20103. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
  20104. } while (ret == WC_PENDING_E);
  20105. if (ret != 0)
  20106. return -10085;
  20107. TEST_SLEEP();
  20108. return 0;
  20109. }
  20110. #endif /* HAVE_ECC_DHE && !WC_NO_RNG */
  20111. static int ecc_def_curve_test(WC_RNG *rng)
  20112. {
  20113. int ret;
  20114. #ifdef WOLFSSL_SMALL_STACK
  20115. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20116. #else
  20117. ecc_key key[1];
  20118. #endif
  20119. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
  20120. word32 idx = 0;
  20121. #endif
  20122. #ifdef WOLFSSL_SMALL_STACK
  20123. if (key == NULL)
  20124. ERROR_OUT(MEMORY_E, done);
  20125. #endif
  20126. wc_ecc_init_ex(key, HEAP_HINT, devId);
  20127. /* Use API */
  20128. ret = wc_ecc_set_flags(NULL, 0);
  20129. if (ret != BAD_FUNC_ARG) {
  20130. ret = -10090;
  20131. goto done;
  20132. }
  20133. ret = wc_ecc_set_flags(key, 0);
  20134. if (ret != 0) {
  20135. ret = -10091;
  20136. goto done;
  20137. }
  20138. #ifndef WC_NO_RNG
  20139. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  20140. #if defined(WOLFSSL_ASYNC_CRYPT)
  20141. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  20142. #endif
  20143. if (ret != 0) {
  20144. goto done;
  20145. }
  20146. #ifndef NO_SIG_WRAPPER
  20147. ret = ecc_sig_test(rng, key);
  20148. if (ret < 0)
  20149. goto done;
  20150. #endif
  20151. TEST_SLEEP();
  20152. #ifdef HAVE_ECC_DHE
  20153. ret = ecc_ssh_test(key, rng);
  20154. if (ret < 0)
  20155. goto done;
  20156. #endif
  20157. wc_ecc_free(key);
  20158. #else
  20159. (void)rng;
  20160. #endif /* !WC_NO_RNG */
  20161. #if (defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
  20162. (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))
  20163. /* Use test ECC key - ensure real private "d" exists */
  20164. #ifdef USE_CERT_BUFFERS_256
  20165. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
  20166. sizeof_ecc_key_der_256);
  20167. #else
  20168. {
  20169. XFILE file = XFOPEN("./certs/ecc-key.der", "rb");
  20170. byte der[128];
  20171. word32 derSz;
  20172. if (!file) {
  20173. ERROR_OUT(-10093, done);
  20174. }
  20175. derSz = (word32)XFREAD(der, 1, sizeof(der), file);
  20176. XFCLOSE(file);
  20177. ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
  20178. }
  20179. #endif
  20180. if (ret != 0) {
  20181. goto done;
  20182. }
  20183. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
  20184. ret = ecc_exp_imp_test(key);
  20185. if (ret < 0)
  20186. goto done;
  20187. #endif
  20188. #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
  20189. ret = ecc_mulmod_test(key);
  20190. if (ret < 0)
  20191. goto done;
  20192. #endif
  20193. #endif
  20194. done:
  20195. wc_ecc_free(key);
  20196. #ifdef WOLFSSL_SMALL_STACK
  20197. if (key != NULL) {
  20198. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20199. }
  20200. #endif
  20201. return ret;
  20202. }
  20203. #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
  20204. #ifdef WOLFSSL_CERT_EXT
  20205. static int ecc_decode_test(void)
  20206. {
  20207. int ret;
  20208. word32 inSz;
  20209. word32 inOutIdx;
  20210. #ifdef WOLFSSL_SMALL_STACK
  20211. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20212. #else
  20213. ecc_key key[1];
  20214. #endif
  20215. /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
  20216. /* This is ecc_clikeypub_der_256. */
  20217. WOLFSSL_SMALL_STACK_STATIC const byte good[] = {
  20218. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
  20219. 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
  20220. 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
  20221. 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
  20222. 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
  20223. 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
  20224. 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
  20225. 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
  20226. 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
  20227. 0xb4 };
  20228. WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
  20229. 0x00, 0x04, 0x01, 0x01 };
  20230. WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
  20231. 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  20232. WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
  20233. 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  20234. WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
  20235. 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  20236. WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
  20237. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  20238. 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
  20239. WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
  20240. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  20241. 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
  20242. WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
  20243. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  20244. 0x03, 0x03, 0x04, 0x01, 0x01 };
  20245. WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
  20246. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  20247. 0x03, 0x03, 0x00, 0x04, 0x01 };
  20248. #ifdef WOLFSSL_SMALL_STACK
  20249. if (key == NULL)
  20250. ERROR_OUT(MEMORY_E, done);
  20251. #endif
  20252. XMEMSET(key, 0, sizeof *key);
  20253. wc_ecc_init_ex(key, HEAP_HINT, devId);
  20254. inSz = sizeof(good);
  20255. ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
  20256. if (ret != BAD_FUNC_ARG) {
  20257. ret = -10100;
  20258. goto done;
  20259. }
  20260. ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
  20261. if (ret != BAD_FUNC_ARG) {
  20262. ret = -10101;
  20263. goto done;
  20264. }
  20265. ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
  20266. if (ret != BAD_FUNC_ARG) {
  20267. ret = -10102;
  20268. goto done;
  20269. }
  20270. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
  20271. if (ret != BAD_FUNC_ARG) {
  20272. ret = -10103;
  20273. goto done;
  20274. }
  20275. /* Change offset to produce bad input data. */
  20276. inOutIdx = 2;
  20277. inSz = sizeof(good) - inOutIdx;
  20278. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  20279. if (ret != ASN_PARSE_E) {
  20280. ret = -10104;
  20281. goto done;
  20282. }
  20283. inOutIdx = 4;
  20284. inSz = sizeof(good) - inOutIdx;
  20285. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  20286. if (ret != ASN_PARSE_E) {
  20287. ret = -10105;
  20288. goto done;
  20289. }
  20290. /* Bad data. */
  20291. inSz = sizeof(badNoObjId);
  20292. inOutIdx = 0;
  20293. ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
  20294. if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
  20295. ret = -10106;
  20296. goto done;
  20297. }
  20298. inSz = sizeof(badOneObjId);
  20299. inOutIdx = 0;
  20300. ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
  20301. if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
  20302. ret = -10107;
  20303. goto done;
  20304. }
  20305. inSz = sizeof(badObjId1Len);
  20306. inOutIdx = 0;
  20307. ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
  20308. if (ret != ASN_PARSE_E) {
  20309. ret = -10108;
  20310. goto done;
  20311. }
  20312. inSz = sizeof(badObj2d1Len);
  20313. inOutIdx = 0;
  20314. ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
  20315. if (ret != ASN_PARSE_E) {
  20316. ret = -10109;
  20317. goto done;
  20318. }
  20319. inSz = sizeof(badNotBitStr);
  20320. inOutIdx = 0;
  20321. ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
  20322. if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
  20323. ret = -10110;
  20324. goto done;
  20325. }
  20326. inSz = sizeof(badBitStrLen);
  20327. inOutIdx = 0;
  20328. ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
  20329. if (ret != ASN_PARSE_E) {
  20330. ret = -10111;
  20331. goto done;
  20332. }
  20333. inSz = sizeof(badNoBitStrZero);
  20334. inOutIdx = 0;
  20335. ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
  20336. if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
  20337. ret = -10112;
  20338. goto done;
  20339. }
  20340. inSz = sizeof(badPoint);
  20341. inOutIdx = 0;
  20342. ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
  20343. if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
  20344. ret = -10113;
  20345. goto done;
  20346. }
  20347. inSz = sizeof(good);
  20348. inOutIdx = 0;
  20349. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  20350. if (ret != 0) {
  20351. ret = -10114;
  20352. goto done;
  20353. }
  20354. done:
  20355. #ifdef WOLFSSL_SMALL_STACK
  20356. if (key != NULL) {
  20357. wc_ecc_free(key);
  20358. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20359. }
  20360. #else
  20361. wc_ecc_free(key);
  20362. #endif
  20363. return ret;
  20364. }
  20365. #endif /* WOLFSSL_CERT_EXT */
  20366. #ifdef WOLFSSL_CUSTOM_CURVES
  20367. static const byte eccKeyExplicitCurve[] = {
  20368. 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
  20369. 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
  20370. 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
  20371. 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
  20372. 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
  20373. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  20374. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  20375. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
  20376. 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
  20377. 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
  20378. 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
  20379. 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
  20380. 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
  20381. 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
  20382. 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
  20383. 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
  20384. 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
  20385. 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
  20386. 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  20387. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  20388. 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
  20389. 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
  20390. 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
  20391. 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
  20392. 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
  20393. 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
  20394. 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
  20395. 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
  20396. 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
  20397. 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
  20398. 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
  20399. };
  20400. static int ecc_test_custom_curves(WC_RNG* rng)
  20401. {
  20402. int ret;
  20403. word32 inOutIdx;
  20404. #ifdef WOLFSSL_SMALL_STACK
  20405. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20406. #else
  20407. ecc_key key[1];
  20408. #endif
  20409. /* test use of custom curve - using BRAINPOOLP256R1 for test */
  20410. #ifdef HAVE_ECC_BRAINPOOL
  20411. #ifndef WOLFSSL_ECC_CURVE_STATIC
  20412. WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
  20413. 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
  20414. };
  20415. #define ecc_oid_brainpoolp256r1_sz \
  20416. (sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t))
  20417. #else
  20418. #define ecc_oid_brainpoolp256r1 { \
  20419. 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \
  20420. }
  20421. #define ecc_oid_brainpoolp256r1_sz 9
  20422. #endif
  20423. #define ecc_oid_brainpoolp256r1_sum 104
  20424. WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = {
  20425. 32, /* size/bytes */
  20426. ECC_CURVE_CUSTOM, /* ID */
  20427. "BRAINPOOLP256R1", /* curve name */
  20428. "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
  20429. "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
  20430. "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
  20431. "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
  20432. "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
  20433. "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
  20434. ecc_oid_brainpoolp256r1, /* oid/oidSz */
  20435. ecc_oid_brainpoolp256r1_sz,
  20436. ecc_oid_brainpoolp256r1_sum, /* oid sum */
  20437. 1, /* cofactor */
  20438. };
  20439. #endif /* HAVE_ECC_BRAINPOOL */
  20440. #ifdef WOLFSSL_SMALL_STACK
  20441. if (! key) {
  20442. ret = MEMORY_E;
  20443. goto done;
  20444. }
  20445. #endif
  20446. XMEMSET(key, 0, sizeof *key);
  20447. #ifdef HAVE_ECC_BRAINPOOL
  20448. ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
  20449. &ecc_dp_brainpool256r1);
  20450. if (ret != 0) {
  20451. printf("ECC test for custom curve failed! %d\n", ret);
  20452. goto done;
  20453. }
  20454. #endif
  20455. #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
  20456. {
  20457. int curve_id;
  20458. #ifdef HAVE_ECC_BRAINPOOL
  20459. curve_id = ECC_BRAINPOOLP256R1;
  20460. #else
  20461. curve_id = ECC_SECP256K1;
  20462. #endif
  20463. /* Test and demonstrate use of non-SECP curve */
  20464. ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
  20465. if (ret < 0) {
  20466. printf("ECC test for curve_id %d failed! %d\n", curve_id, ret);
  20467. goto done;
  20468. }
  20469. }
  20470. #endif
  20471. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  20472. if (ret != 0) {
  20473. ret = -10120;
  20474. goto done;
  20475. }
  20476. inOutIdx = 0;
  20477. ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
  20478. sizeof(eccKeyExplicitCurve));
  20479. if (ret != 0)
  20480. ret = -10121;
  20481. done:
  20482. #ifdef WOLFSSL_SMALL_STACK
  20483. if (key) {
  20484. wc_ecc_free(key);
  20485. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20486. }
  20487. #else
  20488. wc_ecc_free(key);
  20489. #endif
  20490. (void)rng;
  20491. return ret;
  20492. }
  20493. #endif /* WOLFSSL_CUSTOM_CURVES */
  20494. #ifdef WOLFSSL_CERT_GEN
  20495. /* Make Cert / Sign example for ECC cert and ECC CA */
  20496. static int ecc_test_cert_gen(WC_RNG* rng)
  20497. {
  20498. int ret;
  20499. #ifdef WOLFSSL_SMALL_STACK
  20500. Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20501. #ifdef WOLFSSL_TEST_CERT
  20502. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20503. #endif
  20504. ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20505. ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20506. #else
  20507. Cert myCert[1];
  20508. #ifdef WOLFSSL_TEST_CERT
  20509. DecodedCert decode[1];
  20510. #endif
  20511. ecc_key caEccKey[1];
  20512. ecc_key certPubKey[1];
  20513. #endif
  20514. int certSz;
  20515. size_t bytes;
  20516. word32 idx = 0;
  20517. #ifndef USE_CERT_BUFFERS_256
  20518. XFILE file;
  20519. #endif
  20520. #ifdef WOLFSSL_SMALL_STACK
  20521. byte* der = NULL;
  20522. #else
  20523. byte der[FOURK_BUF];
  20524. #endif
  20525. #ifdef WOLFSSL_SMALL_STACK
  20526. if ((myCert == NULL)
  20527. #ifdef WOLFSSL_TEST_CERT
  20528. || (decode == NULL)
  20529. #endif
  20530. || (caEccKey == NULL) || (certPubKey == NULL))
  20531. ERROR_OUT(MEMORY_E, exit);
  20532. #endif
  20533. XMEMSET(caEccKey, 0, sizeof *caEccKey);
  20534. XMEMSET(certPubKey, 0, sizeof *certPubKey);
  20535. #ifdef WOLFSSL_SMALL_STACK
  20536. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20537. if (der == NULL) {
  20538. ERROR_OUT(-10130, exit);
  20539. }
  20540. #endif
  20541. /* Get cert private key */
  20542. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  20543. /* Get Cert Key 384 */
  20544. #ifdef USE_CERT_BUFFERS_256
  20545. XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
  20546. bytes = sizeof_ca_ecc_key_der_384;
  20547. #else
  20548. file = XFOPEN(eccCaKey384File, "rb");
  20549. if (!file) {
  20550. ERROR_OUT(-10131, exit);
  20551. }
  20552. bytes = XFREAD(der, 1, FOURK_BUF, file);
  20553. XFCLOSE(file);
  20554. (void)eccCaKeyFile;
  20555. #endif /* USE_CERT_BUFFERS_256 */
  20556. #else
  20557. #ifdef USE_CERT_BUFFERS_256
  20558. XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
  20559. bytes = sizeof_ca_ecc_key_der_256;
  20560. #else
  20561. file = XFOPEN(eccCaKeyFile, "rb");
  20562. if (!file) {
  20563. ERROR_OUT(-10132, exit);
  20564. }
  20565. bytes = XFREAD(der, 1, FOURK_BUF, file);
  20566. XFCLOSE(file);
  20567. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  20568. (void)eccCaKey384File;
  20569. #endif
  20570. #endif /* USE_CERT_BUFFERS_256 */
  20571. #endif /* ENABLE_ECC384_CERT_GEN_TEST */
  20572. /* Get CA Key */
  20573. ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId);
  20574. if (ret != 0) {
  20575. ERROR_OUT(-10133, exit);
  20576. }
  20577. ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes);
  20578. if (ret != 0) {
  20579. ERROR_OUT(-10134, exit);
  20580. }
  20581. /* Make a public key */
  20582. ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId);
  20583. if (ret != 0) {
  20584. ERROR_OUT(-10135, exit);
  20585. }
  20586. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey);
  20587. #if defined(WOLFSSL_ASYNC_CRYPT)
  20588. ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE);
  20589. #endif
  20590. if (ret != 0) {
  20591. ERROR_OUT(-10136, exit);
  20592. }
  20593. TEST_SLEEP();
  20594. /* Setup Certificate */
  20595. if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
  20596. ERROR_OUT(-10137, exit);
  20597. }
  20598. #ifndef NO_SHA256
  20599. myCert->sigType = CTC_SHA256wECDSA;
  20600. #else
  20601. myCert->sigType = CTC_SHAwECDSA;
  20602. #endif
  20603. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  20604. #ifdef WOLFSSL_CERT_EXT
  20605. /* add Policies */
  20606. XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
  20607. CTC_MAX_CERTPOL_SZ);
  20608. XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
  20609. CTC_MAX_CERTPOL_SZ);
  20610. myCert->certPoliciesNb = 2;
  20611. /* add SKID from the Public Key */
  20612. if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey) != 0) {
  20613. ERROR_OUT(-10138, exit);
  20614. }
  20615. /* add AKID from the Public Key */
  20616. if (wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey) != 0) {
  20617. ERROR_OUT(-10139, exit);
  20618. }
  20619. /* add Key Usage */
  20620. if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
  20621. ERROR_OUT(-10140, exit);
  20622. }
  20623. #endif /* WOLFSSL_CERT_EXT */
  20624. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  20625. #if defined(USE_CERT_BUFFERS_256)
  20626. ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
  20627. sizeof_ca_ecc_cert_der_384);
  20628. #else
  20629. ret = wc_SetIssuer(myCert, eccCaCert384File);
  20630. (void)eccCaCertFile;
  20631. #endif
  20632. #else
  20633. #if defined(USE_CERT_BUFFERS_256)
  20634. ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
  20635. sizeof_ca_ecc_cert_der_256);
  20636. #else
  20637. ret = wc_SetIssuer(myCert, eccCaCertFile);
  20638. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  20639. (void)eccCaCert384File;
  20640. #endif
  20641. #endif
  20642. #endif /* ENABLE_ECC384_CERT_GEN_TEST */
  20643. if (ret < 0) {
  20644. ERROR_OUT(-10141, exit);
  20645. }
  20646. certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng);
  20647. if (certSz < 0) {
  20648. ERROR_OUT(-10142, exit);
  20649. }
  20650. ret = 0;
  20651. do {
  20652. #if defined(WOLFSSL_ASYNC_CRYPT)
  20653. ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  20654. #endif
  20655. if (ret >= 0) {
  20656. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
  20657. FOURK_BUF, NULL, caEccKey, rng);
  20658. }
  20659. } while (ret == WC_PENDING_E);
  20660. if (ret < 0) {
  20661. ERROR_OUT(-10143, exit);
  20662. }
  20663. certSz = ret;
  20664. TEST_SLEEP();
  20665. #ifdef WOLFSSL_TEST_CERT
  20666. InitDecodedCert(decode, der, certSz, 0);
  20667. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  20668. if (ret != 0) {
  20669. FreeDecodedCert(decode);
  20670. ERROR_OUT(-10144, exit);
  20671. }
  20672. FreeDecodedCert(decode);
  20673. #endif
  20674. ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
  20675. CERT_TYPE, -6735);
  20676. if (ret != 0) {
  20677. goto exit;
  20678. }
  20679. exit:
  20680. #ifdef WOLFSSL_SMALL_STACK
  20681. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20682. #endif
  20683. #ifdef WOLFSSL_SMALL_STACK
  20684. if (myCert != NULL)
  20685. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20686. #ifdef WOLFSSL_TEST_CERT
  20687. if (decode != NULL)
  20688. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20689. #endif
  20690. if (caEccKey != NULL) {
  20691. wc_ecc_free(caEccKey);
  20692. XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20693. }
  20694. if (certPubKey != NULL) {
  20695. wc_ecc_free(certPubKey);
  20696. XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20697. }
  20698. #else
  20699. wc_ecc_free(certPubKey);
  20700. wc_ecc_free(caEccKey);
  20701. #endif
  20702. return ret;
  20703. }
  20704. #endif /* WOLFSSL_CERT_GEN */
  20705. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
  20706. /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
  20707. static int ecc_test_allocator(WC_RNG* rng)
  20708. {
  20709. int ret = 0;
  20710. ecc_key* key;
  20711. #ifdef WC_NO_RNG
  20712. word32 idx = 0;
  20713. #endif
  20714. key = wc_ecc_key_new(HEAP_HINT);
  20715. if (key == NULL) {
  20716. ERROR_OUT(-10150, exit);
  20717. }
  20718. #ifndef WC_NO_RNG
  20719. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  20720. if (ret != 0) {
  20721. ERROR_OUT(-10151, exit);
  20722. }
  20723. #else
  20724. /* use test ECC key */
  20725. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
  20726. (word32)sizeof_ecc_key_der_256);
  20727. (void)rng;
  20728. #endif
  20729. exit:
  20730. wc_ecc_key_free(key);
  20731. return ret;
  20732. }
  20733. #endif
  20734. /* ECC Non-blocking tests for Sign and Verify */
  20735. /* Requires SP math and supports P384 or P256 */
  20736. /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
  20737. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
  20738. defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  20739. /* Test Data - Random */
  20740. static const uint8_t kMsg[] = {
  20741. 0x69, 0xbc, 0x9f, 0xce, 0x68, 0x17, 0xc2, 0x10, 0xea, 0xfc, 0x10, 0x65, 0x67, 0x52, 0xed, 0x78,
  20742. 0x6e, 0xb8, 0x83, 0x9c, 0x9a, 0xb4, 0x56, 0x0d, 0xc1, 0x0d, 0x1f, 0x78, 0x6e, 0x75, 0xd7, 0xbe,
  20743. 0x92, 0x6b, 0x12, 0xf6, 0x76, 0x60, 0x8e, 0xb1, 0xf4, 0x19, 0x0c, 0x81, 0xe7, 0x54, 0x5e, 0xbc,
  20744. 0xe0, 0xae, 0xc2, 0x7d, 0x1b, 0xc4, 0x6e, 0xec, 0xb1, 0x99, 0x6c, 0xbf, 0x0e, 0x38, 0xa8, 0x01,
  20745. 0xa6, 0x9a, 0x48, 0x12, 0xe4, 0xc9, 0x3b, 0xf0, 0x63, 0x46, 0x15, 0xb4, 0x61, 0xa8, 0x1a, 0x60,
  20746. 0x71, 0x87, 0x98, 0xd7, 0x6f, 0x98, 0x7b, 0x2d, 0xb9, 0x19, 0x1b, 0x21, 0x9c, 0x70, 0x58, 0xe8,
  20747. 0x0d, 0x0f, 0xe9, 0x2d, 0x9a, 0x9a, 0xf1, 0x55, 0xa0, 0x4c, 0xd3, 0x07, 0xbd, 0x97, 0x48, 0xec,
  20748. 0x88, 0x0a, 0xaf, 0xb3, 0x80, 0x78, 0xa4, 0x59, 0x43, 0x57, 0xd3, 0xa7, 0x01, 0x66, 0x0e, 0xfc
  20749. };
  20750. /* ECC Private Key "d" */
  20751. static const uint8_t kPrivKey[] = {
  20752. #ifdef HAVE_ECC384
  20753. /* SECP384R1 */
  20754. /* d */
  20755. 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
  20756. 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
  20757. 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
  20758. 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
  20759. 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
  20760. 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
  20761. #else
  20762. /* SECP256R1 */
  20763. /* d */
  20764. 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
  20765. 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
  20766. 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
  20767. 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
  20768. #endif
  20769. };
  20770. /* ECC public key Qx/Qy */
  20771. static const uint8_t kPubKey[] = {
  20772. #ifdef HAVE_ECC384
  20773. /* SECP384R1 */
  20774. /* Qx */
  20775. 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
  20776. 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
  20777. 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
  20778. 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
  20779. 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
  20780. 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
  20781. /* Qy */
  20782. 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
  20783. 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
  20784. 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
  20785. 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
  20786. 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
  20787. 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
  20788. #else
  20789. /* SECP256R1 */
  20790. /* Qx */
  20791. 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
  20792. 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
  20793. 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
  20794. 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
  20795. /* Qy */
  20796. 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
  20797. 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
  20798. 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
  20799. 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
  20800. #endif
  20801. };
  20802. /* ECC Curve */
  20803. #ifdef HAVE_ECC384
  20804. /* SECP384R1 */
  20805. #define ECC_CURVE_SZ 48
  20806. #define ECC_CURVE_ID ECC_SECP384R1
  20807. #else
  20808. /* SECP256R1 */
  20809. #define ECC_CURVE_SZ 32
  20810. #define ECC_CURVE_ID ECC_SECP256R1
  20811. #endif
  20812. /* Hash Algorithm */
  20813. #if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3)
  20814. #define HASH_DIGEST_SZ WC_SHA3_384_DIGEST_SIZE
  20815. #define HASH_SHA_VER 3
  20816. #define CRYPTO_HASH_FN crypto_sha3_384
  20817. #elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384)
  20818. #define HASH_DIGEST_SZ WC_SHA384_DIGEST_SIZE
  20819. #define HASH_SHA_VER 2
  20820. #define CRYPTO_HASH_FN crypto_sha2_384
  20821. #elif !defined(NO_SHA256)
  20822. #define HASH_DIGEST_SZ WC_SHA256_DIGEST_SIZE
  20823. #define HASH_SHA_VER 2
  20824. #define CRYPTO_HASH_FN crypto_sha2_256
  20825. #else
  20826. #error test configuration not supported
  20827. #endif
  20828. #if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3)
  20829. /* helper to perform hashing block by block */
  20830. static int crypto_sha3_384(const uint8_t *buf, uint32_t len, uint8_t *hash,
  20831. uint32_t hashSz, uint32_t blkSz)
  20832. {
  20833. int ret;
  20834. uint32_t i = 0, chunk;
  20835. wc_Sha3 sha3;
  20836. /* validate arguments */
  20837. if ((buf == NULL && len > 0) || hash == NULL ||
  20838. hashSz < WC_SHA3_384_DIGEST_SIZE || blkSz == 0)
  20839. {
  20840. return BAD_FUNC_ARG;
  20841. }
  20842. /* Init Sha3_384 structure */
  20843. ret = wc_InitSha3_384(&sha3, NULL, INVALID_DEVID);
  20844. if (ret != 0) {
  20845. return ret;
  20846. }
  20847. while (i < len) {
  20848. chunk = blkSz;
  20849. if ((chunk + i) > len)
  20850. chunk = len - i;
  20851. /* Perform chunked update */
  20852. ret = wc_Sha3_384_Update(&sha3, (buf + i), chunk);
  20853. if (ret != 0) {
  20854. break;
  20855. }
  20856. i += chunk;
  20857. }
  20858. if (ret == 0) {
  20859. /* Get final digest result */
  20860. ret = wc_Sha3_384_Final(&sha3, hash);
  20861. }
  20862. return ret;
  20863. }
  20864. #elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384)
  20865. /* helper to perform hashing block by block */
  20866. static int crypto_sha2_384(const uint8_t *buf, uint32_t len, uint8_t *hash,
  20867. uint32_t hashSz, uint32_t blkSz)
  20868. {
  20869. int ret;
  20870. uint32_t i = 0, chunk;
  20871. wc_Sha384 sha384;
  20872. /* validate arguments */
  20873. if ((buf == NULL && len > 0) || hash == NULL ||
  20874. hashSz < WC_SHA384_DIGEST_SIZE || blkSz == 0)
  20875. {
  20876. return BAD_FUNC_ARG;
  20877. }
  20878. /* Init Sha384 structure */
  20879. ret = wc_InitSha384(&sha384);
  20880. if (ret != 0) {
  20881. return ret;
  20882. }
  20883. while (i < len) {
  20884. chunk = blkSz;
  20885. if ((chunk + i) > len)
  20886. chunk = len - i;
  20887. /* Perform chunked update */
  20888. ret = wc_Sha384Update(&sha384, (buf + i), chunk);
  20889. if (ret != 0) {
  20890. break;
  20891. }
  20892. i += chunk;
  20893. }
  20894. if (ret == 0) {
  20895. /* Get final digest result */
  20896. ret = wc_Sha384Final(&sha384, hash);
  20897. }
  20898. return ret;
  20899. }
  20900. #elif !defined(NO_SHA256)
  20901. /* helper to perform hashing block by block */
  20902. static int crypto_sha2_256(const uint8_t *buf, uint32_t len, uint8_t *hash,
  20903. uint32_t hashSz, uint32_t blkSz)
  20904. {
  20905. int ret;
  20906. uint32_t i = 0, chunk;
  20907. wc_Sha256 sha256;
  20908. /* validate arguments */
  20909. if ((buf == NULL && len > 0) || hash == NULL ||
  20910. hashSz < WC_SHA256_DIGEST_SIZE || blkSz == 0)
  20911. {
  20912. return BAD_FUNC_ARG;
  20913. }
  20914. /* Init Sha256 structure */
  20915. ret = wc_InitSha256(&sha256);
  20916. if (ret != 0) {
  20917. return ret;
  20918. }
  20919. while (i < len) {
  20920. chunk = blkSz;
  20921. if ((chunk + i) > len)
  20922. chunk = len - i;
  20923. /* Perform chunked update */
  20924. ret = wc_Sha256Update(&sha256, (buf + i), chunk);
  20925. if (ret != 0) {
  20926. break;
  20927. }
  20928. i += chunk;
  20929. }
  20930. if (ret == 0) {
  20931. /* Get final digest result */
  20932. ret = wc_Sha256Final(&sha256, hash);
  20933. }
  20934. return ret;
  20935. }
  20936. #endif
  20937. /* perform verify of signature and hash using public key */
  20938. /* key is public Qx + public Qy */
  20939. /* sig is r + s */
  20940. static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz,
  20941. const uint8_t *hash, uint32_t hashSz, const uint8_t *sig, uint32_t sigSz,
  20942. uint32_t curveSz, int curveId)
  20943. {
  20944. int ret, verify_res = 0, count = 0;
  20945. mp_int r, s;
  20946. ecc_key ecc;
  20947. ecc_nb_ctx_t nb_ctx;
  20948. /* validate arguments */
  20949. if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
  20950. hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
  20951. {
  20952. return BAD_FUNC_ARG;
  20953. }
  20954. /* Setup the ECC key */
  20955. ret = wc_ecc_init(&ecc);
  20956. if (ret < 0) {
  20957. return ret;
  20958. }
  20959. ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
  20960. if (ret != MP_OKAY) {
  20961. wc_ecc_free(&ecc);
  20962. return ret;
  20963. }
  20964. /* Setup the signature r/s variables */
  20965. ret = mp_init(&r);
  20966. if (ret != MP_OKAY) {
  20967. wc_ecc_free(&ecc);
  20968. return ret;
  20969. }
  20970. ret = mp_init(&s);
  20971. if (ret != MP_OKAY) {
  20972. mp_clear(&r);
  20973. wc_ecc_free(&ecc);
  20974. return ret;
  20975. }
  20976. /* Import public key x/y */
  20977. ret = wc_ecc_import_unsigned(
  20978. &ecc,
  20979. (byte*)key, /* Public "x" Coordinate */
  20980. (byte*)(key + curveSz), /* Public "y" Coordinate */
  20981. NULL, /* Private "d" (optional) */
  20982. curveId /* ECC Curve Id */
  20983. );
  20984. /* Make sure it was a public key imported */
  20985. if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
  20986. ret = ECC_BAD_ARG_E;
  20987. }
  20988. /* Import signature r/s */
  20989. if (ret == 0) {
  20990. ret = mp_read_unsigned_bin(&r, sig, curveSz);
  20991. }
  20992. if (ret == 0) {
  20993. ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
  20994. }
  20995. /* Verify ECC Signature */
  20996. if (ret == 0) {
  20997. do {
  20998. ret = wc_ecc_verify_hash_ex(
  20999. &r, &s, /* r/s as mp_int */
  21000. hash, hashSz, /* computed hash digest */
  21001. &verify_res, /* verification result 1=success */
  21002. &ecc
  21003. );
  21004. count++;
  21005. /* This is where real-time work could be called */
  21006. } while (ret == FP_WOULDBLOCK);
  21007. #ifdef DEBUG_WOLFSSL
  21008. printf("ECC non-block verify: %d times\n", count);
  21009. #endif
  21010. }
  21011. /* check verify result */
  21012. if (ret == 0 && verify_res == 0) {
  21013. ret = SIG_VERIFY_E;
  21014. }
  21015. mp_clear(&r);
  21016. mp_clear(&s);
  21017. wc_ecc_free(&ecc);
  21018. (void)count;
  21019. return ret;
  21020. }
  21021. /* perform signature operation against hash using private key */
  21022. static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
  21023. const uint8_t *hash, uint32_t hashSz, uint8_t *sig, uint32_t* sigSz,
  21024. uint32_t curveSz, int curveId, WC_RNG* rng)
  21025. {
  21026. int ret, count = 0;
  21027. mp_int r, s;
  21028. ecc_key ecc;
  21029. ecc_nb_ctx_t nb_ctx;
  21030. /* validate arguments */
  21031. if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
  21032. curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
  21033. {
  21034. return BAD_FUNC_ARG;
  21035. }
  21036. /* Initialize signature result */
  21037. memset(sig, 0, curveSz*2);
  21038. /* Setup the ECC key */
  21039. ret = wc_ecc_init(&ecc);
  21040. if (ret < 0) {
  21041. return ret;
  21042. }
  21043. ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
  21044. if (ret != MP_OKAY) {
  21045. wc_ecc_free(&ecc);
  21046. return ret;
  21047. }
  21048. /* Setup the signature r/s variables */
  21049. ret = mp_init(&r);
  21050. if (ret != MP_OKAY) {
  21051. wc_ecc_free(&ecc);
  21052. return ret;
  21053. }
  21054. ret = mp_init(&s);
  21055. if (ret != MP_OKAY) {
  21056. mp_clear(&r);
  21057. wc_ecc_free(&ecc);
  21058. return ret;
  21059. }
  21060. /* Import private key "k" */
  21061. ret = wc_ecc_import_private_key_ex(
  21062. key, keySz, /* private key "d" */
  21063. NULL, 0, /* public (optional) */
  21064. &ecc,
  21065. curveId /* ECC Curve Id */
  21066. );
  21067. if (ret == 0) {
  21068. do {
  21069. /* Verify ECC Signature */
  21070. ret = wc_ecc_sign_hash_ex(
  21071. hash, hashSz, /* computed hash digest */
  21072. rng, &ecc, /* random and key context */
  21073. &r, &s /* r/s as mp_int */
  21074. );
  21075. count++;
  21076. /* This is where real-time work could be called */
  21077. } while (ret == FP_WOULDBLOCK);
  21078. #ifdef DEBUG_WOLFSSL
  21079. printf("ECC non-block sign: %d times\n", count);
  21080. #endif
  21081. }
  21082. if (ret == 0) {
  21083. /* export r/s */
  21084. mp_to_unsigned_bin_len(&r, sig, curveSz);
  21085. mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
  21086. }
  21087. mp_clear(&r);
  21088. mp_clear(&s);
  21089. wc_ecc_free(&ecc);
  21090. (void)count;
  21091. return ret;
  21092. }
  21093. static int ecc_test_nonblock(WC_RNG* rng)
  21094. {
  21095. int ret;
  21096. uint8_t hash[HASH_DIGEST_SZ];
  21097. uint8_t sig[ECC_CURVE_SZ*2];
  21098. uint32_t sigSz = sizeof(sig);
  21099. ret = CRYPTO_HASH_FN(
  21100. kMsg, sizeof(kMsg), /* input message */
  21101. hash, sizeof(hash), /* hash digest result */
  21102. 32 /* configurable block / chunk size */
  21103. );
  21104. if (ret == 0) {
  21105. /* Sign hash using private key */
  21106. /* Note: result of an ECC sign varies for each call even with same
  21107. private key and hash. This is because a new random public key is
  21108. used for each operation. */
  21109. ret = crypto_ecc_sign(
  21110. kPrivKey, sizeof(kPrivKey), /* private key */
  21111. hash, sizeof(hash), /* computed hash digest */
  21112. sig, &sigSz, /* signature r/s */
  21113. ECC_CURVE_SZ, /* curve size in bytes */
  21114. ECC_CURVE_ID, /* curve id */
  21115. rng
  21116. );
  21117. }
  21118. if (ret == 0) {
  21119. /* Verify generated signature is valid */
  21120. ret = crypto_ecc_verify(
  21121. kPubKey, sizeof(kPubKey), /* public key point x/y */
  21122. hash, sizeof(hash), /* computed hash digest */
  21123. sig, sigSz, /* signature r/s */
  21124. ECC_CURVE_SZ, /* curve size in bytes */
  21125. ECC_CURVE_ID /* curve id */
  21126. );
  21127. }
  21128. return ret;
  21129. }
  21130. #endif /* WC_ECC_NONBLOCK && WOLFSSL_PUBLIC_MP && HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
  21131. WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
  21132. {
  21133. int ret;
  21134. WC_RNG rng;
  21135. #ifdef WOLFSSL_CERT_EXT
  21136. ret = ecc_decode_test();
  21137. if (ret < 0)
  21138. return ret;
  21139. #endif
  21140. #ifndef HAVE_FIPS
  21141. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  21142. #else
  21143. ret = wc_InitRng(&rng);
  21144. #endif
  21145. #ifndef WC_NO_RNG
  21146. if (ret != 0)
  21147. return -10300;
  21148. #else
  21149. (void)ret;
  21150. #endif
  21151. #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
  21152. ret = ecc_test_curve(&rng, 14);
  21153. if (ret < 0) {
  21154. goto done;
  21155. }
  21156. #endif /* HAVE_ECC112 */
  21157. #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
  21158. ret = ecc_test_curve(&rng, 16);
  21159. if (ret < 0) {
  21160. goto done;
  21161. }
  21162. #endif /* HAVE_ECC128 */
  21163. #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
  21164. ret = ecc_test_curve(&rng, 20);
  21165. if (ret < 0) {
  21166. goto done;
  21167. }
  21168. #endif /* HAVE_ECC160 */
  21169. #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
  21170. ret = ecc_test_curve(&rng, 24);
  21171. if (ret < 0) {
  21172. goto done;
  21173. }
  21174. #endif /* HAVE_ECC192 */
  21175. #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
  21176. ret = ecc_test_curve(&rng, 28);
  21177. if (ret < 0) {
  21178. goto done;
  21179. }
  21180. #endif /* HAVE_ECC224 */
  21181. #if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239
  21182. ret = ecc_test_curve(&rng, 30);
  21183. if (ret < 0) {
  21184. goto done;
  21185. }
  21186. #endif /* HAVE_ECC239 */
  21187. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  21188. ret = ecc_test_curve(&rng, 32);
  21189. if (ret < 0) {
  21190. goto done;
  21191. }
  21192. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  21193. defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  21194. !defined(WOLFSSL_NO_MALLOC)
  21195. ret = ecc_point_test();
  21196. if (ret < 0) {
  21197. goto done;
  21198. }
  21199. #endif
  21200. ret = ecc_def_curve_test(&rng);
  21201. if (ret < 0) {
  21202. goto done;
  21203. }
  21204. #endif /* !NO_ECC256 */
  21205. #if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320
  21206. ret = ecc_test_curve(&rng, 40);
  21207. if (ret < 0) {
  21208. goto done;
  21209. }
  21210. #endif /* HAVE_ECC320 */
  21211. #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
  21212. ret = ecc_test_curve(&rng, 48);
  21213. if (ret < 0) {
  21214. goto done;
  21215. }
  21216. #endif /* HAVE_ECC384 */
  21217. #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
  21218. ret = ecc_test_curve(&rng, 64);
  21219. if (ret < 0) {
  21220. goto done;
  21221. }
  21222. #endif /* HAVE_ECC512 */
  21223. #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
  21224. ret = ecc_test_curve(&rng, 66);
  21225. if (ret < 0) {
  21226. goto done;
  21227. }
  21228. #endif /* HAVE_ECC521 */
  21229. #if defined(WOLFSSL_CUSTOM_CURVES)
  21230. ret = ecc_test_custom_curves(&rng);
  21231. if (ret != 0) {
  21232. goto done;
  21233. }
  21234. #endif
  21235. #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
  21236. ret = ecc_test_deterministic_k(&rng);
  21237. if (ret != 0) {
  21238. printf("ecc_test_deterministic_k failed! %d\n", ret);
  21239. goto done;
  21240. }
  21241. #endif
  21242. #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K)
  21243. ret = ecc_test_sign_vectors(&rng);
  21244. if (ret != 0) {
  21245. printf("ecc_test_sign_vectors failed! %d\n", ret);
  21246. goto done;
  21247. }
  21248. #endif
  21249. #ifdef HAVE_ECC_CDH
  21250. ret = ecc_test_cdh_vectors(&rng);
  21251. if (ret != 0) {
  21252. printf("ecc_test_cdh_vectors failed! %d\n", ret);
  21253. goto done;
  21254. }
  21255. #endif
  21256. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  21257. !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL)
  21258. ret = ecc_test_make_pub(&rng);
  21259. if (ret != 0) {
  21260. printf("ecc_test_make_pub failed!: %d\n", ret);
  21261. goto done;
  21262. }
  21263. #elif defined(HAVE_ECC_KEY_IMPORT)
  21264. (void)ecc_test_make_pub; /* for compiler warning */
  21265. #endif
  21266. #ifdef WOLFSSL_CERT_GEN
  21267. ret = ecc_test_cert_gen(&rng);
  21268. if (ret != 0) {
  21269. printf("ecc_test_cert_gen failed!: %d\n", ret);
  21270. goto done;
  21271. }
  21272. #endif
  21273. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
  21274. ret = ecc_test_allocator(&rng);
  21275. if (ret != 0) {
  21276. printf("ecc_test_allocator failed!: %d\n", ret);
  21277. goto done;
  21278. }
  21279. #endif
  21280. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
  21281. defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  21282. ret = ecc_test_nonblock(&rng);
  21283. if (ret != 0) {
  21284. printf("ecc_test_nonblock failed!: %d\n", ret);
  21285. goto done;
  21286. }
  21287. #endif
  21288. done:
  21289. wc_FreeRng(&rng);
  21290. return ret;
  21291. }
  21292. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
  21293. defined(WOLFSSL_AES_128)
  21294. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  21295. static int ecc_encrypt_kat(WC_RNG *rng)
  21296. {
  21297. int ret = 0;
  21298. #ifdef WOLFSSL_ECIES_OLD
  21299. #ifdef WOLFSSL_SMALL_STACK
  21300. ecc_key* userA = NULL;
  21301. #else
  21302. ecc_key userA[1];
  21303. #endif
  21304. int userAInit = 0;
  21305. #endif
  21306. #ifdef WOLFSSL_SMALL_STACK
  21307. ecc_key* userB = NULL;
  21308. #else
  21309. ecc_key userB[1];
  21310. #endif
  21311. int userBInit = 0;
  21312. ecc_key* tmpKey;
  21313. byte plain[48];
  21314. word32 plainSz = sizeof(plain);
  21315. WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = {
  21316. 0x04, 0x80, 0xef, 0x1d, 0xbe, 0x02, 0x0c, 0x20,
  21317. 0x5b, 0xab, 0x80, 0x35, 0x5b, 0x2a, 0x0f, 0x6d,
  21318. 0xd3, 0xb0, 0x7f, 0x7e, 0x7f, 0x86, 0x8a, 0x49,
  21319. 0xee, 0xb4, 0xaa, 0x09, 0x2d, 0x1e, 0x1d, 0x02
  21320. };
  21321. #ifdef WOLFSSL_ECIES_OLD
  21322. WOLFSSL_SMALL_STACK_STATIC const byte pubKey[] = {
  21323. 0x04,
  21324. /* X */
  21325. 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
  21326. 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
  21327. 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
  21328. 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
  21329. /* X */
  21330. 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
  21331. 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
  21332. 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
  21333. 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28
  21334. };
  21335. #endif
  21336. WOLFSSL_SMALL_STACK_STATIC const byte enc_msg[] = {
  21337. #ifdef WOLFSSL_ECIES_OLD
  21338. 0x42, 0x70, 0xbf, 0xf9, 0xf4, 0x7e, 0x4b, 0x9b,
  21339. 0xb5, 0x4c, 0xcc, 0xc5, 0x94, 0xa7, 0xef, 0xaa,
  21340. 0xc3, 0x7c, 0x85, 0xa6, 0x51, 0x6e, 0xd3, 0xfa,
  21341. 0x56, 0xc9, 0x10, 0x4d, 0x14, 0x32, 0x61, 0xb8,
  21342. 0xbb, 0x66, 0x7a, 0xb5, 0xbc, 0x95, 0xf8, 0xca,
  21343. 0xd1, 0x2a, 0x19, 0x51, 0x44, 0xd8, 0x0e, 0x57,
  21344. 0x34, 0xed, 0x45, 0x89, 0x2e, 0x57, 0xbe, 0xd5,
  21345. 0x06, 0x22, 0xd7, 0x13, 0x0a, 0x0e, 0x40, 0x36,
  21346. 0x0d, 0x05, 0x0d, 0xb6, 0xae, 0x61, 0x37, 0x18,
  21347. 0x83, 0x90, 0x0a, 0x27, 0x95, 0x41, 0x8c, 0x45
  21348. #elif defined(WOLFSSL_ECIES_ISO18033)
  21349. 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
  21350. 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
  21351. 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
  21352. 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
  21353. 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
  21354. 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
  21355. 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
  21356. 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
  21357. 0x28, 0xbb, 0x9f, 0xa8, 0x2d, 0xe1, 0xf1, 0x67,
  21358. 0x45, 0x02, 0x19, 0xdc, 0xc8, 0x24, 0x8b, 0x20,
  21359. 0x02, 0xa0, 0x8f, 0x95, 0x12, 0x55, 0x51, 0xf8,
  21360. 0x03, 0xc4, 0x54, 0x13, 0x98, 0x2d, 0xf0, 0x31,
  21361. 0x51, 0x80, 0x45, 0x24, 0xcb, 0x8b, 0x48, 0xa6,
  21362. 0x8b, 0x8e, 0x97, 0x9c, 0x56, 0x4d, 0x70, 0x00,
  21363. 0x53, 0xd3, 0x47, 0x00, 0x5a, 0x23, 0x8c, 0xf9,
  21364. 0xfd, 0xd2, 0x33, 0x2c, 0x43, 0x6e, 0x9e, 0xb2,
  21365. 0xf4, 0x95, 0xd4, 0xcf, 0x30, 0xd6, 0xa2, 0xc5,
  21366. 0x35, 0x96, 0x6a, 0xd4, 0x36, 0x15, 0xa9, 0xbd,
  21367. 0x7f
  21368. #else
  21369. 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
  21370. 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
  21371. 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
  21372. 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
  21373. 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
  21374. 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
  21375. 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
  21376. 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
  21377. 0x28, 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d,
  21378. 0x50, 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c,
  21379. 0x1f, 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc,
  21380. 0x44, 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca,
  21381. 0x65, 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61,
  21382. 0xbd, 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1,
  21383. 0xde, 0xc7, 0x3f, 0x6f, 0xce, 0xbe, 0x49, 0x61,
  21384. 0x48, 0x01, 0x77, 0x41, 0xd0, 0xd8, 0x5b, 0x48,
  21385. 0xca, 0x4e, 0x47, 0x3e, 0x47, 0xbf, 0x1d, 0x28,
  21386. 0x4c, 0x18, 0x1a, 0xfb, 0x96, 0x95, 0xda, 0xde,
  21387. 0x55
  21388. #endif
  21389. };
  21390. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  21391. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  21392. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  21393. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  21394. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  21395. 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  21396. 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
  21397. };
  21398. #ifdef WOLFSSL_SMALL_STACK
  21399. userB = (ecc_key *)XMALLOC(sizeof(*userB), HEAP_HINT,
  21400. DYNAMIC_TYPE_TMP_BUFFER);
  21401. if (userB == NULL) {
  21402. ret = -10451;
  21403. }
  21404. #ifdef WOLFSSL_ECIES_OLD
  21405. if (ret == 0) {
  21406. userA = (ecc_key *)XMALLOC(sizeof(*userA), HEAP_HINT,
  21407. DYNAMIC_TYPE_TMP_BUFFER);
  21408. if (userA == NULL) {
  21409. ret = -10450;
  21410. }
  21411. }
  21412. #endif
  21413. #endif
  21414. if (ret == 0) {
  21415. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  21416. if (ret != 0)
  21417. ret = -10453;
  21418. }
  21419. if (ret == 0) {
  21420. userBInit = 1;
  21421. #ifdef WOLFSSL_ECIES_OLD
  21422. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  21423. if (ret != 0)
  21424. ret = -10452;
  21425. }
  21426. if (ret == 0) {
  21427. userAInit = 1;
  21428. tmpKey = userA;
  21429. #else
  21430. tmpKey = NULL;
  21431. #endif
  21432. }
  21433. if (ret == 0) {
  21434. ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), NULL, 0,
  21435. userB, ECC_SECP256R1);
  21436. if (ret != 0)
  21437. ret = -10454;
  21438. }
  21439. #ifdef WOLFSSL_ECIES_OLD
  21440. if (ret == 0) {
  21441. ret = wc_ecc_import_x963_ex(pubKey, sizeof(pubKey), userA,
  21442. ECC_SECP256R1);
  21443. if (ret != 0)
  21444. ret = -10455;
  21445. }
  21446. #endif
  21447. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  21448. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  21449. !defined(HAVE_SELFTEST)
  21450. if (ret == 0) {
  21451. ret = wc_ecc_set_rng(userB, rng);
  21452. if (ret != 0) {
  21453. ret = -10456;
  21454. }
  21455. }
  21456. #else
  21457. (void)rng;
  21458. #endif
  21459. if (ret == 0) {
  21460. ret = wc_ecc_decrypt(userB, tmpKey, enc_msg, sizeof(enc_msg), plain,
  21461. &plainSz, NULL);
  21462. if (ret != 0)
  21463. ret = -10457;
  21464. }
  21465. if (ret == 0) {
  21466. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  21467. ret = -10458;
  21468. }
  21469. }
  21470. if (userBInit)
  21471. wc_ecc_free(userB);
  21472. #ifdef WOLFSSL_ECIES_OLD
  21473. if (userAInit)
  21474. wc_ecc_free(userA);
  21475. #endif
  21476. #ifdef WOLFSSL_SMALL_STACK
  21477. if (userB != NULL) {
  21478. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21479. }
  21480. #ifdef WOLFSSL_ECIES_OLD
  21481. if (userA != NULL) {
  21482. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21483. }
  21484. #endif
  21485. #endif
  21486. return ret;
  21487. }
  21488. #endif
  21489. WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void)
  21490. {
  21491. WC_RNG rng;
  21492. int ret = 0;
  21493. #ifdef WOLFSSL_SMALL_STACK
  21494. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  21495. *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  21496. *tmpKey = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21497. #else
  21498. ecc_key userA[1], userB[1], tmpKey[1];
  21499. #endif
  21500. byte msg[48];
  21501. byte plain[48];
  21502. #ifdef WOLFSSL_ECIES_OLD
  21503. byte out[80];
  21504. #else
  21505. byte out[1 + ECC_KEYGEN_SIZE * 2 + 80];
  21506. #endif
  21507. word32 outSz = sizeof(out);
  21508. word32 plainSz = sizeof(plain);
  21509. int i;
  21510. ecEncCtx* cliCtx = NULL;
  21511. ecEncCtx* srvCtx = NULL;
  21512. byte cliSalt[EXCHANGE_SALT_SZ];
  21513. byte srvSalt[EXCHANGE_SALT_SZ];
  21514. const byte* tmpSalt;
  21515. byte msg2[48];
  21516. byte plain2[48];
  21517. #ifdef WOLFSSL_ECIES_OLD
  21518. byte out2[80];
  21519. #else
  21520. byte out2[1 + ECC_KEYGEN_SIZE * 2 + 80];
  21521. #endif
  21522. word32 outSz2 = sizeof(out2);
  21523. word32 plainSz2 = sizeof(plain2);
  21524. #ifndef HAVE_FIPS
  21525. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  21526. #else
  21527. ret = wc_InitRng(&rng);
  21528. #endif
  21529. if (ret != 0)
  21530. return -10400;
  21531. #ifdef WOLFSSL_SMALL_STACK
  21532. if ((userA == NULL) ||
  21533. (userB == NULL))
  21534. ERROR_OUT(MEMORY_E, done);
  21535. #endif
  21536. XMEMSET(userA, 0, sizeof *userA);
  21537. XMEMSET(userB, 0, sizeof *userB);
  21538. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  21539. if (ret != 0)
  21540. goto done;
  21541. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  21542. if (ret != 0)
  21543. goto done;
  21544. ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
  21545. if (ret != 0)
  21546. goto done;
  21547. ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA);
  21548. #if defined(WOLFSSL_ASYNC_CRYPT)
  21549. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  21550. #endif
  21551. if (ret != 0){
  21552. ret = -10401; goto done;
  21553. }
  21554. ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB);
  21555. #if defined(WOLFSSL_ASYNC_CRYPT)
  21556. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
  21557. #endif
  21558. if (ret != 0){
  21559. ret = -10402; goto done;
  21560. }
  21561. /* set message to incrementing 0,1,2,etc... */
  21562. for (i = 0; i < (int)sizeof(msg); i++)
  21563. msg[i] = i;
  21564. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  21565. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  21566. !defined(HAVE_SELFTEST)
  21567. ret = wc_ecc_set_rng(userA, &rng);
  21568. if (ret != 0) {
  21569. ret = -10403; goto done;
  21570. }
  21571. ret = wc_ecc_set_rng(userB, &rng);
  21572. if (ret != 0) {
  21573. ret = -10404; goto done;
  21574. }
  21575. #endif
  21576. /* encrypt msg to B */
  21577. ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL);
  21578. if (ret != 0) {
  21579. ret = -10405; goto done;
  21580. }
  21581. #ifdef WOLFSSL_ECIES_OLD
  21582. tmpKey->dp = userA->dp;
  21583. ret = wc_ecc_copy_point(&userA->pubkey, &tmpKey->pubkey);
  21584. if (ret != 0) {
  21585. ret = -10413; goto done;
  21586. }
  21587. #endif
  21588. /* decrypt msg from A */
  21589. ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, NULL);
  21590. if (ret != 0) {
  21591. ret = -10406; goto done;
  21592. }
  21593. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  21594. ret = -10407; goto done;
  21595. }
  21596. #ifndef WOLFSSL_ECIES_OLD
  21597. /* A decrypts msg (response) from B */
  21598. ret = wc_ecc_decrypt(userB, NULL, out, outSz, plain2, &plainSz2, NULL);
  21599. if (ret != 0)
  21600. goto done;
  21601. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  21602. ret = -10415; goto done;
  21603. }
  21604. #endif
  21605. /* let's verify message exchange works, A is client, B is server */
  21606. cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  21607. srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
  21608. if (cliCtx == NULL || srvCtx == NULL) {
  21609. ret = -10408; goto done;
  21610. }
  21611. /* get salt to send to peer */
  21612. tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
  21613. if (tmpSalt == NULL) {
  21614. ret = -10409; goto done;
  21615. }
  21616. XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
  21617. tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
  21618. if (tmpSalt == NULL) {
  21619. ret = -10410; goto done;
  21620. }
  21621. XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
  21622. /* in actual use, we'd get the peer's salt over the transport */
  21623. ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
  21624. if (ret != 0)
  21625. goto done;
  21626. ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
  21627. if (ret != 0)
  21628. goto done;
  21629. ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
  21630. if (ret != 0)
  21631. goto done;
  21632. ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
  21633. if (ret != 0)
  21634. goto done;
  21635. /* get encrypted msg (request) to send to B */
  21636. outSz = sizeof(out);
  21637. ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx);
  21638. if (ret != 0)
  21639. goto done;
  21640. #ifndef WOLFSSL_ECIES_OLD
  21641. wc_ecc_free(tmpKey);
  21642. #endif
  21643. /* B decrypts msg (request) from A */
  21644. plainSz = sizeof(plain);
  21645. ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
  21646. if (ret != 0)
  21647. goto done;
  21648. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  21649. ret = -10411; goto done;
  21650. }
  21651. /* msg2 (response) from B to A */
  21652. for (i = 0; i < (int)sizeof(msg2); i++)
  21653. msg2[i] = i + sizeof(msg2);
  21654. /* get encrypted msg (response) to send to B */
  21655. ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2,
  21656. &outSz2, srvCtx);
  21657. if (ret != 0)
  21658. goto done;
  21659. #ifdef WOLFSSL_ECIES_OLD
  21660. tmpKey->dp = userB->dp;
  21661. ret = wc_ecc_copy_point(&userB->pubkey, &tmpKey->pubkey);
  21662. if (ret != 0) {
  21663. ret = -10414; goto done;
  21664. }
  21665. #else
  21666. wc_ecc_free(tmpKey);
  21667. #endif
  21668. /* A decrypts msg (response) from B */
  21669. ret = wc_ecc_decrypt(userA, tmpKey, out2, outSz2, plain2, &plainSz2,
  21670. cliCtx);
  21671. if (ret != 0)
  21672. goto done;
  21673. if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
  21674. ret = -10412; goto done;
  21675. }
  21676. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  21677. ret = ecc_encrypt_kat(&rng);
  21678. #endif
  21679. done:
  21680. /* cleanup */
  21681. wc_ecc_ctx_free(srvCtx);
  21682. wc_ecc_ctx_free(cliCtx);
  21683. #ifdef WOLFSSL_SMALL_STACK
  21684. if (userA != NULL) {
  21685. wc_ecc_free(userA);
  21686. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21687. }
  21688. if (userB != NULL) {
  21689. wc_ecc_free(userB);
  21690. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21691. }
  21692. if (tmpKey != NULL) {
  21693. wc_ecc_free(tmpKey);
  21694. XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21695. }
  21696. #else
  21697. wc_ecc_free(tmpKey);
  21698. wc_ecc_free(userB);
  21699. wc_ecc_free(userA);
  21700. #endif
  21701. wc_FreeRng(&rng);
  21702. return ret;
  21703. }
  21704. #endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
  21705. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  21706. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  21707. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
  21708. WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
  21709. {
  21710. size_t bytes;
  21711. #ifdef WOLFSSL_SMALL_STACK
  21712. ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21713. ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21714. ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof *tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21715. #else
  21716. ecc_key cliKey[1];
  21717. ecc_key servKey[1];
  21718. ecc_key tmpKey[1];
  21719. #endif
  21720. WC_RNG rng;
  21721. word32 idx = 0;
  21722. int ret;
  21723. /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
  21724. byte in[] = "Everyone gets Friday off. ecc p";
  21725. word32 inLen = (word32)XSTRLEN((char*)in);
  21726. byte out[256];
  21727. byte plain[256];
  21728. int verify = 0;
  21729. word32 x;
  21730. #ifdef WOLFSSL_SMALL_STACK
  21731. if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL))
  21732. ERROR_OUT(MEMORY_E, done);
  21733. #endif
  21734. ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId);
  21735. if (ret != 0)
  21736. ERROR_OUT(-10420, done);
  21737. ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId);
  21738. if (ret != 0)
  21739. ERROR_OUT(-10421, done);
  21740. ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
  21741. if (ret != 0)
  21742. ERROR_OUT(-10421, done);
  21743. bytes = (size_t)sizeof_ecc_clikey_der_256;
  21744. /* place client key into ecc_key struct cliKey */
  21745. ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey,
  21746. (word32)bytes);
  21747. if (ret != 0)
  21748. ERROR_OUT(-10422, done);
  21749. idx = 0;
  21750. bytes = (size_t)sizeof_ecc_key_der_256;
  21751. /* place server key into ecc_key struct servKey */
  21752. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey,
  21753. (word32)bytes);
  21754. if (ret != 0)
  21755. ERROR_OUT(-10423, done);
  21756. #ifndef WC_NO_RNG
  21757. #ifndef HAVE_FIPS
  21758. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  21759. #else
  21760. ret = wc_InitRng(&rng);
  21761. #endif
  21762. if (ret != 0)
  21763. ERROR_OUT(-10424, done);
  21764. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  21765. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  21766. !defined(HAVE_SELFTEST)
  21767. ret = wc_ecc_set_rng(cliKey, &rng);
  21768. if (ret != 0) {
  21769. ERROR_OUT(-10425, done);
  21770. }
  21771. ret = wc_ecc_set_rng(servKey, &rng);
  21772. if (ret != 0) {
  21773. ERROR_OUT(-10425, done);
  21774. }
  21775. #endif
  21776. #endif /* !WC_NO_RNG */
  21777. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
  21778. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  21779. {
  21780. word32 y;
  21781. /* test encrypt and decrypt if they're available */
  21782. x = sizeof(out);
  21783. ret = wc_ecc_encrypt(cliKey, servKey, in, sizeof(in), out, &x, NULL);
  21784. if (ret < 0)
  21785. ERROR_OUT(-10426, done);
  21786. #ifdef WOLFSSL_ECIES_OLD
  21787. tmpKey->dp = cliKey->dp;
  21788. ret = wc_ecc_copy_point(&cliKey->pubkey, &tmpKey->pubkey);
  21789. if (ret != 0) {
  21790. ret = -10414; goto done;
  21791. }
  21792. #endif
  21793. y = sizeof(plain);
  21794. ret = wc_ecc_decrypt(servKey, tmpKey, out, x, plain, &y, NULL);
  21795. if (ret < 0)
  21796. ERROR_OUT(-10427, done);
  21797. if (XMEMCMP(plain, in, inLen))
  21798. ERROR_OUT(-10428, done);
  21799. }
  21800. #endif
  21801. x = sizeof(out);
  21802. do {
  21803. #if defined(WOLFSSL_ASYNC_CRYPT)
  21804. ret = wc_AsyncWait(ret, cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  21805. #endif
  21806. if (ret == 0)
  21807. ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
  21808. } while (ret == WC_PENDING_E);
  21809. if (ret < 0)
  21810. ERROR_OUT(-10429, done);
  21811. TEST_SLEEP();
  21812. XMEMSET(plain, 0, sizeof(plain));
  21813. do {
  21814. #if defined(WOLFSSL_ASYNC_CRYPT)
  21815. ret = wc_AsyncWait(ret, cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  21816. #endif
  21817. if (ret == 0)
  21818. ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
  21819. cliKey);
  21820. } while (ret == WC_PENDING_E);
  21821. if (ret < 0)
  21822. ERROR_OUT(-10430, done);
  21823. if (verify != 1)
  21824. ERROR_OUT(-10431, done);
  21825. TEST_SLEEP();
  21826. #ifdef WOLFSSL_CERT_EXT
  21827. idx = 0;
  21828. bytes = sizeof_ecc_clikeypub_der_256;
  21829. ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey,
  21830. (word32) bytes);
  21831. if (ret != 0)
  21832. ERROR_OUT(-10432, done);
  21833. #endif
  21834. ret = 0;
  21835. done:
  21836. #ifdef WOLFSSL_SMALL_STACK
  21837. if (cliKey != NULL) {
  21838. wc_ecc_free(cliKey);
  21839. XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21840. }
  21841. if (servKey != NULL) {
  21842. wc_ecc_free(servKey);
  21843. XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21844. }
  21845. if (tmpKey != NULL) {
  21846. wc_ecc_free(tmpKey);
  21847. XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21848. }
  21849. #else
  21850. wc_ecc_free(cliKey);
  21851. wc_ecc_free(servKey);
  21852. wc_ecc_free(tmpKey);
  21853. #endif
  21854. wc_FreeRng(&rng);
  21855. return ret;
  21856. }
  21857. #endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */
  21858. #endif /* HAVE_ECC */
  21859. #ifdef HAVE_CURVE25519
  21860. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  21861. defined(HAVE_CURVE25519_KEY_IMPORT)
  21862. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  21863. #define X25519_TEST_CNT 5
  21864. #else
  21865. #define X25519_TEST_CNT 1
  21866. #endif
  21867. static int curve25519_overflow_test(void)
  21868. {
  21869. /* secret key for party a */
  21870. byte sa[X25519_TEST_CNT][32] = {
  21871. {
  21872. 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
  21873. 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
  21874. 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
  21875. 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
  21876. },
  21877. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  21878. {
  21879. 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
  21880. 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
  21881. 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
  21882. 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
  21883. },
  21884. {
  21885. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  21886. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  21887. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  21888. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  21889. },
  21890. {
  21891. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  21892. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  21893. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  21894. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  21895. },
  21896. {
  21897. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  21898. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  21899. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  21900. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  21901. }
  21902. #endif
  21903. };
  21904. /* public key for party b */
  21905. byte pb[X25519_TEST_CNT][32] = {
  21906. {
  21907. 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21908. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21909. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21910. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
  21911. },
  21912. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  21913. {
  21914. /* 0xff first byte in original - invalid! */
  21915. 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21916. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21917. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21918. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
  21919. },
  21920. {
  21921. 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
  21922. 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
  21923. 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
  21924. 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
  21925. },
  21926. {
  21927. 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
  21928. 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
  21929. 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
  21930. 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
  21931. },
  21932. {
  21933. 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
  21934. 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
  21935. 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
  21936. 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
  21937. }
  21938. #endif
  21939. };
  21940. /* expected shared key */
  21941. byte ss[X25519_TEST_CNT][32] = {
  21942. {
  21943. 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
  21944. 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
  21945. 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
  21946. 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
  21947. },
  21948. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  21949. {
  21950. 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
  21951. 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
  21952. 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
  21953. 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
  21954. },
  21955. {
  21956. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21957. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21958. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21959. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
  21960. },
  21961. {
  21962. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21963. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21964. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21965. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
  21966. },
  21967. {
  21968. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21969. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21970. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21971. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
  21972. }
  21973. #endif
  21974. };
  21975. int ret = 0;
  21976. int i;
  21977. word32 y;
  21978. byte shared[32];
  21979. curve25519_key userA;
  21980. wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
  21981. for (i = 0; i < X25519_TEST_CNT; i++) {
  21982. if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
  21983. sizeof(pb[i]), &userA) != 0) {
  21984. ret = -10500 - i; break;
  21985. }
  21986. /* test against known test vector */
  21987. XMEMSET(shared, 0, sizeof(shared));
  21988. y = sizeof(shared);
  21989. if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) {
  21990. ret = -10510 - i; break;
  21991. }
  21992. if (XMEMCMP(ss[i], shared, y)) {
  21993. ret = -10520 - i; break;
  21994. }
  21995. }
  21996. wc_curve25519_free(&userA);
  21997. return ret;
  21998. }
  21999. /* Test the wc_curve25519_check_public API.
  22000. *
  22001. * returns 0 on success and -ve on failure.
  22002. */
  22003. static int curve25519_check_public_test(void)
  22004. {
  22005. /* Little-endian values that will fail */
  22006. byte fail_le[][CURVE25519_KEYSIZE] = {
  22007. {
  22008. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22009. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22010. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22011. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  22012. },
  22013. {
  22014. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22015. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22016. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22017. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  22018. },
  22019. {
  22020. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22021. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22022. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22023. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81
  22024. },
  22025. };
  22026. /* Big-endian values that will fail */
  22027. byte fail_be[][CURVE25519_KEYSIZE] = {
  22028. {
  22029. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22030. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22031. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22032. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  22033. },
  22034. {
  22035. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22036. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22037. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22038. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  22039. },
  22040. {
  22041. 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22042. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22043. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22044. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  22045. },
  22046. };
  22047. /* Good or valid public value */
  22048. byte good[CURVE25519_KEYSIZE] = {
  22049. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22050. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22051. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22052. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  22053. };
  22054. int i;
  22055. /* Parameter checks */
  22056. /* NULL pointer */
  22057. if (wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN) !=
  22058. BAD_FUNC_ARG) {
  22059. return -10600;
  22060. }
  22061. if (wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN) !=
  22062. BAD_FUNC_ARG) {
  22063. return -10601;
  22064. }
  22065. /* Length of 0 treated differently to other invalid lengths for TLS */
  22066. if (wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN) != BUFFER_E)
  22067. return -10602;
  22068. if (wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN) != BUFFER_E)
  22069. return -10603;
  22070. /* Length not CURVE25519_KEYSIZE */
  22071. for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
  22072. if (i == CURVE25519_KEYSIZE)
  22073. continue;
  22074. if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) !=
  22075. ECC_BAD_ARG_E) {
  22076. return -10604 - i;
  22077. }
  22078. if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) !=
  22079. ECC_BAD_ARG_E) {
  22080. return -10614 - i;
  22081. }
  22082. }
  22083. /* Little-endian fail cases */
  22084. for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
  22085. if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
  22086. EC25519_LITTLE_ENDIAN) == 0) {
  22087. return -10624 - i;
  22088. }
  22089. }
  22090. /* Big-endian fail cases */
  22091. for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
  22092. if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
  22093. EC25519_BIG_ENDIAN) == 0) {
  22094. return -10634 - i;
  22095. }
  22096. }
  22097. /* Check a valid public value works! */
  22098. if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
  22099. EC25519_LITTLE_ENDIAN) != 0) {
  22100. return -10644;
  22101. }
  22102. if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
  22103. EC25519_BIG_ENDIAN) != 0) {
  22104. return -10645;
  22105. }
  22106. return 0;
  22107. }
  22108. #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
  22109. #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
  22110. defined(HAVE_CURVE25519_KEY_IMPORT)
  22111. static int curve255519_der_test(void)
  22112. {
  22113. int ret = 0;
  22114. /* certs/statickeys/x25519.der */
  22115. const byte kCurve25519PrivDer[] = {
  22116. 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E,
  22117. 0x04, 0x22, 0x04, 0x20, 0x78, 0x8E, 0x31, 0x5C, 0x33, 0xA9, 0x19, 0xC0,
  22118. 0x5E, 0x36, 0x70, 0x1B, 0xA4, 0xE8, 0xEF, 0xC1, 0x89, 0x8C, 0xB3, 0x15,
  22119. 0xC6, 0x79, 0xD3, 0xAC, 0x22, 0x00, 0xAE, 0xFA, 0xB3, 0xB7, 0x0F, 0x78
  22120. };
  22121. /* certs/statickeys/x25519-pub.der */
  22122. const byte kCurve25519PubDer[] = {
  22123. 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00,
  22124. 0x09, 0xBC, 0x8C, 0xC7, 0x45, 0x0D, 0xC1, 0xC2, 0x02, 0x57, 0x9A, 0x68,
  22125. 0x3A, 0xFD, 0x7A, 0xA8, 0xA5, 0x2F, 0xF0, 0x99, 0x39, 0x98, 0xEA, 0x26,
  22126. 0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26
  22127. };
  22128. curve25519_key key;
  22129. byte output[128];
  22130. word32 outputSz = 128;
  22131. word32 idx;
  22132. if (wc_curve25519_init_ex(&key, HEAP_HINT, devId) != 0) {
  22133. return -10723;
  22134. }
  22135. /* Test decode / encode of Curve25519 private key only */
  22136. if (ret == 0) {
  22137. idx = 0;
  22138. ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, &key,
  22139. (word32)sizeof(kCurve25519PrivDer));
  22140. }
  22141. if (ret == 0) {
  22142. outputSz = (word32)sizeof(output);
  22143. ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
  22144. if (ret >= 0) {
  22145. outputSz = ret;
  22146. ret = 0;
  22147. }
  22148. else {
  22149. ret = -10724;
  22150. }
  22151. }
  22152. if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
  22153. XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
  22154. ret = -10725;
  22155. }
  22156. /* Test decode / encode of Curve25519 public key only */
  22157. if (ret == 0) {
  22158. idx = 0;
  22159. ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, &key,
  22160. (word32)sizeof(kCurve25519PubDer));
  22161. }
  22162. if (ret == 0) {
  22163. outputSz = (word32)sizeof(output);
  22164. ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
  22165. if (ret >= 0) {
  22166. outputSz = ret;
  22167. ret = 0;
  22168. }
  22169. else {
  22170. ret = -10726;
  22171. }
  22172. }
  22173. if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
  22174. XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
  22175. ret = -10727;
  22176. }
  22177. wc_curve25519_free(&key);
  22178. return ret;
  22179. }
  22180. #endif /* !NO_ASN && HAVE_CURVE25519_KEY_EXPORT && HAVE_CURVE25519_KEY_IMPORT */
  22181. WOLFSSL_TEST_SUBROUTINE int curve25519_test(void)
  22182. {
  22183. WC_RNG rng;
  22184. int ret;
  22185. #ifdef HAVE_CURVE25519_SHARED_SECRET
  22186. byte sharedA[32];
  22187. byte sharedB[32];
  22188. word32 y;
  22189. #endif
  22190. #ifdef HAVE_CURVE25519_KEY_EXPORT
  22191. byte exportBuf[32];
  22192. #endif
  22193. word32 x = 0;
  22194. curve25519_key userA, userB, pubKey;
  22195. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  22196. defined(HAVE_CURVE25519_KEY_IMPORT)
  22197. /* test vectors from
  22198. https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
  22199. */
  22200. /* secret key for party a */
  22201. byte sa[] = {
  22202. 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
  22203. 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
  22204. 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
  22205. 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
  22206. };
  22207. /* public key for party a */
  22208. byte pa[] = {
  22209. 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
  22210. 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
  22211. 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
  22212. 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
  22213. };
  22214. /* secret key for party b */
  22215. byte sb[] = {
  22216. 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
  22217. 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
  22218. 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
  22219. 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
  22220. };
  22221. /* public key for party b */
  22222. byte pb[] = {
  22223. 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
  22224. 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
  22225. 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
  22226. 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
  22227. };
  22228. /* expected shared key */
  22229. byte ss[] = {
  22230. 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
  22231. 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
  22232. 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
  22233. 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
  22234. };
  22235. #endif /* HAVE_CURVE25519_SHARED_SECRET */
  22236. (void)x;
  22237. #ifndef HAVE_FIPS
  22238. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  22239. #else
  22240. ret = wc_InitRng(&rng);
  22241. #endif
  22242. if (ret != 0)
  22243. return -10700;
  22244. wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
  22245. wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
  22246. wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
  22247. /* make curve25519 keys */
  22248. if (wc_curve25519_make_key(&rng, 32, &userA) != 0)
  22249. return -10701;
  22250. if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
  22251. return -10702;
  22252. #ifdef HAVE_CURVE25519_SHARED_SECRET
  22253. /* find shared secret key */
  22254. x = sizeof(sharedA);
  22255. if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
  22256. return -10703;
  22257. y = sizeof(sharedB);
  22258. if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
  22259. return -10704;
  22260. /* compare shared secret keys to test they are the same */
  22261. if (y != x)
  22262. return -10705;
  22263. if (XMEMCMP(sharedA, sharedB, x))
  22264. return -10706;
  22265. #endif
  22266. #ifdef HAVE_CURVE25519_KEY_EXPORT
  22267. /* export a public key and import it for another user */
  22268. x = sizeof(exportBuf);
  22269. if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0)
  22270. return -10707;
  22271. #ifdef HAVE_CURVE25519_KEY_IMPORT
  22272. if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0)
  22273. return -10708;
  22274. #endif
  22275. #endif
  22276. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  22277. defined(HAVE_CURVE25519_KEY_IMPORT)
  22278. /* test shared key after importing a public key */
  22279. XMEMSET(sharedB, 0, sizeof(sharedB));
  22280. y = sizeof(sharedB);
  22281. if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
  22282. return -10709;
  22283. if (XMEMCMP(sharedA, sharedB, y))
  22284. return -10710;
  22285. /* import RFC test vectors and compare shared key */
  22286. if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
  22287. != 0)
  22288. return -10711;
  22289. if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
  22290. != 0)
  22291. return -10712;
  22292. /* test against known test vector */
  22293. XMEMSET(sharedB, 0, sizeof(sharedB));
  22294. y = sizeof(sharedB);
  22295. if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0)
  22296. return -10713;
  22297. if (XMEMCMP(ss, sharedB, y))
  22298. return -10714;
  22299. /* test swapping roles of keys and generating same shared key */
  22300. XMEMSET(sharedB, 0, sizeof(sharedB));
  22301. y = sizeof(sharedB);
  22302. if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
  22303. return -10715;
  22304. if (XMEMCMP(ss, sharedB, y))
  22305. return -10716;
  22306. /* test with 1 generated key and 1 from known test vector */
  22307. if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
  22308. != 0)
  22309. return -10717;
  22310. if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
  22311. return -10718;
  22312. x = sizeof(sharedA);
  22313. if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
  22314. return -10719;
  22315. y = sizeof(sharedB);
  22316. if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
  22317. return -10720;
  22318. /* compare shared secret keys to test they are the same */
  22319. if (y != x)
  22320. return -10721;
  22321. if (XMEMCMP(sharedA, sharedB, x))
  22322. return -10722;
  22323. ret = curve25519_overflow_test();
  22324. if (ret != 0)
  22325. return ret;
  22326. ret = curve25519_check_public_test();
  22327. if (ret != 0)
  22328. return ret;
  22329. #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
  22330. #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
  22331. defined(HAVE_CURVE25519_KEY_IMPORT)
  22332. ret = curve255519_der_test();
  22333. if (ret != 0)
  22334. return ret;
  22335. #endif
  22336. /* clean up keys when done */
  22337. wc_curve25519_free(&pubKey);
  22338. wc_curve25519_free(&userB);
  22339. wc_curve25519_free(&userA);
  22340. wc_FreeRng(&rng);
  22341. return 0;
  22342. }
  22343. #endif /* HAVE_CURVE25519 */
  22344. #ifdef HAVE_ED25519
  22345. #ifdef WOLFSSL_TEST_CERT
  22346. static int ed25519_test_cert(void)
  22347. {
  22348. DecodedCert cert[2];
  22349. DecodedCert* serverCert = NULL;
  22350. DecodedCert* caCert = NULL;
  22351. #ifdef HAVE_ED25519_VERIFY
  22352. ed25519_key key;
  22353. ed25519_key* pubKey = NULL;
  22354. int verify;
  22355. #endif /* HAVE_ED25519_VERIFY */
  22356. int ret;
  22357. byte* tmp;
  22358. size_t bytes;
  22359. XFILE file;
  22360. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22361. if (tmp == NULL) {
  22362. ERROR_OUT(-10730, done);
  22363. }
  22364. #ifdef USE_CERT_BUFFERS_256
  22365. XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
  22366. bytes = sizeof_ca_ed25519_cert;
  22367. #elif !defined(NO_FILESYSTEM)
  22368. file = XFOPEN(caEd25519Cert, "rb");
  22369. if (file == NULL) {
  22370. ERROR_OUT(-10731, done);
  22371. }
  22372. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  22373. XFCLOSE(file);
  22374. #else
  22375. /* No certificate to use. */
  22376. ERROR_OUT(-10732, done);
  22377. #endif
  22378. InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
  22379. caCert = &cert[0];
  22380. ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
  22381. if (ret != 0) {
  22382. ERROR_OUT(-10733, done);
  22383. }
  22384. #ifdef USE_CERT_BUFFERS_256
  22385. XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
  22386. bytes = sizeof_server_ed25519_cert;
  22387. #elif !defined(NO_FILESYSTEM)
  22388. file = XFOPEN(serverEd25519Cert, "rb");
  22389. if (file == NULL) {
  22390. ERROR_OUT(-10734, done);
  22391. }
  22392. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  22393. XFCLOSE(file);
  22394. #else
  22395. /* No certificate to use. */
  22396. ERROR_OUT(-10735, done);
  22397. #endif
  22398. InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
  22399. serverCert = &cert[1];
  22400. ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
  22401. if (ret != 0) {
  22402. ERROR_OUT(-10736, done);
  22403. }
  22404. #ifdef HAVE_ED25519_VERIFY
  22405. ret = wc_ed25519_init(&key);
  22406. if (ret < 0) {
  22407. ERROR_OUT(-10737, done);
  22408. }
  22409. pubKey = &key;
  22410. ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
  22411. pubKey);
  22412. if (ret < 0) {
  22413. ERROR_OUT(-10738, done);
  22414. }
  22415. if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
  22416. serverCert->source + serverCert->certBegin,
  22417. serverCert->sigIndex - serverCert->certBegin,
  22418. &verify, pubKey) < 0 || verify != 1) {
  22419. ERROR_OUT(-10739, done);
  22420. }
  22421. #endif /* HAVE_ED25519_VERIFY */
  22422. done:
  22423. if (tmp != NULL)
  22424. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22425. #ifdef HAVE_ED25519_VERIFY
  22426. wc_ed25519_free(pubKey);
  22427. #endif /* HAVE_ED25519_VERIFY */
  22428. if (caCert != NULL)
  22429. FreeDecodedCert(caCert);
  22430. if (serverCert != NULL)
  22431. FreeDecodedCert(serverCert);
  22432. return ret;
  22433. }
  22434. static int ed25519_test_make_cert(void)
  22435. {
  22436. WC_RNG rng;
  22437. Cert cert;
  22438. DecodedCert decode;
  22439. ed25519_key key;
  22440. ed25519_key* privKey = NULL;
  22441. int ret = 0;
  22442. byte* tmp = NULL;
  22443. wc_InitCert_ex(&cert, HEAP_HINT, devId);
  22444. #ifndef HAVE_FIPS
  22445. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  22446. #else
  22447. ret = wc_InitRng(&rng);
  22448. #endif
  22449. if (ret != 0)
  22450. return -10750;
  22451. wc_ed25519_init(&key);
  22452. privKey = &key;
  22453. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
  22454. cert.daysValid = 365 * 2;
  22455. cert.selfSigned = 1;
  22456. XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
  22457. XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
  22458. cert.isCA = 0;
  22459. #ifdef WOLFSSL_CERT_EXT
  22460. ret = wc_SetKeyUsage(&cert, certKeyUsage);
  22461. if (ret < 0) {
  22462. ERROR_OUT(-10751, done);
  22463. }
  22464. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
  22465. if (ret < 0) {
  22466. ERROR_OUT(-10752, done);
  22467. }
  22468. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
  22469. if (ret < 0) {
  22470. ERROR_OUT(-10753, done);
  22471. }
  22472. #endif
  22473. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22474. if (tmp == NULL) {
  22475. ERROR_OUT(-10754, done);
  22476. }
  22477. cert.sigType = CTC_ED25519;
  22478. ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
  22479. if (ret < 0) {
  22480. ERROR_OUT(-10755, done);
  22481. }
  22482. ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
  22483. ED25519_TYPE, privKey, &rng);
  22484. if (ret < 0) {
  22485. ERROR_OUT(-10756, done);
  22486. }
  22487. InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
  22488. ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
  22489. FreeDecodedCert(&decode);
  22490. if (ret != 0) {
  22491. ERROR_OUT(-10757, done);
  22492. }
  22493. done:
  22494. if (tmp != NULL)
  22495. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22496. wc_ed25519_free(privKey);
  22497. wc_FreeRng(&rng);
  22498. return ret;
  22499. }
  22500. #endif /* WOLFSSL_TEST_CERT */
  22501. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
  22502. defined(HAVE_ED25519_KEY_IMPORT)
  22503. static int ed25519ctx_test(void)
  22504. {
  22505. int ret;
  22506. byte out[ED25519_SIG_SIZE];
  22507. word32 outlen;
  22508. #ifdef HAVE_ED25519_VERIFY
  22509. int verify = 0;
  22510. #endif /* HAVE_ED25519_VERIFY */
  22511. ed25519_key key;
  22512. WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
  22513. 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f,
  22514. 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57,
  22515. 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95,
  22516. 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6
  22517. };
  22518. WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
  22519. 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f,
  22520. 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae,
  22521. 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb,
  22522. 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92
  22523. };
  22524. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = {
  22525. 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04,
  22526. 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b,
  22527. 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76,
  22528. 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a,
  22529. 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22,
  22530. 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5,
  22531. 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2,
  22532. 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d
  22533. };
  22534. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = {
  22535. 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3,
  22536. 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a,
  22537. 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5,
  22538. 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4,
  22539. 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d,
  22540. 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54,
  22541. 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68,
  22542. 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d
  22543. };
  22544. WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
  22545. 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49,
  22546. 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8
  22547. };
  22548. WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
  22549. 0x66,0x6f,0x6f
  22550. };
  22551. outlen = sizeof(out);
  22552. XMEMSET(out, 0, sizeof(out));
  22553. ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
  22554. if (ret != 0)
  22555. return 10800;
  22556. ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
  22557. sizeof(pKeyCtx), &key);
  22558. if (ret == 0)
  22559. ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
  22560. contextCtx, sizeof(contextCtx));
  22561. if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0)
  22562. ret = -10801;
  22563. #if defined(HAVE_ED25519_VERIFY)
  22564. /* test verify on good msg */
  22565. if (ret == 0)
  22566. ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
  22567. &verify, &key, contextCtx, sizeof(contextCtx));
  22568. if (ret == 0 && verify != 1)
  22569. ret = -10802;
  22570. #endif
  22571. if (ret == 0)
  22572. ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
  22573. NULL, 0);
  22574. if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0)
  22575. ret = -10803;
  22576. #if defined(HAVE_ED25519_VERIFY)
  22577. /* test verify on good msg */
  22578. if (ret == 0)
  22579. ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
  22580. &verify, &key, NULL, 0);
  22581. if (ret == 0 && verify != 1)
  22582. ret = -10804;
  22583. #endif
  22584. wc_ed25519_free(&key);
  22585. return ret;
  22586. }
  22587. static int ed25519ph_test(void)
  22588. {
  22589. int ret = 0;
  22590. byte out[ED25519_SIG_SIZE];
  22591. word32 outlen;
  22592. #ifdef HAVE_ED25519_VERIFY
  22593. int verify = 0;
  22594. #endif /* HAVE_ED25519_VERIFY */
  22595. ed25519_key key;
  22596. WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
  22597. 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
  22598. 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
  22599. 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
  22600. 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
  22601. };
  22602. WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
  22603. 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
  22604. 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
  22605. 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
  22606. 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
  22607. };
  22608. WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
  22609. 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a,
  22610. 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80,
  22611. 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76,
  22612. 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41,
  22613. 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35,
  22614. 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa,
  22615. 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a,
  22616. 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06
  22617. };
  22618. WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
  22619. 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6,
  22620. 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29,
  22621. 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34,
  22622. 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08,
  22623. 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5,
  22624. 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6,
  22625. 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4,
  22626. 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e
  22627. };
  22628. WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
  22629. 0x61,0x62,0x63
  22630. };
  22631. /* SHA-512 hash of msgPh */
  22632. WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
  22633. 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
  22634. 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
  22635. 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
  22636. 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
  22637. 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
  22638. 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
  22639. 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
  22640. 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f
  22641. };
  22642. WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
  22643. 0x66,0x6f,0x6f
  22644. };
  22645. outlen = sizeof(out);
  22646. XMEMSET(out, 0, sizeof(out));
  22647. ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
  22648. if (ret != 0)
  22649. return -10900;
  22650. ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
  22651. sizeof(pKeyPh), &key);
  22652. if (ret == 0)
  22653. ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
  22654. NULL, 0);
  22655. if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
  22656. ret = -10901;
  22657. #if defined(HAVE_ED25519_VERIFY)
  22658. /* test verify on good msg */
  22659. if (ret == 0)
  22660. ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh),
  22661. &verify, &key, NULL, 0);
  22662. if (ret == 0 && verify != 1)
  22663. ret = -10902;
  22664. #endif
  22665. if (ret == 0)
  22666. ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
  22667. contextPh2, sizeof(contextPh2));
  22668. if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
  22669. ret = -10903;
  22670. #if defined(HAVE_ED25519_VERIFY)
  22671. /* test verify on good msg */
  22672. if (ret == 0)
  22673. ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
  22674. &key, contextPh2, sizeof(contextPh2));
  22675. if (ret == 0 && verify != 1)
  22676. ret = -10904;
  22677. #endif
  22678. if (ret == 0)
  22679. ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
  22680. NULL, 0);
  22681. if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
  22682. ret = -10905;
  22683. #if defined(HAVE_ED25519_VERIFY)
  22684. if (ret == 0)
  22685. ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh),
  22686. &verify, &key, NULL, 0);
  22687. if (ret == 0 && verify != 1)
  22688. ret = -10906;
  22689. #endif
  22690. if (ret == 0)
  22691. ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
  22692. contextPh2, sizeof(contextPh2));
  22693. if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
  22694. ret = -10907;
  22695. #if defined(HAVE_ED25519_VERIFY)
  22696. if (ret == 0)
  22697. ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  22698. &key, contextPh2, sizeof(contextPh2));
  22699. if (ret == 0 && verify != 1)
  22700. ret = -10908;
  22701. #endif
  22702. wc_ed25519_free(&key);
  22703. return ret;
  22704. }
  22705. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  22706. WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
  22707. {
  22708. int ret;
  22709. WC_RNG rng;
  22710. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
  22711. defined(HAVE_ED25519_KEY_IMPORT)
  22712. byte out[ED25519_SIG_SIZE];
  22713. byte exportPKey[ED25519_KEY_SIZE];
  22714. byte exportSKey[ED25519_KEY_SIZE];
  22715. word32 exportPSz;
  22716. word32 exportSSz;
  22717. int i;
  22718. word32 outlen;
  22719. #ifdef HAVE_ED25519_VERIFY
  22720. #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
  22721. int j;
  22722. #endif
  22723. int verify;
  22724. #endif /* HAVE_ED25519_VERIFY */
  22725. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  22726. word32 keySz, sigSz;
  22727. ed25519_key key;
  22728. ed25519_key key2;
  22729. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
  22730. defined(HAVE_ED25519_KEY_IMPORT)
  22731. /* test vectors from
  22732. https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
  22733. */
  22734. WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
  22735. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  22736. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  22737. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  22738. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  22739. };
  22740. WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
  22741. 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
  22742. 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
  22743. 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
  22744. 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
  22745. };
  22746. WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
  22747. 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
  22748. 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
  22749. 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
  22750. 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
  22751. };
  22752. /* uncompressed test */
  22753. WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
  22754. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  22755. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  22756. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  22757. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  22758. };
  22759. /* compressed prefix test */
  22760. WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
  22761. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  22762. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  22763. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  22764. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  22765. };
  22766. WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
  22767. 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
  22768. 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
  22769. 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
  22770. 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
  22771. };
  22772. WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
  22773. WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
  22774. 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
  22775. 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
  22776. 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
  22777. 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
  22778. };
  22779. WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
  22780. 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
  22781. 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
  22782. 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
  22783. 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
  22784. };
  22785. WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
  22786. 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
  22787. 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
  22788. 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
  22789. 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
  22790. };
  22791. /* uncompressed test */
  22792. WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
  22793. 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
  22794. 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
  22795. 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
  22796. 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
  22797. 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
  22798. 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
  22799. 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
  22800. 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
  22801. 0xd7
  22802. };
  22803. /* compressed prefix */
  22804. WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
  22805. 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
  22806. 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
  22807. 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
  22808. 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
  22809. };
  22810. WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
  22811. 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
  22812. 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
  22813. 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
  22814. 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
  22815. };
  22816. WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
  22817. WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
  22818. sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
  22819. WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
  22820. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  22821. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  22822. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  22823. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  22824. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  22825. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  22826. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  22827. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  22828. };
  22829. WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
  22830. 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
  22831. 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
  22832. 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
  22833. 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
  22834. 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
  22835. 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
  22836. 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
  22837. 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
  22838. };
  22839. WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
  22840. 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
  22841. 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
  22842. 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
  22843. 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
  22844. 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
  22845. 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
  22846. 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
  22847. 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
  22848. };
  22849. /* uncompressed test */
  22850. WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
  22851. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  22852. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  22853. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  22854. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  22855. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  22856. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  22857. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  22858. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  22859. };
  22860. /* compressed prefix */
  22861. WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
  22862. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  22863. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  22864. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  22865. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  22866. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  22867. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  22868. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  22869. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  22870. };
  22871. WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
  22872. 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
  22873. 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
  22874. 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
  22875. 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
  22876. 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
  22877. 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
  22878. 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
  22879. 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
  22880. };
  22881. WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
  22882. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 };
  22883. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72};
  22884. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82};
  22885. /* test of a 1024 byte long message */
  22886. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
  22887. 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
  22888. 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
  22889. 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
  22890. 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
  22891. 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
  22892. 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
  22893. 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
  22894. 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
  22895. 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
  22896. 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
  22897. 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
  22898. 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
  22899. 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
  22900. 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
  22901. 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
  22902. 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
  22903. 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
  22904. 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
  22905. 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
  22906. 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
  22907. 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
  22908. 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
  22909. 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
  22910. 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
  22911. 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
  22912. 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
  22913. 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
  22914. 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
  22915. 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
  22916. 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
  22917. 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
  22918. 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
  22919. 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
  22920. 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
  22921. 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
  22922. 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
  22923. 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
  22924. 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
  22925. 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
  22926. 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
  22927. 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
  22928. 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
  22929. 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
  22930. 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
  22931. 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
  22932. 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
  22933. 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
  22934. 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
  22935. 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
  22936. 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
  22937. 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
  22938. 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
  22939. 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
  22940. 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
  22941. 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
  22942. 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
  22943. 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
  22944. 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
  22945. 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
  22946. 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
  22947. 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
  22948. 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
  22949. 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
  22950. 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
  22951. 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
  22952. 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
  22953. 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
  22954. 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
  22955. 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
  22956. 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
  22957. 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
  22958. 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
  22959. 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
  22960. 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
  22961. 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
  22962. 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
  22963. 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
  22964. 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
  22965. 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
  22966. 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
  22967. 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
  22968. 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
  22969. 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
  22970. 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
  22971. 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
  22972. 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
  22973. 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
  22974. 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
  22975. 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
  22976. 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
  22977. 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
  22978. 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
  22979. 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
  22980. 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
  22981. 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
  22982. 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
  22983. 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
  22984. 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
  22985. 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
  22986. 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
  22987. 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
  22988. 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
  22989. 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
  22990. 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
  22991. 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
  22992. 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
  22993. 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
  22994. 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
  22995. 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
  22996. 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
  22997. 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
  22998. 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
  22999. 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
  23000. 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
  23001. 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
  23002. 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
  23003. 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
  23004. 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
  23005. 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
  23006. 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
  23007. 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
  23008. 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
  23009. 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
  23010. 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
  23011. 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
  23012. 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
  23013. 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
  23014. 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
  23015. };
  23016. WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
  23017. WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
  23018. sizeof(msg2),
  23019. sizeof(msg3),
  23020. 0 /*sizeof(msg1)*/,
  23021. 0 /*sizeof(msg1)*/,
  23022. sizeof(msg4)
  23023. };
  23024. #ifndef NO_ASN
  23025. static byte privateEd25519[] = {
  23026. 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
  23027. 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
  23028. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  23029. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  23030. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  23031. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  23032. };
  23033. static byte badPrivateEd25519[] = {
  23034. 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
  23035. 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
  23036. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  23037. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  23038. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  23039. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
  23040. 0xa1,0x22,0x04,0x21,0xd7,0x5a,0x98,0x01, /* octet len 0x20 -> 0x21 */
  23041. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  23042. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  23043. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  23044. 0xf7,0x07,0x51,0x1a,
  23045. 0x00 /* add additional bytes to make the pubkey bigger */
  23046. };
  23047. static byte publicEd25519[] = {
  23048. 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
  23049. 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
  23050. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  23051. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  23052. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  23053. 0xf7,0x07,0x51,0x1a
  23054. };
  23055. /* size has been altered to catch if sanity check is done */
  23056. static byte badPublicEd25519[] = {
  23057. 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
  23058. 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
  23059. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  23060. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  23061. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  23062. 0xf7,0x07,0x51,0x1a,
  23063. 0x00 /* add an additional byte to make the pubkey appear bigger */
  23064. };
  23065. static byte privPubEd25519[] = {
  23066. 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
  23067. 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
  23068. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  23069. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  23070. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  23071. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
  23072. 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01,
  23073. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  23074. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  23075. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  23076. 0xf7,0x07,0x51,0x1a
  23077. };
  23078. word32 idx;
  23079. #endif /* NO_ASN */
  23080. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  23081. #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
  23082. ed25519_key key3;
  23083. #endif
  23084. /* create ed25519 keys */
  23085. #ifndef HAVE_FIPS
  23086. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  23087. #else
  23088. ret = wc_InitRng(&rng);
  23089. #endif
  23090. if (ret != 0)
  23091. return -11000;
  23092. wc_ed25519_init_ex(&key, HEAP_HINT, devId);
  23093. wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
  23094. #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
  23095. wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
  23096. #endif
  23097. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  23098. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
  23099. /* helper functions for signature and key size */
  23100. keySz = wc_ed25519_size(&key);
  23101. sigSz = wc_ed25519_sig_size(&key);
  23102. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
  23103. defined(HAVE_ED25519_KEY_IMPORT)
  23104. for (i = 0; i < 6; i++) {
  23105. outlen = sizeof(out);
  23106. XMEMSET(out, 0, sizeof(out));
  23107. if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
  23108. pKeySz[i], &key) != 0)
  23109. return -11001 - i;
  23110. if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
  23111. return -11011 - i;
  23112. if (XMEMCMP(out, sigs[i], 64))
  23113. return -11021 - i;
  23114. #if defined(HAVE_ED25519_VERIFY)
  23115. /* test verify on good msg */
  23116. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  23117. &key) != 0 || verify != 1)
  23118. return -11031 - i;
  23119. #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
  23120. /* test verify on good msg using streaming interface directly */
  23121. if (wc_ed25519_verify_msg_init(out, outlen,
  23122. &key, (byte)Ed25519, NULL, 0) != 0)
  23123. return -11211 - i;
  23124. for (j = 0; j < msgSz[i]; j += i) {
  23125. if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0)
  23126. return -11221 - i;
  23127. }
  23128. if (wc_ed25519_verify_msg_final(out, outlen, &verify,
  23129. &key) != 0 || verify != 1)
  23130. return -11231 - i;
  23131. #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
  23132. /* test verify on bad msg */
  23133. out[outlen-1] = out[outlen-1] + 1;
  23134. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  23135. &key) == 0 || verify == 1)
  23136. return -11041 - i;
  23137. #endif /* HAVE_ED25519_VERIFY */
  23138. /* test api for import/exporting keys */
  23139. exportPSz = sizeof(exportPKey);
  23140. exportSSz = sizeof(exportSKey);
  23141. if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
  23142. return -11051 - i;
  23143. if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0)
  23144. return -11061 - i;
  23145. if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
  23146. return -11071 - i;
  23147. if (wc_ed25519_import_private_key(exportSKey, exportSSz,
  23148. exportPKey, exportPSz, &key2) != 0)
  23149. return -11081 - i;
  23150. /* clear "out" buffer and test sign with imported keys */
  23151. outlen = sizeof(out);
  23152. XMEMSET(out, 0, sizeof(out));
  23153. if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
  23154. return -11091 - i;
  23155. #if defined(HAVE_ED25519_VERIFY)
  23156. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  23157. &key2) != 0 || verify != 1)
  23158. return -11101 - i;
  23159. if (XMEMCMP(out, sigs[i], 64))
  23160. return -11111 - i;
  23161. #endif /* HAVE_ED25519_VERIFY */
  23162. }
  23163. ret = ed25519ctx_test();
  23164. if (ret != 0)
  23165. return ret;
  23166. ret = ed25519ph_test();
  23167. if (ret != 0)
  23168. return ret;
  23169. #ifndef NO_ASN
  23170. /* Try ASN.1 encoded private-only key and public key. */
  23171. idx = 0;
  23172. if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
  23173. sizeof(privateEd25519)) != 0)
  23174. return -11121;
  23175. idx = 0;
  23176. if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3,
  23177. sizeof(badPrivateEd25519)) == 0)
  23178. return -11122;
  23179. if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3)
  23180. != BAD_FUNC_ARG)
  23181. return -11131;
  23182. /* try with a buffer size that is too large */
  23183. idx = 0;
  23184. if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
  23185. sizeof(badPublicEd25519)) == 0)
  23186. return -11140;
  23187. idx = 0;
  23188. if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
  23189. sizeof(publicEd25519)) != 0)
  23190. return -11141;
  23191. if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
  23192. return -11151;
  23193. if (XMEMCMP(out, sigs[0], 64))
  23194. return -11161;
  23195. #if defined(HAVE_ED25519_VERIFY)
  23196. /* test verify on good msg */
  23197. if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3)
  23198. != 0 || verify != 1)
  23199. return -11171;
  23200. #endif /* HAVE_ED25519_VERIFY */
  23201. wc_ed25519_free(&key3);
  23202. wc_ed25519_init(&key3);
  23203. idx = 0;
  23204. if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
  23205. sizeof(privPubEd25519)) != 0)
  23206. return -11181;
  23207. if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
  23208. return -11191;
  23209. if (XMEMCMP(out, sigs[0], 64))
  23210. return -11201;
  23211. wc_ed25519_free(&key3);
  23212. #endif /* NO_ASN */
  23213. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  23214. /* clean up keys when done */
  23215. wc_ed25519_free(&key);
  23216. wc_ed25519_free(&key2);
  23217. #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
  23218. wc_FreeRng(&rng);
  23219. #endif
  23220. /* hush warnings of unused keySz and sigSz */
  23221. (void)keySz;
  23222. (void)sigSz;
  23223. #ifdef WOLFSSL_TEST_CERT
  23224. ret = ed25519_test_cert();
  23225. if (ret < 0)
  23226. return ret;
  23227. #ifdef WOLFSSL_CERT_GEN
  23228. ret = ed25519_test_make_cert();
  23229. if (ret < 0)
  23230. return ret;
  23231. #endif /* WOLFSSL_CERT_GEN */
  23232. #endif /* WOLFSSL_TEST_CERT */
  23233. return 0;
  23234. }
  23235. #endif /* HAVE_ED25519 */
  23236. #ifdef HAVE_CURVE448
  23237. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  23238. defined(HAVE_CURVE448_KEY_IMPORT)
  23239. /* Test the wc_curve448_check_public API.
  23240. *
  23241. * returns 0 on success and -ve on failure.
  23242. */
  23243. static int curve448_check_public_test(void)
  23244. {
  23245. /* Little-endian values that will fail */
  23246. byte fail_le[][CURVE448_KEY_SIZE] = {
  23247. {
  23248. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23249. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23250. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23251. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23252. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23253. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23254. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  23255. },
  23256. {
  23257. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23258. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23259. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23260. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23261. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23262. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23263. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  23264. },
  23265. };
  23266. /* Big-endian values that will fail */
  23267. byte fail_be[][CURVE448_KEY_SIZE] = {
  23268. {
  23269. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23270. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23271. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23272. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23273. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23274. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23275. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  23276. },
  23277. {
  23278. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23279. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23280. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23281. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23282. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23283. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23284. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  23285. },
  23286. };
  23287. /* Good or valid public value */
  23288. byte good[CURVE448_KEY_SIZE] = {
  23289. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23290. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23291. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23292. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23293. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23294. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  23295. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  23296. };
  23297. int i;
  23298. /* Parameter checks */
  23299. /* NULL pointer */
  23300. if (wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN) !=
  23301. BAD_FUNC_ARG) {
  23302. return -11300;
  23303. }
  23304. if (wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN) != BAD_FUNC_ARG) {
  23305. return -11301;
  23306. }
  23307. /* Length of 0 treated differently to other invalid lengths for TLS */
  23308. if (wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN) != BUFFER_E)
  23309. return -11302;
  23310. if (wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN) != BUFFER_E)
  23311. return -11303;
  23312. /* Length not CURVE448_KEY_SIZE */
  23313. for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
  23314. if (i == CURVE448_KEY_SIZE)
  23315. continue;
  23316. if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) !=
  23317. ECC_BAD_ARG_E) {
  23318. return -11304 - i;
  23319. }
  23320. if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) !=
  23321. ECC_BAD_ARG_E) {
  23322. return -11314 - i;
  23323. }
  23324. }
  23325. /* Little-endian fail cases */
  23326. for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
  23327. if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE,
  23328. EC448_LITTLE_ENDIAN) == 0) {
  23329. return -11324 - i;
  23330. }
  23331. }
  23332. /* Big-endian fail cases */
  23333. for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
  23334. if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE,
  23335. EC448_BIG_ENDIAN) == 0) {
  23336. return -11334 - i;
  23337. }
  23338. }
  23339. /* Check a valid public value works! */
  23340. if (wc_curve448_check_public(good, CURVE448_KEY_SIZE,
  23341. EC448_LITTLE_ENDIAN) != 0) {
  23342. return -11344;
  23343. }
  23344. if (wc_curve448_check_public(good, CURVE448_KEY_SIZE,
  23345. EC448_BIG_ENDIAN) != 0) {
  23346. return -11345;
  23347. }
  23348. return 0;
  23349. }
  23350. #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
  23351. WOLFSSL_TEST_SUBROUTINE int curve448_test(void)
  23352. {
  23353. WC_RNG rng;
  23354. int ret;
  23355. #ifdef HAVE_CURVE448_SHARED_SECRET
  23356. byte sharedA[CURVE448_KEY_SIZE];
  23357. byte sharedB[CURVE448_KEY_SIZE];
  23358. word32 y;
  23359. #endif
  23360. #ifdef HAVE_CURVE448_KEY_EXPORT
  23361. byte exportBuf[CURVE448_KEY_SIZE];
  23362. #endif
  23363. word32 x;
  23364. curve448_key userA, userB, pubKey;
  23365. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  23366. defined(HAVE_CURVE448_KEY_IMPORT)
  23367. /* test vectors from
  23368. https://www.rfc-editor.org/rfc/rfc7748.html
  23369. */
  23370. /* secret key for party a */
  23371. byte sa[] = {
  23372. 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a,
  23373. 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00,
  23374. 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74,
  23375. 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4,
  23376. 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee,
  23377. 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75,
  23378. 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a,
  23379. };
  23380. /* public key for party a */
  23381. byte pa[] = {
  23382. 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17,
  23383. 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c,
  23384. 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8,
  23385. 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa,
  23386. 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27,
  23387. 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d,
  23388. 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b,
  23389. };
  23390. /* secret key for party b */
  23391. byte sb[] = {
  23392. 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36,
  23393. 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37,
  23394. 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb,
  23395. 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f,
  23396. 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6,
  23397. 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99,
  23398. 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c,
  23399. };
  23400. /* public key for party b */
  23401. byte pb[] = {
  23402. 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07,
  23403. 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7,
  23404. 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc,
  23405. 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3,
  23406. 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d,
  23407. 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc,
  23408. 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e,
  23409. };
  23410. /* expected shared key */
  23411. byte ss[] = {
  23412. 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44,
  23413. 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52,
  23414. 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd,
  23415. 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28,
  23416. 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d,
  23417. 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec,
  23418. 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07,
  23419. };
  23420. #endif /* HAVE_CURVE448_SHARED_SECRET */
  23421. (void)x;
  23422. #ifndef HAVE_FIPS
  23423. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  23424. #else
  23425. ret = wc_InitRng(&rng);
  23426. #endif
  23427. if (ret != 0)
  23428. return -11400;
  23429. wc_curve448_init(&userA);
  23430. wc_curve448_init(&userB);
  23431. wc_curve448_init(&pubKey);
  23432. /* make curve448 keys */
  23433. if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA) != 0)
  23434. return -11401;
  23435. if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB) != 0)
  23436. return -11402;
  23437. #ifdef HAVE_CURVE448_SHARED_SECRET
  23438. /* find shared secret key */
  23439. x = sizeof(sharedA);
  23440. if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0)
  23441. return -11403;
  23442. y = sizeof(sharedB);
  23443. if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
  23444. return -11404;
  23445. /* compare shared secret keys to test they are the same */
  23446. if (y != x)
  23447. return -11405;
  23448. if (XMEMCMP(sharedA, sharedB, x))
  23449. return -11406;
  23450. #endif
  23451. #ifdef HAVE_CURVE448_KEY_EXPORT
  23452. /* export a public key and import it for another user */
  23453. x = sizeof(exportBuf);
  23454. if (wc_curve448_export_public(&userA, exportBuf, &x) != 0)
  23455. return -11407;
  23456. #ifdef HAVE_CURVE448_KEY_IMPORT
  23457. if (wc_curve448_import_public(exportBuf, x, &pubKey) != 0)
  23458. return -11408;
  23459. #endif
  23460. #endif
  23461. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  23462. defined(HAVE_CURVE448_KEY_IMPORT)
  23463. /* test shared key after importing a public key */
  23464. XMEMSET(sharedB, 0, sizeof(sharedB));
  23465. y = sizeof(sharedB);
  23466. if (wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
  23467. return -11409;
  23468. if (XMEMCMP(sharedA, sharedB, y))
  23469. return -11410;
  23470. /* import RFC test vectors and compare shared key */
  23471. if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
  23472. != 0)
  23473. return -11411;
  23474. if (wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
  23475. != 0)
  23476. return -11412;
  23477. /* test against known test vector */
  23478. XMEMSET(sharedB, 0, sizeof(sharedB));
  23479. y = sizeof(sharedB);
  23480. if (wc_curve448_shared_secret(&userA, &userB, sharedB, &y) != 0)
  23481. return -11413;
  23482. if (XMEMCMP(ss, sharedB, y))
  23483. return -11414;
  23484. /* test swapping roles of keys and generating same shared key */
  23485. XMEMSET(sharedB, 0, sizeof(sharedB));
  23486. y = sizeof(sharedB);
  23487. if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
  23488. return -11415;
  23489. if (XMEMCMP(ss, sharedB, y))
  23490. return -11416;
  23491. /* test with 1 generated key and 1 from known test vector */
  23492. if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
  23493. != 0)
  23494. return -11417;
  23495. if (wc_curve448_make_key(&rng, 56, &userB) != 0)
  23496. return -11418;
  23497. x = sizeof(sharedA);
  23498. if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0)
  23499. return -11419;
  23500. y = sizeof(sharedB);
  23501. if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
  23502. return -11420;
  23503. /* compare shared secret keys to test they are the same */
  23504. if (y != x)
  23505. return -11421;
  23506. if (XMEMCMP(sharedA, sharedB, x))
  23507. return -11422;
  23508. ret = curve448_check_public_test();
  23509. if (ret != 0)
  23510. return ret;
  23511. #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
  23512. /* clean up keys when done */
  23513. wc_curve448_free(&pubKey);
  23514. wc_curve448_free(&userB);
  23515. wc_curve448_free(&userA);
  23516. wc_FreeRng(&rng);
  23517. return 0;
  23518. }
  23519. #endif /* HAVE_CURVE448 */
  23520. #ifdef HAVE_ED448
  23521. #ifdef WOLFSSL_TEST_CERT
  23522. static int ed448_test_cert(void)
  23523. {
  23524. DecodedCert cert[2];
  23525. DecodedCert* serverCert = NULL;
  23526. DecodedCert* caCert = NULL;
  23527. #ifdef HAVE_ED448_VERIFY
  23528. ed448_key key;
  23529. ed448_key* pubKey = NULL;
  23530. int verify;
  23531. #endif /* HAVE_ED448_VERIFY */
  23532. int ret;
  23533. byte* tmp;
  23534. size_t bytes;
  23535. XFILE file;
  23536. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23537. if (tmp == NULL) {
  23538. ERROR_OUT(-11430, done);
  23539. }
  23540. #ifdef USE_CERT_BUFFERS_256
  23541. XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert);
  23542. bytes = sizeof_ca_ed448_cert;
  23543. #elif !defined(NO_FILESYSTEM)
  23544. file = XFOPEN(caEd448Cert, "rb");
  23545. if (file == NULL) {
  23546. ERROR_OUT(-11431, done);
  23547. }
  23548. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  23549. XFCLOSE(file);
  23550. #else
  23551. /* No certificate to use. */
  23552. ERROR_OUT(-11432, done);
  23553. #endif
  23554. InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
  23555. caCert = &cert[0];
  23556. ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
  23557. if (ret != 0) {
  23558. ERROR_OUT(-11433, done);
  23559. }
  23560. #ifdef USE_CERT_BUFFERS_256
  23561. XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert);
  23562. bytes = sizeof_server_ed448_cert;
  23563. #elif !defined(NO_FILESYSTEM)
  23564. file = XFOPEN(serverEd448Cert, "rb");
  23565. if (file == NULL) {
  23566. ERROR_OUT(-11434, done);
  23567. }
  23568. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  23569. XFCLOSE(file);
  23570. #else
  23571. /* No certificate to use. */
  23572. ERROR_OUT(-11435, done);
  23573. #endif
  23574. InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
  23575. serverCert = &cert[1];
  23576. ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
  23577. if (ret != 0) {
  23578. ERROR_OUT(-11436, done);
  23579. }
  23580. #ifdef HAVE_ED448_VERIFY
  23581. ret = wc_ed448_init(&key);
  23582. if (ret < 0) {
  23583. ERROR_OUT(-11437, done);
  23584. }
  23585. pubKey = &key;
  23586. ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey);
  23587. if (ret < 0) {
  23588. ERROR_OUT(-11438, done);
  23589. }
  23590. if (wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength,
  23591. serverCert->source + serverCert->certBegin,
  23592. serverCert->sigIndex - serverCert->certBegin,
  23593. &verify, pubKey, NULL, 0) < 0 || verify != 1) {
  23594. ERROR_OUT(-11439, done);
  23595. }
  23596. #endif /* HAVE_ED448_VERIFY */
  23597. done:
  23598. if (tmp != NULL)
  23599. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23600. #ifdef HAVE_ED448_VERIFY
  23601. wc_ed448_free(pubKey);
  23602. #endif /* HAVE_ED448_VERIFY */
  23603. if (caCert != NULL)
  23604. FreeDecodedCert(caCert);
  23605. if (serverCert != NULL)
  23606. FreeDecodedCert(serverCert);
  23607. return ret;
  23608. }
  23609. static int ed448_test_make_cert(void)
  23610. {
  23611. WC_RNG rng;
  23612. Cert cert;
  23613. DecodedCert decode;
  23614. ed448_key key;
  23615. ed448_key* privKey = NULL;
  23616. int ret = 0;
  23617. byte* tmp = NULL;
  23618. wc_InitCert_ex(&cert, HEAP_HINT, devId);
  23619. #ifndef HAVE_FIPS
  23620. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  23621. #else
  23622. ret = wc_InitRng(&rng);
  23623. #endif
  23624. if (ret != 0)
  23625. return -11450;
  23626. wc_ed448_init(&key);
  23627. privKey = &key;
  23628. wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey);
  23629. cert.daysValid = 365 * 2;
  23630. cert.selfSigned = 1;
  23631. XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
  23632. XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
  23633. cert.isCA = 0;
  23634. #ifdef WOLFSSL_CERT_EXT
  23635. ret = wc_SetKeyUsage(&cert, certKeyUsage);
  23636. if (ret < 0) {
  23637. ERROR_OUT(-11451, done);
  23638. }
  23639. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
  23640. if (ret < 0) {
  23641. ERROR_OUT(-11452, done);
  23642. }
  23643. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
  23644. if (ret < 0) {
  23645. ERROR_OUT(-11453, done);
  23646. }
  23647. #endif
  23648. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23649. if (tmp == NULL) {
  23650. ERROR_OUT(-11454, done);
  23651. }
  23652. cert.sigType = CTC_ED448;
  23653. ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng);
  23654. if (ret < 0) {
  23655. ERROR_OUT(-11455, done);
  23656. }
  23657. ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE,
  23658. privKey, &rng);
  23659. if (ret < 0) {
  23660. ERROR_OUT(-11456, done);
  23661. }
  23662. InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
  23663. ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
  23664. FreeDecodedCert(&decode);
  23665. if (ret != 0) {
  23666. ERROR_OUT(-11457, done);
  23667. }
  23668. done:
  23669. if (tmp != NULL)
  23670. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23671. wc_ed448_free(privKey);
  23672. wc_FreeRng(&rng);
  23673. return ret;
  23674. }
  23675. #endif /* WOLFSSL_TEST_CERT */
  23676. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
  23677. defined(HAVE_ED448_KEY_IMPORT)
  23678. static int ed448_ctx_test(void)
  23679. {
  23680. byte out[ED448_SIG_SIZE];
  23681. word32 outlen;
  23682. #ifdef HAVE_ED448_VERIFY
  23683. int verify;
  23684. #endif /* HAVE_ED448_VERIFY */
  23685. ed448_key key;
  23686. WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
  23687. 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
  23688. 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
  23689. 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
  23690. 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
  23691. 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
  23692. 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
  23693. 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
  23694. 0x4e
  23695. };
  23696. WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
  23697. 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
  23698. 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
  23699. 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
  23700. 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
  23701. 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
  23702. 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
  23703. 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
  23704. 0x80
  23705. };
  23706. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = {
  23707. 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46,
  23708. 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55,
  23709. 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab,
  23710. 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2,
  23711. 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2,
  23712. 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21,
  23713. 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea,
  23714. 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda,
  23715. 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d,
  23716. 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24,
  23717. 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f,
  23718. 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d,
  23719. 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98,
  23720. 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c,
  23721. 0x3c, 0x00
  23722. };
  23723. WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
  23724. 0x03
  23725. };
  23726. WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
  23727. 0x66,0x6f,0x6f
  23728. };
  23729. outlen = sizeof(out);
  23730. XMEMSET(out, 0, sizeof(out));
  23731. if (wc_ed448_init_ex(&key, HEAP_HINT, devId) != 0)
  23732. return -11500;
  23733. if (wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx,
  23734. sizeof(pKeyCtx), &key) != 0)
  23735. return -11501;
  23736. if (wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
  23737. contextCtx, sizeof(contextCtx)) != 0)
  23738. return -11502;
  23739. if (XMEMCMP(out, sigCtx, sizeof(sigCtx)))
  23740. return -11503;
  23741. #if defined(HAVE_ED448_VERIFY)
  23742. /* test verify on good msg */
  23743. if (wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key,
  23744. contextCtx, sizeof(contextCtx)) != 0 || verify != 1)
  23745. return -11504;
  23746. #endif
  23747. wc_ed448_free(&key);
  23748. return 0;
  23749. }
  23750. static int ed448ph_test(void)
  23751. {
  23752. byte out[ED448_SIG_SIZE];
  23753. word32 outlen;
  23754. #ifdef HAVE_ED448_VERIFY
  23755. int verify;
  23756. #endif /* HAVE_ED448_VERIFY */
  23757. ed448_key key;
  23758. WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
  23759. 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
  23760. 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
  23761. 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
  23762. 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42,
  23763. 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27,
  23764. 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3,
  23765. 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c,
  23766. 0x49
  23767. };
  23768. WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
  23769. 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77,
  23770. 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31,
  23771. 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde,
  23772. 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43,
  23773. 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5,
  23774. 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76,
  23775. 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38,
  23776. 0x80
  23777. };
  23778. WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
  23779. 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d,
  23780. 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69,
  23781. 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56,
  23782. 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38,
  23783. 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15,
  23784. 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd,
  23785. 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b,
  23786. 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd,
  23787. 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94,
  23788. 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5,
  23789. 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94,
  23790. 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3,
  23791. 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60,
  23792. 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9,
  23793. 0x0f, 0x00
  23794. };
  23795. WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
  23796. 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02,
  23797. 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9,
  23798. 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49,
  23799. 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48,
  23800. 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92,
  23801. 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda,
  23802. 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2,
  23803. 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3,
  23804. 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23,
  23805. 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30,
  23806. 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb,
  23807. 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28,
  23808. 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a,
  23809. 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13,
  23810. 0x21, 0x00
  23811. };
  23812. WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
  23813. 0x61,0x62,0x63
  23814. };
  23815. /* SHA-512 hash of msgPh */
  23816. WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
  23817. 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
  23818. 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
  23819. 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
  23820. 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
  23821. 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
  23822. 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
  23823. 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f,
  23824. 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4
  23825. };
  23826. WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
  23827. 0x66,0x6f,0x6f
  23828. };
  23829. outlen = sizeof(out);
  23830. XMEMSET(out, 0, sizeof(out));
  23831. if (wc_ed448_init_ex(&key, HEAP_HINT, devId) != 0)
  23832. return -11600;
  23833. if (wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh,
  23834. sizeof(pKeyPh), &key) != 0) {
  23835. return -11601;
  23836. }
  23837. if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
  23838. 0) != 0) {
  23839. return -11602;
  23840. }
  23841. if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
  23842. return -11603;
  23843. #if defined(HAVE_ED448_VERIFY)
  23844. /* test verify on good msg */
  23845. if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
  23846. NULL, 0) != 0 || verify != 1) {
  23847. return -11604;
  23848. }
  23849. #endif
  23850. if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
  23851. contextPh2, sizeof(contextPh2)) != 0) {
  23852. return -11605;
  23853. }
  23854. if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
  23855. return -11606;
  23856. #if defined(HAVE_ED448_VERIFY)
  23857. /* test verify on good msg */
  23858. if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
  23859. contextPh2, sizeof(contextPh2)) != 0 ||
  23860. verify != 1) {
  23861. return -11607;
  23862. }
  23863. #endif
  23864. if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
  23865. 0) != 0) {
  23866. return -11608;
  23867. }
  23868. if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
  23869. return -11609;
  23870. #if defined(HAVE_ED448_VERIFY)
  23871. if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  23872. &key, NULL, 0) != 0 || verify != 1) {
  23873. return -11610;
  23874. }
  23875. #endif
  23876. if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
  23877. contextPh2, sizeof(contextPh2)) != 0) {
  23878. return -11611;
  23879. }
  23880. if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
  23881. return -11612;
  23882. #if defined(HAVE_ED448_VERIFY)
  23883. if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  23884. &key, contextPh2, sizeof(contextPh2)) != 0 ||
  23885. verify != 1) {
  23886. return -11613;
  23887. }
  23888. #endif
  23889. wc_ed448_free(&key);
  23890. return 0;
  23891. }
  23892. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  23893. WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
  23894. {
  23895. int ret;
  23896. WC_RNG rng;
  23897. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
  23898. defined(HAVE_ED448_KEY_IMPORT)
  23899. byte out[ED448_SIG_SIZE];
  23900. int i;
  23901. word32 outlen;
  23902. #ifdef HAVE_ED448_VERIFY
  23903. #ifdef WOLFSSL_ED448_STREAMING_VERIFY
  23904. int j;
  23905. #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
  23906. int verify;
  23907. #endif /* HAVE_ED448_VERIFY */
  23908. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  23909. word32 keySz, sigSz;
  23910. #ifdef WOLFSSL_SMALL_STACK
  23911. ed448_key *key = NULL;
  23912. ed448_key *key2 = NULL;
  23913. #else
  23914. ed448_key key[1];
  23915. ed448_key key2[1];
  23916. #endif
  23917. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
  23918. defined(HAVE_ED448_KEY_IMPORT)
  23919. /* test vectors from
  23920. https://tools.ietf.org/html/rfc8032
  23921. */
  23922. WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
  23923. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  23924. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  23925. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  23926. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  23927. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  23928. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  23929. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  23930. 0x5b
  23931. };
  23932. WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
  23933. 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
  23934. 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
  23935. 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
  23936. 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
  23937. 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
  23938. 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
  23939. 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
  23940. 0x4e
  23941. };
  23942. WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
  23943. 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
  23944. 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
  23945. 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
  23946. 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
  23947. 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
  23948. 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
  23949. 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
  23950. 0x1b
  23951. };
  23952. /* uncompressed test */
  23953. WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
  23954. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  23955. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  23956. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  23957. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  23958. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  23959. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  23960. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  23961. 0x5b
  23962. };
  23963. /* compressed prefix test */
  23964. WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
  23965. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  23966. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  23967. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  23968. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  23969. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  23970. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  23971. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  23972. 0x5b
  23973. };
  23974. WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
  23975. 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73,
  23976. 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8,
  23977. 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83,
  23978. 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec,
  23979. 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea,
  23980. 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19,
  23981. 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c,
  23982. 0xe8
  23983. };
  23984. WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
  23985. WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
  23986. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  23987. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  23988. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  23989. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  23990. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  23991. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  23992. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  23993. 0x80
  23994. };
  23995. WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
  23996. 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
  23997. 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
  23998. 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
  23999. 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
  24000. 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
  24001. 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
  24002. 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
  24003. 0x80
  24004. };
  24005. WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
  24006. 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
  24007. 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
  24008. 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
  24009. 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
  24010. 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
  24011. 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
  24012. 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
  24013. 0x80
  24014. };
  24015. /* uncompressed test */
  24016. WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
  24017. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  24018. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  24019. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  24020. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  24021. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  24022. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  24023. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  24024. 0x80
  24025. };
  24026. /* compressed prefix */
  24027. WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
  24028. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  24029. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  24030. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  24031. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  24032. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  24033. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  24034. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  24035. 0x80
  24036. };
  24037. WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
  24038. 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94,
  24039. 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb,
  24040. 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14,
  24041. 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d,
  24042. 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c,
  24043. 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd,
  24044. 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4,
  24045. 0x00
  24046. };
  24047. WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
  24048. WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
  24049. sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
  24050. WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
  24051. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  24052. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  24053. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  24054. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  24055. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  24056. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  24057. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  24058. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  24059. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  24060. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  24061. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  24062. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  24063. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  24064. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  24065. 0x26, 0x00
  24066. };
  24067. WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
  24068. 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89,
  24069. 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77,
  24070. 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35,
  24071. 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35,
  24072. 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7,
  24073. 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33,
  24074. 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79,
  24075. 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb,
  24076. 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36,
  24077. 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36,
  24078. 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29,
  24079. 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f,
  24080. 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf,
  24081. 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0,
  24082. 0x3a, 0x00
  24083. };
  24084. WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
  24085. 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
  24086. 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
  24087. 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
  24088. 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
  24089. 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
  24090. 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
  24091. 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
  24092. 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
  24093. 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
  24094. 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
  24095. 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
  24096. 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
  24097. 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
  24098. 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
  24099. 0x3c, 0x00
  24100. };
  24101. /* uncompressed test */
  24102. WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
  24103. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  24104. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  24105. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  24106. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  24107. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  24108. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  24109. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  24110. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  24111. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  24112. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  24113. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  24114. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  24115. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  24116. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  24117. 0x26, 0x00
  24118. };
  24119. /* compressed prefix */
  24120. WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
  24121. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  24122. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  24123. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  24124. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  24125. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  24126. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  24127. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  24128. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  24129. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  24130. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  24131. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  24132. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  24133. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  24134. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  24135. 0x26, 0x00
  24136. };
  24137. WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
  24138. 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d,
  24139. 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75,
  24140. 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2,
  24141. 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd,
  24142. 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63,
  24143. 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a,
  24144. 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97,
  24145. 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d,
  24146. 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c,
  24147. 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29,
  24148. 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d,
  24149. 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57,
  24150. 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17,
  24151. 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e,
  24152. 0x1a, 0x00
  24153. };
  24154. WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
  24155. #define SIGSZ sizeof(sig1)
  24156. PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { };
  24157. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 };
  24158. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
  24159. 0x66, 0x81, 0x1e, 0x29, 0x15 };
  24160. /* test of a 1023 byte long message */
  24161. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
  24162. 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86,
  24163. 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35,
  24164. 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c,
  24165. 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12,
  24166. 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51,
  24167. 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50,
  24168. 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4,
  24169. 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd,
  24170. 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6,
  24171. 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa,
  24172. 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36,
  24173. 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc,
  24174. 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc,
  24175. 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76,
  24176. 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf,
  24177. 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9,
  24178. 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69,
  24179. 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e,
  24180. 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23,
  24181. 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9,
  24182. 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47,
  24183. 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60,
  24184. 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6,
  24185. 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21,
  24186. 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad,
  24187. 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77,
  24188. 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17,
  24189. 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17,
  24190. 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78,
  24191. 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e,
  24192. 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3,
  24193. 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13,
  24194. 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93,
  24195. 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25,
  24196. 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5,
  24197. 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0,
  24198. 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb,
  24199. 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b,
  24200. 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed,
  24201. 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20,
  24202. 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97,
  24203. 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73,
  24204. 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22,
  24205. 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1,
  24206. 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5,
  24207. 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9,
  24208. 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c,
  24209. 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98,
  24210. 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25,
  24211. 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1,
  24212. 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6,
  24213. 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee,
  24214. 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13,
  24215. 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7,
  24216. 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d,
  24217. 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6,
  24218. 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f,
  24219. 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42,
  24220. 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8,
  24221. 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4,
  24222. 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6,
  24223. 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68,
  24224. 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00,
  24225. 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9,
  24226. 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c,
  24227. 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40,
  24228. 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6,
  24229. 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41,
  24230. 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c,
  24231. 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84,
  24232. 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2,
  24233. 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56,
  24234. 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63,
  24235. 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa,
  24236. 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99,
  24237. 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab,
  24238. 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c,
  24239. 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2,
  24240. 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42,
  24241. 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3,
  24242. 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17,
  24243. 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26,
  24244. 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20,
  24245. 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35,
  24246. 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e,
  24247. 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72,
  24248. 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a,
  24249. 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14,
  24250. 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53,
  24251. 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc,
  24252. 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c,
  24253. 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67,
  24254. 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01,
  24255. 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa,
  24256. 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65,
  24257. 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05,
  24258. 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde,
  24259. 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37,
  24260. 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07,
  24261. 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63,
  24262. 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd,
  24263. 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64,
  24264. 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a,
  24265. 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d,
  24266. 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6,
  24267. 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c,
  24268. 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2,
  24269. 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c,
  24270. 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7,
  24271. 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56,
  24272. 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1,
  24273. 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e,
  24274. 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9,
  24275. 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15,
  24276. 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd,
  24277. 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd,
  24278. 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d,
  24279. 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b,
  24280. 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56,
  24281. 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4,
  24282. 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b,
  24283. 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69,
  24284. 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4,
  24285. 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95,
  24286. 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff,
  24287. 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e,
  24288. 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1,
  24289. 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87
  24290. };
  24291. WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
  24292. WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
  24293. sizeof(msg2),
  24294. sizeof(msg3),
  24295. 0 /*sizeof(msg1)*/,
  24296. 0 /*sizeof(msg1)*/,
  24297. sizeof(msg4)
  24298. };
  24299. #ifndef NO_ASN
  24300. static const byte privateEd448[] = {
  24301. 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
  24302. 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39,
  24303. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  24304. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  24305. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  24306. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  24307. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  24308. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  24309. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  24310. 0x5b
  24311. };
  24312. static const byte publicEd448[] = {
  24313. 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
  24314. 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b,
  24315. 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
  24316. 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
  24317. 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
  24318. 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
  24319. 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
  24320. 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
  24321. 0xaf, 0xe8, 0x25, 0x61, 0x80
  24322. };
  24323. static const byte privPubEd448[] = {
  24324. 0x30, 0x81, 0x84, 0x02, 0x01, 0x00, 0x30, 0x05,
  24325. 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04,
  24326. 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d,
  24327. 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e,
  24328. 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c,
  24329. 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48,
  24330. 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04,
  24331. 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f,
  24332. 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98,
  24333. 0xf9, 0x5b, 0xa1, 0x3b, 0x04, 0x39, 0x5f, 0xd7,
  24334. 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
  24335. 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1,
  24336. 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e,
  24337. 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1,
  24338. 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6,
  24339. 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
  24340. 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
  24341. };
  24342. word32 idx;
  24343. #endif /* NO_ASN */
  24344. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  24345. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  24346. #ifdef WOLFSSL_SMALL_STACK
  24347. ed448_key *key3 = NULL;
  24348. #else
  24349. ed448_key key3[1];
  24350. #endif
  24351. #endif
  24352. #ifdef WOLFSSL_SMALL_STACK
  24353. key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24354. key2 = (ed448_key *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24355. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  24356. key3 = (ed448_key *)XMALLOC(sizeof(*key3), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24357. #endif
  24358. #endif
  24359. /* create ed448 keys */
  24360. #ifndef HAVE_FIPS
  24361. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  24362. #else
  24363. ret = wc_InitRng(&rng);
  24364. #endif
  24365. if (ret != 0) {
  24366. XMEMSET(&rng, 0, sizeof(rng));
  24367. ERROR_OUT(-11700, out);
  24368. }
  24369. if (wc_ed448_init(key) < 0)
  24370. ERROR_OUT(-11903, out);
  24371. if (wc_ed448_init(key2) < 0)
  24372. ERROR_OUT(-11904, out);
  24373. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  24374. if (wc_ed448_init(key3) < 0)
  24375. ERROR_OUT(-11905, out);
  24376. #endif
  24377. if (wc_ed448_make_key(&rng, ED448_KEY_SIZE, key) < 0)
  24378. ERROR_OUT(-11906, out);
  24379. if (wc_ed448_make_key(&rng, ED448_KEY_SIZE, key2) < 0)
  24380. ERROR_OUT(-11907, out);
  24381. /* helper functions for signature and key size */
  24382. keySz = wc_ed448_size(key);
  24383. sigSz = wc_ed448_sig_size(key);
  24384. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
  24385. defined(HAVE_ED448_KEY_IMPORT)
  24386. for (i = 0; i < 6; i++) {
  24387. outlen = sizeof(out);
  24388. XMEMSET(out, 0, sizeof(out));
  24389. if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i],
  24390. pKeySz[i], key) != 0)
  24391. ERROR_OUT(-11701 - i, out);
  24392. if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key, NULL,
  24393. 0) != 0)
  24394. ERROR_OUT(-11711 - i, out);
  24395. if (XMEMCMP(out, sigs[i], 114))
  24396. ERROR_OUT(-11721 - i, out);
  24397. #if defined(HAVE_ED448_VERIFY)
  24398. /* test verify on good msg */
  24399. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
  24400. NULL, 0) != 0 || verify != 1)
  24401. ERROR_OUT(-11731 - i, out);
  24402. #ifdef WOLFSSL_ED448_STREAMING_VERIFY
  24403. /* test verify on good msg using streaming interface directly */
  24404. if (wc_ed448_verify_msg_init(out, outlen,
  24405. key, (byte)Ed448, NULL, 0) != 0)
  24406. ERROR_OUT(-11911 - i, out);
  24407. for (j = 0; j < msgSz[i]; j += i) {
  24408. if (wc_ed448_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
  24409. ERROR_OUT(-11921 - i, out);
  24410. }
  24411. if (wc_ed448_verify_msg_final(out, outlen, &verify,
  24412. key) != 0 || verify != 1)
  24413. ERROR_OUT(-11931 - i, out);
  24414. #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
  24415. /* test verify on bad msg */
  24416. out[outlen-2] = out[outlen-2] + 1;
  24417. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
  24418. NULL, 0) == 0 || verify == 1)
  24419. ERROR_OUT(-11741 - i, out);
  24420. #endif /* HAVE_ED448_VERIFY */
  24421. /* test api for import/exporting keys */
  24422. {
  24423. byte *exportPKey = NULL;
  24424. byte *exportSKey = NULL;
  24425. word32 exportPSz = ED448_KEY_SIZE;
  24426. word32 exportSSz = ED448_KEY_SIZE;
  24427. exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24428. exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24429. if ((exportPKey == NULL) || (exportSKey == NULL))
  24430. ERROR_OUT(-11902, out);
  24431. ret = 0;
  24432. do {
  24433. if (wc_ed448_export_public(key, exportPKey, &exportPSz) != 0) {
  24434. ret = -11751 - i;
  24435. break;
  24436. }
  24437. if (wc_ed448_import_public(exportPKey, exportPSz, key2) != 0) {
  24438. ret = -11761 - i;
  24439. break;
  24440. }
  24441. if (wc_ed448_export_private_only(key, exportSKey, &exportSSz) != 0) {
  24442. ret = -11771 - i;
  24443. break;
  24444. }
  24445. if (wc_ed448_import_private_key(exportSKey, exportSSz,
  24446. exportPKey, exportPSz, key2) != 0) {
  24447. ret = -11781 - i;
  24448. break;
  24449. }
  24450. /* clear "out" buffer and test sign with imported keys */
  24451. outlen = sizeof(out);
  24452. XMEMSET(out, 0, sizeof(out));
  24453. if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key2, NULL,
  24454. 0) != 0) {
  24455. ret = -11791 - i;
  24456. break;
  24457. }
  24458. } while(0);
  24459. XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24460. XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24461. if (ret != 0)
  24462. goto out;
  24463. }
  24464. #if defined(HAVE_ED448_VERIFY)
  24465. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2,
  24466. NULL, 0) != 0 || verify != 1)
  24467. ERROR_OUT(-11801 - i, out);
  24468. if (XMEMCMP(out, sigs[i], SIGSZ))
  24469. ERROR_OUT(-11811 - i, out);
  24470. #endif /* HAVE_ED448_VERIFY */
  24471. }
  24472. ret = ed448_ctx_test();
  24473. if (ret != 0)
  24474. goto out;
  24475. ret = ed448ph_test();
  24476. if (ret != 0)
  24477. goto out;
  24478. #ifndef NO_ASN
  24479. /* Try ASN.1 encoded private-only key and public key. */
  24480. idx = 0;
  24481. if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, key3,
  24482. sizeof(privateEd448)) != 0)
  24483. ERROR_OUT(-11821, out);
  24484. if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0)
  24485. != BAD_FUNC_ARG)
  24486. ERROR_OUT(-11831, out);
  24487. idx = 0;
  24488. if (wc_Ed448PublicKeyDecode(publicEd448, &idx, key3,
  24489. sizeof(publicEd448)) != 0)
  24490. ERROR_OUT(-11841, out);
  24491. if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0) != 0)
  24492. ERROR_OUT(-11851, out);
  24493. if (XMEMCMP(out, sigs[0], SIGSZ))
  24494. ERROR_OUT(-11861, out);
  24495. #if defined(HAVE_ED448_VERIFY)
  24496. /* test verify on good msg */
  24497. if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3,
  24498. NULL, 0) != 0 || verify != 1)
  24499. ERROR_OUT(-11871, out);
  24500. #endif /* HAVE_ED448_VERIFY */
  24501. wc_ed448_free(key3);
  24502. if (wc_ed448_init(key3) < 0)
  24503. ERROR_OUT(-11908, out);
  24504. idx = 0;
  24505. if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, key3,
  24506. sizeof(privPubEd448)) != 0)
  24507. ERROR_OUT(-11881, out);
  24508. if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0) != 0)
  24509. ERROR_OUT(-11891, out);
  24510. if (XMEMCMP(out, sigs[0], SIGSZ))
  24511. ERROR_OUT(-11901, out);
  24512. #endif /* NO_ASN */
  24513. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  24514. ret = 0;
  24515. out:
  24516. #ifdef WOLFSSL_SMALL_STACK
  24517. if (key) {
  24518. wc_ed448_free(key);
  24519. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24520. }
  24521. if (key2) {
  24522. wc_ed448_free(key2);
  24523. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24524. }
  24525. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  24526. if (key3) {
  24527. wc_ed448_free(key3);
  24528. XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24529. }
  24530. #endif
  24531. #else
  24532. wc_ed448_free(key);
  24533. wc_ed448_free(key2);
  24534. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  24535. wc_ed448_free(key3);
  24536. #endif
  24537. #endif
  24538. #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
  24539. wc_FreeRng(&rng);
  24540. #endif
  24541. if (ret < 0)
  24542. return ret;
  24543. /* hush warnings of unused keySz and sigSz */
  24544. (void)keySz;
  24545. (void)sigSz;
  24546. #ifdef WOLFSSL_TEST_CERT
  24547. ret = ed448_test_cert();
  24548. if (ret < 0)
  24549. return ret;
  24550. #ifdef WOLFSSL_CERT_GEN
  24551. ret = ed448_test_make_cert();
  24552. if (ret < 0)
  24553. return ret;
  24554. #endif /* WOLFSSL_CERT_GEN */
  24555. #endif /* WOLFSSL_TEST_CERT */
  24556. return 0;
  24557. }
  24558. #endif /* HAVE_ED448 */
  24559. #ifdef WOLFCRYPT_HAVE_ECCSI
  24560. static int eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
  24561. ecc_point* pvt)
  24562. {
  24563. int ret;
  24564. byte id[1] = { 0x00 };
  24565. int valid;
  24566. word32 sz;
  24567. byte data[256];
  24568. byte hash[WC_MAX_DIGEST_SIZE];
  24569. byte hashSz;
  24570. byte sig[257];
  24571. word32 sigSz;
  24572. ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
  24573. if (ret != BAD_FUNC_ARG)
  24574. return -10023;
  24575. ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
  24576. if (ret != BAD_FUNC_ARG)
  24577. return -10024;
  24578. ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
  24579. if (ret != BAD_FUNC_ARG)
  24580. return -10025;
  24581. ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
  24582. if (ret != BAD_FUNC_ARG)
  24583. return -10026;
  24584. wc_FreeEccsiKey(NULL);
  24585. /* Create a valid key. */
  24586. ret = wc_InitEccsiKey(key, NULL, INVALID_DEVID);
  24587. if (ret != 0)
  24588. return -10027;
  24589. ret = wc_MakeEccsiKey(NULL, NULL);
  24590. if (ret != BAD_FUNC_ARG)
  24591. return -10028;
  24592. ret = wc_MakeEccsiKey(key, NULL);
  24593. if (ret != BAD_FUNC_ARG)
  24594. return -10029;
  24595. ret = wc_MakeEccsiKey(NULL, rng);
  24596. if (ret != BAD_FUNC_ARG)
  24597. return -10030;
  24598. ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
  24599. NULL);
  24600. if (ret != BAD_FUNC_ARG)
  24601. return -10031;
  24602. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
  24603. if (ret != BAD_FUNC_ARG)
  24604. return -10032;
  24605. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
  24606. if (ret != BAD_FUNC_ARG)
  24607. return -10033;
  24608. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
  24609. if (ret != BAD_FUNC_ARG)
  24610. return -10034;
  24611. ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  24612. if (ret != BAD_FUNC_ARG)
  24613. return -10035;
  24614. ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  24615. if (ret != BAD_FUNC_ARG)
  24616. return -10036;
  24617. /* No key set */
  24618. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  24619. if (ret != BAD_STATE_E)
  24620. return -10037;
  24621. ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
  24622. NULL);
  24623. if (ret != BAD_FUNC_ARG)
  24624. return -10038;
  24625. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  24626. NULL);
  24627. if (ret != BAD_FUNC_ARG)
  24628. return -10039;
  24629. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
  24630. &valid);
  24631. if (ret != BAD_FUNC_ARG)
  24632. return -10040;
  24633. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
  24634. &valid);
  24635. if (ret != BAD_FUNC_ARG)
  24636. return -10041;
  24637. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
  24638. &valid);
  24639. if (ret != BAD_FUNC_ARG)
  24640. return -10042;
  24641. ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  24642. &valid);
  24643. if (ret != BAD_FUNC_ARG)
  24644. return -10043;
  24645. /* No key set */
  24646. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  24647. &valid);
  24648. if (ret != BAD_STATE_E)
  24649. return -10044;
  24650. ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
  24651. if (ret != BAD_FUNC_ARG)
  24652. return -10045;
  24653. ret = wc_ValidateEccsiPvt(key, NULL, NULL);
  24654. if (ret != BAD_FUNC_ARG)
  24655. return -10046;
  24656. ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
  24657. if (ret != BAD_FUNC_ARG)
  24658. return -10047;
  24659. ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
  24660. if (ret != BAD_FUNC_ARG)
  24661. return -10048;
  24662. ret = wc_ValidateEccsiPvt(key, pvt, NULL);
  24663. if (ret != BAD_FUNC_ARG)
  24664. return -10049;
  24665. ret = wc_ValidateEccsiPvt(key, NULL, &valid);
  24666. if (ret != BAD_FUNC_ARG)
  24667. return -10050;
  24668. ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
  24669. if (ret != BAD_FUNC_ARG)
  24670. return -10051;
  24671. ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
  24672. if (ret != BAD_FUNC_ARG)
  24673. return -10052;
  24674. ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
  24675. if (ret != BAD_FUNC_ARG)
  24676. return -10053;
  24677. ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
  24678. if (ret != BAD_FUNC_ARG)
  24679. return -10054;
  24680. ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
  24681. if (ret != BAD_FUNC_ARG)
  24682. return -10055;
  24683. ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
  24684. if (ret != BAD_FUNC_ARG)
  24685. return -10056;
  24686. /* No key created so no curve information. */
  24687. ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
  24688. if (ret != LENGTH_ONLY_E)
  24689. return -10057;
  24690. ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
  24691. if (ret != BAD_FUNC_ARG)
  24692. return -10058;
  24693. ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
  24694. if (ret != BAD_FUNC_ARG)
  24695. return -10059;
  24696. ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
  24697. if (ret != BAD_FUNC_ARG)
  24698. return -10060;
  24699. ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
  24700. if (ret != BAD_FUNC_ARG)
  24701. return -10061;
  24702. ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
  24703. if (ret != BAD_FUNC_ARG)
  24704. return -10058;
  24705. ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
  24706. if (ret != BAD_FUNC_ARG)
  24707. return -10059;
  24708. ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
  24709. if (ret != BAD_FUNC_ARG)
  24710. return -10060;
  24711. ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
  24712. if (ret != BAD_FUNC_ARG)
  24713. return -10061;
  24714. ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
  24715. if (ret != BAD_FUNC_ARG)
  24716. return -10062;
  24717. ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
  24718. if (ret != BAD_FUNC_ARG)
  24719. return -10063;
  24720. ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
  24721. if (ret != BAD_FUNC_ARG)
  24722. return -10064;
  24723. ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
  24724. if (ret != BAD_FUNC_ARG)
  24725. return -10065;
  24726. ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
  24727. if (ret != BAD_FUNC_ARG)
  24728. return -10066;
  24729. ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
  24730. if (ret != BAD_FUNC_ARG)
  24731. return -10067;
  24732. ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
  24733. if (ret != BAD_FUNC_ARG)
  24734. return -10068;
  24735. ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
  24736. if (ret != BAD_FUNC_ARG)
  24737. return -10069;
  24738. ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
  24739. if (ret != BAD_FUNC_ARG)
  24740. return -10070;
  24741. ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
  24742. if (ret != BAD_FUNC_ARG)
  24743. return -10067;
  24744. ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
  24745. if (ret != BAD_FUNC_ARG)
  24746. return -10068;
  24747. ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
  24748. if (ret != BAD_FUNC_ARG)
  24749. return -10069;
  24750. ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
  24751. if (ret != BAD_FUNC_ARG)
  24752. return -10070;
  24753. ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
  24754. if (ret != BAD_FUNC_ARG)
  24755. return -10067;
  24756. ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
  24757. if (ret != BAD_FUNC_ARG)
  24758. return -10068;
  24759. ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
  24760. if (ret != BAD_FUNC_ARG)
  24761. return -10069;
  24762. ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
  24763. if (ret != BAD_FUNC_ARG)
  24764. return -10070;
  24765. ret = wc_ExportEccsiKey(NULL, data, NULL);
  24766. if (ret != BAD_FUNC_ARG)
  24767. return -10071;
  24768. ret = wc_ExportEccsiKey(key, data, NULL);
  24769. if (ret != BAD_FUNC_ARG)
  24770. return -10072;
  24771. ret = wc_ExportEccsiKey(NULL, data, &sz);
  24772. if (ret != BAD_FUNC_ARG)
  24773. return -10073;
  24774. /* No key to export */
  24775. ret = wc_ExportEccsiKey(key, NULL, &sz);
  24776. if (ret != BAD_STATE_E)
  24777. return -10074;
  24778. ret = wc_ImportEccsiKey(NULL, NULL, 0);
  24779. if (ret != BAD_FUNC_ARG)
  24780. return -10075;
  24781. ret = wc_ImportEccsiKey(key, NULL, 0);
  24782. if (ret != BAD_FUNC_ARG)
  24783. return -10076;
  24784. ret = wc_ImportEccsiKey(NULL, data, 0);
  24785. if (ret != BAD_FUNC_ARG)
  24786. return -10077;
  24787. ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
  24788. if (ret != BAD_FUNC_ARG)
  24789. return -10071;
  24790. ret = wc_ExportEccsiPrivateKey(key, data, NULL);
  24791. if (ret != BAD_FUNC_ARG)
  24792. return -10072;
  24793. ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
  24794. if (ret != BAD_FUNC_ARG)
  24795. return -10073;
  24796. /* No key to export */
  24797. ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
  24798. if (ret != BAD_STATE_E)
  24799. return -10074;
  24800. ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
  24801. if (ret != BAD_FUNC_ARG)
  24802. return -10075;
  24803. ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
  24804. if (ret != BAD_FUNC_ARG)
  24805. return -10076;
  24806. ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
  24807. if (ret != BAD_FUNC_ARG)
  24808. return -10077;
  24809. ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
  24810. if (ret != BAD_FUNC_ARG)
  24811. return -10078;
  24812. ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
  24813. if (ret != BAD_FUNC_ARG)
  24814. return -10079;
  24815. ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
  24816. if (ret != BAD_FUNC_ARG)
  24817. return -10080;
  24818. /* No key to export */
  24819. ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
  24820. if (ret != BAD_STATE_E)
  24821. return -10081;
  24822. ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
  24823. if (ret != BAD_FUNC_ARG)
  24824. return -10082;
  24825. ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
  24826. if (ret != BAD_FUNC_ARG)
  24827. return -10083;
  24828. ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
  24829. if (ret != BAD_FUNC_ARG)
  24830. return -10084;
  24831. ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
  24832. if (ret != BAD_FUNC_ARG)
  24833. return -10085;
  24834. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
  24835. if (ret != BAD_FUNC_ARG)
  24836. return -10086;
  24837. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
  24838. if (ret != BAD_FUNC_ARG)
  24839. return -10087;
  24840. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
  24841. if (ret != BAD_FUNC_ARG)
  24842. return -10088;
  24843. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
  24844. &hashSz);
  24845. if (ret != BAD_FUNC_ARG)
  24846. return -10089;
  24847. ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
  24848. if (ret != BAD_FUNC_ARG)
  24849. return -10090;
  24850. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
  24851. if (ret != BAD_STATE_E)
  24852. return -10091;
  24853. ret = wc_SetEccsiHash(NULL, NULL, 1);
  24854. if (ret != BAD_FUNC_ARG)
  24855. return -10090;
  24856. ret = wc_SetEccsiHash(key, NULL, 1);
  24857. if (ret != BAD_FUNC_ARG)
  24858. return -10090;
  24859. ret = wc_SetEccsiHash(NULL, hash, 1);
  24860. if (ret != BAD_FUNC_ARG)
  24861. return -10090;
  24862. ret = wc_SetEccsiPair(NULL, NULL, NULL);
  24863. if (ret != BAD_FUNC_ARG)
  24864. return -10090;
  24865. ret = wc_SetEccsiPair(key, NULL, NULL);
  24866. if (ret != BAD_FUNC_ARG)
  24867. return -10090;
  24868. ret = wc_SetEccsiPair(NULL, ssk, NULL);
  24869. if (ret != BAD_FUNC_ARG)
  24870. return -10090;
  24871. ret = wc_SetEccsiPair(NULL, NULL, pvt);
  24872. if (ret != BAD_FUNC_ARG)
  24873. return -10090;
  24874. ret = wc_SetEccsiPair(key, ssk, NULL);
  24875. if (ret != BAD_FUNC_ARG)
  24876. return -10090;
  24877. ret = wc_SetEccsiPair(key, NULL, pvt);
  24878. if (ret != BAD_FUNC_ARG)
  24879. return -10090;
  24880. ret = wc_SetEccsiPair(NULL, ssk, pvt);
  24881. if (ret != BAD_FUNC_ARG)
  24882. return -10090;
  24883. ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
  24884. if (ret != BAD_FUNC_ARG)
  24885. return -10092;
  24886. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
  24887. if (ret != BAD_FUNC_ARG)
  24888. return -10093;
  24889. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
  24890. &sigSz);
  24891. if (ret != BAD_FUNC_ARG)
  24892. return -10096;
  24893. ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
  24894. &sigSz);
  24895. if (ret != BAD_FUNC_ARG)
  24896. return -10098;
  24897. ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
  24898. &sigSz);
  24899. if (ret != BAD_FUNC_ARG)
  24900. return -10099;
  24901. /* Key not set. */
  24902. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
  24903. &sigSz);
  24904. if (ret != BAD_STATE_E)
  24905. return -10100;
  24906. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
  24907. if (ret != BAD_FUNC_ARG)
  24908. return -10101;
  24909. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
  24910. if (ret != BAD_FUNC_ARG)
  24911. return -10101;
  24912. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
  24913. if (ret != BAD_FUNC_ARG)
  24914. return -10101;
  24915. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
  24916. if (ret != BAD_FUNC_ARG)
  24917. return -10101;
  24918. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
  24919. &valid);
  24920. if (ret != BAD_FUNC_ARG)
  24921. return -10101;
  24922. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
  24923. if (ret != BAD_FUNC_ARG)
  24924. return -10102;
  24925. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
  24926. &valid);
  24927. if (ret != BAD_FUNC_ARG)
  24928. return -10103;
  24929. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
  24930. &valid);
  24931. if (ret != BAD_FUNC_ARG)
  24932. return -10104;
  24933. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
  24934. &valid);
  24935. if (ret != BAD_FUNC_ARG)
  24936. return -10106;
  24937. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
  24938. &valid);
  24939. if (ret != BAD_STATE_E)
  24940. return -10106;
  24941. ret = wc_SetEccsiPair(key, ssk, pvt);
  24942. if (ret != 0)
  24943. return -10107;
  24944. /* Identity hash not set. */
  24945. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
  24946. &sigSz);
  24947. if (ret != BAD_STATE_E)
  24948. return -10108;
  24949. wc_FreeEccsiKey(key);
  24950. return 0;
  24951. }
  24952. /* RFC 6507: Appendix A */
  24953. static int eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt)
  24954. {
  24955. int ret;
  24956. int verified;
  24957. const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 };
  24958. word32 msgSz = sizeof(msg);
  24959. byte hash[WC_SHA256_DIGEST_SIZE];
  24960. byte hashSz = WC_SHA256_DIGEST_SIZE;
  24961. static const byte id[] = {
  24962. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  24963. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  24964. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  24965. 0x33, 0x00
  24966. };
  24967. word32 idSz = sizeof(id);
  24968. static const byte sig[] = {
  24969. 0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74,
  24970. 0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D,
  24971. 0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93,
  24972. 0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81,
  24973. 0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF,
  24974. 0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC,
  24975. 0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67,
  24976. 0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD,
  24977. 0x04,
  24978. 0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8,
  24979. 0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75,
  24980. 0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3,
  24981. 0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9,
  24982. 0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3,
  24983. 0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74,
  24984. 0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52,
  24985. 0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79
  24986. };
  24987. word32 sigSz = sizeof(sig);
  24988. static const byte pubData[] = {
  24989. 0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F,
  24990. 0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A,
  24991. 0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8,
  24992. 0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93,
  24993. 0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B,
  24994. 0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A,
  24995. 0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03,
  24996. 0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4
  24997. };
  24998. static const byte expHash[] = {
  24999. 0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f,
  25000. 0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79,
  25001. 0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38,
  25002. 0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1
  25003. };
  25004. ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0);
  25005. if (ret != 0)
  25006. return -10108;
  25007. ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt);
  25008. if (ret != 0)
  25009. return -10109;
  25010. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash,
  25011. &hashSz);
  25012. if (ret != 0)
  25013. return -10112;
  25014. if (hashSz != sizeof(expHash))
  25015. return -10113;
  25016. if (XMEMCMP(hash, expHash, hashSz) != 0)
  25017. return -10114;
  25018. ret = wc_SetEccsiHash(key, hash, hashSz);
  25019. if (ret != 0)
  25020. return -10112;
  25021. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25022. &verified);
  25023. if (ret != 0)
  25024. return -10115;
  25025. if (!verified)
  25026. return -10116;
  25027. return 0;
  25028. }
  25029. static int eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
  25030. {
  25031. int ret;
  25032. byte data[32 * 3];
  25033. word32 sz;
  25034. mp_int decSsk;
  25035. ecc_point* decPvt = NULL;
  25036. ret = mp_init(&decSsk);
  25037. if (ret != 0)
  25038. return -10117;
  25039. decPvt = wc_ecc_new_point();
  25040. if (decPvt == NULL)
  25041. return -10118;
  25042. ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
  25043. if (ret != LENGTH_ONLY_E)
  25044. return -10119;
  25045. if (sz != 32 * 3)
  25046. return -10120;
  25047. ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz);
  25048. if (ret != 0)
  25049. return -10121;
  25050. if (sz != 32* 3)
  25051. return -10122;
  25052. ret = wc_DecodeEccsiPair(priv, data, sz, &decSsk, decPvt);
  25053. if (ret != 0)
  25054. return -10123;
  25055. if (mp_cmp(ssk, &decSsk) != MP_EQ)
  25056. return -10124;
  25057. if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
  25058. return -10125;
  25059. ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
  25060. if (ret != LENGTH_ONLY_E)
  25061. return -10119;
  25062. if (sz != 32)
  25063. return -10120;
  25064. ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz);
  25065. if (ret != 0)
  25066. return -10121;
  25067. if (sz != 32)
  25068. return -10122;
  25069. ret = wc_DecodeEccsiSsk(priv, data, sz, &decSsk);
  25070. if (ret != 0)
  25071. return -10123;
  25072. if (mp_cmp(ssk, &decSsk) != MP_EQ)
  25073. return -10124;
  25074. ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
  25075. if (ret != LENGTH_ONLY_E)
  25076. return -10126;
  25077. if (sz != 32 * 2)
  25078. return -10127;
  25079. ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1);
  25080. if (ret != 0)
  25081. return -10128;
  25082. if (sz != 32 * 2)
  25083. return -10129;
  25084. ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
  25085. if (ret != 0)
  25086. return -10130;
  25087. if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
  25088. return -10131;
  25089. sz = sizeof(data);
  25090. ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0);
  25091. if (ret != 0)
  25092. return -10128;
  25093. if (sz != 32 * 2 + 1)
  25094. return -10129;
  25095. ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
  25096. if (ret != 0)
  25097. return -10130;
  25098. if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
  25099. return -10131;
  25100. wc_ecc_del_point(decPvt);
  25101. mp_free(&decSsk);
  25102. return 0;
  25103. }
  25104. static int eccsi_imp_exp_key_test(EccsiKey* priv)
  25105. {
  25106. int ret;
  25107. byte data[32 * 3];
  25108. byte out[32 * 3];
  25109. word32 sz;
  25110. ret = wc_ExportEccsiKey(priv, NULL, &sz);
  25111. if (ret != LENGTH_ONLY_E)
  25112. return -10132;
  25113. if (sz != 32 * 3)
  25114. return -10133;
  25115. ret = wc_ExportEccsiKey(priv, data, &sz);
  25116. if (ret != 0)
  25117. return -10134;
  25118. ret = wc_ImportEccsiKey(priv, data, sz);
  25119. if (ret != 0)
  25120. return -10135;
  25121. ret = wc_ExportEccsiKey(priv, NULL, &sz);
  25122. if (ret != LENGTH_ONLY_E)
  25123. return -10132;
  25124. if (sz != 32 * 3)
  25125. return -10143;
  25126. ret = wc_ExportEccsiKey(priv, out, &sz);
  25127. if (ret != 0)
  25128. return -10144;
  25129. if (sz != 32 * 3)
  25130. return -10145;
  25131. if (XMEMCMP(data, out, sz) != 0)
  25132. return -10146;
  25133. ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
  25134. if (ret != LENGTH_ONLY_E)
  25135. return -10156;
  25136. if (sz != 32)
  25137. return -10157;
  25138. ret = wc_ExportEccsiPrivateKey(priv, data, &sz);
  25139. if (ret != 0)
  25140. return -10158;
  25141. ret = wc_ImportEccsiPrivateKey(priv, data, sz);
  25142. if (ret != 0)
  25143. return -10159;
  25144. ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
  25145. if (ret != LENGTH_ONLY_E)
  25146. return -10152;
  25147. if (sz != 32)
  25148. return -10163;
  25149. ret = wc_ExportEccsiPrivateKey(priv, out, &sz);
  25150. if (ret != 0)
  25151. return -10164;
  25152. if (sz != 32)
  25153. return -10165;
  25154. if (XMEMCMP(data, out, sz) != 0)
  25155. return -10166;
  25156. return 0;
  25157. }
  25158. static int eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
  25159. {
  25160. int ret;
  25161. byte data[32 * 2 + 1];
  25162. byte pubData[32 * 2 + 1];
  25163. word32 sz;
  25164. ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
  25165. if (ret != LENGTH_ONLY_E)
  25166. return -10136;
  25167. if (sz != 32 * 2)
  25168. return -10137;
  25169. ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1);
  25170. if (ret != 0)
  25171. return -10138;
  25172. ret = wc_ImportEccsiPublicKey(key2, data, sz, 1);
  25173. if (ret != 0)
  25174. return -10139;
  25175. sz = sizeof(pubData);
  25176. ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1);
  25177. if (ret != 0)
  25178. return -10140;
  25179. if (sz != 32 * 2)
  25180. return -10141;
  25181. if (XMEMCMP(data, pubData, sz) != 0)
  25182. return -10142;
  25183. sz = sizeof(pubData);
  25184. ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0);
  25185. if (ret != 0)
  25186. return -10140;
  25187. if (sz != 32 * 2 + 1)
  25188. return -10141;
  25189. if (pubData[0] != 0x04)
  25190. return -10140;
  25191. if (XMEMCMP(pubData + 1, data, sz - 1) != 0)
  25192. return -10142;
  25193. ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0);
  25194. if (ret != 0)
  25195. return -10139;
  25196. return 0;
  25197. }
  25198. static int eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
  25199. mp_int* ssk, ecc_point* pvt)
  25200. {
  25201. int ret;
  25202. char mail[] = "test@wolfssl.com";
  25203. byte* id = (byte*)mail;
  25204. word32 idSz = (word32) XSTRLEN(mail);
  25205. int valid;
  25206. ret = wc_MakeEccsiKey(priv, rng);
  25207. if (ret != 0)
  25208. return -10143;
  25209. ret = eccsi_imp_exp_key_test(priv);
  25210. if (ret < 0)
  25211. return ret;
  25212. ret = eccsi_imp_exp_pubkey_test(priv, pub);
  25213. if (ret < 0)
  25214. return ret;
  25215. ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt);
  25216. if (ret != 0)
  25217. return -10144;
  25218. ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
  25219. &valid);
  25220. if (ret != 0)
  25221. return -10145;
  25222. if (!valid)
  25223. return -10146;
  25224. ret = eccsi_enc_dec_pair_test(priv, ssk, pvt);
  25225. if (ret != 0)
  25226. return ret;
  25227. return 0;
  25228. }
  25229. static int eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
  25230. mp_int* ssk, ecc_point* pvt)
  25231. {
  25232. int ret;
  25233. byte hashPriv[WC_MAX_DIGEST_SIZE];
  25234. byte hashPub[WC_MAX_DIGEST_SIZE];
  25235. byte hashSz;
  25236. byte sig[144];
  25237. word32 sigSz;
  25238. int verified, valid;
  25239. char mail[] = "test@wolfssl.com";
  25240. byte* id = (byte*)mail;
  25241. word32 idSz = (word32) XSTRLEN(mail);
  25242. byte msg[] = { 0x00 };
  25243. word32 msgSz = sizeof(msg);
  25244. ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
  25245. &hashSz);
  25246. if (ret != 0)
  25247. return -10147;
  25248. if (hashSz != 32)
  25249. return -10148;
  25250. ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub,
  25251. &hashSz);
  25252. if (ret != 0)
  25253. return -10149;
  25254. if (hashSz != 32)
  25255. return -10150;
  25256. if (XMEMCMP(hashPriv, hashPub, hashSz) != 0)
  25257. return -10151;
  25258. ret = wc_SetEccsiHash(priv, hashPriv, hashSz);
  25259. if (ret != 0)
  25260. return -10149;
  25261. ret = wc_SetEccsiPair(priv, ssk, pvt);
  25262. if (ret != 0)
  25263. return -10149;
  25264. ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
  25265. &sigSz);
  25266. if (ret != LENGTH_ONLY_E)
  25267. return -10152;
  25268. if (sigSz != 129)
  25269. return -10153;
  25270. ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig,
  25271. &sigSz);
  25272. if (ret != 0)
  25273. return -10154;
  25274. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  25275. if (ret != 0)
  25276. return -10149;
  25277. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25278. &verified);
  25279. if (ret != 0)
  25280. return -10155;
  25281. if (!verified)
  25282. return -10156;
  25283. /* Check that changing HS results in verification failure. */
  25284. hashPub[0] ^= 0x80;
  25285. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  25286. if (ret != 0)
  25287. return -10149;
  25288. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25289. &verified);
  25290. if (ret != 0)
  25291. return -10157;
  25292. if (verified)
  25293. return -10158;
  25294. hashPub[0] ^= 0x80;
  25295. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  25296. if (ret != 0)
  25297. return -10149;
  25298. /* Check that changing msg results in verification failure. */
  25299. msg[0] ^= 0x80;
  25300. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25301. &verified);
  25302. if (ret != 0)
  25303. return -10159;
  25304. if (verified)
  25305. return -10160;
  25306. msg[0] ^= 0x80;
  25307. /* Check that changing signature results in verification failure. */
  25308. sig[0] ^= 0x80;
  25309. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25310. &verified);
  25311. if (ret != 0)
  25312. return -10161;
  25313. if (verified)
  25314. return -10162;
  25315. sig[0] ^= 0x80;
  25316. /* Check that key state hasn't been invalidated. */
  25317. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25318. &verified);
  25319. if (ret != 0)
  25320. return -10163;
  25321. if (!verified)
  25322. return -10164;
  25323. /* Check that verifying with the private key works. */
  25324. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25325. &verified);
  25326. if (ret != 0)
  25327. return -10165;
  25328. if (!verified)
  25329. return -10166;
  25330. /* Check that the KPAK is converted from montgomery form. */
  25331. ret = eccsi_imp_exp_key_test(priv);
  25332. if (ret != 0)
  25333. return ret;
  25334. /* Check that KPAK can converted to Montgomery form again. */
  25335. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25336. &verified);
  25337. if (ret != 0)
  25338. return -10167;
  25339. if (!verified)
  25340. return -10168;
  25341. /* Check that the KPAK is converted from montgomery form. */
  25342. ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
  25343. &valid);
  25344. if (ret != 0)
  25345. return -10169;
  25346. if (!valid)
  25347. return -10170;
  25348. /* Check that KPAK can converted to Montgomery form again. */
  25349. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  25350. &verified);
  25351. if (ret != 0)
  25352. return -10171;
  25353. if (!verified)
  25354. return -10172;
  25355. /* Check that the KPAK is converted from montgomery form. */
  25356. ret = eccsi_imp_exp_pubkey_test(priv, pub);
  25357. if (ret != 0)
  25358. return ret;
  25359. return 0;
  25360. }
  25361. int eccsi_test(void)
  25362. {
  25363. int ret = 0;
  25364. WC_RNG rng;
  25365. EccsiKey* priv = NULL;
  25366. EccsiKey* pub = NULL;
  25367. mp_int* ssk = NULL;
  25368. ecc_point* pvt = NULL;
  25369. priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
  25370. DYNAMIC_TYPE_TMP_BUFFER);
  25371. if (priv == NULL) {
  25372. ret = -10205;
  25373. }
  25374. if (ret == 0) {
  25375. pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
  25376. DYNAMIC_TYPE_TMP_BUFFER);
  25377. if (pub == NULL) {
  25378. ret = -10206;
  25379. }
  25380. }
  25381. if (ret == 0) {
  25382. ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
  25383. DYNAMIC_TYPE_TMP_BUFFER);
  25384. if (ssk == NULL) {
  25385. ret = -10207;
  25386. }
  25387. }
  25388. if (ret == 0) {
  25389. #ifndef HAVE_FIPS
  25390. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  25391. #else
  25392. ret = wc_InitRng(&rng);
  25393. #endif
  25394. if (ret != 0)
  25395. ret = -10200;
  25396. }
  25397. if (ret == 0) {
  25398. pvt = wc_ecc_new_point();
  25399. if (pvt == NULL)
  25400. ret = -10201;
  25401. }
  25402. if (ret == 0) {
  25403. ret = mp_init(ssk);
  25404. if (ret != 0)
  25405. ret = -10202;
  25406. }
  25407. if (ret == 0) {
  25408. ret = eccsi_api_test(&rng, priv, ssk, pvt);
  25409. }
  25410. if (ret == 0) {
  25411. ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
  25412. if (ret != 0)
  25413. ret = -10203;
  25414. }
  25415. if (ret == 0) {
  25416. ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
  25417. if (ret != 0)
  25418. ret = -10204;
  25419. }
  25420. if (ret == 0) {
  25421. ret = eccsi_kat_verify_test(pub, pvt);
  25422. }
  25423. if (ret == 0) {
  25424. ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
  25425. }
  25426. if (ret == 0) {
  25427. ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
  25428. }
  25429. wc_FreeEccsiKey(priv);
  25430. wc_FreeEccsiKey(pub);
  25431. mp_free(ssk);
  25432. wc_ecc_del_point(pvt);
  25433. if (ret != -10200)
  25434. wc_FreeRng(&rng);
  25435. if (ssk != NULL)
  25436. XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25437. if (pub != NULL)
  25438. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25439. if (priv != NULL)
  25440. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25441. return ret;
  25442. }
  25443. #endif /* WOLFCRYPT_HAVE_ECCSI */
  25444. #ifdef WOLFCRYPT_HAVE_SAKKE
  25445. static int sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
  25446. {
  25447. int ret;
  25448. byte id[1] = { 0x00 };
  25449. int valid;
  25450. byte data[256];
  25451. word32 sz;
  25452. byte auth[257];
  25453. word16 authSz;
  25454. byte ssv[256];
  25455. word16 ssvSz;
  25456. word32 len;
  25457. ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  25458. if (ret != BAD_FUNC_ARG)
  25459. return -10205;
  25460. ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
  25461. if (ret != BAD_FUNC_ARG)
  25462. return -10206;
  25463. wc_FreeSakkeKey(NULL);
  25464. XMEMSET(key, 0, sizeof(*key));
  25465. wc_FreeSakkeKey(key);
  25466. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
  25467. if (ret != 0)
  25468. return -10207;
  25469. ret = wc_MakeSakkeKey(NULL, NULL);
  25470. if (ret != BAD_FUNC_ARG)
  25471. return -10208;
  25472. ret = wc_MakeSakkeKey(key, NULL);
  25473. if (ret != BAD_FUNC_ARG)
  25474. return -10209;
  25475. ret = wc_MakeSakkeKey(NULL, rng);
  25476. if (ret != BAD_FUNC_ARG)
  25477. return -10210;
  25478. ret = wc_MakeSakkePublicKey(NULL, NULL);
  25479. if (ret != BAD_FUNC_ARG)
  25480. return -10211;
  25481. ret = wc_MakeSakkePublicKey(key, NULL);
  25482. if (ret != BAD_FUNC_ARG)
  25483. return -10212;
  25484. ret = wc_MakeSakkePublicKey(NULL, rsk);
  25485. if (ret != BAD_FUNC_ARG)
  25486. return -10213;
  25487. ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
  25488. if (ret != BAD_FUNC_ARG)
  25489. return -10214;
  25490. ret = wc_MakeSakkeRsk(key, id, 1, NULL);
  25491. if (ret != BAD_FUNC_ARG)
  25492. return -10215;
  25493. ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
  25494. if (ret != BAD_FUNC_ARG)
  25495. return -10216;
  25496. ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
  25497. if (ret != BAD_FUNC_ARG)
  25498. return -10217;
  25499. ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
  25500. if (ret != BAD_FUNC_ARG)
  25501. return -10218;
  25502. ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
  25503. if (ret != BAD_FUNC_ARG)
  25504. return -10219;
  25505. ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
  25506. if (ret != BAD_FUNC_ARG)
  25507. return -10220;
  25508. ret = wc_ExportSakkeKey(NULL, NULL, NULL);
  25509. if (ret != BAD_FUNC_ARG)
  25510. return -10221;
  25511. ret = wc_ExportSakkeKey(key, data, NULL);
  25512. if (ret != BAD_FUNC_ARG)
  25513. return -10222;
  25514. ret = wc_ExportSakkeKey(NULL, data, &sz);
  25515. if (ret != BAD_FUNC_ARG)
  25516. return -10223;
  25517. ret = wc_ImportSakkeKey(NULL, NULL, 1);
  25518. if (ret != BAD_FUNC_ARG)
  25519. return -10224;
  25520. ret = wc_ImportSakkeKey(key, NULL, 1);
  25521. if (ret != BAD_FUNC_ARG)
  25522. return -10225;
  25523. ret = wc_ImportSakkeKey(NULL, data, 1);
  25524. if (ret != BAD_FUNC_ARG)
  25525. return -10226;
  25526. ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
  25527. if (ret != BAD_FUNC_ARG)
  25528. return -10227;
  25529. ret = wc_ExportSakkePrivateKey(key, data, NULL);
  25530. if (ret != BAD_FUNC_ARG)
  25531. return -10228;
  25532. ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
  25533. if (ret != BAD_FUNC_ARG)
  25534. return -10229;
  25535. ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
  25536. if (ret != BAD_FUNC_ARG)
  25537. return -10230;
  25538. ret = wc_ImportSakkePrivateKey(key, NULL, 1);
  25539. if (ret != BAD_FUNC_ARG)
  25540. return -10231;
  25541. ret = wc_ImportSakkePrivateKey(NULL, data, 1);
  25542. if (ret != BAD_FUNC_ARG)
  25543. return -10232;
  25544. sz = sizeof(data);
  25545. ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
  25546. if (ret != BAD_FUNC_ARG)
  25547. return -10233;
  25548. ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
  25549. if (ret != BAD_FUNC_ARG)
  25550. return -10234;
  25551. ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
  25552. if (ret != BAD_FUNC_ARG)
  25553. return -10235;
  25554. ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
  25555. if (ret != BAD_FUNC_ARG)
  25556. return -10236;
  25557. ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
  25558. if (ret != BAD_FUNC_ARG)
  25559. return -10237;
  25560. ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
  25561. if (ret != BAD_FUNC_ARG)
  25562. return -10238;
  25563. ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
  25564. if (ret != BAD_FUNC_ARG)
  25565. return -10239;
  25566. ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
  25567. if (ret != BAD_FUNC_ARG)
  25568. return -10240;
  25569. ret = wc_ImportSakkeRsk(NULL, NULL, sz);
  25570. if (ret != BAD_FUNC_ARG)
  25571. return -10237;
  25572. ret = wc_ImportSakkeRsk(key, NULL, sz);
  25573. if (ret != BAD_FUNC_ARG)
  25574. return -10237;
  25575. ret = wc_ImportSakkeRsk(NULL, data, sz);
  25576. if (ret != BAD_FUNC_ARG)
  25577. return -10237;
  25578. ret = wc_ImportSakkeRsk(key, data, 1);
  25579. if (ret != BUFFER_E)
  25580. return -10237;
  25581. ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
  25582. if (ret != BAD_FUNC_ARG)
  25583. return -10241;
  25584. ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
  25585. if (ret != BAD_FUNC_ARG)
  25586. return -10242;
  25587. ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
  25588. if (ret != BAD_FUNC_ARG)
  25589. return -10243;
  25590. ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
  25591. if (ret != BAD_FUNC_ARG)
  25592. return -10244;
  25593. ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
  25594. if (ret != BAD_FUNC_ARG)
  25595. return -10245;
  25596. ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
  25597. if (ret != BAD_FUNC_ARG)
  25598. return -10246;
  25599. ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
  25600. if (ret != BAD_FUNC_ARG)
  25601. return -10247;
  25602. ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
  25603. if (ret != LENGTH_ONLY_E)
  25604. return -10248;
  25605. len--;
  25606. ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
  25607. if (ret != BUFFER_E)
  25608. return -10249;
  25609. ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
  25610. if (ret != BAD_FUNC_ARG)
  25611. return -10250;
  25612. ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
  25613. if (ret != BAD_FUNC_ARG)
  25614. return -10251;
  25615. ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
  25616. if (ret != BAD_FUNC_ARG)
  25617. return -10252;
  25618. ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
  25619. if (ret != BAD_FUNC_ARG)
  25620. return -10253;
  25621. ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
  25622. if (ret != BAD_FUNC_ARG)
  25623. return -10254;
  25624. ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
  25625. if (ret != BAD_FUNC_ARG)
  25626. return -10255;
  25627. ret = wc_GetSakkeAuthSize(NULL, NULL);
  25628. if (ret != BAD_FUNC_ARG)
  25629. return -10256;
  25630. ret = wc_GetSakkeAuthSize(key, NULL);
  25631. if (ret != BAD_FUNC_ARG)
  25632. return -10257;
  25633. ret = wc_GetSakkeAuthSize(NULL, &authSz);
  25634. if (ret != BAD_FUNC_ARG)
  25635. return -10258;
  25636. ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
  25637. if (ret != BAD_FUNC_ARG)
  25638. return -10259;
  25639. ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
  25640. if (ret != BAD_FUNC_ARG)
  25641. return -10260;
  25642. ret = wc_MakeSakkePointI(NULL, id, 1);
  25643. if (ret != BAD_FUNC_ARG)
  25644. return -10261;
  25645. ret = wc_MakeSakkePointI(NULL, NULL, 1);
  25646. if (ret != BAD_FUNC_ARG)
  25647. return -10262;
  25648. ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
  25649. if (ret != BAD_FUNC_ARG)
  25650. return -10263;
  25651. ret = wc_MakeSakkePointI(key, NULL, 1);
  25652. if (ret != BAD_FUNC_ARG)
  25653. return -10264;
  25654. ret = wc_MakeSakkePointI(NULL, id, 1);
  25655. if (ret != BAD_FUNC_ARG)
  25656. return -10265;
  25657. ret = wc_GenerateSakkePointITable(NULL, data, NULL);
  25658. if (ret != BAD_FUNC_ARG)
  25659. return -10266;
  25660. ret = wc_GenerateSakkePointITable(key, data, NULL);
  25661. if (ret != BAD_FUNC_ARG)
  25662. return -10267;
  25663. ret = wc_GenerateSakkePointITable(NULL, data, &len);
  25664. if (ret != BAD_FUNC_ARG)
  25665. return -10268;
  25666. ret = wc_GenerateSakkePointITable(key, NULL, &len);
  25667. if (ret != LENGTH_ONLY_E)
  25668. return -10269;
  25669. len--;
  25670. ret = wc_GenerateSakkePointITable(key, data, &len);
  25671. if (ret != BUFFER_E)
  25672. return -10270;
  25673. ret = wc_SetSakkePointITable(NULL, NULL, 1);
  25674. if (ret != BAD_FUNC_ARG)
  25675. return -10271;
  25676. ret = wc_SetSakkePointITable(key, NULL, 1);
  25677. if (ret != BAD_FUNC_ARG)
  25678. return -10272;
  25679. ret = wc_SetSakkePointITable(NULL, data, 1);
  25680. if (ret != BAD_FUNC_ARG)
  25681. return -10273;
  25682. ret = wc_SetSakkePointITable(key, data, 1);
  25683. if (ret != BUFFER_E)
  25684. return -10274;
  25685. ret = wc_ClearSakkePointITable(NULL);
  25686. if (ret != BAD_FUNC_ARG)
  25687. return -10275;
  25688. ret = wc_GetSakkePointI(NULL, data, NULL);
  25689. if (ret != BAD_FUNC_ARG)
  25690. return -10276;
  25691. ret = wc_GetSakkePointI(key, data, NULL);
  25692. if (ret != BAD_FUNC_ARG)
  25693. return -10277;
  25694. ret = wc_GetSakkePointI(NULL, data, &sz);
  25695. if (ret != BAD_FUNC_ARG)
  25696. return -10278;
  25697. sz = 1;
  25698. ret = wc_GetSakkePointI(key, data, &sz);
  25699. if (ret != BUFFER_E)
  25700. return -10279;
  25701. sz = 256;
  25702. ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
  25703. if (ret != BAD_FUNC_ARG)
  25704. return -10280;
  25705. ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
  25706. if (ret != BAD_FUNC_ARG)
  25707. return -10281;
  25708. ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
  25709. if (ret != BAD_FUNC_ARG)
  25710. return -10282;
  25711. ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
  25712. if (ret != BAD_FUNC_ARG)
  25713. return -10283;
  25714. ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
  25715. if (ret != BAD_FUNC_ARG)
  25716. return -10284;
  25717. ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
  25718. if (ret != BAD_FUNC_ARG)
  25719. return -10285;
  25720. ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
  25721. if (ret != BAD_FUNC_ARG)
  25722. return -10286;
  25723. ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
  25724. if (ret != BUFFER_E)
  25725. return -10287;
  25726. ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
  25727. if (ret != BUFFER_E)
  25728. return -10288;
  25729. ret = wc_SetSakkeIdentity(NULL, NULL, 1);
  25730. if (ret != BAD_FUNC_ARG)
  25731. return -10286;
  25732. ret = wc_SetSakkeIdentity(key, NULL, 1);
  25733. if (ret != BAD_FUNC_ARG)
  25734. return -10286;
  25735. ret = wc_SetSakkeIdentity(NULL, id, 1);
  25736. if (ret != BAD_FUNC_ARG)
  25737. return -10286;
  25738. ssvSz = sizeof(ssv);
  25739. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  25740. auth, NULL);
  25741. if (ret != BAD_FUNC_ARG)
  25742. return -10289;
  25743. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  25744. auth, NULL);
  25745. if (ret != BAD_FUNC_ARG)
  25746. return -10290;
  25747. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25748. auth, NULL);
  25749. if (ret != BAD_FUNC_ARG)
  25750. return -10291;
  25751. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  25752. auth, &authSz);
  25753. if (ret != BAD_FUNC_ARG)
  25754. return -10292;
  25755. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25756. auth, NULL);
  25757. if (ret != BAD_FUNC_ARG)
  25758. return -10293;
  25759. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  25760. auth, &authSz);
  25761. if (ret != BAD_FUNC_ARG)
  25762. return -10294;
  25763. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25764. auth, &authSz);
  25765. if (ret != BAD_FUNC_ARG)
  25766. return -10295;
  25767. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25768. auth, &authSz);
  25769. if (ret != BAD_STATE_E)
  25770. return -10295;
  25771. ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
  25772. if (ret != BAD_FUNC_ARG)
  25773. return -10296;
  25774. ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
  25775. if (ret != BAD_FUNC_ARG)
  25776. return -10297;
  25777. ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
  25778. if (ret != BAD_FUNC_ARG)
  25779. return -10298;
  25780. ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
  25781. if (ret != BAD_FUNC_ARG)
  25782. return -10299;
  25783. ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
  25784. if (ret != BAD_FUNC_ARG)
  25785. return -10286;
  25786. ret = wc_SetSakkeRsk(key, NULL, data, 1);
  25787. if (ret != BAD_FUNC_ARG)
  25788. return -10286;
  25789. ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
  25790. if (ret != BAD_FUNC_ARG)
  25791. return -10286;
  25792. ssvSz = sizeof(ssv);
  25793. authSz = sizeof(auth);
  25794. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
  25795. authSz);
  25796. if (ret != BAD_FUNC_ARG)
  25797. return -10300;
  25798. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
  25799. authSz);
  25800. if (ret != BAD_FUNC_ARG)
  25801. return -10300;
  25802. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
  25803. authSz);
  25804. if (ret != BAD_FUNC_ARG)
  25805. return -10300;
  25806. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
  25807. authSz);
  25808. if (ret != BAD_FUNC_ARG)
  25809. return -10300;
  25810. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
  25811. authSz);
  25812. if (ret != BAD_FUNC_ARG)
  25813. return -10300;
  25814. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
  25815. authSz);
  25816. if (ret != BAD_FUNC_ARG)
  25817. return -10300;
  25818. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  25819. authSz);
  25820. if (ret != BAD_FUNC_ARG)
  25821. return -10300;
  25822. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  25823. authSz);
  25824. if (ret != BAD_STATE_E)
  25825. return -10300;
  25826. ret = wc_SetSakkeIdentity(key, id, 1);
  25827. if (ret != 0)
  25828. return -10286;
  25829. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  25830. authSz);
  25831. if (ret != BAD_STATE_E)
  25832. return -10300;
  25833. ret = wc_SetSakkeIdentity(key, id, 0);
  25834. if (ret != 0)
  25835. return -10286;
  25836. ret = wc_SetSakkeRsk(key, rsk, data, 1);
  25837. if (ret != 0)
  25838. return -10286;
  25839. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  25840. authSz);
  25841. if (ret != BAD_STATE_E)
  25842. return -10300;
  25843. wc_FreeSakkeKey(key);
  25844. return 0;
  25845. }
  25846. static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
  25847. {
  25848. static const byte pubData[] = {
  25849. 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
  25850. 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
  25851. 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
  25852. 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
  25853. 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
  25854. 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
  25855. 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
  25856. 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
  25857. 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
  25858. 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
  25859. 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
  25860. 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
  25861. 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
  25862. 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
  25863. 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
  25864. 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
  25865. 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
  25866. 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
  25867. 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
  25868. 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
  25869. 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
  25870. 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
  25871. 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
  25872. 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
  25873. 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
  25874. 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
  25875. 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
  25876. 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
  25877. 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
  25878. 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
  25879. 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
  25880. 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
  25881. };
  25882. static const byte rskData[] = {
  25883. 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
  25884. 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
  25885. 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
  25886. 0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C,
  25887. 0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62,
  25888. 0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C,
  25889. 0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA,
  25890. 0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93,
  25891. 0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79,
  25892. 0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C,
  25893. 0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0,
  25894. 0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94,
  25895. 0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93,
  25896. 0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78,
  25897. 0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53,
  25898. 0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B,
  25899. 0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0,
  25900. 0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A,
  25901. 0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03,
  25902. 0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D,
  25903. 0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18,
  25904. 0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C,
  25905. 0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C,
  25906. 0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F,
  25907. 0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB,
  25908. 0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D,
  25909. 0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A,
  25910. 0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B,
  25911. 0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA,
  25912. 0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40,
  25913. 0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C,
  25914. 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
  25915. };
  25916. static const byte id[] = {
  25917. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  25918. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  25919. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  25920. 0x33, 0x00
  25921. };
  25922. static const byte ssv[] = {
  25923. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
  25924. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
  25925. };
  25926. static const byte auth[] = {
  25927. 0x04,
  25928. 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
  25929. 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
  25930. 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
  25931. 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
  25932. 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
  25933. 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
  25934. 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
  25935. 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
  25936. 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
  25937. 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
  25938. 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
  25939. 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
  25940. 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
  25941. 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
  25942. 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
  25943. 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
  25944. 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
  25945. 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
  25946. 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
  25947. 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
  25948. 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
  25949. 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
  25950. 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
  25951. 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
  25952. 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
  25953. 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
  25954. 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
  25955. 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
  25956. 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
  25957. 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
  25958. 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
  25959. 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
  25960. };
  25961. byte encSsv[] = {
  25962. 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
  25963. 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
  25964. };
  25965. int ret;
  25966. int valid;
  25967. byte pubKey[sizeof(pubData) + 1];
  25968. word32 sz = sizeof(pubKey);
  25969. byte tmpSsv[sizeof(encSsv)];
  25970. byte* iTable = NULL;
  25971. word32 iTableLen;
  25972. byte* table = NULL;
  25973. word32 len;
  25974. ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
  25975. if (ret != 0)
  25976. return -10315;
  25977. ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk);
  25978. if (ret != 0)
  25979. return -10316;
  25980. ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid);
  25981. if (ret != 0)
  25982. return -10317;
  25983. if (valid != 1)
  25984. return -10318;
  25985. ret = wc_SetSakkeRsk(key, rsk, NULL, 0);
  25986. if (ret != 0)
  25987. return -10319;
  25988. ret = wc_SetSakkeIdentity(key, id, sizeof(id));
  25989. if (ret != 0)
  25990. return -10319;
  25991. XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
  25992. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
  25993. auth, sizeof(auth));
  25994. if (ret != 0)
  25995. return -10322;
  25996. if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
  25997. return -10320;
  25998. ret = wc_MakeSakkePointI(key, id, sizeof(id));
  25999. if (ret != 0)
  26000. return -10321;
  26001. iTableLen = 0;
  26002. ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
  26003. if (ret != LENGTH_ONLY_E)
  26004. return -10322;
  26005. if (iTableLen != 0) {
  26006. iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26007. if (iTable == NULL)
  26008. return -10323;
  26009. ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
  26010. if (ret != 0)
  26011. return -10324;
  26012. }
  26013. len = 0;
  26014. ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
  26015. if (ret != LENGTH_ONLY_E)
  26016. return -10325;
  26017. if (len > 0) {
  26018. table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26019. if (table == NULL)
  26020. return -10326;
  26021. ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
  26022. if (ret != 0)
  26023. return -10327;
  26024. }
  26025. ret = wc_SetSakkeRsk(key, rsk, table, len);
  26026. if (ret != 0)
  26027. return -10319;
  26028. XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
  26029. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
  26030. auth, sizeof(auth));
  26031. if (ret != 0)
  26032. return -10328;
  26033. if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
  26034. return -10329;
  26035. /* Don't reference table that is about to be freed. */
  26036. ret = wc_ClearSakkePointITable(key);
  26037. if (ret != 0)
  26038. return -10330;
  26039. /* Dispose of tables */
  26040. if (iTable != NULL)
  26041. XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26042. if (table != NULL)
  26043. XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26044. /* Make sure the key public key is exportable - convert to Montgomery form
  26045. * in Validation.
  26046. */
  26047. ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1);
  26048. if (ret != 0)
  26049. return -10331;
  26050. if (sz != sizeof(pubData))
  26051. return -10332;
  26052. if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0)
  26053. return -10333;
  26054. sz = sizeof(pubData) + 1;
  26055. ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0);
  26056. if (ret != 0)
  26057. return -10334;
  26058. if (sz != sizeof(pubData) + 1)
  26059. return -10335;
  26060. if (pubKey[0] != 0x04)
  26061. return -10336;
  26062. if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0)
  26063. return -10337;
  26064. return 0;
  26065. }
  26066. static int sakke_kat_encapsulate_test(SakkeKey* key)
  26067. {
  26068. static const byte pubData[] = {
  26069. 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
  26070. 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
  26071. 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
  26072. 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
  26073. 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
  26074. 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
  26075. 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
  26076. 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
  26077. 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
  26078. 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
  26079. 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
  26080. 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
  26081. 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
  26082. 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
  26083. 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
  26084. 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
  26085. 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
  26086. 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
  26087. 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
  26088. 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
  26089. 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
  26090. 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
  26091. 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
  26092. 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
  26093. 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
  26094. 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
  26095. 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
  26096. 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
  26097. 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
  26098. 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
  26099. 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
  26100. 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
  26101. };
  26102. static const byte id[] = {
  26103. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  26104. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  26105. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  26106. 0x33, 0x00
  26107. };
  26108. static word32 idSz = sizeof(id);
  26109. byte ssv[] = {
  26110. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
  26111. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
  26112. };
  26113. static word16 ssvSz = sizeof(ssv);
  26114. static const byte expAuth[] = {
  26115. 0x04,
  26116. 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
  26117. 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
  26118. 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
  26119. 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
  26120. 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
  26121. 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
  26122. 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
  26123. 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
  26124. 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
  26125. 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
  26126. 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
  26127. 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
  26128. 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
  26129. 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
  26130. 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
  26131. 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
  26132. 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
  26133. 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
  26134. 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
  26135. 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
  26136. 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
  26137. 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
  26138. 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
  26139. 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
  26140. 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
  26141. 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
  26142. 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
  26143. 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
  26144. 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
  26145. 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
  26146. 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
  26147. 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
  26148. };
  26149. static const byte encSsv[] = {
  26150. 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
  26151. 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
  26152. };
  26153. int ret;
  26154. byte auth[257];
  26155. word16 authSz = sizeof(auth);
  26156. ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
  26157. if (ret != 0)
  26158. return -10334;
  26159. ret = wc_SetSakkeIdentity(key, id, idSz);
  26160. if (ret != 0)
  26161. return -10335;
  26162. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  26163. auth, &authSz);
  26164. if (ret != 0)
  26165. return -10336;
  26166. if (authSz != 257)
  26167. return -10337;
  26168. if (XMEMCMP(ssv, encSsv, ssvSz) != 0)
  26169. return -10338;
  26170. if (XMEMCMP(auth, expAuth, authSz) != 0)
  26171. return -10339;
  26172. return 0;
  26173. }
  26174. static int sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key,
  26175. WC_RNG* rng, ecc_point* rsk)
  26176. {
  26177. int ret;
  26178. byte data[440];
  26179. byte pubData[257];
  26180. word32 sz;
  26181. char mail[] = "test@wolfssl.com";
  26182. byte* id = (byte*)mail;
  26183. word32 idSz = (word32)XSTRLEN(mail);
  26184. int valid;
  26185. ecc_point* pubKey = rsk;
  26186. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  26187. if (ret != 0)
  26188. return -10339;
  26189. ret = wc_MakeSakkeKey(priv, rng);
  26190. if (ret != 0)
  26191. return -10340;
  26192. ret = wc_ExportSakkeKey(priv, NULL, &sz);
  26193. if (ret != LENGTH_ONLY_E)
  26194. return -10341;
  26195. if (sz != 384)
  26196. return -10342;
  26197. sz--;
  26198. ret = wc_ExportSakkeKey(priv, data, &sz);
  26199. if (ret == 0)
  26200. return -10343;
  26201. sz++;
  26202. ret = wc_ExportSakkeKey(priv, data, &sz);
  26203. if (ret != 0)
  26204. return -10344;
  26205. if (sz != 384)
  26206. return -10345;
  26207. ret = wc_ImportSakkeKey(key, data, sz - 1);
  26208. if (ret == 0)
  26209. return -10346;
  26210. ret = wc_ImportSakkeKey(key, data, sz);
  26211. if (ret != 0)
  26212. return -10347;
  26213. wc_FreeSakkeKey(key);
  26214. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  26215. if (ret != 0)
  26216. return -10348;
  26217. ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
  26218. if (ret != LENGTH_ONLY_E)
  26219. return -10349;
  26220. if (sz != 128)
  26221. return -10350;
  26222. sz--;
  26223. ret = wc_ExportSakkePrivateKey(priv, data, &sz);
  26224. if (ret == 0)
  26225. return -10351;
  26226. sz++;
  26227. ret = wc_ExportSakkePrivateKey(priv, data, &sz);
  26228. if (ret != 0)
  26229. return -10352;
  26230. if (sz != 128)
  26231. return -10353;
  26232. ret = wc_ImportSakkePrivateKey(key, data, sz - 1);
  26233. if (ret == 0)
  26234. return -10354;
  26235. ret = wc_ImportSakkePrivateKey(key, data, sz);
  26236. if (ret != 0)
  26237. return -10355;
  26238. ret = wc_MakeSakkePublicKey(key, pubKey);
  26239. if (ret != 0)
  26240. return -10356;
  26241. ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
  26242. if (ret != LENGTH_ONLY_E)
  26243. return -10357;
  26244. if (sz != 256)
  26245. return -10358;
  26246. sz--;
  26247. ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
  26248. if (ret == 0)
  26249. return -10359;
  26250. sz++;
  26251. ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
  26252. if (ret != 0)
  26253. return -10360;
  26254. if (sz != 256)
  26255. return -10361;
  26256. ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1);
  26257. if (ret == 0)
  26258. return -10362;
  26259. ret = wc_ImportSakkePublicKey(pub, data, sz, 1);
  26260. if (ret != 0)
  26261. return -10363;
  26262. ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1);
  26263. if (ret != 0)
  26264. return -10364;
  26265. if (sz != 256)
  26266. return -10365;
  26267. if (XMEMCMP(data, pubData, sz) != 0)
  26268. return -10366;
  26269. ret = wc_MakeSakkeRsk(priv, id, idSz, rsk);
  26270. if (ret != 0)
  26271. return -10367;
  26272. ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid);
  26273. if (ret != 0)
  26274. return -10368;
  26275. if (valid != 1)
  26276. return -10369;
  26277. ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid);
  26278. if (ret != 0)
  26279. return -10370;
  26280. if (valid != 1)
  26281. return -10371;
  26282. sz = sizeof(data);
  26283. ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1);
  26284. if (ret != 0)
  26285. return -10372;
  26286. if (sz != 256)
  26287. return -10373;
  26288. ret = wc_DecodeSakkeRsk(priv, data, sz, rsk);
  26289. if (ret != 0)
  26290. return -10374;
  26291. sz = sizeof(pubData);
  26292. ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0);
  26293. if (ret != 0)
  26294. return -10375;
  26295. if (sz != sizeof(pubData))
  26296. return -10376;
  26297. ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk);
  26298. if (ret != 0)
  26299. return -10377;
  26300. wc_FreeSakkeKey(key);
  26301. return 0;
  26302. }
  26303. static int sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
  26304. ecc_point* rsk)
  26305. {
  26306. int ret;
  26307. byte ssv[16];
  26308. word16 ssvSz;
  26309. byte auth[257];
  26310. word16 authSz;
  26311. char mail[] = "test@wolfssl.com";
  26312. byte* id = (byte*)mail;
  26313. word32 idSz = (word32)XSTRLEN(mail);
  26314. byte pointI[256];
  26315. word32 sz;
  26316. ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
  26317. if (ret != LENGTH_ONLY_E)
  26318. return -10375;
  26319. if (ssvSz != 16)
  26320. return -10376;
  26321. ssvSz += 128;
  26322. ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
  26323. if (ret == 0)
  26324. return -10377;
  26325. ssvSz -= 128;
  26326. ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
  26327. if (ret != 0)
  26328. return -10378;
  26329. if (ssvSz != 16)
  26330. return -10379;
  26331. ret = wc_GetSakkeAuthSize(pub, &authSz);
  26332. if (ret != 0)
  26333. return -10380;
  26334. ret = wc_SetSakkeIdentity(pub, id, idSz);
  26335. if (ret != 0)
  26336. return -10380;
  26337. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  26338. NULL, &authSz);
  26339. if (ret != LENGTH_ONLY_E)
  26340. return -10381;
  26341. if (authSz != 257)
  26342. return -10382;
  26343. authSz--;
  26344. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  26345. auth, &authSz);
  26346. if (ret == 0)
  26347. return -10383;
  26348. authSz++;
  26349. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  26350. auth, &authSz);
  26351. if (ret != 0)
  26352. return -10384;
  26353. if (authSz != 257)
  26354. return -10385;
  26355. ret = wc_GetSakkePointI(pub, NULL, &sz);
  26356. if (ret != LENGTH_ONLY_E)
  26357. return -10386;
  26358. if (sz != 256)
  26359. return -10387;
  26360. ret = wc_GetSakkePointI(pub, pointI, &sz);
  26361. if (ret != 0)
  26362. return -10388;
  26363. if (sz != 256)
  26364. return -10389;
  26365. /* Bogus identity - make it check and regenerate I. */
  26366. ret = wc_MakeSakkePointI(pub, ssv, ssvSz);
  26367. if (ret != 0)
  26368. return -10391;
  26369. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  26370. auth, &authSz);
  26371. if (ret != 0)
  26372. return -10392;
  26373. if (authSz != 257)
  26374. return -10393;
  26375. ret = wc_SetSakkeRsk(priv, rsk, NULL, 0);
  26376. if (ret != 0)
  26377. return -10392;
  26378. ret = wc_SetSakkeIdentity(priv, id, idSz);
  26379. if (ret != 0)
  26380. return -10392;
  26381. authSz--;
  26382. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  26383. authSz);
  26384. if (ret == 0)
  26385. return -10394;
  26386. authSz++;
  26387. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  26388. authSz);
  26389. if (ret != 0)
  26390. return -10395;
  26391. ssv[0] ^= 0x80;
  26392. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  26393. authSz);
  26394. if (ret != SAKKE_VERIFY_FAIL_E)
  26395. return -10396;
  26396. ssv[0] ^= 0x80;
  26397. /* Bogus identity - make it check and regenerate I. */
  26398. ret = wc_MakeSakkePointI(pub, ssv, idSz);
  26399. if (ret != 0)
  26400. return -10397;
  26401. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  26402. authSz);
  26403. if (ret != 0)
  26404. return -10398;
  26405. return 0;
  26406. }
  26407. int sakke_test(void)
  26408. {
  26409. int ret = 0;
  26410. WC_RNG rng;
  26411. SakkeKey* priv = NULL;
  26412. SakkeKey* pub = NULL;
  26413. SakkeKey* key = NULL;
  26414. ecc_point* rsk = NULL;
  26415. priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  26416. DYNAMIC_TYPE_TMP_BUFFER);
  26417. if (priv == NULL) {
  26418. ret = -10404;
  26419. }
  26420. if (ret == 0) {
  26421. pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  26422. DYNAMIC_TYPE_TMP_BUFFER);
  26423. if (pub == NULL) {
  26424. ret = -10405;
  26425. }
  26426. }
  26427. if (ret == 0) {
  26428. key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  26429. DYNAMIC_TYPE_TMP_BUFFER);
  26430. if (key == NULL) {
  26431. ret = -10406;
  26432. }
  26433. }
  26434. if (ret == 0) {
  26435. #ifndef HAVE_FIPS
  26436. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  26437. #else
  26438. ret = wc_InitRng(&rng);
  26439. #endif
  26440. if (ret != 0)
  26441. ret = -10400;
  26442. }
  26443. if (ret == 0) {
  26444. rsk = wc_ecc_new_point();
  26445. if (rsk == NULL)
  26446. ret = -10401;
  26447. }
  26448. if (ret == 0) {
  26449. ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
  26450. if (ret != 0)
  26451. ret = -10402;
  26452. }
  26453. if (ret == 0) {
  26454. ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
  26455. if (ret != 0)
  26456. ret = -10403;
  26457. }
  26458. if (ret == 0) {
  26459. ret = sakke_api_test(&rng, key, rsk);
  26460. }
  26461. if (ret == 0) {
  26462. ret = sakke_kat_derive_test(pub, rsk);
  26463. }
  26464. if (ret == 0) {
  26465. ret = sakke_kat_encapsulate_test(pub);
  26466. }
  26467. if (ret == 0) {
  26468. ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
  26469. }
  26470. if (ret == 0) {
  26471. ret = sakke_op_test(priv, pub, &rng, rsk);
  26472. }
  26473. wc_FreeSakkeKey(priv);
  26474. wc_FreeSakkeKey(pub);
  26475. wc_ecc_forcezero_point(rsk);
  26476. wc_ecc_del_point(rsk);
  26477. if (ret != -10400)
  26478. wc_FreeRng(&rng);
  26479. if (key != NULL)
  26480. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26481. if (pub != NULL)
  26482. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26483. if (priv != NULL)
  26484. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26485. return ret;
  26486. }
  26487. #endif /* WOLFCRYPT_HAVE_SAKKE */
  26488. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  26489. typedef struct CMAC_Test_Case {
  26490. int type;
  26491. int partial;
  26492. const byte* m;
  26493. word32 mSz;
  26494. const byte* k;
  26495. word32 kSz;
  26496. const byte* t;
  26497. word32 tSz;
  26498. } CMAC_Test_Case;
  26499. WOLFSSL_TEST_SUBROUTINE int cmac_test(void)
  26500. {
  26501. #ifdef WOLFSSL_AES_128
  26502. WOLFSSL_SMALL_STACK_STATIC const byte k128[] =
  26503. {
  26504. 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
  26505. 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
  26506. };
  26507. #define KLEN_128 (sizeof(k128))
  26508. #endif
  26509. #ifdef WOLFSSL_AES_192
  26510. WOLFSSL_SMALL_STACK_STATIC const byte k192[] =
  26511. {
  26512. 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
  26513. 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
  26514. 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
  26515. };
  26516. #define KLEN_192 (sizeof(k192))
  26517. #endif
  26518. #ifdef WOLFSSL_AES_256
  26519. WOLFSSL_SMALL_STACK_STATIC const byte k256[] =
  26520. {
  26521. 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
  26522. 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
  26523. 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
  26524. 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
  26525. };
  26526. #define KLEN_256 (sizeof(k256))
  26527. #endif
  26528. WOLFSSL_SMALL_STACK_STATIC const byte m[] =
  26529. {
  26530. 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
  26531. 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
  26532. 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
  26533. 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
  26534. 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
  26535. 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
  26536. 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
  26537. 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
  26538. };
  26539. #define MLEN_0 (0)
  26540. #define MLEN_128 (128/8)
  26541. #define MLEN_320 (320/8)
  26542. #define MLEN_319 (MLEN_320 - 1)
  26543. #define MLEN_512 (512/8)
  26544. #ifdef WOLFSSL_AES_128
  26545. WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] =
  26546. {
  26547. 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
  26548. 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
  26549. };
  26550. WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] =
  26551. {
  26552. 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
  26553. 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
  26554. };
  26555. WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] =
  26556. {
  26557. 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
  26558. 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
  26559. };
  26560. WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] =
  26561. {
  26562. 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
  26563. 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
  26564. };
  26565. WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] =
  26566. {
  26567. 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
  26568. 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
  26569. };
  26570. #endif
  26571. #ifdef WOLFSSL_AES_192
  26572. WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] =
  26573. {
  26574. 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
  26575. 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
  26576. };
  26577. WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] =
  26578. {
  26579. 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
  26580. 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
  26581. };
  26582. WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] =
  26583. {
  26584. 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
  26585. 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
  26586. };
  26587. WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] =
  26588. {
  26589. 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
  26590. 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
  26591. };
  26592. #endif
  26593. #ifdef WOLFSSL_AES_256
  26594. WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] =
  26595. {
  26596. 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
  26597. 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
  26598. };
  26599. WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] =
  26600. {
  26601. 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
  26602. 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
  26603. };
  26604. WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] =
  26605. {
  26606. 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
  26607. 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
  26608. };
  26609. WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] =
  26610. {
  26611. 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
  26612. 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
  26613. };
  26614. #endif
  26615. const CMAC_Test_Case testCases[] =
  26616. {
  26617. #ifdef WOLFSSL_AES_128
  26618. {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
  26619. {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
  26620. {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
  26621. {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
  26622. {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
  26623. #endif
  26624. #ifdef WOLFSSL_AES_192
  26625. {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
  26626. {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
  26627. {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
  26628. {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
  26629. #endif
  26630. #ifdef WOLFSSL_AES_256
  26631. {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
  26632. {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
  26633. {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
  26634. {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
  26635. #endif
  26636. #ifdef WOLFSSL_AES_128
  26637. {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
  26638. #endif
  26639. };
  26640. #ifdef WOLFSSL_SMALL_STACK
  26641. Cmac *cmac;
  26642. #else
  26643. Cmac cmac[1];
  26644. #endif
  26645. byte tag[AES_BLOCK_SIZE];
  26646. const CMAC_Test_Case* tc;
  26647. word32 i, tagSz;
  26648. int ret;
  26649. #ifdef WOLFSSL_SMALL_STACK
  26650. if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
  26651. ERROR_OUT(-12009, out);
  26652. #endif
  26653. for (i = 0, tc = testCases;
  26654. i < sizeof(testCases)/sizeof(CMAC_Test_Case);
  26655. i++, tc++) {
  26656. XMEMSET(tag, 0, sizeof(tag));
  26657. tagSz = AES_BLOCK_SIZE;
  26658. #if !defined(HAVE_FIPS) || \
  26659. defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
  26660. if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0)
  26661. #else
  26662. if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
  26663. #endif
  26664. {
  26665. ERROR_OUT(-12000, out);
  26666. }
  26667. if (tc->partial) {
  26668. if (wc_CmacUpdate(cmac, tc->m,
  26669. tc->mSz/2 - tc->partial) != 0)
  26670. ERROR_OUT(-12001, out);
  26671. if (wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial,
  26672. tc->mSz/2 + tc->partial) != 0)
  26673. ERROR_OUT(-12002, out);
  26674. }
  26675. else {
  26676. if (wc_CmacUpdate(cmac, tc->m, tc->mSz) != 0)
  26677. ERROR_OUT(-12003, out);
  26678. }
  26679. if (wc_CmacFinal(cmac, tag, &tagSz) != 0)
  26680. ERROR_OUT(-12004, out);
  26681. if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
  26682. ERROR_OUT(-12005, out);
  26683. XMEMSET(tag, 0, sizeof(tag));
  26684. tagSz = sizeof(tag);
  26685. if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
  26686. tc->k, tc->kSz) != 0)
  26687. ERROR_OUT(-12006, out);
  26688. if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
  26689. ERROR_OUT(-12007, out);
  26690. if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
  26691. tc->k, tc->kSz) != 0)
  26692. ERROR_OUT(-12008, out);
  26693. }
  26694. ret = 0;
  26695. out:
  26696. #ifdef WOLFSSL_SMALL_STACK
  26697. if (cmac)
  26698. XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
  26699. #endif
  26700. return ret;
  26701. }
  26702. #endif /* NO_AES && WOLFSSL_CMAC */
  26703. #ifdef HAVE_LIBZ
  26704. static const byte sample_text[] =
  26705. "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
  26706. "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
  26707. "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
  26708. "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
  26709. "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
  26710. "small batch meggings kogi dolore food truck bespoke gastropub.\n"
  26711. "\n"
  26712. "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
  26713. "four loko you probably haven't heard of them high life. Messenger bag\n"
  26714. "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
  26715. "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
  26716. "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
  26717. "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
  26718. "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
  26719. "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
  26720. "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
  26721. "four loko whatever street art yr farm-to-table.\n"
  26722. "\n"
  26723. "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
  26724. "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
  26725. "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
  26726. "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
  26727. "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
  26728. "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
  26729. "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
  26730. "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
  26731. "locavore.\n"
  26732. "\n"
  26733. "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
  26734. "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
  26735. "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
  26736. "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
  26737. "small batch american apparel. Put a bird on it cosby sweater before they\n"
  26738. "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
  26739. "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
  26740. "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
  26741. "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
  26742. "neutra PBR selvage.\n"
  26743. "\n"
  26744. "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
  26745. "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
  26746. "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
  26747. "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
  26748. "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
  26749. "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
  26750. "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
  26751. "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
  26752. "mollit magna, sriracha sartorial helvetica.\n"
  26753. "\n"
  26754. "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
  26755. "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
  26756. "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
  26757. "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
  26758. "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
  26759. "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
  26760. "Veniam sunt food truck leggings, sint vinyl fap.\n"
  26761. "\n"
  26762. "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
  26763. "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
  26764. "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
  26765. "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
  26766. "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
  26767. "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
  26768. "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
  26769. "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
  26770. "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
  26771. "\n"
  26772. "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
  26773. "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
  26774. "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
  26775. "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
  26776. "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
  26777. "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
  26778. "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
  26779. "bag dolor terry richardson sapiente.\n";
  26780. static const byte sample_text_gz[] = {
  26781. 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70,
  26782. 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D,
  26783. 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9,
  26784. 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0,
  26785. 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE,
  26786. 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78,
  26787. 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69,
  26788. 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A,
  26789. 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64,
  26790. 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72,
  26791. 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B,
  26792. 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37,
  26793. 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C,
  26794. 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68,
  26795. 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5,
  26796. 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE,
  26797. 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC,
  26798. 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF,
  26799. 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF,
  26800. 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F,
  26801. 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A,
  26802. 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2,
  26803. 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F,
  26804. 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD,
  26805. 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F,
  26806. 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF,
  26807. 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88,
  26808. 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB,
  26809. 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD,
  26810. 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4,
  26811. 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B,
  26812. 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F,
  26813. 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD,
  26814. 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39,
  26815. 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E,
  26816. 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E,
  26817. 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B,
  26818. 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF,
  26819. 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30,
  26820. 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D,
  26821. 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9,
  26822. 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34,
  26823. 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02,
  26824. 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00,
  26825. 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96,
  26826. 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F,
  26827. 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38,
  26828. 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20,
  26829. 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4,
  26830. 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99,
  26831. 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6,
  26832. 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74,
  26833. 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3,
  26834. 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20,
  26835. 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79,
  26836. 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A,
  26837. 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29,
  26838. 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4,
  26839. 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3,
  26840. 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7,
  26841. 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58,
  26842. 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4,
  26843. 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58,
  26844. 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86,
  26845. 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39,
  26846. 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47,
  26847. 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97,
  26848. 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3,
  26849. 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8,
  26850. 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71,
  26851. 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84,
  26852. 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29,
  26853. 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A,
  26854. 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6,
  26855. 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A,
  26856. 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD,
  26857. 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A,
  26858. 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46,
  26859. 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3,
  26860. 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D,
  26861. 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03,
  26862. 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E,
  26863. 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6,
  26864. 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73,
  26865. 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52,
  26866. 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2,
  26867. 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1,
  26868. 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B,
  26869. 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1,
  26870. 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24,
  26871. 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A,
  26872. 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3,
  26873. 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E,
  26874. 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C,
  26875. 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D,
  26876. 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15,
  26877. 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F,
  26878. 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5,
  26879. 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F,
  26880. 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35,
  26881. 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD,
  26882. 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C,
  26883. 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56,
  26884. 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD,
  26885. 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88,
  26886. 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B,
  26887. 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48,
  26888. 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44,
  26889. 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D,
  26890. 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE,
  26891. 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C,
  26892. 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10,
  26893. 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84,
  26894. 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA,
  26895. 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41,
  26896. 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96,
  26897. 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49,
  26898. 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09,
  26899. 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20,
  26900. 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C,
  26901. 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46,
  26902. 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95,
  26903. 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13,
  26904. 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26,
  26905. 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB,
  26906. 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28,
  26907. 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E,
  26908. 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA,
  26909. 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0,
  26910. 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7,
  26911. 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0,
  26912. 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34,
  26913. 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2,
  26914. 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4,
  26915. 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C,
  26916. 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43,
  26917. 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53,
  26918. 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0,
  26919. 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D,
  26920. 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F,
  26921. 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73,
  26922. 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD,
  26923. 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59,
  26924. 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C,
  26925. 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B,
  26926. 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15,
  26927. 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39,
  26928. 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92,
  26929. 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF,
  26930. 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00
  26931. };
  26932. WOLFSSL_TEST_SUBROUTINE int compress_test(void)
  26933. {
  26934. int ret = 0;
  26935. word32 dSz = sizeof(sample_text);
  26936. word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
  26937. byte *c;
  26938. byte *d;
  26939. c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26940. d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26941. if (c == NULL || d == NULL) {
  26942. ERROR_OUT(-12100, exit);
  26943. }
  26944. /* follow calloc and initialize to 0 */
  26945. XMEMSET(c, 0, cSz);
  26946. XMEMSET(d, 0, dSz);
  26947. if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
  26948. ERROR_OUT(-12101, exit);
  26949. }
  26950. cSz = (word32)ret;
  26951. if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
  26952. ERROR_OUT(-12102, exit);
  26953. }
  26954. if (XMEMCMP(d, sample_text, dSz) != 0) {
  26955. ERROR_OUT(-12103, exit);
  26956. }
  26957. /* GZIP tests */
  26958. cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
  26959. XMEMSET(c, 0, cSz);
  26960. XMEMSET(d, 0, dSz);
  26961. ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP);
  26962. if (ret < 0) {
  26963. ERROR_OUT(-12104, exit);
  26964. }
  26965. cSz = (word32)ret;
  26966. ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP);
  26967. if (ret < 0) {
  26968. ERROR_OUT(-12105, exit);
  26969. }
  26970. if (XMEMCMP(d, sample_text, dSz) != 0) {
  26971. ERROR_OUT(-12106, exit);
  26972. }
  26973. /* Try with gzip generated output */
  26974. XMEMSET(d, 0, dSz);
  26975. ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz),
  26976. LIBZ_WINBITS_GZIP);
  26977. if (ret < 0) {
  26978. ERROR_OUT(-12107, exit);
  26979. }
  26980. dSz = (word32)ret;
  26981. if (XMEMCMP(d, sample_text, dSz) != 0) {
  26982. ERROR_OUT(-12108, exit);
  26983. }
  26984. ret = 0; /* success */
  26985. exit:
  26986. if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26987. if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26988. return ret;
  26989. }
  26990. #endif /* HAVE_LIBZ */
  26991. #ifdef HAVE_PKCS7
  26992. /* External Debugging/Testing Note:
  26993. *
  26994. * PKCS#7 test functions can output generated PKCS#7/CMS bundles for
  26995. * additional testing. To dump bundles to files DER encoded files, please
  26996. * define:
  26997. *
  26998. * #define PKCS7_OUTPUT_TEST_BUNDLES
  26999. */
  27000. /* Loads certs and keys for use with PKCS7 tests, from either files
  27001. * or buffers.
  27002. *
  27003. * rsaClientCertBuf - output buffer for RSA client cert
  27004. * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert
  27005. * rsaClientPrivKeyBuf - output buffer for RSA client private key
  27006. * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key
  27007. *
  27008. * rsaServerCertBuf - output buffer for RSA server cert
  27009. * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert
  27010. * rsaServerPrivKeyBuf - output buffer for RSA server private key
  27011. * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key
  27012. *
  27013. * rsaCaCertBuf - output buffer for RSA CA cert
  27014. * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert
  27015. * rsaCaPrivKeyBuf - output buffer for RSA CA private key
  27016. * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key
  27017. *
  27018. * eccClientCertBuf - output buffer for ECC cert
  27019. * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert
  27020. * eccClientPrivKeyBuf - output buffer for ECC private key
  27021. * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key
  27022. *
  27023. * Returns 0 on success, negative on error
  27024. */
  27025. static int pkcs7_load_certs_keys(
  27026. byte* rsaClientCertBuf, word32* rsaClientCertBufSz,
  27027. byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz,
  27028. byte* rsaServerCertBuf, word32* rsaServerCertBufSz,
  27029. byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz,
  27030. byte* rsaCaCertBuf, word32* rsaCaCertBufSz,
  27031. byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz,
  27032. byte* eccClientCertBuf, word32* eccClientCertBufSz,
  27033. byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz)
  27034. {
  27035. #ifndef NO_FILESYSTEM
  27036. XFILE certFile;
  27037. XFILE keyFile;
  27038. (void)certFile;
  27039. (void)keyFile;
  27040. #endif
  27041. #ifndef NO_RSA
  27042. if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL ||
  27043. rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL)
  27044. return BAD_FUNC_ARG;
  27045. #endif
  27046. #ifdef HAVE_ECC
  27047. if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL ||
  27048. eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL)
  27049. return BAD_FUNC_ARG;
  27050. #endif
  27051. /* RSA */
  27052. #ifndef NO_RSA
  27053. #ifdef USE_CERT_BUFFERS_1024
  27054. if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024)
  27055. return -12110;
  27056. XMEMCPY(rsaClientCertBuf, client_cert_der_1024,
  27057. sizeof_client_cert_der_1024);
  27058. *rsaClientCertBufSz = sizeof_client_cert_der_1024;
  27059. if (rsaServerCertBuf != NULL) {
  27060. if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024)
  27061. return -12111;
  27062. XMEMCPY(rsaServerCertBuf, server_cert_der_1024,
  27063. sizeof_server_cert_der_1024);
  27064. *rsaServerCertBufSz = sizeof_server_cert_der_1024;
  27065. }
  27066. if (rsaCaCertBuf != NULL) {
  27067. if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024)
  27068. return -12112;
  27069. XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024);
  27070. *rsaCaCertBufSz = sizeof_ca_cert_der_1024;
  27071. }
  27072. #elif defined(USE_CERT_BUFFERS_2048)
  27073. if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048)
  27074. return -12113;
  27075. XMEMCPY(rsaClientCertBuf, client_cert_der_2048,
  27076. sizeof_client_cert_der_2048);
  27077. *rsaClientCertBufSz = sizeof_client_cert_der_2048;
  27078. if (rsaServerCertBuf != NULL) {
  27079. if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048)
  27080. return -12114;
  27081. XMEMCPY(rsaServerCertBuf, server_cert_der_2048,
  27082. sizeof_server_cert_der_2048);
  27083. *rsaServerCertBufSz = sizeof_server_cert_der_2048;
  27084. }
  27085. if (rsaCaCertBuf != NULL) {
  27086. if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048)
  27087. return -12115;
  27088. XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048);
  27089. *rsaCaCertBufSz = sizeof_ca_cert_der_2048;
  27090. }
  27091. #else
  27092. certFile = XFOPEN(clientCert, "rb");
  27093. if (!certFile)
  27094. return -12116;
  27095. *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1,
  27096. *rsaClientCertBufSz, certFile);
  27097. XFCLOSE(certFile);
  27098. if (rsaServerCertBuf != NULL) {
  27099. certFile = XFOPEN(rsaServerCertDerFile, "rb");
  27100. if (!certFile)
  27101. return -12117;
  27102. *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1,
  27103. *rsaServerCertBufSz, certFile);
  27104. XFCLOSE(certFile);
  27105. }
  27106. if (rsaCaCertBuf != NULL) {
  27107. certFile = XFOPEN(rsaCaCertDerFile, "rb");
  27108. if (!certFile)
  27109. return -12118;
  27110. *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz,
  27111. certFile);
  27112. XFCLOSE(certFile);
  27113. }
  27114. #endif
  27115. #ifdef USE_CERT_BUFFERS_1024
  27116. if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024)
  27117. return -12119;
  27118. XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024,
  27119. sizeof_client_key_der_1024);
  27120. *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024;
  27121. if (rsaServerPrivKeyBuf != NULL) {
  27122. if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024)
  27123. return -12120;
  27124. XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024,
  27125. sizeof_server_key_der_1024);
  27126. *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024;
  27127. }
  27128. if (rsaCaPrivKeyBuf != NULL) {
  27129. if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024)
  27130. return -12121;
  27131. XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024);
  27132. *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024;
  27133. }
  27134. #elif defined(USE_CERT_BUFFERS_2048)
  27135. if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048)
  27136. return -12122;
  27137. XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048,
  27138. sizeof_client_key_der_2048);
  27139. *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048;
  27140. if (rsaServerPrivKeyBuf != NULL) {
  27141. if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048)
  27142. return -12123;
  27143. XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048,
  27144. sizeof_server_key_der_2048);
  27145. *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048;
  27146. }
  27147. if (rsaCaPrivKeyBuf != NULL) {
  27148. if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048)
  27149. return -12124;
  27150. XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048);
  27151. *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048;
  27152. }
  27153. #else
  27154. keyFile = XFOPEN(clientKey, "rb");
  27155. if (!keyFile)
  27156. return -12125;
  27157. *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1,
  27158. *rsaClientPrivKeyBufSz, keyFile);
  27159. XFCLOSE(keyFile);
  27160. if (rsaServerPrivKeyBuf != NULL) {
  27161. keyFile = XFOPEN(rsaServerKeyDerFile, "rb");
  27162. if (!keyFile)
  27163. return -12126;
  27164. *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1,
  27165. *rsaServerPrivKeyBufSz, keyFile);
  27166. XFCLOSE(keyFile);
  27167. }
  27168. if (rsaCaPrivKeyBuf != NULL) {
  27169. keyFile = XFOPEN(rsaCaKeyFile, "rb");
  27170. if (!keyFile)
  27171. return -12127;
  27172. *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1,
  27173. *rsaCaPrivKeyBufSz, keyFile);
  27174. XFCLOSE(keyFile);
  27175. }
  27176. #endif /* USE_CERT_BUFFERS */
  27177. #endif /* NO_RSA */
  27178. /* ECC */
  27179. #ifdef HAVE_ECC
  27180. #ifdef USE_CERT_BUFFERS_256
  27181. if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256)
  27182. return -12128;
  27183. XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  27184. *eccClientCertBufSz = sizeof_cliecc_cert_der_256;
  27185. #else
  27186. certFile = XFOPEN(eccClientCert, "rb");
  27187. if (!certFile)
  27188. return -12129;
  27189. *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1,
  27190. *eccClientCertBufSz, certFile);
  27191. XFCLOSE(certFile);
  27192. #endif /* USE_CERT_BUFFERS_256 */
  27193. #ifdef USE_CERT_BUFFERS_256
  27194. if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256)
  27195. return -12130;
  27196. XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  27197. *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256;
  27198. #else
  27199. keyFile = XFOPEN(eccClientKey, "rb");
  27200. if (!keyFile)
  27201. return -12131;
  27202. *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1,
  27203. *eccClientPrivKeyBufSz, keyFile);
  27204. XFCLOSE(keyFile);
  27205. #endif /* USE_CERT_BUFFERS_256 */
  27206. #endif /* HAVE_ECC */
  27207. #ifdef NO_RSA
  27208. (void)rsaClientCertBuf;
  27209. (void)rsaClientCertBufSz;
  27210. (void)rsaClientPrivKeyBuf;
  27211. (void)rsaClientPrivKeyBufSz;
  27212. (void)rsaServerCertBuf;
  27213. (void)rsaServerCertBufSz;
  27214. (void)rsaServerPrivKeyBuf;
  27215. (void)rsaServerPrivKeyBufSz;
  27216. (void)rsaCaCertBuf;
  27217. (void)rsaCaCertBufSz;
  27218. (void)rsaCaPrivKeyBuf;
  27219. (void)rsaCaPrivKeyBufSz;
  27220. #endif
  27221. #ifndef HAVE_ECC
  27222. (void)eccClientCertBuf;
  27223. (void)eccClientCertBufSz;
  27224. (void)eccClientPrivKeyBuf;
  27225. (void)eccClientPrivKeyBufSz;
  27226. #endif
  27227. #ifndef NO_FILESYSTEM
  27228. (void)certFile;
  27229. (void)keyFile;
  27230. #endif
  27231. return 0;
  27232. }
  27233. typedef struct {
  27234. const byte* content;
  27235. word32 contentSz;
  27236. int contentOID;
  27237. int encryptOID;
  27238. int keyWrapOID;
  27239. int keyAgreeOID;
  27240. byte* cert;
  27241. size_t certSz;
  27242. byte* privateKey;
  27243. word32 privateKeySz;
  27244. byte* optionalUkm;
  27245. word32 optionalUkmSz;
  27246. int ktriOptions; /* KTRI options flags */
  27247. int kariOptions; /* KARI options flags */
  27248. /* KEKRI specific */
  27249. const byte* secretKey; /* key, only for kekri RecipientInfo types */
  27250. word32 secretKeySz; /* size of secretKey, bytes */
  27251. const byte* secretKeyId; /* key identifier */
  27252. word32 secretKeyIdSz; /* size of key identifier, bytes */
  27253. void* timePtr; /* time_t pointer */
  27254. byte* otherAttrOID; /* OPTIONAL, other attribute OID */
  27255. word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
  27256. byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
  27257. word32 otherAttrSz; /* size of otherAttr, bytes */
  27258. int kekriOptions; /* KEKRI options flags */
  27259. /* PWRI specific */
  27260. const char* password;
  27261. word32 passwordSz;
  27262. const byte* salt;
  27263. word32 saltSz;
  27264. int kdfOID;
  27265. int hashOID;
  27266. int kdfIterations;
  27267. int pwriOptions; /* PWRI options flags */
  27268. /* ORI specific */
  27269. int isOri;
  27270. int oriOptions; /* ORI options flags */
  27271. const char* outFileName;
  27272. } pkcs7EnvelopedVector;
  27273. static const byte asnDataOid[] = {
  27274. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
  27275. };
  27276. /* ORI encrypt callback, responsible for encrypting content-encryption key (CEK)
  27277. * and giving wolfCrypt the value for oriOID and oriValue to place in
  27278. * OtherRecipientInfo.
  27279. *
  27280. * Returns 0 on success, negative upon error. */
  27281. static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
  27282. word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
  27283. void* ctx)
  27284. {
  27285. int i;
  27286. /* make sure buffers are large enough */
  27287. if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType)))
  27288. return -12140;
  27289. /* our simple encryption algorithm will be take the bitwise complement */
  27290. oriValue[0] = 0x04; /*ASN OCTET STRING */
  27291. oriValue[1] = (byte)cekSz; /* length */
  27292. for (i = 0; i < (int)cekSz; i++) {
  27293. oriValue[2 + i] = ~cek[i];
  27294. }
  27295. *oriValueSz = 2 + cekSz;
  27296. /* set oriType to ASN.1 encoded data OID */
  27297. XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid));
  27298. *oriTypeSz = sizeof(asnDataOid);
  27299. (void)pkcs7;
  27300. (void)ctx;
  27301. return 0;
  27302. }
  27303. /* ORI decrypt callback, responsible for providing a decrypted content
  27304. * encryption key (CEK) placed into decryptedKey and size placed into
  27305. * decryptedKeySz. oriOID and oriValue are given to the callback to help
  27306. * in decrypting the encrypted CEK.
  27307. *
  27308. * Returns 0 on success, negative upon error. */
  27309. static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
  27310. byte* oriValue, word32 oriValueSz, byte* decryptedKey,
  27311. word32* decryptedKeySz, void* ctx)
  27312. {
  27313. int i;
  27314. /* make sure oriType matches what we expect */
  27315. if (oriTypeSz != sizeof(asnDataOid))
  27316. return -12150;
  27317. if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0)
  27318. return -12151;
  27319. /* make sure decrypted buffer is large enough */
  27320. if (*decryptedKeySz < oriValueSz)
  27321. return -12152;
  27322. /* decrypt encrypted CEK using simple bitwise complement,
  27323. only for example */
  27324. for (i = 0; i < (int)oriValueSz - 2; i++) {
  27325. decryptedKey[i] = ~oriValue[2 + i];
  27326. }
  27327. *decryptedKeySz = oriValueSz - 2;
  27328. (void)pkcs7;
  27329. (void)ctx;
  27330. return 0;
  27331. }
  27332. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  27333. /* returns 0 on success */
  27334. static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
  27335. byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
  27336. byte* in, int inSz, byte* out, void* usrCtx)
  27337. {
  27338. int keyId = -1, ret, keySz;
  27339. word32 keyIdSz = 8;
  27340. const byte* key;
  27341. byte keyIdRaw[8];
  27342. #ifdef WOLFSSL_SMALL_STACK
  27343. Aes *aes;
  27344. #else
  27345. Aes aes[1];
  27346. #endif
  27347. /* looking for KEY ID
  27348. * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37
  27349. */
  27350. WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = {
  27351. /* 0x06, 0x0B do not pass in tag and length */
  27352. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  27353. 0x01, 0x09, 0x10, 0x02, 0x25
  27354. };
  27355. WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = {
  27356. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27357. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27358. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27359. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  27360. };
  27361. WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = {
  27362. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27363. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  27364. };
  27365. /* test user context passed in */
  27366. if (usrCtx == NULL || *(int*)usrCtx != 1) {
  27367. return -12160;
  27368. }
  27369. #ifdef WOLFSSL_SMALL_STACK
  27370. if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
  27371. return -12164;
  27372. #endif
  27373. /* if needing to find keyIdSz can call with NULL */
  27374. ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
  27375. &keyIdSz);
  27376. if (ret != LENGTH_ONLY_E) {
  27377. printf("Unexpected error %d when getting keyIdSz\n", ret);
  27378. printf("Possibly no KEY ID attribute set\n");
  27379. ERROR_OUT(-12161, out);
  27380. }
  27381. else {
  27382. XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw));
  27383. ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw,
  27384. &keyIdSz);
  27385. if (ret < 0) {
  27386. goto out;
  27387. }
  27388. if (keyIdSz < 3) {
  27389. printf("keyIdSz is smaller than expected\n");
  27390. ERROR_OUT(-12162, out);
  27391. }
  27392. if (keyIdSz > 2 + sizeof(int)) {
  27393. printf("example case was only expecting a keyId of int size\n");
  27394. ERROR_OUT(-12163, out);
  27395. }
  27396. /* keyIdRaw[0] OCTET TAG */
  27397. /* keyIdRaw[1] Length */
  27398. #ifdef BIG_ENDIAN_ORDER
  27399. if (keyIdRaw[1] == 0x01) {
  27400. keyId = 1;
  27401. }
  27402. #else
  27403. XMEMCPY(&keyId, keyIdRaw + 2, sizeof(keyId));
  27404. #endif
  27405. }
  27406. /* Use keyID here if found to select key and decrypt in HSM or in this
  27407. * example just select key and do software decryption */
  27408. if (keyId == 1) {
  27409. key = altKey;
  27410. keySz = sizeof(altKey);
  27411. }
  27412. else {
  27413. key = defKey;
  27414. keySz = sizeof(defKey);
  27415. }
  27416. switch (encryptOID) {
  27417. #ifdef WOLFSSL_AES_256
  27418. case AES256CBCb:
  27419. if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
  27420. ERROR_OUT(BAD_FUNC_ARG, out);
  27421. break;
  27422. #endif
  27423. #ifdef WOLFSSL_AES_128
  27424. case AES128CBCb:
  27425. if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
  27426. ERROR_OUT(BAD_FUNC_ARG, out);
  27427. break;
  27428. #endif
  27429. default:
  27430. printf("Unsupported content cipher type for example");
  27431. ERROR_OUT(ALGO_ID_E, out);
  27432. };
  27433. ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID);
  27434. if (ret == 0) {
  27435. ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
  27436. if (ret == 0)
  27437. ret = wc_AesCbcDecrypt(aes, out, in, inSz);
  27438. wc_AesFree(aes);
  27439. }
  27440. out:
  27441. #ifdef WOLFSSL_SMALL_STACK
  27442. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27443. #endif
  27444. (void)aad;
  27445. (void)aadSz;
  27446. (void)authTag;
  27447. (void)authTagSz;
  27448. return ret;
  27449. }
  27450. #endif /* !NO_AES && HAVE_AES_CBC */
  27451. #define PKCS7_BUF_SIZE 2048
  27452. static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
  27453. byte* rsaPrivKey, word32 rsaPrivKeySz,
  27454. byte* eccCert, word32 eccCertSz,
  27455. byte* eccPrivKey, word32 eccPrivKeySz)
  27456. {
  27457. int ret = 0, testSz = 0, i;
  27458. int envelopedSz, decodedSz;
  27459. byte *enveloped = NULL;
  27460. byte *decoded = NULL;
  27461. PKCS7* pkcs7 = NULL;
  27462. #ifdef ECC_TIMING_RESISTANT
  27463. WC_RNG rng;
  27464. #endif
  27465. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  27466. XFILE pkcs7File;
  27467. #endif
  27468. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  27469. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  27470. 0x72,0x6c,0x64
  27471. };
  27472. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
  27473. defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
  27474. byte optionalUkm[] = {
  27475. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  27476. };
  27477. #endif /* NO_AES */
  27478. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
  27479. !defined(NO_SHA)
  27480. /* encryption key for kekri recipient types */
  27481. WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
  27482. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  27483. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  27484. };
  27485. /* encryption key identifier */
  27486. WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
  27487. 0x02,0x02,0x03,0x04
  27488. };
  27489. #endif
  27490. #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
  27491. !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  27492. #ifndef HAVE_FIPS
  27493. WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */
  27494. #else
  27495. WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
  27496. #endif
  27497. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
  27498. 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
  27499. };
  27500. #endif
  27501. #define MAX_TESTVECTORS_LEN 13
  27502. #define ADD_PKCS7ENVELOPEDVECTOR(...) { \
  27503. pkcs7EnvelopedVector _this_vector = { __VA_ARGS__ }; \
  27504. if (testSz == MAX_TESTVECTORS_LEN) { \
  27505. ret = -12534; \
  27506. goto out; \
  27507. } \
  27508. XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
  27509. }
  27510. pkcs7EnvelopedVector *testVectors = NULL;
  27511. #ifdef ECC_TIMING_RESISTANT
  27512. XMEMSET(&rng, 0, sizeof(rng));
  27513. #endif
  27514. testVectors = (pkcs7EnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
  27515. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27516. if (testVectors == NULL) {
  27517. ret = -12534;
  27518. goto out;
  27519. }
  27520. {
  27521. /* key transport key encryption technique */
  27522. #ifndef NO_RSA
  27523. #ifndef NO_DES3
  27524. ADD_PKCS7ENVELOPEDVECTOR(
  27525. data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
  27526. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  27527. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27528. "pkcs7envelopedDataDES3.der");
  27529. #endif
  27530. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  27531. #ifdef WOLFSSL_AES_128
  27532. ADD_PKCS7ENVELOPEDVECTOR(
  27533. data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
  27534. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  27535. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27536. "pkcs7envelopedDataAES128CBC.der");
  27537. #endif
  27538. #ifdef WOLFSSL_AES_192
  27539. ADD_PKCS7ENVELOPEDVECTOR(
  27540. data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
  27541. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  27542. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27543. "pkcs7envelopedDataAES192CBC.der");
  27544. #endif
  27545. #ifdef WOLFSSL_AES_256
  27546. ADD_PKCS7ENVELOPEDVECTOR(
  27547. data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  27548. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  27549. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27550. "pkcs7envelopedDataAES256CBC.der");
  27551. /* explicitly using SKID for SubjectKeyIdentifier */
  27552. ADD_PKCS7ENVELOPEDVECTOR(
  27553. data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  27554. rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL,
  27555. NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27556. "pkcs7envelopedDataAES256CBC_SKID.der");
  27557. /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
  27558. ADD_PKCS7ENVELOPEDVECTOR(
  27559. data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  27560. rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0,
  27561. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
  27562. 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der");
  27563. #endif
  27564. #endif /* !NO_AES && HAVE_AES_CBC */
  27565. #endif
  27566. /* key agreement key encryption technique*/
  27567. #ifdef HAVE_ECC
  27568. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  27569. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  27570. ADD_PKCS7ENVELOPEDVECTOR(
  27571. data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
  27572. dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27573. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  27574. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27575. "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der");
  27576. #endif
  27577. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
  27578. ADD_PKCS7ENVELOPEDVECTOR(
  27579. data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  27580. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27581. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  27582. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27583. "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der");
  27584. #endif /* NO_SHA256 && WOLFSSL_AES_256 */
  27585. #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
  27586. ADD_PKCS7ENVELOPEDVECTOR(
  27587. data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  27588. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27589. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  27590. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27591. "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der");
  27592. /* with optional user keying material (ukm) */
  27593. ADD_PKCS7ENVELOPEDVECTOR(
  27594. data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  27595. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27596. eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
  27597. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27598. "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der");
  27599. #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
  27600. #endif /* !NO_AES && HAVE_AES_CBC */
  27601. #endif
  27602. /* kekri (KEKRecipientInfo) recipient types */
  27603. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  27604. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  27605. ADD_PKCS7ENVELOPEDVECTOR(
  27606. data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
  27607. NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
  27608. secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
  27609. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  27610. "pkcs7envelopedDataAES128CBC_KEKRI.der");
  27611. #endif
  27612. #endif /* !NO_AES && HAVE_AES_CBC */
  27613. /* pwri (PasswordRecipientInfo) recipient types */
  27614. #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
  27615. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  27616. ADD_PKCS7ENVELOPEDVECTOR(
  27617. data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
  27618. NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  27619. NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
  27620. (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
  27621. 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der");
  27622. #endif
  27623. #endif
  27624. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
  27625. /* ori (OtherRecipientInfo) recipient types */
  27626. ADD_PKCS7ENVELOPEDVECTOR(
  27627. data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
  27628. NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
  27629. NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der");
  27630. #endif
  27631. };
  27632. #undef MAX_TESTVECTORS_LEN
  27633. #undef ADD_PKCS7ENVELOPEDVECTOR
  27634. enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27635. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27636. if ((! enveloped) || (! decoded)) {
  27637. ERROR_OUT(-12170, out);
  27638. }
  27639. #ifdef ECC_TIMING_RESISTANT
  27640. #ifndef HAVE_FIPS
  27641. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  27642. #else
  27643. ret = wc_InitRng(&rng);
  27644. #endif
  27645. if (ret != 0) {
  27646. ERROR_OUT(-12171, out);
  27647. }
  27648. #endif
  27649. for (i = 0; i < testSz; i++) {
  27650. pkcs7 = wc_PKCS7_New(HEAP_HINT,
  27651. #ifdef WOLFSSL_ASYNC_CRYPT
  27652. INVALID_DEVID /* async PKCS7 is not supported */
  27653. #else
  27654. devId
  27655. #endif
  27656. );
  27657. if (pkcs7 == NULL) {
  27658. ERROR_OUT(-12172, out);
  27659. }
  27660. if (testVectors[i].secretKey != NULL) {
  27661. /* KEKRI recipient type */
  27662. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  27663. if (ret != 0) {
  27664. ERROR_OUT(-12173, out);
  27665. }
  27666. pkcs7->content = (byte*)testVectors[i].content;
  27667. pkcs7->contentSz = testVectors[i].contentSz;
  27668. pkcs7->contentOID = testVectors[i].contentOID;
  27669. pkcs7->encryptOID = testVectors[i].encryptOID;
  27670. pkcs7->ukm = testVectors[i].optionalUkm;
  27671. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  27672. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
  27673. (byte *)testVectors[i].secretKey, testVectors[i].secretKeySz,
  27674. (byte *)testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
  27675. testVectors[i].timePtr, testVectors[i].otherAttrOID,
  27676. testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
  27677. testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
  27678. if (ret < 0) {
  27679. wc_PKCS7_Free(pkcs7);
  27680. ERROR_OUT(-12174, out);
  27681. }
  27682. /* set key, for decryption */
  27683. ret = wc_PKCS7_SetKey(pkcs7, (byte *)testVectors[i].secretKey,
  27684. testVectors[i].secretKeySz);
  27685. if (ret != 0) {
  27686. wc_PKCS7_Free(pkcs7);
  27687. ERROR_OUT(-12175, out);
  27688. }
  27689. } else if (testVectors[i].password != NULL) {
  27690. #ifndef NO_PWDBASED
  27691. /* PWRI recipient type */
  27692. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  27693. if (ret != 0) {
  27694. ERROR_OUT(-12176, out);
  27695. }
  27696. pkcs7->content = (byte*)testVectors[i].content;
  27697. pkcs7->contentSz = testVectors[i].contentSz;
  27698. pkcs7->contentOID = testVectors[i].contentOID;
  27699. pkcs7->encryptOID = testVectors[i].encryptOID;
  27700. pkcs7->ukm = testVectors[i].optionalUkm;
  27701. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  27702. ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
  27703. (byte *)testVectors[i].password, testVectors[i].passwordSz,
  27704. (byte *)testVectors[i].salt, testVectors[i].saltSz,
  27705. testVectors[i].kdfOID,
  27706. testVectors[i].hashOID, testVectors[i].kdfIterations,
  27707. testVectors[i].encryptOID, testVectors[i].pwriOptions);
  27708. if (ret < 0) {
  27709. wc_PKCS7_Free(pkcs7);
  27710. ERROR_OUT(-12177, out);
  27711. }
  27712. /* set password, for decryption */
  27713. ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
  27714. testVectors[i].passwordSz);
  27715. if (ret < 0) {
  27716. wc_PKCS7_Free(pkcs7);
  27717. ERROR_OUT(-12178, out);
  27718. }
  27719. #endif /* NO_PWDBASED */
  27720. } else if (testVectors[i].isOri == 1) {
  27721. /* ORI recipient type */
  27722. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  27723. if (ret != 0) {
  27724. ERROR_OUT(-12179, out);
  27725. }
  27726. pkcs7->content = (byte*)testVectors[i].content;
  27727. pkcs7->contentSz = testVectors[i].contentSz;
  27728. pkcs7->contentOID = testVectors[i].contentOID;
  27729. pkcs7->encryptOID = testVectors[i].encryptOID;
  27730. ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
  27731. testVectors[i].oriOptions);
  27732. if (ret < 0) {
  27733. wc_PKCS7_Free(pkcs7);
  27734. ERROR_OUT(-12180, out);
  27735. }
  27736. /* set decrypt callback for decryption */
  27737. ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
  27738. if (ret < 0) {
  27739. wc_PKCS7_Free(pkcs7);
  27740. ERROR_OUT(-12181, out);
  27741. }
  27742. } else {
  27743. /* KTRI or KARI recipient types */
  27744. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  27745. if (ret != 0) {
  27746. ERROR_OUT(-12182, out);
  27747. }
  27748. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  27749. (word32)testVectors[i].certSz);
  27750. if (ret != 0) {
  27751. wc_PKCS7_Free(pkcs7);
  27752. ERROR_OUT(-12183, out);
  27753. }
  27754. pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
  27755. pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
  27756. pkcs7->privateKey = testVectors[i].privateKey;
  27757. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  27758. pkcs7->content = (byte*)testVectors[i].content;
  27759. pkcs7->contentSz = testVectors[i].contentSz;
  27760. pkcs7->contentOID = testVectors[i].contentOID;
  27761. pkcs7->encryptOID = testVectors[i].encryptOID;
  27762. pkcs7->ukm = testVectors[i].optionalUkm;
  27763. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  27764. /* set SubjectIdentifier type for KTRI types */
  27765. if (testVectors[i].ktriOptions & CMS_SKID) {
  27766. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  27767. if (ret != 0) {
  27768. wc_PKCS7_Free(pkcs7);
  27769. ERROR_OUT(-12184, out);
  27770. }
  27771. } else if (testVectors[i].ktriOptions &
  27772. CMS_ISSUER_AND_SERIAL_NUMBER) {
  27773. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
  27774. CMS_ISSUER_AND_SERIAL_NUMBER);
  27775. if (ret != 0) {
  27776. wc_PKCS7_Free(pkcs7);
  27777. ERROR_OUT(-12185, out);
  27778. }
  27779. }
  27780. }
  27781. #ifdef ECC_TIMING_RESISTANT
  27782. pkcs7->rng = &rng;
  27783. #endif
  27784. /* encode envelopedData */
  27785. envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
  27786. PKCS7_BUF_SIZE);
  27787. if (envelopedSz <= 0) {
  27788. wc_PKCS7_Free(pkcs7);
  27789. ERROR_OUT(-12186, out);
  27790. }
  27791. /* decode envelopedData */
  27792. pkcs7->contentOID = 0;
  27793. decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
  27794. decoded, PKCS7_BUF_SIZE);
  27795. if (pkcs7->contentOID != testVectors[i].contentOID ||
  27796. decodedSz <= 0) {
  27797. wc_PKCS7_Free(pkcs7);
  27798. ERROR_OUT(-12187, out);
  27799. }
  27800. /* test decode result */
  27801. if (XMEMCMP(decoded, data, sizeof(data)) != 0){
  27802. wc_PKCS7_Free(pkcs7);
  27803. ERROR_OUT(-12188, out);
  27804. }
  27805. #ifndef NO_PKCS7_STREAM
  27806. { /* test reading byte by byte */
  27807. int z;
  27808. for (z = 0; z < envelopedSz; z++) {
  27809. decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
  27810. decoded, PKCS7_BUF_SIZE);
  27811. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  27812. printf("unexpected error %d\n", decodedSz);
  27813. ERROR_OUT(-12189, out);
  27814. }
  27815. }
  27816. /* test decode result */
  27817. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  27818. printf("stream read compare failed\n");
  27819. wc_PKCS7_Free(pkcs7);
  27820. ERROR_OUT(-12190, out);
  27821. }
  27822. }
  27823. #endif
  27824. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  27825. /* output pkcs7 envelopedData for external testing */
  27826. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  27827. if (!pkcs7File) {
  27828. wc_PKCS7_Free(pkcs7);
  27829. ERROR_OUT(-12191, out);
  27830. }
  27831. ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
  27832. XFCLOSE(pkcs7File);
  27833. if (ret != envelopedSz) {
  27834. wc_PKCS7_Free(pkcs7);
  27835. ERROR_OUT(-12192, out);
  27836. } else {
  27837. /* reset ret to 0 for success */
  27838. ret = 0;
  27839. }
  27840. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  27841. wc_PKCS7_Free(pkcs7);
  27842. pkcs7 = NULL;
  27843. }
  27844. #ifdef ECC_TIMING_RESISTANT
  27845. wc_FreeRng(&rng);
  27846. #endif
  27847. (void)eccCert;
  27848. (void)eccCertSz;
  27849. (void)eccPrivKey;
  27850. (void)eccPrivKeySz;
  27851. (void)rsaCert;
  27852. (void)rsaCertSz;
  27853. (void)rsaPrivKey;
  27854. (void)rsaPrivKeySz;
  27855. out:
  27856. if (testVectors)
  27857. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27858. if (enveloped)
  27859. XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27860. if (decoded)
  27861. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27862. return ret;
  27863. }
  27864. WOLFSSL_TEST_SUBROUTINE int pkcs7enveloped_test(void)
  27865. {
  27866. int ret = 0;
  27867. byte* rsaCert = NULL;
  27868. byte* rsaPrivKey = NULL;
  27869. word32 rsaCertSz = 0;
  27870. word32 rsaPrivKeySz = 0;
  27871. byte* eccCert = NULL;
  27872. byte* eccPrivKey = NULL;
  27873. word32 eccCertSz = 0;
  27874. word32 eccPrivKeySz = 0;
  27875. #ifndef NO_RSA
  27876. /* read client RSA cert and key in DER format */
  27877. rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27878. if (rsaCert == NULL)
  27879. return -12200;
  27880. rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27881. if (rsaPrivKey == NULL) {
  27882. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27883. return -12201;
  27884. }
  27885. rsaCertSz = FOURK_BUF;
  27886. rsaPrivKeySz = FOURK_BUF;
  27887. #endif /* NO_RSA */
  27888. #ifdef HAVE_ECC
  27889. /* read client ECC cert and key in DER format */
  27890. eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27891. if (eccCert == NULL) {
  27892. #ifndef NO_RSA
  27893. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27894. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27895. #endif
  27896. return -12202;
  27897. }
  27898. eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27899. if (eccPrivKey == NULL) {
  27900. #ifndef NO_RSA
  27901. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27902. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27903. #endif
  27904. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27905. return -12203;
  27906. }
  27907. eccCertSz = FOURK_BUF;
  27908. eccPrivKeySz = FOURK_BUF;
  27909. #endif /* HAVE_ECC */
  27910. ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
  27911. &rsaPrivKeySz, NULL, NULL, NULL, NULL,
  27912. NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
  27913. eccPrivKey, &eccPrivKeySz);
  27914. if (ret < 0) {
  27915. #ifndef NO_RSA
  27916. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27917. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27918. #endif
  27919. #ifdef HAVE_ECC
  27920. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27921. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27922. #endif
  27923. return -12204;
  27924. }
  27925. ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
  27926. rsaPrivKey, (word32)rsaPrivKeySz,
  27927. eccCert, (word32)eccCertSz,
  27928. eccPrivKey, (word32)eccPrivKeySz);
  27929. #ifndef NO_RSA
  27930. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27931. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27932. #endif
  27933. #ifdef HAVE_ECC
  27934. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27935. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27936. #endif
  27937. return ret;
  27938. }
  27939. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  27940. typedef struct {
  27941. const byte* content;
  27942. word32 contentSz;
  27943. int contentOID;
  27944. int encryptOID;
  27945. int keyWrapOID;
  27946. int keyAgreeOID;
  27947. byte* cert;
  27948. size_t certSz;
  27949. byte* privateKey;
  27950. word32 privateKeySz;
  27951. PKCS7Attrib* authAttribs;
  27952. word32 authAttribsSz;
  27953. PKCS7Attrib* unauthAttribs;
  27954. word32 unauthAttribsSz;
  27955. /* KARI / KTRI specific */
  27956. byte* optionalUkm;
  27957. word32 optionalUkmSz;
  27958. int ktriOptions; /* KTRI options flags */
  27959. int kariOptions; /* KARI options flags */
  27960. /* KEKRI specific */
  27961. byte* secretKey; /* key, only for kekri RecipientInfo types */
  27962. word32 secretKeySz; /* size of secretKey, bytes */
  27963. byte* secretKeyId; /* key identifier */
  27964. word32 secretKeyIdSz; /* size of key identifier, bytes */
  27965. void* timePtr; /* time_t pointer */
  27966. byte* otherAttrOID; /* OPTIONAL, other attribute OID */
  27967. word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
  27968. byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
  27969. word32 otherAttrSz; /* size of otherAttr, bytes */
  27970. int kekriOptions; /* KEKRI options flags */
  27971. /* PWRI specific */
  27972. char* password; /* password */
  27973. word32 passwordSz; /* password size, bytes */
  27974. byte* salt; /* KDF salt */
  27975. word32 saltSz; /* KDF salt size, bytes */
  27976. int kdfOID; /* KDF OID */
  27977. int hashOID; /* KDF hash algorithm OID */
  27978. int kdfIterations; /* KDF iterations */
  27979. int kekEncryptOID; /* KEK encryption algorithm OID */
  27980. int pwriOptions; /* PWRI options flags */
  27981. /* ORI specific */
  27982. int isOri;
  27983. int oriOptions; /* ORI options flags */
  27984. const char* outFileName;
  27985. } pkcs7AuthEnvelopedVector;
  27986. static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
  27987. byte* rsaPrivKey, word32 rsaPrivKeySz,
  27988. byte* eccCert, word32 eccCertSz,
  27989. byte* eccPrivKey, word32 eccPrivKeySz)
  27990. {
  27991. int ret = 0, testSz = 0, i;
  27992. int envelopedSz, decodedSz;
  27993. byte *enveloped = NULL;
  27994. byte *decoded = NULL;
  27995. WC_RNG rng;
  27996. PKCS7* pkcs7;
  27997. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  27998. XFILE pkcs7File;
  27999. #endif
  28000. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  28001. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  28002. 0x72,0x6c,0x64
  28003. };
  28004. byte senderNonce[PKCS7_NONCE_SZ + 2];
  28005. #ifdef HAVE_ECC
  28006. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  28007. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
  28008. WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
  28009. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  28010. 0x09, 0x05 };
  28011. PKCS7Attrib attribs[] =
  28012. {
  28013. { senderNonceOid, sizeof(senderNonceOid), senderNonce,
  28014. sizeof(senderNonce) }
  28015. };
  28016. #endif
  28017. #endif
  28018. #endif
  28019. #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
  28020. defined(WOLFSSL_SHA512)
  28021. WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
  28022. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  28023. };
  28024. #endif /* NO_AES */
  28025. #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  28026. /* encryption key for kekri recipient types */
  28027. WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
  28028. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  28029. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  28030. };
  28031. /* encryption key identifier */
  28032. WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
  28033. 0x02,0x02,0x03,0x04
  28034. };
  28035. #endif
  28036. #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  28037. !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  28038. #ifndef HAVE_FIPS
  28039. WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
  28040. #else
  28041. WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
  28042. #endif
  28043. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
  28044. 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
  28045. };
  28046. #endif
  28047. #define MAX_TESTVECTORS_LEN 20
  28048. #define ADD_PKCS7AUTHENVELOPEDVECTOR(...) { \
  28049. pkcs7AuthEnvelopedVector _this_vector = { __VA_ARGS__ }; \
  28050. if (testSz == MAX_TESTVECTORS_LEN) { \
  28051. ret = -12534; \
  28052. goto out; \
  28053. } \
  28054. XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
  28055. }
  28056. pkcs7AuthEnvelopedVector *testVectors = NULL;
  28057. XMEMSET(&rng, 0, sizeof(rng));
  28058. testVectors = (pkcs7AuthEnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
  28059. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28060. if (testVectors == NULL) {
  28061. ret = -12534;
  28062. goto out;
  28063. }
  28064. {
  28065. /* key transport key encryption technique */
  28066. #ifndef NO_RSA
  28067. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  28068. #ifdef WOLFSSL_AES_128
  28069. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28070. data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
  28071. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  28072. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  28073. 0, 0, "pkcs7authEnvelopedDataAES128GCM.der");
  28074. #endif
  28075. #ifdef WOLFSSL_AES_192
  28076. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28077. data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
  28078. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  28079. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  28080. 0, 0, "pkcs7authEnvelopedDataAES192GCM.der");
  28081. #endif
  28082. #ifdef WOLFSSL_AES_256
  28083. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28084. data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  28085. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  28086. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  28087. 0, 0, "pkcs7authEnvelopedDataAES256GCM.der");
  28088. /* test with contentType set to FirmwarePkgData */
  28089. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28090. data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0,
  28091. rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL,
  28092. 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL,
  28093. 0, 0, 0, 0, 0, 0, 0, 0,
  28094. "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der");
  28095. /* explicitly using SKID for SubjectKeyIdentifier */
  28096. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28097. data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  28098. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0,
  28099. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
  28100. 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der");
  28101. /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
  28102. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28103. data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  28104. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0,
  28105. CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
  28106. NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  28107. "pkcs7authEnvelopedDataAES256GCM_IANDS.der");
  28108. #endif
  28109. #endif /* NO_AES */
  28110. #endif
  28111. /* key agreement key encryption technique*/
  28112. #ifdef HAVE_ECC
  28113. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  28114. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  28115. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28116. data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
  28117. dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  28118. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
  28119. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  28120. "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der");
  28121. #endif
  28122. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
  28123. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28124. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  28125. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  28126. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
  28127. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  28128. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der");
  28129. /* with authenticated attributes */
  28130. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28131. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  28132. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  28133. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  28134. NULL, 0, NULL, 0, 0, 0, NULL, 0,
  28135. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
  28136. 0, 0, 0,
  28137. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der");
  28138. /* with unauthenticated attributes */
  28139. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28140. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  28141. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  28142. eccPrivKeySz, NULL, 0, attribs,
  28143. (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0,
  28144. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
  28145. 0, 0, 0,
  28146. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der");
  28147. /* with authenticated AND unauthenticated attributes */
  28148. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28149. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  28150. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  28151. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  28152. attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
  28153. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  28154. 0, 0, 0, 0, 0, 0,
  28155. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der");
  28156. /* with authenticated AND unauthenticated attributes AND
  28157. * contentType of FirmwarePkgData */
  28158. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28159. data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP,
  28160. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  28161. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  28162. attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
  28163. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  28164. 0, 0, 0, 0, 0, 0,
  28165. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der");
  28166. #endif /* NO_SHA256 && WOLFSSL_AES_256 */
  28167. #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
  28168. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28169. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  28170. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  28171. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL,
  28172. NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  28173. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der");
  28174. /* with optional user keying material (ukm) */
  28175. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28176. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  28177. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  28178. eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0,
  28179. 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  28180. 0, 0, 0, 0, 0, 0,
  28181. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
  28182. #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
  28183. #endif /* NO_AES */
  28184. #endif
  28185. /* kekri (KEKRecipientInfo) recipient types */
  28186. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  28187. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  28188. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28189. data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
  28190. NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0,
  28191. (byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId),
  28192. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  28193. "pkcs7authEnvelopedDataAES128GCM_KEKRI.der");
  28194. #endif
  28195. #endif
  28196. /* pwri (PasswordRecipientInfo) recipient types */
  28197. #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
  28198. #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  28199. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28200. data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
  28201. NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  28202. NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password,
  28203. (word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
  28204. AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der");
  28205. #endif
  28206. #endif
  28207. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  28208. #ifdef WOLFSSL_AES_128
  28209. /* ori (OtherRecipientInfo) recipient types */
  28210. ADD_PKCS7AUTHENVELOPEDVECTOR(
  28211. data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
  28212. NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
  28213. NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
  28214. "pkcs7authEnvelopedDataAES128GCM_ORI.der");
  28215. #endif
  28216. #endif
  28217. }
  28218. #undef MAX_TESTVECTORS_LEN
  28219. #undef ADD_PKCS7AUTHENVELOPEDVECTOR
  28220. enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28221. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28222. if ((! enveloped) || (! decoded)) {
  28223. ERROR_OUT(-12210, out);
  28224. }
  28225. /* generate senderNonce */
  28226. {
  28227. #ifndef HAVE_FIPS
  28228. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  28229. #else
  28230. ret = wc_InitRng(&rng);
  28231. #endif
  28232. if (ret != 0) {
  28233. ERROR_OUT(-12211, out);
  28234. }
  28235. senderNonce[0] = 0x04;
  28236. senderNonce[1] = PKCS7_NONCE_SZ;
  28237. ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
  28238. if (ret != 0) {
  28239. wc_FreeRng(&rng);
  28240. ERROR_OUT(-12212, out);
  28241. }
  28242. }
  28243. for (i = 0; i < testSz; i++) {
  28244. pkcs7 = wc_PKCS7_New(HEAP_HINT,
  28245. #ifdef WOLFSSL_ASYNC_CRYPT
  28246. INVALID_DEVID /* async PKCS7 is not supported */
  28247. #else
  28248. devId
  28249. #endif
  28250. );
  28251. if (pkcs7 == NULL) {
  28252. ERROR_OUT(-12213, out);
  28253. }
  28254. if (testVectors[i].secretKey != NULL) {
  28255. /* KEKRI recipient type */
  28256. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  28257. if (ret != 0) {
  28258. ERROR_OUT(-12214, out);
  28259. }
  28260. pkcs7->content = (byte*)testVectors[i].content;
  28261. pkcs7->contentSz = testVectors[i].contentSz;
  28262. pkcs7->contentOID = testVectors[i].contentOID;
  28263. pkcs7->encryptOID = testVectors[i].encryptOID;
  28264. pkcs7->ukm = testVectors[i].optionalUkm;
  28265. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  28266. pkcs7->authAttribs = testVectors[i].authAttribs;
  28267. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  28268. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  28269. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  28270. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
  28271. testVectors[i].secretKey, testVectors[i].secretKeySz,
  28272. testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
  28273. testVectors[i].timePtr, testVectors[i].otherAttrOID,
  28274. testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
  28275. testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
  28276. if (ret < 0) {
  28277. wc_PKCS7_Free(pkcs7);
  28278. ERROR_OUT(-12215, out);
  28279. }
  28280. /* set key, for decryption */
  28281. ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
  28282. testVectors[i].secretKeySz);
  28283. if (ret != 0) {
  28284. wc_PKCS7_Free(pkcs7);
  28285. ERROR_OUT(-12216, out);
  28286. }
  28287. } else if (testVectors[i].password != NULL) {
  28288. #ifndef NO_PWDBASED
  28289. /* PWRI recipient type */
  28290. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  28291. if (ret != 0) {
  28292. ERROR_OUT(-12217, out);
  28293. }
  28294. pkcs7->content = (byte*)testVectors[i].content;
  28295. pkcs7->contentSz = testVectors[i].contentSz;
  28296. pkcs7->contentOID = testVectors[i].contentOID;
  28297. pkcs7->encryptOID = testVectors[i].encryptOID;
  28298. pkcs7->ukm = testVectors[i].optionalUkm;
  28299. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  28300. pkcs7->authAttribs = testVectors[i].authAttribs;
  28301. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  28302. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  28303. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  28304. ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
  28305. (byte*)testVectors[i].password,
  28306. testVectors[i].passwordSz, testVectors[i].salt,
  28307. testVectors[i].saltSz, testVectors[i].kdfOID,
  28308. testVectors[i].hashOID, testVectors[i].kdfIterations,
  28309. testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
  28310. if (ret < 0) {
  28311. wc_PKCS7_Free(pkcs7);
  28312. ERROR_OUT(-12218, out);
  28313. }
  28314. /* set password, for decryption */
  28315. ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
  28316. testVectors[i].passwordSz);
  28317. if (ret < 0) {
  28318. wc_PKCS7_Free(pkcs7);
  28319. ERROR_OUT(-12219, out);
  28320. }
  28321. #endif /* NO_PWDBASED */
  28322. } else if (testVectors[i].isOri == 1) {
  28323. /* ORI recipient type */
  28324. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  28325. if (ret != 0) {
  28326. ERROR_OUT(-12220, out);
  28327. }
  28328. pkcs7->content = (byte*)testVectors[i].content;
  28329. pkcs7->contentSz = testVectors[i].contentSz;
  28330. pkcs7->contentOID = testVectors[i].contentOID;
  28331. pkcs7->encryptOID = testVectors[i].encryptOID;
  28332. pkcs7->authAttribs = testVectors[i].authAttribs;
  28333. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  28334. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  28335. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  28336. ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
  28337. testVectors[i].oriOptions);
  28338. if (ret < 0) {
  28339. wc_PKCS7_Free(pkcs7);
  28340. ERROR_OUT(-12221, out);
  28341. }
  28342. /* set decrypt callback for decryption */
  28343. ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
  28344. if (ret < 0) {
  28345. wc_PKCS7_Free(pkcs7);
  28346. ERROR_OUT(-12222, out);
  28347. }
  28348. } else {
  28349. /* KTRI or KARI recipient types */
  28350. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  28351. (word32)testVectors[i].certSz);
  28352. if (ret != 0) {
  28353. wc_PKCS7_Free(pkcs7);
  28354. ERROR_OUT(-12223, out);
  28355. }
  28356. pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
  28357. pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
  28358. pkcs7->privateKey = testVectors[i].privateKey;
  28359. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  28360. pkcs7->content = (byte*)testVectors[i].content;
  28361. pkcs7->contentSz = testVectors[i].contentSz;
  28362. pkcs7->contentOID = testVectors[i].contentOID;
  28363. pkcs7->encryptOID = testVectors[i].encryptOID;
  28364. pkcs7->ukm = testVectors[i].optionalUkm;
  28365. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  28366. pkcs7->authAttribs = testVectors[i].authAttribs;
  28367. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  28368. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  28369. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  28370. /* set SubjectIdentifier type for KTRI types */
  28371. if (testVectors[i].ktriOptions & CMS_SKID) {
  28372. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  28373. if (ret != 0) {
  28374. wc_PKCS7_Free(pkcs7);
  28375. ERROR_OUT(-12224, out);
  28376. }
  28377. } else if (testVectors[i].ktriOptions &
  28378. CMS_ISSUER_AND_SERIAL_NUMBER) {
  28379. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
  28380. CMS_ISSUER_AND_SERIAL_NUMBER);
  28381. if (ret != 0) {
  28382. wc_PKCS7_Free(pkcs7);
  28383. ERROR_OUT(-12225, out);
  28384. }
  28385. }
  28386. }
  28387. #ifdef ECC_TIMING_RESISTANT
  28388. pkcs7->rng = &rng;
  28389. #endif
  28390. /* encode envelopedData */
  28391. envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
  28392. PKCS7_BUF_SIZE);
  28393. if (envelopedSz <= 0) {
  28394. wc_PKCS7_Free(pkcs7);
  28395. ERROR_OUT(-12226, out);
  28396. }
  28397. #ifndef NO_PKCS7_STREAM
  28398. { /* test reading byte by byte */
  28399. int z;
  28400. for (z = 0; z < envelopedSz; z++) {
  28401. decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
  28402. enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
  28403. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  28404. printf("unexpected error %d\n", decodedSz);
  28405. ERROR_OUT(-12227, out);
  28406. }
  28407. }
  28408. /* test decode result */
  28409. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  28410. printf("stream read compare failed\n");
  28411. wc_PKCS7_Free(pkcs7);
  28412. ERROR_OUT(-12228, out);
  28413. }
  28414. }
  28415. #endif
  28416. /* decode envelopedData */
  28417. decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
  28418. envelopedSz, decoded,
  28419. PKCS7_BUF_SIZE);
  28420. if (decodedSz <= 0) {
  28421. wc_PKCS7_Free(pkcs7);
  28422. ERROR_OUT(-12229, out);
  28423. }
  28424. /* test decode result */
  28425. if (XMEMCMP(decoded, data, sizeof(data)) != 0){
  28426. wc_PKCS7_Free(pkcs7);
  28427. ERROR_OUT(-12230, out);
  28428. }
  28429. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28430. /* output pkcs7 envelopedData for external testing */
  28431. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  28432. if (!pkcs7File) {
  28433. wc_PKCS7_Free(pkcs7);
  28434. ERROR_OUT(-12231, out);
  28435. }
  28436. ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
  28437. XFCLOSE(pkcs7File);
  28438. if (ret != envelopedSz) {
  28439. wc_PKCS7_Free(pkcs7);
  28440. ERROR_OUT(-12232, out);
  28441. } else {
  28442. /* reset ret to 0 for success */
  28443. ret = 0;
  28444. }
  28445. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  28446. wc_PKCS7_Free(pkcs7);
  28447. pkcs7 = NULL;
  28448. }
  28449. wc_FreeRng(&rng);
  28450. (void)eccCert;
  28451. (void)eccCertSz;
  28452. (void)eccPrivKey;
  28453. (void)eccPrivKeySz;
  28454. #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  28455. (void)secretKey;
  28456. (void)secretKeyId;
  28457. #endif
  28458. #ifdef NO_RSA
  28459. (void)rsaCert;
  28460. (void)rsaCertSz;
  28461. (void)rsaPrivKey;
  28462. (void)rsaPrivKeySz;
  28463. #endif
  28464. out:
  28465. if (testVectors)
  28466. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28467. if (enveloped)
  28468. XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28469. if (decoded)
  28470. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28471. return ret;
  28472. }
  28473. WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void)
  28474. {
  28475. int ret = 0;
  28476. byte* rsaCert = NULL;
  28477. byte* rsaPrivKey = NULL;
  28478. word32 rsaCertSz = 0;
  28479. word32 rsaPrivKeySz = 0;
  28480. byte* eccCert = NULL;
  28481. byte* eccPrivKey = NULL;
  28482. word32 eccCertSz = 0;
  28483. word32 eccPrivKeySz = 0;
  28484. #ifndef NO_RSA
  28485. /* read client RSA cert and key in DER format */
  28486. rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28487. if (rsaCert == NULL)
  28488. return -12300;
  28489. rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28490. if (rsaPrivKey == NULL) {
  28491. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28492. return -12301;
  28493. }
  28494. rsaCertSz = FOURK_BUF;
  28495. rsaPrivKeySz = FOURK_BUF;
  28496. #endif /* NO_RSA */
  28497. #ifdef HAVE_ECC
  28498. /* read client ECC cert and key in DER format */
  28499. eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28500. if (eccCert == NULL) {
  28501. #ifndef NO_RSA
  28502. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28503. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28504. #endif
  28505. return -12302;
  28506. }
  28507. eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28508. if (eccPrivKey == NULL) {
  28509. #ifndef NO_RSA
  28510. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28511. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28512. #endif
  28513. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28514. return -12303;
  28515. }
  28516. eccCertSz = FOURK_BUF;
  28517. eccPrivKeySz = FOURK_BUF;
  28518. #endif /* HAVE_ECC */
  28519. ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
  28520. &rsaPrivKeySz, NULL, NULL, NULL, NULL,
  28521. NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
  28522. eccPrivKey, &eccPrivKeySz);
  28523. if (ret < 0) {
  28524. #ifndef NO_RSA
  28525. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28526. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28527. #endif
  28528. #ifdef HAVE_ECC
  28529. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28530. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28531. #endif
  28532. return -12304;
  28533. }
  28534. ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
  28535. rsaPrivKey, (word32)rsaPrivKeySz,
  28536. eccCert, (word32)eccCertSz,
  28537. eccPrivKey, (word32)eccPrivKeySz);
  28538. #ifndef NO_RSA
  28539. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28540. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28541. #endif
  28542. #ifdef HAVE_ECC
  28543. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28544. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28545. #endif
  28546. return ret;
  28547. }
  28548. #endif /* HAVE_AESGCM || HAVE_AESCCM */
  28549. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  28550. static const byte p7DefKey[] = {
  28551. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28552. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28553. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28554. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  28555. };
  28556. static const byte p7AltKey[] = {
  28557. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28558. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  28559. };
  28560. static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
  28561. word32 keyIdSz, byte* orginKey, word32 orginKeySz,
  28562. byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
  28563. {
  28564. int ret;
  28565. if (cek == NULL || out == NULL)
  28566. return BAD_FUNC_ARG;
  28567. /* test case sanity checks */
  28568. if (keyIdSz != 1) {
  28569. return -12310;
  28570. }
  28571. if (keyId[0] != 0x00) {
  28572. return -12311;
  28573. }
  28574. if (type != (int)PKCS7_KEKRI) {
  28575. return -12312;
  28576. }
  28577. switch (keyWrapAlgo) {
  28578. case AES256_WRAP:
  28579. ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz,
  28580. out, outSz, NULL);
  28581. if (ret <= 0)
  28582. return ret;
  28583. break;
  28584. default:
  28585. WOLFSSL_MSG("Unsupported key wrap algorithm in example");
  28586. return BAD_KEYWRAP_ALG_E;
  28587. };
  28588. (void)pkcs7;
  28589. (void)direction;
  28590. (void)orginKey; /* used with KAKRI */
  28591. (void)orginKeySz;
  28592. return ret;
  28593. }
  28594. /* returns key size on success */
  28595. static int getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
  28596. {
  28597. int ret;
  28598. word32 atrSz;
  28599. byte atr[256];
  28600. /* Additionally can look for fwWrappedFirmwareKey
  28601. * 1.2.840.113529.1.9.16.1.16 */
  28602. const unsigned char fwWrappedFirmwareKey[] = {
  28603. /* 0x06, 0x0B */
  28604. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  28605. 0x01, 0x09, 0x10, 0x02, 0x27
  28606. };
  28607. /* find keyID in fwWrappedFirmwareKey */
  28608. ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
  28609. sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
  28610. if (ret == LENGTH_ONLY_E) {
  28611. XMEMSET(atr, 0, sizeof(atr));
  28612. ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
  28613. sizeof(fwWrappedFirmwareKey), atr, &atrSz);
  28614. /* keyIdRaw[0] OCTET TAG */
  28615. /* keyIdRaw[1] Length */
  28616. if (ret > 0) {
  28617. PKCS7* envPkcs7;
  28618. envPkcs7 = wc_PKCS7_New(NULL, 0);
  28619. if (envPkcs7 == NULL) {
  28620. return MEMORY_E;
  28621. }
  28622. wc_PKCS7_Init(envPkcs7, NULL, 0);
  28623. ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc);
  28624. if (ret == 0) {
  28625. /* expecting FIRMWARE_PKG_DATA content */
  28626. envPkcs7->contentOID = FIRMWARE_PKG_DATA;
  28627. ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
  28628. key, keySz);
  28629. if (envPkcs7->contentOID != FIRMWARE_PKG_DATA) {
  28630. /* the contentOID should have been set to the inner
  28631. * FIRMWARE_PKG_DATA content */
  28632. ret = BAD_STATE_E;
  28633. }
  28634. }
  28635. wc_PKCS7_Free(envPkcs7);
  28636. }
  28637. }
  28638. return ret;
  28639. }
  28640. /* create a KEKRI enveloped data
  28641. * return size on success */
  28642. static int envelopedData_encrypt(byte* in, word32 inSz, byte* out,
  28643. word32 outSz)
  28644. {
  28645. int ret;
  28646. PKCS7* pkcs7;
  28647. WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
  28648. pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
  28649. if (pkcs7 == NULL)
  28650. return -12330;
  28651. pkcs7->content = in;
  28652. pkcs7->contentSz = inSz;
  28653. pkcs7->contentOID = FIRMWARE_PKG_DATA;
  28654. pkcs7->encryptOID = AES256CBCb;
  28655. pkcs7->ukm = NULL;
  28656. pkcs7->ukmSz = 0;
  28657. /* add recipient (KEKRI type) */
  28658. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey,
  28659. sizeof(p7DefKey), (byte*)keyId,
  28660. sizeof(keyId), NULL, NULL, 0, NULL, 0, 0);
  28661. if (ret < 0) {
  28662. printf("wc_PKCS7_AddRecipient_KEKRI() failed, ret = %d\n", ret);
  28663. wc_PKCS7_Free(pkcs7);
  28664. return -12331;
  28665. }
  28666. /* encode envelopedData, returns size */
  28667. ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz);
  28668. if (ret <= 0) {
  28669. printf("wc_PKCS7_EncodeEnvelopedData() failed, ret = %d\n", ret);
  28670. wc_PKCS7_Free(pkcs7);
  28671. return -12332;
  28672. }
  28673. wc_PKCS7_Free(pkcs7);
  28674. return ret;
  28675. }
  28676. /*
  28677. * keyHint is the KeyID to be set in the fwDecryptKeyID attribute
  28678. * returns size of buffer output on success
  28679. */
  28680. static int generateBundle(byte* out, word32 *outSz, const byte* encryptKey,
  28681. word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz,
  28682. byte* key, word32 keySz)
  28683. {
  28684. int ret, attribNum = 1;
  28685. PKCS7* pkcs7;
  28686. /* KEY ID
  28687. * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
  28688. */
  28689. const unsigned char fwDecryptKeyID[] = {
  28690. 0x06, 0x0B,
  28691. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  28692. 0x01, 0x09, 0x10, 0x02, 0x25
  28693. };
  28694. /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */
  28695. const unsigned char fwWrappedFirmwareKey[] = {
  28696. 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  28697. 0x01, 0x09, 0x10, 0x02, 0x27
  28698. };
  28699. byte keyID[] = { 0x04, 0x01, 0x00 };
  28700. byte env[256];
  28701. char data[] = "Test of wolfSSL PKCS7 decrypt callback";
  28702. PKCS7Attrib attribs[] =
  28703. {
  28704. { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) },
  28705. { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 }
  28706. };
  28707. keyID[2] = keyHint;
  28708. /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */
  28709. if (keyHint == 0) {
  28710. ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env,
  28711. sizeof(env));
  28712. if (ret <= 0) {
  28713. return ret;
  28714. }
  28715. attribs[1].valueSz = ret;
  28716. attribNum++;
  28717. }
  28718. /* init PKCS7 */
  28719. pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
  28720. if (pkcs7 == NULL)
  28721. return -12340;
  28722. ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
  28723. if (ret != 0) {
  28724. printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret);
  28725. wc_PKCS7_Free(pkcs7);
  28726. return -12341;
  28727. }
  28728. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  28729. if (ret != 0) {
  28730. wc_PKCS7_Free(pkcs7);
  28731. return -12342;
  28732. }
  28733. /* encode Signed Encrypted FirmwarePkgData */
  28734. if (encryptKeySz == 16) {
  28735. ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
  28736. encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
  28737. (byte*)data, sizeof(data), NULL, 0,
  28738. attribs, attribNum, out, *outSz);
  28739. }
  28740. else {
  28741. ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
  28742. encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
  28743. (byte*)data, sizeof(data), NULL, 0,
  28744. attribs, attribNum, out, *outSz);
  28745. }
  28746. if (ret <= 0) {
  28747. printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
  28748. "ret = %d\n", ret);
  28749. wc_PKCS7_Free(pkcs7);
  28750. return -12343;
  28751. } else {
  28752. *outSz = ret;
  28753. }
  28754. wc_PKCS7_Free(pkcs7);
  28755. return ret;
  28756. }
  28757. /* test verification and decryption of PKCS7 bundle
  28758. * return 0 on success
  28759. */
  28760. static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
  28761. {
  28762. int ret = 0;
  28763. int usrCtx = 1; /* test value to pass as user context to callback */
  28764. PKCS7* pkcs7 = NULL;
  28765. byte* sid = NULL;
  28766. word32 sidSz;
  28767. byte key[256];
  28768. word32 keySz = sizeof(key);
  28769. byte *decoded = NULL;
  28770. int decodedSz = FOURK_BUF/2;
  28771. WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
  28772. 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
  28773. 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
  28774. 0xD7, 0x85, 0x65, 0xC0
  28775. };
  28776. decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28777. if (decoded == NULL) {
  28778. ret = MEMORY_E;
  28779. goto out;
  28780. }
  28781. pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
  28782. if (pkcs7 == NULL) {
  28783. ret = MEMORY_E;
  28784. goto out;
  28785. }
  28786. /* Test verify */
  28787. ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID);
  28788. if (ret != 0)
  28789. goto out;
  28790. ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  28791. if (ret != 0)
  28792. goto out;
  28793. ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz);
  28794. if (ret != 0)
  28795. goto out;
  28796. /* Get size of SID and print it out */
  28797. ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
  28798. if (ret != LENGTH_ONLY_E)
  28799. goto out;
  28800. sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28801. if (sid == NULL) {
  28802. ret = MEMORY_E;
  28803. goto out;
  28804. }
  28805. ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz);
  28806. if (ret != 0)
  28807. goto out;
  28808. ret = XMEMCMP(sid, expectedSid, sidSz);
  28809. if (ret != 0) {
  28810. ret = PKCS7_NO_SIGNER_E; /* close enough */
  28811. goto out;
  28812. }
  28813. /* get expected fwWrappedFirmwareKey */
  28814. if (keyHint == 0) {
  28815. ret = getFirmwareKey(pkcs7, key, keySz);
  28816. if (ret < 0)
  28817. goto out;
  28818. pkcs7->encryptionKey = key;
  28819. pkcs7->encryptionKeySz = ret;
  28820. }
  28821. else {
  28822. decodedSz = PKCS7_BUF_SIZE;
  28823. ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc);
  28824. if (ret != 0)
  28825. goto out;
  28826. ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx);
  28827. if (ret != 0)
  28828. goto out;
  28829. }
  28830. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  28831. pkcs7->contentSz, decoded, decodedSz);
  28832. if (decodedSz < 0) {
  28833. ret = decodedSz;
  28834. goto out;
  28835. }
  28836. ret = 0;
  28837. out:
  28838. if (decoded)
  28839. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28840. if (pkcs7)
  28841. wc_PKCS7_Free(pkcs7);
  28842. if (sid)
  28843. XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28844. return ret;
  28845. }
  28846. WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz)
  28847. {
  28848. int ret = 0;
  28849. word32 derSz;
  28850. byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28851. if (! derBuf)
  28852. ERROR_OUT(-12360, out);
  28853. /* Doing default generation and verify */
  28854. derSz = FOURK_BUF;
  28855. ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert,
  28856. certSz, key, keySz);
  28857. if (ret <= 0) {
  28858. ERROR_OUT(-12361, out);
  28859. }
  28860. ret = verifyBundle(derBuf, derSz, 0);
  28861. if (ret != 0) {
  28862. ERROR_OUT(-12362, out);
  28863. }
  28864. /* test choosing other key with keyID */
  28865. derSz = FOURK_BUF;
  28866. ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1,
  28867. cert, certSz, key, keySz);
  28868. if (ret <= 0) {
  28869. ERROR_OUT(-12363, out);
  28870. }
  28871. ret = verifyBundle(derBuf, derSz, 1);
  28872. if (ret != 0) {
  28873. ERROR_OUT(-12364, out);
  28874. }
  28875. /* test fail case with wrong keyID */
  28876. derSz = FOURK_BUF;
  28877. ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1,
  28878. cert, certSz, key, keySz);
  28879. if (ret <= 0) {
  28880. ERROR_OUT(-12365, out);
  28881. }
  28882. ret = verifyBundle(derBuf, derSz, 1);
  28883. if (ret == 0) {
  28884. ERROR_OUT(-12366, out);
  28885. }
  28886. ret = 0;
  28887. out:
  28888. if (derBuf)
  28889. XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28890. return ret;
  28891. }
  28892. #endif /* !NO_AES && HAVE_AES_CBC */
  28893. #ifndef NO_PKCS7_ENCRYPTED_DATA
  28894. typedef struct {
  28895. const byte* content;
  28896. word32 contentSz;
  28897. int contentOID;
  28898. int encryptOID;
  28899. byte* encryptionKey;
  28900. word32 encryptionKeySz;
  28901. PKCS7Attrib* attribs;
  28902. word32 attribsSz;
  28903. const char* outFileName;
  28904. } pkcs7EncryptedVector;
  28905. WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
  28906. {
  28907. int ret = 0;
  28908. int i, testSz;
  28909. int encryptedSz, decodedSz, attribIdx;
  28910. PKCS7* pkcs7;
  28911. byte *encrypted;
  28912. byte *decoded;
  28913. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28914. XFILE pkcs7File;
  28915. #endif
  28916. PKCS7Attrib* expectedAttrib;
  28917. PKCS7DecodedAttrib* decodedAttrib;
  28918. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  28919. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  28920. 0x72,0x6c,0x64
  28921. };
  28922. #ifndef NO_DES3
  28923. byte desKey[] = {
  28924. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  28925. };
  28926. byte des3Key[] = {
  28927. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  28928. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  28929. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  28930. };
  28931. #endif
  28932. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  28933. #ifdef WOLFSSL_AES_128
  28934. byte aes128Key[] = {
  28935. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28936. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  28937. };
  28938. #endif
  28939. #ifdef WOLFSSL_AES_192
  28940. byte aes192Key[] = {
  28941. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28942. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28943. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  28944. };
  28945. #endif
  28946. #ifdef WOLFSSL_AES_256
  28947. byte aes256Key[] = {
  28948. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28949. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28950. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28951. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  28952. };
  28953. #endif
  28954. #ifdef WOLFSSL_AES_256
  28955. /* Attribute example from RFC 4134, Section 7.2
  28956. * OID = 1.2.5555
  28957. * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
  28958. static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
  28959. static byte genAttr[] = { 0x04, 47,
  28960. 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
  28961. 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
  28962. 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
  28963. 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
  28964. 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
  28965. 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
  28966. static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
  28967. static byte genAttr2[] = { 0x04, 47,
  28968. 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
  28969. 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
  28970. 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
  28971. 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
  28972. 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
  28973. 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
  28974. PKCS7Attrib attribs[] =
  28975. {
  28976. { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
  28977. };
  28978. PKCS7Attrib multiAttribs[] =
  28979. {
  28980. { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
  28981. { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
  28982. };
  28983. #endif
  28984. #endif /* NO_AES */
  28985. const pkcs7EncryptedVector testVectors[] =
  28986. {
  28987. #ifndef NO_DES3
  28988. {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
  28989. NULL, 0, "pkcs7encryptedDataDES3.der"},
  28990. {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
  28991. NULL, 0, "pkcs7encryptedDataDES.der"},
  28992. #endif /* NO_DES3 */
  28993. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  28994. #ifdef WOLFSSL_AES_128
  28995. {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
  28996. sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
  28997. #endif
  28998. #ifdef WOLFSSL_AES_192
  28999. {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
  29000. sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
  29001. #endif
  29002. #ifdef WOLFSSL_AES_256
  29003. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  29004. sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
  29005. /* test with optional unprotected attributes */
  29006. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  29007. sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29008. "pkcs7encryptedDataAES256CBC_attribs.der"},
  29009. /* test with multiple optional unprotected attributes */
  29010. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  29011. sizeof(aes256Key), multiAttribs,
  29012. (sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
  29013. "pkcs7encryptedDataAES256CBC_multi_attribs.der"},
  29014. /* test with contentType set to FirmwarePkgData */
  29015. {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key,
  29016. sizeof(aes256Key), NULL, 0,
  29017. "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
  29018. #endif
  29019. #endif /* !NO_AES && HAVE_AES_CBC */
  29020. };
  29021. encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29022. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29023. if ((! encrypted) || (! decoded)) {
  29024. ERROR_OUT(MEMORY_E, out);
  29025. }
  29026. testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
  29027. for (i = 0; i < testSz; i++) {
  29028. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  29029. if (pkcs7 == NULL) {
  29030. ERROR_OUT(-12400, out);
  29031. }
  29032. pkcs7->content = (byte*)testVectors[i].content;
  29033. pkcs7->contentSz = testVectors[i].contentSz;
  29034. pkcs7->contentOID = testVectors[i].contentOID;
  29035. pkcs7->encryptOID = testVectors[i].encryptOID;
  29036. pkcs7->encryptionKey = testVectors[i].encryptionKey;
  29037. pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
  29038. pkcs7->unprotectedAttribs = testVectors[i].attribs;
  29039. pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
  29040. /* encode encryptedData */
  29041. encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  29042. PKCS7_BUF_SIZE);
  29043. if (encryptedSz <= 0) {
  29044. wc_PKCS7_Free(pkcs7);
  29045. ERROR_OUT(-12401, out);
  29046. }
  29047. /* decode encryptedData */
  29048. #ifndef NO_PKCS7_STREAM
  29049. { /* test reading byte by byte */
  29050. int z;
  29051. for (z = 0; z < encryptedSz; z++) {
  29052. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
  29053. decoded, PKCS7_BUF_SIZE);
  29054. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  29055. printf("unexpected error %d\n", decodedSz);
  29056. ERROR_OUT(-12402, out);
  29057. }
  29058. }
  29059. /* test decode result */
  29060. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  29061. printf("stream read failed\n");
  29062. wc_PKCS7_Free(pkcs7);
  29063. ERROR_OUT(-12403, out);
  29064. }
  29065. }
  29066. #endif
  29067. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  29068. decoded, PKCS7_BUF_SIZE);
  29069. if (decodedSz <= 0){
  29070. wc_PKCS7_Free(pkcs7);
  29071. ERROR_OUT(-12404, out);
  29072. }
  29073. /* test decode result */
  29074. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  29075. wc_PKCS7_Free(pkcs7);
  29076. ERROR_OUT(-12405, out);
  29077. }
  29078. /* verify decoded unprotected attributes */
  29079. if (pkcs7->decodedAttrib != NULL) {
  29080. decodedAttrib = pkcs7->decodedAttrib;
  29081. attribIdx = 1;
  29082. while (decodedAttrib != NULL) {
  29083. /* expected attribute, stored list is reversed */
  29084. expectedAttrib = &(pkcs7->unprotectedAttribs
  29085. [pkcs7->unprotectedAttribsSz - attribIdx]);
  29086. /* verify oid */
  29087. if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
  29088. decodedAttrib->oidSz) != 0) {
  29089. wc_PKCS7_Free(pkcs7);
  29090. ERROR_OUT(-12406, out);
  29091. }
  29092. /* verify value */
  29093. if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
  29094. decodedAttrib->valueSz) != 0) {
  29095. wc_PKCS7_Free(pkcs7);
  29096. ERROR_OUT(-12407, out);
  29097. }
  29098. decodedAttrib = decodedAttrib->next;
  29099. attribIdx++;
  29100. }
  29101. }
  29102. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  29103. /* output pkcs7 envelopedData for external testing */
  29104. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  29105. if (!pkcs7File) {
  29106. wc_PKCS7_Free(pkcs7);
  29107. ERROR_OUT(-12408, out);
  29108. }
  29109. ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File);
  29110. XFCLOSE(pkcs7File);
  29111. if (ret > 0)
  29112. ret = 0;
  29113. #endif
  29114. wc_PKCS7_Free(pkcs7);
  29115. }
  29116. out:
  29117. if (encrypted)
  29118. XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29119. if (decoded)
  29120. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29121. return ret;
  29122. }
  29123. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  29124. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  29125. typedef struct {
  29126. const byte* content;
  29127. word32 contentSz;
  29128. int contentOID;
  29129. const char* outFileName;
  29130. } pkcs7CompressedVector;
  29131. WOLFSSL_TEST_SUBROUTINE int pkcs7compressed_test(void)
  29132. {
  29133. int ret = 0;
  29134. int i, testSz;
  29135. int compressedSz, decodedSz;
  29136. PKCS7* pkcs7;
  29137. #ifdef WOLFSSL_SMALL_STACK
  29138. byte *compressed;
  29139. byte *decoded;
  29140. #else
  29141. byte compressed[PKCS7_BUF_SIZE];
  29142. byte decoded[PKCS7_BUF_SIZE];
  29143. #endif
  29144. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  29145. XFILE pkcs7File;
  29146. #endif
  29147. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  29148. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  29149. 0x72,0x6c,0x64
  29150. };
  29151. const pkcs7CompressedVector testVectors[] =
  29152. {
  29153. {data, (word32)sizeof(data), DATA,
  29154. "pkcs7compressedData_data_zlib.der"},
  29155. {data, (word32)sizeof(data), FIRMWARE_PKG_DATA,
  29156. "pkcs7compressedData_firmwarePkgData_zlib.der"},
  29157. };
  29158. #ifdef WOLFSSL_SMALL_STACK
  29159. compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29160. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29161. if ((! compressed) || (! decoded)) {
  29162. ERROR_OUT(MEMORY_E, out);
  29163. }
  29164. #endif
  29165. testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
  29166. for (i = 0; i < testSz; i++) {
  29167. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  29168. if (pkcs7 == NULL) {
  29169. ERROR_OUT(-12500, out);
  29170. }
  29171. pkcs7->content = (byte*)testVectors[i].content;
  29172. pkcs7->contentSz = testVectors[i].contentSz;
  29173. pkcs7->contentOID = testVectors[i].contentOID;
  29174. /* encode compressedData */
  29175. compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed,
  29176. PKCS7_BUF_SIZE);
  29177. if (compressedSz <= 0) {
  29178. wc_PKCS7_Free(pkcs7);
  29179. ERROR_OUT(-12501, out);
  29180. }
  29181. /* decode compressedData */
  29182. decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed,
  29183. compressedSz, decoded,
  29184. PKCS7_BUF_SIZE);
  29185. if (decodedSz <= 0){
  29186. wc_PKCS7_Free(pkcs7);
  29187. ERROR_OUT(-12502, out);
  29188. }
  29189. /* test decode result */
  29190. if (XMEMCMP(decoded, testVectors[i].content,
  29191. testVectors[i].contentSz) != 0) {
  29192. wc_PKCS7_Free(pkcs7);
  29193. ERROR_OUT(-12503, out);
  29194. }
  29195. /* make sure content type is the same */
  29196. if (testVectors[i].contentOID != pkcs7->contentOID) {
  29197. ERROR_OUT(-12504, out);
  29198. }
  29199. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  29200. /* output pkcs7 compressedData for external testing */
  29201. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  29202. if (!pkcs7File) {
  29203. wc_PKCS7_Free(pkcs7);
  29204. ERROR_OUT(-12505, out);
  29205. }
  29206. ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File);
  29207. XFCLOSE(pkcs7File);
  29208. if (ret > 0)
  29209. ret = 0;
  29210. #endif
  29211. wc_PKCS7_Free(pkcs7);
  29212. }
  29213. out:
  29214. #ifdef WOLFSSL_SMALL_STACK
  29215. if (compressed)
  29216. XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29217. if (decoded)
  29218. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29219. #endif
  29220. return ret;
  29221. } /* pkcs7compressed_test() */
  29222. #undef PKCS7_BUF_SIZE
  29223. #endif /* HAVE_LIBZ */
  29224. typedef struct {
  29225. const byte* content;
  29226. word32 contentSz;
  29227. int hashOID;
  29228. int signOID;
  29229. byte* privateKey;
  29230. word32 privateKeySz;
  29231. byte* cert;
  29232. size_t certSz;
  29233. byte* caCert;
  29234. size_t caCertSz;
  29235. PKCS7Attrib* signedAttribs;
  29236. word32 signedAttribsSz;
  29237. const char* outFileName;
  29238. int contentOID;
  29239. byte* contentType;
  29240. word32 contentTypeSz;
  29241. int sidType;
  29242. int encryptOID; /* for single-shot encrypt alg OID */
  29243. int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
  29244. byte* encryptKey; /* for single-shot, encryptedData */
  29245. word32 encryptKeySz; /* for single-shot, encryptedData */
  29246. PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
  29247. word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
  29248. word16 detachedSignature; /* generate detached signature (0:1) */
  29249. } pkcs7SignedVector;
  29250. static int pkcs7signed_run_vectors(
  29251. byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
  29252. byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
  29253. byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
  29254. byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
  29255. byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
  29256. byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
  29257. byte* eccClientCertBuf, word32 eccClientCertBufSz,
  29258. byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
  29259. {
  29260. int ret, testSz = 0, i;
  29261. int encodedSz;
  29262. byte* out = NULL;
  29263. word32 outSz;
  29264. WC_RNG rng;
  29265. PKCS7* pkcs7 = NULL;
  29266. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  29267. XFILE file;
  29268. #endif
  29269. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  29270. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  29271. 0x72,0x6c,0x64
  29272. };
  29273. static byte transIdOid[] =
  29274. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  29275. 0x09, 0x07 };
  29276. static byte messageTypeOid[] =
  29277. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  29278. 0x09, 0x02 };
  29279. static byte senderNonceOid[] =
  29280. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  29281. 0x09, 0x05 };
  29282. #ifndef NO_SHA
  29283. static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
  29284. #else
  29285. static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
  29286. #endif
  29287. static byte messageType[] = { 0x13, 2, '1', '9' };
  29288. static byte senderNonce[PKCS7_NONCE_SZ + 2];
  29289. static PKCS7Attrib attribs[] =
  29290. {
  29291. { transIdOid, sizeof(transIdOid), transId,
  29292. sizeof(transId) - 1 }, /* take off the null */
  29293. { messageTypeOid, sizeof(messageTypeOid), messageType,
  29294. sizeof(messageType) },
  29295. { senderNonceOid, sizeof(senderNonceOid), senderNonce,
  29296. sizeof(senderNonce) }
  29297. };
  29298. /* for testing custom contentType, FirmwarePkgData */
  29299. static byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
  29300. 0x48, 0x86, 0xF7, 0x0D,
  29301. 0x01, 0x09, 0x10, 0x01, 0x10 };
  29302. #define MAX_TESTVECTORS_LEN 20
  29303. #define ADD_PKCS7SIGNEDVECTOR(...) { \
  29304. pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
  29305. if (testSz == MAX_TESTVECTORS_LEN) { \
  29306. ret = -12534; \
  29307. goto out; \
  29308. } \
  29309. XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
  29310. }
  29311. pkcs7SignedVector *testVectors = NULL;
  29312. XMEMSET(&rng, 0, sizeof(rng));
  29313. testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
  29314. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29315. if (testVectors == NULL) {
  29316. ret = -12567;
  29317. goto out;
  29318. }
  29319. {
  29320. #ifndef NO_RSA
  29321. #ifndef NO_SHA
  29322. /* RSA with SHA */
  29323. ADD_PKCS7SIGNEDVECTOR(
  29324. data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
  29325. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29326. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29327. "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
  29328. 0, 0);
  29329. /* RSA with SHA, no signed attributes */
  29330. ADD_PKCS7SIGNEDVECTOR(
  29331. data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
  29332. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
  29333. NULL, 0, NULL, 0,
  29334. "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29335. NULL, 0, 0);
  29336. #endif
  29337. #ifdef WOLFSSL_SHA224
  29338. /* RSA with SHA224 */
  29339. ADD_PKCS7SIGNEDVECTOR(
  29340. data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf,
  29341. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29342. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29343. "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29344. NULL, 0, 0);
  29345. #endif
  29346. #ifndef NO_SHA256
  29347. /* RSA with SHA256 */
  29348. ADD_PKCS7SIGNEDVECTOR(
  29349. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29350. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29351. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29352. "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29353. NULL, 0, 0);
  29354. /* RSA with SHA256, detached signature */
  29355. ADD_PKCS7SIGNEDVECTOR(
  29356. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29357. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29358. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29359. "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
  29360. NULL, 0, NULL, 0, 1);
  29361. /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
  29362. ADD_PKCS7SIGNEDVECTOR(
  29363. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29364. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29365. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29366. "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
  29367. NULL, 0, NULL, 0, 0);
  29368. /* RSA with SHA256 and custom contentType */
  29369. ADD_PKCS7SIGNEDVECTOR(
  29370. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29371. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29372. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29373. "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
  29374. customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
  29375. NULL, 0, 0);
  29376. /* RSA with SHA256 and FirmwarePkgData contentType */
  29377. ADD_PKCS7SIGNEDVECTOR(
  29378. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29379. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29380. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29381. "pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
  29382. FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  29383. /* RSA with SHA256 using server cert and ca cert */
  29384. ADD_PKCS7SIGNEDVECTOR(
  29385. data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
  29386. rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
  29387. rsaCaCertBuf, rsaCaCertBufSz,
  29388. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29389. "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
  29390. NULL, 0, NULL, 0, 0);
  29391. #endif
  29392. #if defined(WOLFSSL_SHA384)
  29393. /* RSA with SHA384 */
  29394. ADD_PKCS7SIGNEDVECTOR(
  29395. data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf,
  29396. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29397. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29398. "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29399. NULL, 0, 0);
  29400. #endif
  29401. #if defined(WOLFSSL_SHA512)
  29402. /* RSA with SHA512 */
  29403. ADD_PKCS7SIGNEDVECTOR(
  29404. data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf,
  29405. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29406. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29407. "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29408. NULL, 0, 0);
  29409. #endif
  29410. #endif /* NO_RSA */
  29411. #ifdef HAVE_ECC
  29412. #ifndef NO_SHA
  29413. /* ECDSA with SHA */
  29414. ADD_PKCS7SIGNEDVECTOR(
  29415. data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
  29416. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29417. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29418. "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29419. NULL, 0, 0);
  29420. /* ECDSA with SHA, no signed attributes */
  29421. ADD_PKCS7SIGNEDVECTOR(
  29422. data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
  29423. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
  29424. NULL, 0, NULL, 0,
  29425. "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29426. NULL, 0, 0);
  29427. #endif
  29428. #ifdef WOLFSSL_SHA224
  29429. /* ECDSA with SHA224 */
  29430. ADD_PKCS7SIGNEDVECTOR(
  29431. data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf,
  29432. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29433. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29434. "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29435. NULL, 0, 0);
  29436. #endif
  29437. #ifndef NO_SHA256
  29438. /* ECDSA with SHA256 */
  29439. ADD_PKCS7SIGNEDVECTOR(
  29440. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29441. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29442. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29443. "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29444. NULL, 0, 0);
  29445. /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
  29446. ADD_PKCS7SIGNEDVECTOR(
  29447. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29448. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29449. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29450. "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
  29451. NULL, 0, NULL, 0, 0);
  29452. /* ECDSA with SHA256 and custom contentType */
  29453. ADD_PKCS7SIGNEDVECTOR(
  29454. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29455. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29456. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29457. "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
  29458. customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
  29459. NULL, 0, 0);
  29460. /* ECDSA with SHA256 and FirmwarePkgData contentType */
  29461. ADD_PKCS7SIGNEDVECTOR(
  29462. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29463. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29464. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29465. "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
  29466. FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  29467. #endif
  29468. #ifdef WOLFSSL_SHA384
  29469. /* ECDSA with SHA384 */
  29470. ADD_PKCS7SIGNEDVECTOR(
  29471. data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf,
  29472. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29473. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29474. "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29475. NULL, 0, 0);
  29476. #endif
  29477. #ifdef WOLFSSL_SHA512
  29478. /* ECDSA with SHA512 */
  29479. ADD_PKCS7SIGNEDVECTOR(
  29480. data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf,
  29481. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29482. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29483. "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  29484. NULL, 0, 0);
  29485. #endif
  29486. #endif /* HAVE_ECC */
  29487. };
  29488. #undef MAX_TESTVECTORS_LEN
  29489. #undef ADD_PKCS7SIGNEDVECTOR
  29490. outSz = FOURK_BUF;
  29491. out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29492. if (out == NULL)
  29493. ERROR_OUT(-12510, out);
  29494. XMEMSET(out, 0, outSz);
  29495. ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
  29496. if (ret < 0)
  29497. ERROR_OUT(-12511, out);
  29498. #ifndef HAVE_FIPS
  29499. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  29500. #else
  29501. ret = wc_InitRng(&rng);
  29502. #endif
  29503. if (ret != 0)
  29504. ERROR_OUT(-12512, out);
  29505. for (i = 0; i < testSz; i++) {
  29506. if (pkcs7)
  29507. wc_PKCS7_Free(pkcs7);
  29508. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  29509. if (pkcs7 == NULL)
  29510. ERROR_OUT(-12513, out);
  29511. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  29512. (word32)testVectors[i].certSz);
  29513. if (ret != 0)
  29514. ERROR_OUT(-12514, out);
  29515. /* load CA certificate, if present */
  29516. if (testVectors[i].caCert != NULL) {
  29517. ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
  29518. (word32)testVectors[i].caCertSz);
  29519. if (ret != 0)
  29520. ERROR_OUT(-12515, out);
  29521. }
  29522. pkcs7->rng = &rng;
  29523. pkcs7->content = (byte*)testVectors[i].content;
  29524. pkcs7->contentSz = testVectors[i].contentSz;
  29525. pkcs7->contentOID = testVectors[i].contentOID;
  29526. pkcs7->hashOID = testVectors[i].hashOID;
  29527. pkcs7->encryptOID = testVectors[i].signOID;
  29528. pkcs7->privateKey = testVectors[i].privateKey;
  29529. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  29530. pkcs7->signedAttribs = testVectors[i].signedAttribs;
  29531. pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
  29532. /* optional custom contentType, default is DATA,
  29533. overrides contentOID if set */
  29534. if (testVectors[i].contentType != NULL) {
  29535. ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType,
  29536. testVectors[i].contentTypeSz);
  29537. if (ret != 0)
  29538. ERROR_OUT(-12516, out);
  29539. }
  29540. /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
  29541. default is IssuerAndSerialNumber */
  29542. if (testVectors[i].sidType == CMS_SKID) {
  29543. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  29544. if (ret != 0)
  29545. ERROR_OUT(-12517, out);
  29546. }
  29547. /* generate senderNonce */
  29548. {
  29549. senderNonce[0] = 0x04;
  29550. senderNonce[1] = PKCS7_NONCE_SZ;
  29551. ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
  29552. if (ret != 0)
  29553. ERROR_OUT(-12518, out);
  29554. }
  29555. /* generate transactionID (used with SCEP) */
  29556. {
  29557. #ifndef NO_SHA
  29558. wc_Sha sha;
  29559. byte digest[WC_SHA_DIGEST_SIZE];
  29560. #else
  29561. wc_Sha256 sha;
  29562. byte digest[WC_SHA256_DIGEST_SIZE];
  29563. #endif
  29564. int j,k;
  29565. transId[0] = 0x13;
  29566. transId[1] = sizeof(digest) * 2;
  29567. #ifndef NO_SHA
  29568. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  29569. if (ret != 0)
  29570. ERROR_OUT(-12519, out);
  29571. wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
  29572. wc_ShaFinal(&sha, digest);
  29573. wc_ShaFree(&sha);
  29574. #else
  29575. ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
  29576. if (ret != 0)
  29577. ERROR_OUT(-12520, out);
  29578. wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
  29579. wc_Sha256Final(&sha, digest);
  29580. wc_Sha256Free(&sha);
  29581. #endif
  29582. for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
  29583. XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
  29584. }
  29585. }
  29586. /* enable detached signature generation, if set */
  29587. if (testVectors[i].detachedSignature == 1) {
  29588. ret = wc_PKCS7_SetDetached(pkcs7, 1);
  29589. if (ret != 0)
  29590. ERROR_OUT(-12521, out);
  29591. }
  29592. encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
  29593. if (encodedSz < 0)
  29594. ERROR_OUT(-12522, out);
  29595. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  29596. /* write PKCS#7 to output file for more testing */
  29597. file = XFOPEN(testVectors[i].outFileName, "wb");
  29598. if (!file) {
  29599. ERROR_OUT(-12523, out);
  29600. ret = (int)XFWRITE(out, 1, encodedSz, file);
  29601. XFCLOSE(file);
  29602. if (ret != (int)encodedSz)
  29603. ERROR_OUT(-12524, out);
  29604. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  29605. wc_PKCS7_Free(pkcs7);
  29606. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  29607. if (pkcs7 == NULL)
  29608. ERROR_OUT(-12525, out);
  29609. wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  29610. if (testVectors[i].detachedSignature == 1) {
  29611. /* set content for verifying detached signatures */
  29612. pkcs7->content = (byte*)testVectors[i].content;
  29613. pkcs7->contentSz = testVectors[i].contentSz;
  29614. }
  29615. ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
  29616. if (ret < 0)
  29617. ERROR_OUT(-12526, out);
  29618. /* verify contentType extracted successfully for custom content types */
  29619. if (testVectors[i].contentTypeSz > 0) {
  29620. if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
  29621. ERROR_OUT(-12527, out);
  29622. } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
  29623. pkcs7->contentTypeSz) != 0) {
  29624. ERROR_OUT(-12528, out);
  29625. }
  29626. }
  29627. if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
  29628. ERROR_OUT(-12529, out);
  29629. {
  29630. /* check getting signed attributes */
  29631. #ifndef NO_SHA
  29632. byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
  29633. #else
  29634. byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
  29635. #endif
  29636. byte* oidPt = transIdOid + 2; /* skip object id tag and size */
  29637. int oidSz = (int)sizeof(transIdOid) - 2;
  29638. int bufSz = 0;
  29639. if (testVectors[i].signedAttribs != NULL &&
  29640. wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
  29641. NULL, (word32*)&bufSz) != LENGTH_ONLY_E)
  29642. ERROR_OUT(-12530, out);
  29643. if (bufSz > (int)sizeof(buf))
  29644. ERROR_OUT(-12531, out);
  29645. bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
  29646. buf, (word32*)&bufSz);
  29647. if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
  29648. (testVectors[i].signedAttribs == NULL && bufSz > 0))
  29649. ERROR_OUT(-12532, out);
  29650. }
  29651. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  29652. file = XFOPEN("./pkcs7cert.der", "wb");
  29653. if (!file)
  29654. ERROR_OUT(-12533, out);
  29655. ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
  29656. XFCLOSE(file);
  29657. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  29658. }
  29659. out:
  29660. if (pkcs7 != NULL)
  29661. wc_PKCS7_Free(pkcs7);
  29662. if (out != NULL)
  29663. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29664. if (testVectors != NULL)
  29665. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29666. wc_FreeRng(&rng);
  29667. if (ret > 0)
  29668. return 0;
  29669. (void)rsaClientCertBuf;
  29670. (void)rsaClientCertBufSz;
  29671. (void)rsaClientPrivKeyBuf;
  29672. (void)rsaClientPrivKeyBufSz;
  29673. (void)rsaServerCertBuf;
  29674. (void)rsaServerCertBufSz;
  29675. (void)rsaServerPrivKeyBuf;
  29676. (void)rsaServerPrivKeyBufSz;
  29677. (void)rsaCaCertBuf;
  29678. (void)rsaCaCertBufSz;
  29679. (void)rsaCaPrivKeyBuf;
  29680. (void)rsaCaPrivKeyBufSz;
  29681. (void)eccClientCertBuf;
  29682. (void)eccClientCertBufSz;
  29683. (void)eccClientPrivKeyBuf;
  29684. (void)eccClientPrivKeyBufSz;
  29685. return ret;
  29686. }
  29687. static int pkcs7signed_run_SingleShotVectors(
  29688. byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
  29689. byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
  29690. byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
  29691. byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
  29692. byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
  29693. byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
  29694. byte* eccClientCertBuf, word32 eccClientCertBufSz,
  29695. byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
  29696. {
  29697. int ret, testSz = 0, i;
  29698. int encodedSz;
  29699. byte* out = NULL;
  29700. word32 outSz;
  29701. WC_RNG rng;
  29702. PKCS7* pkcs7 = NULL;
  29703. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  29704. XFILE file;
  29705. #endif
  29706. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
  29707. !defined(NO_PKCS7_ENCRYPTED_DATA)
  29708. byte* encryptedTmp = NULL;
  29709. int encryptedTmpSz;
  29710. #endif
  29711. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  29712. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  29713. 0x72,0x6c,0x64
  29714. };
  29715. #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
  29716. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
  29717. static byte aes256Key[] = {
  29718. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  29719. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  29720. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  29721. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  29722. };
  29723. #endif
  29724. static byte messageTypeOid[] =
  29725. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  29726. 0x09, 0x02 };
  29727. static byte messageType[] = { 0x13, 2, '1', '9' };
  29728. PKCS7Attrib attribs[] =
  29729. {
  29730. { messageTypeOid, sizeof(messageTypeOid), messageType,
  29731. sizeof(messageType) },
  29732. };
  29733. #define MAX_TESTVECTORS_LEN 19
  29734. #define ADD_PKCS7SIGNEDVECTOR(...) { \
  29735. pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
  29736. if (testSz == MAX_TESTVECTORS_LEN) { \
  29737. ret = -12568; \
  29738. goto out; \
  29739. } \
  29740. XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
  29741. }
  29742. pkcs7SignedVector *testVectors = NULL;
  29743. XMEMSET(&rng, 0, sizeof(rng));
  29744. testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
  29745. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29746. if (testVectors == NULL) {
  29747. ret = -12567;
  29748. goto out;
  29749. }
  29750. {
  29751. #ifndef NO_RSA
  29752. #ifndef NO_SHA256
  29753. /* Signed FirmwarePkgData, RSA, SHA256, no attribs */
  29754. ADD_PKCS7SIGNEDVECTOR(
  29755. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29756. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29757. NULL, 0,
  29758. "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
  29759. 0, 0, NULL, 0, NULL, 0, 0);
  29760. /* Signed FirmwarePkgData, RSA, SHA256, attrs */
  29761. ADD_PKCS7SIGNEDVECTOR(
  29762. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29763. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29764. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29765. "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
  29766. NULL, 0, NULL, 0, 0);
  29767. /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
  29768. ADD_PKCS7SIGNEDVECTOR(
  29769. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29770. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29771. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29772. "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
  29773. 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
  29774. /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
  29775. ADD_PKCS7SIGNEDVECTOR(
  29776. data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
  29777. rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
  29778. rsaCaCertBuf, rsaCaCertBufSz,
  29779. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29780. "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
  29781. 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  29782. #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
  29783. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
  29784. /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
  29785. ADD_PKCS7SIGNEDVECTOR(
  29786. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29787. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29788. NULL, 0,
  29789. "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
  29790. NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
  29791. /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
  29792. ADD_PKCS7SIGNEDVECTOR(
  29793. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29794. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29795. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29796. "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
  29797. NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
  29798. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
  29799. #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
  29800. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  29801. /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */
  29802. ADD_PKCS7SIGNEDVECTOR(
  29803. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29804. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29805. NULL, 0,
  29806. "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
  29807. NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
  29808. /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
  29809. ADD_PKCS7SIGNEDVECTOR(
  29810. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29811. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29812. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29813. "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
  29814. NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
  29815. #ifndef NO_PKCS7_ENCRYPTED_DATA
  29816. /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
  29817. no attribs */
  29818. ADD_PKCS7SIGNEDVECTOR(
  29819. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29820. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29821. NULL, 0,
  29822. "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
  29823. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
  29824. 0, 0);
  29825. /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
  29826. attribs */
  29827. ADD_PKCS7SIGNEDVECTOR(
  29828. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  29829. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  29830. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29831. "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
  29832. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
  29833. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
  29834. #endif /* !NO_PKCS7_ENCRYPTED_DATA */
  29835. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  29836. #endif /* NO_SHA256 */
  29837. #endif /* NO_RSA */
  29838. #ifdef HAVE_ECC
  29839. #ifndef NO_SHA256
  29840. /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */
  29841. ADD_PKCS7SIGNEDVECTOR(
  29842. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29843. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29844. NULL, 0,
  29845. "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  29846. 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  29847. /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
  29848. ADD_PKCS7SIGNEDVECTOR(
  29849. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29850. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29851. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29852. "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  29853. 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  29854. /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
  29855. ADD_PKCS7SIGNEDVECTOR(
  29856. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29857. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29858. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29859. "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
  29860. 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
  29861. #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
  29862. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
  29863. /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
  29864. ADD_PKCS7SIGNEDVECTOR(
  29865. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29866. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29867. NULL, 0,
  29868. "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  29869. 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
  29870. /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
  29871. ADD_PKCS7SIGNEDVECTOR(
  29872. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29873. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29874. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29875. "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  29876. 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
  29877. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
  29878. #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
  29879. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  29880. /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */
  29881. ADD_PKCS7SIGNEDVECTOR(
  29882. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29883. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29884. NULL, 0,
  29885. "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  29886. 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
  29887. /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
  29888. ADD_PKCS7SIGNEDVECTOR(
  29889. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29890. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29891. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29892. "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  29893. 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
  29894. #ifndef NO_PKCS7_ENCRYPTED_DATA
  29895. /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
  29896. no attribs */
  29897. ADD_PKCS7SIGNEDVECTOR(
  29898. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29899. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29900. NULL, 0,
  29901. "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
  29902. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
  29903. 0, 0);
  29904. /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
  29905. attribs */
  29906. ADD_PKCS7SIGNEDVECTOR(
  29907. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  29908. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  29909. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  29910. "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
  29911. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
  29912. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
  29913. #endif /* !NO_PKCS7_ENCRYPTED_DATA */
  29914. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  29915. #endif /* NO_SHA256 */
  29916. #endif /* HAVE_ECC */
  29917. };
  29918. #undef MAX_TESTVECTORS_LEN
  29919. #undef ADD_PKCS7SIGNEDVECTOR
  29920. outSz = FOURK_BUF;
  29921. out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29922. if (out == NULL)
  29923. ERROR_OUT(-12540, out);
  29924. XMEMSET(out, 0, outSz);
  29925. ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
  29926. if (ret < 0)
  29927. ERROR_OUT(-12541, out);
  29928. #ifndef HAVE_FIPS
  29929. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  29930. #else
  29931. ret = wc_InitRng(&rng);
  29932. #endif
  29933. if (ret != 0)
  29934. ERROR_OUT(-12542, out);
  29935. for (i = 0; i < testSz; i++) {
  29936. if (pkcs7)
  29937. wc_PKCS7_Free(pkcs7);
  29938. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  29939. if (pkcs7 == NULL)
  29940. ERROR_OUT(-12543, out);
  29941. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  29942. (word32)testVectors[i].certSz);
  29943. if (ret != 0)
  29944. ERROR_OUT(-12544, out);
  29945. /* load CA certificate, if present */
  29946. if (testVectors[i].caCert != NULL) {
  29947. ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
  29948. (word32)testVectors[i].caCertSz);
  29949. if (ret != 0)
  29950. ERROR_OUT(-12545, out);
  29951. }
  29952. /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
  29953. default is IssuerAndSerialNumber */
  29954. if (testVectors[i].sidType == CMS_SKID) {
  29955. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  29956. if (ret != 0)
  29957. ERROR_OUT(-12546, out);
  29958. }
  29959. if (testVectors[i].encCompFlag == 0) {
  29960. /* encode Signed FirmwarePkgData */
  29961. encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7,
  29962. testVectors[i].privateKey, testVectors[i].privateKeySz,
  29963. testVectors[i].signOID, testVectors[i].hashOID,
  29964. (byte*)testVectors[i].content, testVectors[i].contentSz,
  29965. testVectors[i].signedAttribs,
  29966. testVectors[i].signedAttribsSz, out, outSz);
  29967. if (encodedSz < 0)
  29968. ERROR_OUT(-12547, out);
  29969. #ifndef NO_PKCS7_ENCRYPTED_DATA
  29970. } else if (testVectors[i].encCompFlag == 1) {
  29971. /* encode Signed Encrypted FirmwarePkgData */
  29972. encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
  29973. testVectors[i].encryptKey, testVectors[i].encryptKeySz,
  29974. testVectors[i].privateKey, testVectors[i].privateKeySz,
  29975. testVectors[i].encryptOID, testVectors[i].signOID,
  29976. testVectors[i].hashOID, (byte*)testVectors[i].content,
  29977. testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
  29978. testVectors[i].unprotectedAttribsSz,
  29979. testVectors[i].signedAttribs,
  29980. testVectors[i].signedAttribsSz, out, outSz);
  29981. if (encodedSz <= 0)
  29982. ERROR_OUT(-12548, out);
  29983. #endif
  29984. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  29985. } else if (testVectors[i].encCompFlag == 2) {
  29986. /* encode Signed Compressed FirmwarePkgData */
  29987. encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7,
  29988. testVectors[i].privateKey, testVectors[i].privateKeySz,
  29989. testVectors[i].signOID, testVectors[i].hashOID,
  29990. (byte*)testVectors[i].content, testVectors[i].contentSz,
  29991. testVectors[i].signedAttribs,
  29992. testVectors[i].signedAttribsSz, out, outSz);
  29993. if (encodedSz <= 0)
  29994. ERROR_OUT(-12549, out);
  29995. #ifndef NO_PKCS7_ENCRYPTED_DATA
  29996. } else if (testVectors[i].encCompFlag == 3) {
  29997. /* encode Signed Encrypted Compressed FirmwarePkgData */
  29998. encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
  29999. testVectors[i].encryptKey, testVectors[i].encryptKeySz,
  30000. testVectors[i].privateKey, testVectors[i].privateKeySz,
  30001. testVectors[i].encryptOID, testVectors[i].signOID,
  30002. testVectors[i].hashOID, (byte*)testVectors[i].content,
  30003. testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
  30004. testVectors[i].unprotectedAttribsSz,
  30005. testVectors[i].signedAttribs,
  30006. testVectors[i].signedAttribsSz, out, outSz);
  30007. if (encodedSz <= 0)
  30008. ERROR_OUT(-12550, out);
  30009. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  30010. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  30011. } else {
  30012. /* unsupported SignedData single-shot combination */
  30013. ERROR_OUT(-12551, out);
  30014. }
  30015. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  30016. /* write PKCS#7 to output file for more testing */
  30017. file = XFOPEN(testVectors[i].outFileName, "wb");
  30018. if (!file)
  30019. ERROR_OUT(-12552, out);
  30020. ret = (int)XFWRITE(out, 1, encodedSz, file);
  30021. XFCLOSE(file);
  30022. file = NULL;
  30023. if (ret != (int)encodedSz)
  30024. ERROR_OUT(-12553);
  30025. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  30026. wc_PKCS7_Free(pkcs7);
  30027. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  30028. if (pkcs7 == NULL)
  30029. ERROR_OUT(-12554, out);
  30030. wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  30031. ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
  30032. if (ret < 0)
  30033. ERROR_OUT(-12555, out);
  30034. #ifndef NO_PKCS7_STREAM
  30035. {
  30036. word32 z;
  30037. for (z = 0; z < outSz && ret != 0; z++) {
  30038. ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
  30039. if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
  30040. printf("unexpected error %d\n", ret);
  30041. ERROR_OUT(-12556, out);
  30042. }
  30043. }
  30044. }
  30045. #endif
  30046. if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
  30047. ERROR_OUT(-12557, out);
  30048. if (testVectors[i].encCompFlag == 0) {
  30049. /* verify decoded content matches expected */
  30050. if ((pkcs7->contentSz != testVectors[i].contentSz) ||
  30051. XMEMCMP(pkcs7->content, testVectors[i].content,
  30052. pkcs7->contentSz)) {
  30053. ERROR_OUT(-12558, out);
  30054. }
  30055. }
  30056. #ifndef NO_PKCS7_ENCRYPTED_DATA
  30057. else if (testVectors[i].encCompFlag == 1) {
  30058. /* decrypt inner encryptedData */
  30059. pkcs7->encryptionKey = testVectors[i].encryptKey;
  30060. pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
  30061. ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  30062. pkcs7->contentSz, out, outSz);
  30063. if (ret < 0)
  30064. ERROR_OUT(-12559, out);
  30065. /* compare decrypted to expected */
  30066. if (((word32)ret != testVectors[i].contentSz) ||
  30067. XMEMCMP(out, testVectors[i].content, ret))
  30068. ERROR_OUT(-12560, out);
  30069. }
  30070. #endif
  30071. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  30072. else if (testVectors[i].encCompFlag == 2) {
  30073. /* decompress inner compressedData */
  30074. ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content,
  30075. pkcs7->contentSz, out, outSz);
  30076. if (ret < 0)
  30077. ERROR_OUT(-12561, out);
  30078. /* compare decompressed to expected */
  30079. if (((word32)ret != testVectors[i].contentSz) ||
  30080. XMEMCMP(out, testVectors[i].content, ret)) {
  30081. ERROR_OUT(-12562, out);
  30082. }
  30083. #ifndef NO_PKCS7_ENCRYPTED_DATA
  30084. else if (testVectors[i].encCompFlag == 3) {
  30085. encryptedTmpSz = FOURK_BUF;
  30086. encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT,
  30087. DYNAMIC_TYPE_TMP_BUFFER);
  30088. if (encryptedTmp == NULL)
  30089. ERROR_OUT(-12563, out);
  30090. XMEMSET(encryptedTmp, 0, encryptedTmpSz);
  30091. /* decrypt inner encryptedData */
  30092. pkcs7->encryptionKey = testVectors[i].encryptKey;
  30093. pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
  30094. encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  30095. pkcs7->contentSz, encryptedTmp,
  30096. encryptedTmpSz);
  30097. if (encryptedTmpSz < 0 || pkcs7->contentOID != COMPRESSED_DATA)
  30098. ERROR_OUT(-12564, out);
  30099. /* decompress inner compressedData */
  30100. ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp,
  30101. encryptedTmpSz, out, outSz);
  30102. if (ret < 0)
  30103. ERROR_OUT(-12565, out);
  30104. /* compare decompressed to expected */
  30105. if (((word32)ret != testVectors[i].contentSz) ||
  30106. XMEMCMP(out, testVectors[i].content, ret))
  30107. ERROR_OUT(-12566, out);
  30108. }
  30109. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  30110. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  30111. }
  30112. out:
  30113. if (pkcs7 != NULL)
  30114. wc_PKCS7_Free(pkcs7);
  30115. if (out != NULL)
  30116. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30117. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
  30118. !defined(NO_PKCS7_ENCRYPTED_DATA)
  30119. if (encryptedTmp != NULL)
  30120. XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30121. #endif
  30122. if (testVectors != NULL)
  30123. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30124. wc_FreeRng(&rng);
  30125. if (ret > 0)
  30126. return 0;
  30127. (void)eccClientCertBuf;
  30128. (void)eccClientCertBufSz;
  30129. (void)eccClientPrivKeyBuf;
  30130. (void)eccClientPrivKeyBufSz;
  30131. (void)rsaClientCertBuf;
  30132. (void)rsaClientCertBufSz;
  30133. (void)rsaClientPrivKeyBuf;
  30134. (void)rsaClientPrivKeyBufSz;
  30135. (void)rsaServerCertBuf;
  30136. (void)rsaServerCertBufSz;
  30137. (void)rsaServerPrivKeyBuf;
  30138. (void)rsaServerPrivKeyBufSz;
  30139. (void)rsaCaCertBuf;
  30140. (void)rsaCaCertBufSz;
  30141. (void)rsaCaPrivKeyBuf;
  30142. (void)rsaCaPrivKeyBufSz;
  30143. return ret;
  30144. }
  30145. WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void)
  30146. {
  30147. int ret = 0;
  30148. byte* rsaClientCertBuf = NULL;
  30149. byte* rsaServerCertBuf = NULL;
  30150. byte* rsaCaCertBuf = NULL;
  30151. byte* eccClientCertBuf = NULL;
  30152. byte* rsaClientPrivKeyBuf = NULL;
  30153. byte* rsaServerPrivKeyBuf = NULL;
  30154. byte* rsaCaPrivKeyBuf = NULL;
  30155. byte* eccClientPrivKeyBuf = NULL;
  30156. word32 rsaClientCertBufSz = 0;
  30157. word32 rsaServerCertBufSz = 0;
  30158. word32 rsaCaCertBufSz = 0;
  30159. word32 eccClientCertBufSz = 0;
  30160. word32 rsaClientPrivKeyBufSz = 0;
  30161. word32 rsaServerPrivKeyBufSz = 0;
  30162. word32 rsaCaPrivKeyBufSz = 0;
  30163. word32 eccClientPrivKeyBufSz = 0;
  30164. #ifndef NO_RSA
  30165. /* read client RSA cert and key in DER format */
  30166. rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  30167. DYNAMIC_TYPE_TMP_BUFFER);
  30168. if (rsaClientCertBuf == NULL)
  30169. ret = -12600;
  30170. rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  30171. DYNAMIC_TYPE_TMP_BUFFER);
  30172. if (ret == 0 && rsaClientPrivKeyBuf == NULL) {
  30173. ret = -12601;
  30174. }
  30175. rsaClientCertBufSz = FOURK_BUF;
  30176. rsaClientPrivKeyBufSz = FOURK_BUF;
  30177. /* read server RSA cert and key in DER format */
  30178. rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  30179. DYNAMIC_TYPE_TMP_BUFFER);
  30180. if (ret == 0 && rsaServerCertBuf == NULL)
  30181. ret = -12602;
  30182. rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  30183. DYNAMIC_TYPE_TMP_BUFFER);
  30184. if (ret == 0 && rsaServerPrivKeyBuf == NULL) {
  30185. ret = -12603;
  30186. }
  30187. rsaServerCertBufSz = FOURK_BUF;
  30188. rsaServerPrivKeyBufSz = FOURK_BUF;
  30189. /* read CA RSA cert and key in DER format, for use with server cert */
  30190. rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  30191. DYNAMIC_TYPE_TMP_BUFFER);
  30192. if (ret == 0 && rsaCaCertBuf == NULL)
  30193. ret = -12604;
  30194. rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  30195. DYNAMIC_TYPE_TMP_BUFFER);
  30196. if (ret == 0 && rsaCaPrivKeyBuf == NULL) {
  30197. ret = -12605;
  30198. }
  30199. rsaCaCertBufSz = FOURK_BUF;
  30200. rsaCaPrivKeyBufSz = FOURK_BUF;
  30201. #endif /* NO_RSA */
  30202. #ifdef HAVE_ECC
  30203. /* read client ECC cert and key in DER format */
  30204. eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  30205. DYNAMIC_TYPE_TMP_BUFFER);
  30206. if (ret == 0 && eccClientCertBuf == NULL) {
  30207. ret = -12606;
  30208. }
  30209. eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  30210. DYNAMIC_TYPE_TMP_BUFFER);
  30211. if (ret == 0 && eccClientPrivKeyBuf == NULL) {
  30212. ret = -12607;
  30213. }
  30214. eccClientCertBufSz = FOURK_BUF;
  30215. eccClientPrivKeyBufSz = FOURK_BUF;
  30216. #endif /* HAVE_ECC */
  30217. if (ret >= 0)
  30218. ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz,
  30219. rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz,
  30220. rsaServerCertBuf, &rsaServerCertBufSz,
  30221. rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz,
  30222. rsaCaCertBuf, &rsaCaCertBufSz,
  30223. rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz,
  30224. eccClientCertBuf, &eccClientCertBufSz,
  30225. eccClientPrivKeyBuf, &eccClientPrivKeyBufSz);
  30226. if (ret < 0) {
  30227. ret = -12608;
  30228. }
  30229. if (ret >= 0)
  30230. ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz,
  30231. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
  30232. rsaServerCertBuf, (word32)rsaServerCertBufSz,
  30233. rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
  30234. rsaCaCertBuf, (word32)rsaCaCertBufSz,
  30235. rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
  30236. eccClientCertBuf, (word32)eccClientCertBufSz,
  30237. eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
  30238. if (ret >= 0)
  30239. ret = pkcs7signed_run_SingleShotVectors(
  30240. rsaClientCertBuf, (word32)rsaClientCertBufSz,
  30241. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
  30242. rsaServerCertBuf, (word32)rsaServerCertBufSz,
  30243. rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
  30244. rsaCaCertBuf, (word32)rsaCaCertBufSz,
  30245. rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
  30246. eccClientCertBuf, (word32)eccClientCertBufSz,
  30247. eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
  30248. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  30249. if (ret >= 0)
  30250. ret = pkcs7callback_test(
  30251. rsaClientCertBuf, (word32)rsaClientCertBufSz,
  30252. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz);
  30253. #endif
  30254. XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30255. XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30256. XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30257. XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30258. XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30259. XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30260. XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30261. XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30262. return ret;
  30263. }
  30264. #endif /* HAVE_PKCS7 */
  30265. #ifdef HAVE_VALGRIND
  30266. /* Need a static build to have access to symbols. */
  30267. /* Maximum number of bytes in a number to test. */
  30268. #define MP_MAX_TEST_BYTE_LEN 32
  30269. static int randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
  30270. {
  30271. byte d[MP_MAX_TEST_BYTE_LEN];
  30272. int ret;
  30273. (void)heap;
  30274. do {
  30275. ret = wc_RNG_GenerateBlock(rng, d, len);
  30276. if (ret != 0)
  30277. return ret;
  30278. ret = mp_read_unsigned_bin(n, d, len);
  30279. if (ret != 0)
  30280. return ret;
  30281. } while (mp_iszero(n));
  30282. return 0;
  30283. }
  30284. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
  30285. static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
  30286. {
  30287. int i, j;
  30288. mp_digit rem;
  30289. mp_digit rem2;
  30290. #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  30291. defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  30292. for (i = 0; i < 10; i++) {
  30293. for (j = 1; j < 10; j++) {
  30294. if (randNum(a, j, rng, NULL) != 0)
  30295. return -12620;
  30296. if (mp_div_3(a, r, &rem) != 0)
  30297. return -12621;
  30298. if (mp_mul_d(r, 3, r) != 0)
  30299. return -12622;
  30300. if (mp_add_d(r, rem, r) != 0)
  30301. return -12623;
  30302. if (mp_cmp(r, a) != MP_EQ)
  30303. return -12624;
  30304. }
  30305. }
  30306. if (mp_div_3(a, r, &rem) != 0)
  30307. return -12625;
  30308. if (mp_div_3(a, a, NULL) != 0)
  30309. return -12626;
  30310. if (mp_cmp(r, a) != MP_EQ)
  30311. return -12627;
  30312. #endif
  30313. #if defined(WOLFSSL_SP_MATH_ALL)
  30314. if (mp_div_d(a, 10, r, &rem) != 0)
  30315. return -12628;
  30316. if (mp_div_d(a, 10, a, NULL) != 0)
  30317. return -12629;
  30318. if (mp_cmp(r, a) != MP_EQ)
  30319. return -12630;
  30320. if (mp_div_d(a, 12, r, &rem) != 0)
  30321. return -12631;
  30322. if (mp_div_d(a, 12, a, NULL) != 0)
  30323. return -12632;
  30324. if (mp_cmp(r, a) != MP_EQ)
  30325. return -12633;
  30326. if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem) != 0)
  30327. return -12634;
  30328. if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2) != 0)
  30329. return -12635;
  30330. if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL) != 0)
  30331. return -12636;
  30332. if (mp_cmp(r, a) != MP_EQ)
  30333. return -12637;
  30334. if (rem != rem2)
  30335. return -12638;
  30336. #endif
  30337. (void)a;
  30338. (void)r;
  30339. (void)rng;
  30340. (void)i;
  30341. (void)j;
  30342. (void)rem;
  30343. (void)rem2;
  30344. return 0;
  30345. }
  30346. #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
  30347. #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
  30348. !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  30349. (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
  30350. (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
  30351. static int mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
  30352. {
  30353. int ret;
  30354. int i, j;
  30355. int size;
  30356. char str[30];
  30357. WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
  30358. WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
  30359. WOLFSSL_SMALL_STACK_STATIC const char* badStr3 = " ";
  30360. WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
  30361. WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
  30362. for (i = 0; i < 10; i++) {
  30363. for (j = 2; j < 12; j++) {
  30364. if (randNum(a, j, rng, NULL) != 0)
  30365. return -12640;
  30366. if (mp_radix_size(a, MP_RADIX_DEC, &size) != MP_OKAY)
  30367. return -12641;
  30368. if (mp_toradix(a, str, MP_RADIX_DEC) != MP_OKAY)
  30369. return -12660;
  30370. if ((int)XSTRLEN(str) != size - 1)
  30371. return -12642;
  30372. if (mp_read_radix(r, str, MP_RADIX_DEC) != MP_OKAY)
  30373. return -12661;
  30374. if (mp_cmp(a, r) != MP_EQ)
  30375. return -12643;
  30376. }
  30377. }
  30378. if (mp_read_radix(r, badStr1, MP_RADIX_DEC) != MP_VAL)
  30379. return -12644;
  30380. if (mp_read_radix(r, badStr2, MP_RADIX_DEC) != MP_VAL)
  30381. return -12645;
  30382. if (mp_read_radix(r, badStr3, MP_RADIX_DEC) != MP_VAL)
  30383. return -12646;
  30384. if (mp_read_radix(r, zeros, MP_RADIX_DEC) != MP_OKAY)
  30385. return -12647;
  30386. if (!mp_iszero(r))
  30387. return -12648;
  30388. mp_set(r, 1);
  30389. if (mp_read_radix(r, empty, MP_RADIX_DEC) != MP_OKAY)
  30390. return -12649;
  30391. if (!mp_iszero(r))
  30392. return -12650;
  30393. mp_zero(a);
  30394. ret = mp_radix_size(a, MP_RADIX_DEC, &size);
  30395. if (ret != 0)
  30396. return -12651;
  30397. if (size != 2)
  30398. return -12652;
  30399. ret = mp_toradix(a, str, MP_RADIX_DEC);
  30400. if (ret != 0)
  30401. return -12653;
  30402. if ((int)XSTRLEN(str) != size - 1)
  30403. return -12654;
  30404. ret = mp_read_radix(r, str, MP_RADIX_DEC);
  30405. if (ret != 0)
  30406. return -12655;
  30407. if (!mp_iszero(r))
  30408. return -12656;
  30409. return 0;
  30410. }
  30411. #endif
  30412. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
  30413. defined(HAVE_ECC))
  30414. static int mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
  30415. {
  30416. int ret;
  30417. int i, j;
  30418. int size;
  30419. char str[30];
  30420. #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
  30421. static char longStr[2 * sizeof(a->dp) + 2];
  30422. #endif
  30423. WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = " ";
  30424. WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
  30425. WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
  30426. for (i = 0; i < 10; i++) {
  30427. for (j = 2; j < 12; j++) {
  30428. if (randNum(a, j, rng, NULL) != 0)
  30429. return -12660;
  30430. mp_radix_size(a, MP_RADIX_HEX, &size);
  30431. mp_toradix(a, str, MP_RADIX_HEX);
  30432. if ((int)XSTRLEN(str) != size - 1)
  30433. return -12661;
  30434. mp_read_radix(r, str, MP_RADIX_HEX);
  30435. if (mp_cmp(a, r) != MP_EQ)
  30436. return -12662;
  30437. }
  30438. }
  30439. if (mp_read_radix(r, badStr1, MP_RADIX_HEX) != MP_VAL)
  30440. return -12663;
  30441. if (mp_read_radix(r, badStr2, MP_RADIX_HEX) != MP_VAL)
  30442. return -12664;
  30443. mp_set(r, 1);
  30444. if (mp_read_radix(r, empty, MP_RADIX_HEX) != MP_OKAY)
  30445. return -12665;
  30446. if (!mp_iszero(r))
  30447. return -12666;
  30448. #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
  30449. /* Fixed MP data size - string can be too long. */
  30450. longStr[0] = '8';
  30451. XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
  30452. longStr[sizeof(longStr)-1] = '\0';
  30453. if (mp_read_radix(r, longStr, MP_RADIX_HEX) != MP_VAL)
  30454. return -12667;
  30455. #endif
  30456. mp_zero(a);
  30457. ret = mp_radix_size(a, MP_RADIX_HEX, &size);
  30458. if (ret != 0)
  30459. return -12668;
  30460. #ifndef WC_DISABLE_RADIX_ZERO_PAD
  30461. if (size != 3)
  30462. #else
  30463. if (size != 2)
  30464. #endif
  30465. return -12669;
  30466. ret = mp_toradix(a, str, MP_RADIX_HEX);
  30467. if (ret != 0)
  30468. return -12670;
  30469. if ((int)XSTRLEN(str) != size - 1)
  30470. return -12671;
  30471. ret = mp_read_radix(r, str, MP_RADIX_HEX);
  30472. if (ret != 0)
  30473. return -12672;
  30474. if (!mp_iszero(r))
  30475. return -12673;
  30476. #ifdef WOLFSSL_SP_MATH
  30477. ret = mp_toradix(a, str, 8);
  30478. if (ret != MP_VAL)
  30479. return -12674;
  30480. ret = mp_radix_size(a, 8, &size);
  30481. if (ret != MP_VAL)
  30482. return -12675;
  30483. #endif
  30484. return 0;
  30485. }
  30486. #endif
  30487. static int mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
  30488. {
  30489. int i;
  30490. if (randNum(a, 4, rng, NULL) != 0)
  30491. return -12680;
  30492. for (i = 0; i < 4; i++) {
  30493. mp_copy(r1, a);
  30494. if (mp_lshd(r1, i) != MP_OKAY)
  30495. return -12681;
  30496. mp_rshd(r1, i);
  30497. if (mp_cmp(a, r1) != MP_EQ)
  30498. return -12682;
  30499. }
  30500. #ifndef WOLFSSL_SP_MATH
  30501. for (i = 0; i < DIGIT_BIT+1; i++) {
  30502. if (mp_mul_2d(a, i, r1) != MP_OKAY)
  30503. return -12683;
  30504. mp_rshb(r1, i);
  30505. if (mp_cmp(a, r1) != MP_EQ)
  30506. return -12684;
  30507. }
  30508. #endif
  30509. return 0;
  30510. }
  30511. static int mp_test_add_sub_d(mp_int* a, mp_int* r1)
  30512. {
  30513. int i, j;
  30514. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  30515. mp_zero(a);
  30516. mp_set_bit(a, i);
  30517. if (a->used != (i + DIGIT_BIT) / DIGIT_BIT)
  30518. return -12690;
  30519. for (j = 0; j < i && j < DIGIT_BIT; j++) {
  30520. mp_zero(r1);
  30521. mp_set_bit(r1, i);
  30522. if (mp_sub_d(r1, (mp_digit)1 << j, r1) != MP_OKAY)
  30523. return -12691;
  30524. if (mp_add_d(r1, (mp_digit)1 << j, r1) != MP_OKAY)
  30525. return -12692;
  30526. if (mp_cmp(a, r1) != MP_EQ)
  30527. return -12693;
  30528. }
  30529. }
  30530. mp_zero(r1);
  30531. if (mp_add_d(r1, 1, r1) != MP_OKAY)
  30532. return -12694;
  30533. if (r1->used != 1)
  30534. return -12695;
  30535. if (mp_sub_d(r1, 1, r1) != MP_OKAY)
  30536. return -12696;
  30537. if (r1->used != 0)
  30538. return -12697;
  30539. return 0;
  30540. }
  30541. static int mp_test_read_to_bin(mp_int* a)
  30542. {
  30543. WOLFSSL_SMALL_STACK_STATIC const byte in[16] = {
  30544. 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08,
  30545. 0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09
  30546. };
  30547. byte out[24];
  30548. int i, j, k;
  30549. const byte* p;
  30550. int ret;
  30551. for (i = 0; i < (int)sizeof(in); i++) {
  30552. p = in + sizeof(in) - i;
  30553. ret = mp_read_unsigned_bin(a, p, i);
  30554. if (ret != 0)
  30555. return -12710;
  30556. for (j = i; j < (int)sizeof(out); j++) {
  30557. XMEMSET(out, 0xff, sizeof(out));
  30558. ret = mp_to_unsigned_bin_len(a, out, j);
  30559. if (ret != 0)
  30560. return -12711;
  30561. for (k = 0; k < j - i; k++) {
  30562. if (out[k] != 0)
  30563. return -12712;
  30564. }
  30565. for (; k < j; k++) {
  30566. if (out[k] != p[k - (j - i)])
  30567. return -12713;
  30568. }
  30569. }
  30570. }
  30571. ret = mp_read_unsigned_bin(a, NULL, 0);
  30572. if (ret != 0)
  30573. return -12714;
  30574. if (!mp_iszero(a))
  30575. return -12715;
  30576. return 0;
  30577. }
  30578. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  30579. static int mp_test_set_int(mp_int* a)
  30580. {
  30581. #if SP_ULONG_BITS == 64
  30582. unsigned long n = 0xfedcba9876543210UL;
  30583. byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
  30584. byte out[8] = { 0 };
  30585. #elif SP_ULONG_BITS == 32
  30586. unsigned long n = 0xfedcba98UL;
  30587. byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 };
  30588. byte out[4] = { 0 };
  30589. #elif SP_ULONG_BITS == 16
  30590. unsigned long n = 0xfedc;
  30591. byte exp[2] = { 0xfe, 0xdc };
  30592. byte out[2] = { 0 };
  30593. #elif SP_ULONG_BITS == 8
  30594. unsigned long n = 0xfe;
  30595. byte exp[1] = { 0xfe };
  30596. byte out[1] = { 0 };
  30597. #endif
  30598. int ret;
  30599. ret = mp_set_int(a, n);
  30600. if (ret != 0)
  30601. return -12720;
  30602. ret = mp_unsigned_bin_size(a);
  30603. if (ret != sizeof(exp))
  30604. return -12721;
  30605. ret = mp_to_unsigned_bin(a, out);
  30606. if (ret != 0)
  30607. return -12722;
  30608. if (XMEMCMP(exp, out, sizeof(exp)) != 0)
  30609. return -12723;
  30610. return 0;
  30611. }
  30612. #endif
  30613. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  30614. static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
  30615. {
  30616. byte buffer[16];
  30617. #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
  30618. char hexStr[] = "abcdef0123456789";
  30619. #ifndef WOLFSSL_SP_INT_NEGATIVE
  30620. char negStr[] = "-1234";
  30621. #endif
  30622. #endif
  30623. #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
  30624. defined(HAVE_COMP_KEY)
  30625. char decStr[] = "0987654321";
  30626. #endif
  30627. int ret;
  30628. #ifdef WOLFSSL_SP_MATH_ALL
  30629. mp_digit rho;
  30630. int size;
  30631. #endif
  30632. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  30633. int result;
  30634. #endif
  30635. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  30636. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  30637. mp_digit rd;
  30638. #endif
  30639. (void)rng;
  30640. (void)r;
  30641. ret = mp_init(NULL);
  30642. if (ret != MP_VAL)
  30643. return -12730;
  30644. #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
  30645. ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL);
  30646. if (ret != MP_OKAY)
  30647. return -12731;
  30648. #endif
  30649. mp_free(NULL);
  30650. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
  30651. ret = mp_grow(NULL, 1);
  30652. if (ret != MP_VAL)
  30653. return -12732;
  30654. #ifdef WOLFSSL_SP_MATH
  30655. ret = mp_grow(a, SP_INT_DIGITS + 1);
  30656. if (ret != MP_MEM)
  30657. return -12733;
  30658. #endif
  30659. #endif
  30660. mp_clear(NULL);
  30661. ret = mp_abs(NULL, NULL);
  30662. if (ret != MP_VAL)
  30663. return -12734;
  30664. ret = mp_abs(a, NULL);
  30665. if (ret != MP_VAL)
  30666. return -12735;
  30667. ret = mp_abs(NULL, b);
  30668. if (ret != MP_VAL)
  30669. return -12736;
  30670. ret = mp_unsigned_bin_size(NULL);
  30671. if (ret != 0)
  30672. return -12737;
  30673. ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
  30674. if (ret != MP_VAL)
  30675. return -12738;
  30676. ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
  30677. if (ret != MP_VAL)
  30678. return -12739;
  30679. ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
  30680. if (ret != MP_VAL)
  30681. return -12740;
  30682. ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
  30683. if (ret != MP_VAL)
  30684. return -12741;
  30685. #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
  30686. ret = mp_read_radix(NULL, NULL, 16);
  30687. if (ret != MP_VAL)
  30688. return -12742;
  30689. ret = mp_read_radix(a, NULL, 16);
  30690. if (ret != MP_VAL)
  30691. return -12743;
  30692. ret = mp_read_radix(NULL, hexStr, 16);
  30693. if (ret != MP_VAL)
  30694. return -12744;
  30695. #ifndef WOLFSSL_SP_INT_NEGATIVE
  30696. ret = mp_read_radix(a, negStr, 16);
  30697. if (ret != MP_VAL)
  30698. return -12745;
  30699. #ifdef WOLFSSL_SP_MATH_ALL
  30700. ret = mp_read_radix(a, negStr, 10);
  30701. if (ret != MP_VAL)
  30702. return -12746;
  30703. #endif /* WOLFSSL_SP_MATH_ALL */
  30704. #endif /* WOLFSSL_SP_INT_NEGATIVE */
  30705. #endif
  30706. #ifndef WOLFSSL_SP_MATH_ALL
  30707. /* Radix 10 only supported with ALL. */
  30708. ret = mp_read_radix(a, decStr, 10);
  30709. if (ret != MP_VAL)
  30710. return -12747;
  30711. #endif
  30712. /* Radix 8 not supported SP_INT. */
  30713. ret = mp_read_radix(a, "0123", 8);
  30714. if (ret != MP_VAL)
  30715. return -12748;
  30716. ret = mp_count_bits(NULL);
  30717. if (ret != 0)
  30718. return -12749;
  30719. ret = mp_is_bit_set(NULL, 0);
  30720. if (ret != 0)
  30721. return -12750;
  30722. ret = mp_leading_bit(NULL);
  30723. if (ret != 0)
  30724. return -12751;
  30725. mp_zero(a);
  30726. ret = mp_leading_bit(a);
  30727. if (ret != 0)
  30728. return -12752;
  30729. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  30730. defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
  30731. !defined(NO_RSA)
  30732. ret = mp_set_bit(NULL, 1);
  30733. if (ret != MP_VAL)
  30734. return -12753;
  30735. #endif
  30736. #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
  30737. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  30738. ret = mp_to_unsigned_bin(NULL, NULL);
  30739. if (ret != MP_VAL)
  30740. return -12754;
  30741. ret = mp_to_unsigned_bin(a, NULL);
  30742. if (ret != MP_VAL)
  30743. return -12755;
  30744. ret = mp_to_unsigned_bin(NULL, buffer);
  30745. if (ret != MP_VAL)
  30746. return -12756;
  30747. #endif
  30748. ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
  30749. if (ret != MP_VAL)
  30750. return -12757;
  30751. ret = mp_to_unsigned_bin_len(a, NULL, 1);
  30752. if (ret != MP_VAL)
  30753. return -12758;
  30754. ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
  30755. if (ret != MP_VAL)
  30756. return -12759;
  30757. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
  30758. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  30759. ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
  30760. if (ret != MP_VAL)
  30761. return -12760;
  30762. ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
  30763. if (ret != MP_VAL)
  30764. return -12761;
  30765. ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
  30766. if (ret != MP_VAL)
  30767. return -12762;
  30768. ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
  30769. if (ret != MP_OKAY)
  30770. return -12763;
  30771. #endif
  30772. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
  30773. ret = mp_copy(NULL, NULL);
  30774. if (ret != MP_VAL)
  30775. return -12764;
  30776. ret = mp_copy(a, NULL);
  30777. if (ret != MP_VAL)
  30778. return -12765;
  30779. ret = mp_copy(NULL, b);
  30780. if (ret != MP_VAL)
  30781. return -12766;
  30782. #endif
  30783. #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
  30784. ret = sp_2expt(NULL, 1);
  30785. if (ret != MP_VAL)
  30786. return -12767;
  30787. #endif
  30788. ret = mp_set(NULL, 0);
  30789. if (ret != MP_VAL)
  30790. return -12768;
  30791. ret = mp_cmp_d(NULL, 0);
  30792. if (ret != MP_LT)
  30793. return -12769;
  30794. ret = mp_cmp(NULL, NULL);
  30795. if (ret != MP_EQ)
  30796. return -12770;
  30797. ret = mp_cmp(a, NULL);
  30798. if (ret != MP_GT)
  30799. return -12771;
  30800. ret = mp_cmp(NULL, b);
  30801. if (ret != MP_LT)
  30802. return -12772;
  30803. #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
  30804. mp_rshd(NULL, 1);
  30805. #endif
  30806. mp_zero(NULL);
  30807. #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
  30808. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  30809. ret = mp_lshd(NULL, 0);
  30810. if (ret != MP_VAL)
  30811. return -12773;
  30812. ret = mp_lshd(a, SP_INT_DIGITS + 1);
  30813. if (ret != MP_VAL)
  30814. return -12774;
  30815. #endif
  30816. #if defined(WOLFSSL_SP_MATH_ALL)
  30817. ret = mp_div(NULL, NULL, a, b);
  30818. if (ret != MP_VAL)
  30819. return -12775;
  30820. ret = mp_div(a, NULL, a, b);
  30821. if (ret != MP_VAL)
  30822. return -12776;
  30823. ret = mp_div(NULL, b, a, b);
  30824. if (ret != MP_VAL)
  30825. return -12777;
  30826. ret = mp_div(a, b, NULL, NULL);
  30827. if (ret != MP_VAL)
  30828. return -12778;
  30829. #endif
  30830. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
  30831. (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  30832. ret = mp_mod(NULL, NULL, NULL);
  30833. if (ret != MP_VAL)
  30834. return -12779;
  30835. ret = mp_mod(a, NULL, NULL);
  30836. if (ret != MP_VAL)
  30837. return -12780;
  30838. ret = mp_mod(NULL, b, NULL);
  30839. if (ret != MP_VAL)
  30840. return -12781;
  30841. ret = mp_mod(NULL, NULL, r);
  30842. if (ret != MP_VAL)
  30843. return -12782;
  30844. ret = mp_mod(a, b, NULL);
  30845. if (ret != MP_VAL)
  30846. return -12783;
  30847. ret = mp_mod(a, NULL, r);
  30848. if (ret != MP_VAL)
  30849. return -12784;
  30850. ret = mp_mod(NULL, b, r);
  30851. if (ret != MP_VAL)
  30852. return -12785;
  30853. #endif
  30854. #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
  30855. ret = mp_set_int(NULL, 0);
  30856. if (ret != MP_VAL)
  30857. return -12786;
  30858. #endif
  30859. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  30860. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  30861. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
  30862. if (ret != MP_VAL)
  30863. return 9950;
  30864. ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
  30865. if (ret != MP_VAL)
  30866. return 9951;
  30867. ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
  30868. if (ret != MP_VAL)
  30869. return 9952;
  30870. ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
  30871. if (ret != MP_VAL)
  30872. return 9953;
  30873. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
  30874. if (ret != MP_VAL)
  30875. return 9954;
  30876. ret = mp_exptmod_ex(a, a, 1, a, NULL);
  30877. if (ret != MP_VAL)
  30878. return 9955;
  30879. ret = mp_exptmod_ex(a, a, 1, NULL, a);
  30880. if (ret != MP_VAL)
  30881. return 9956;
  30882. ret = mp_exptmod_ex(a, NULL, 1, a, a);
  30883. if (ret != MP_VAL)
  30884. return 9957;
  30885. ret = mp_exptmod_ex(NULL, a, 1, a, a);
  30886. if (ret != MP_VAL)
  30887. return 9958;
  30888. ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
  30889. if (ret != MP_VAL)
  30890. return 9960;
  30891. ret = mp_exptmod_nct(a, NULL, NULL, NULL);
  30892. if (ret != MP_VAL)
  30893. return 9961;
  30894. ret = mp_exptmod_nct(NULL, a, NULL, NULL);
  30895. if (ret != MP_VAL)
  30896. return 9962;
  30897. ret = mp_exptmod_nct(NULL, NULL, a, NULL);
  30898. if (ret != MP_VAL)
  30899. return 9963;
  30900. ret = mp_exptmod_nct(NULL, NULL, NULL, a);
  30901. if (ret != MP_VAL)
  30902. return 9964;
  30903. ret = mp_exptmod_nct(a, a, a, NULL);
  30904. if (ret != MP_VAL)
  30905. return 9965;
  30906. ret = mp_exptmod_nct(a, a, NULL, a);
  30907. if (ret != MP_VAL)
  30908. return 9966;
  30909. ret = mp_exptmod_nct(a, NULL, a, a);
  30910. if (ret != MP_VAL)
  30911. return 9967;
  30912. ret = mp_exptmod_nct(NULL, a, a, a);
  30913. if (ret != MP_VAL)
  30914. return 9968;
  30915. #endif
  30916. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  30917. !defined(WC_NO_RNG)
  30918. ret = mp_rand_prime(NULL, 32, NULL, NULL);
  30919. if (ret != MP_VAL)
  30920. return -12787;
  30921. ret = mp_rand_prime(a, 32, NULL, NULL);
  30922. if (ret != MP_VAL)
  30923. return -12788;
  30924. ret = mp_rand_prime(NULL, 32, rng, NULL);
  30925. if (ret != MP_VAL)
  30926. return -12789;
  30927. ret = mp_rand_prime(a, 0, rng, NULL);
  30928. if (ret != MP_VAL)
  30929. return -9969;
  30930. #endif
  30931. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  30932. ret = mp_mul(NULL, NULL, NULL);
  30933. if (ret != MP_VAL)
  30934. return -12790;
  30935. ret = mp_mul(a, NULL, NULL);
  30936. if (ret != MP_VAL)
  30937. return -12791;
  30938. ret = mp_mul(NULL, b, NULL);
  30939. if (ret != MP_VAL)
  30940. return -12792;
  30941. ret = mp_mul(NULL, NULL, r);
  30942. if (ret != MP_VAL)
  30943. return -12793;
  30944. ret = mp_mul(a, b, NULL);
  30945. if (ret != MP_VAL)
  30946. return -12794;
  30947. ret = mp_mul(a, NULL, r);
  30948. if (ret != MP_VAL)
  30949. return -12795;
  30950. ret = mp_mul(NULL, b, r);
  30951. if (ret != MP_VAL)
  30952. return -12796;
  30953. #endif
  30954. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  30955. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  30956. ret = mp_sqr(NULL, NULL);
  30957. if (ret != MP_VAL)
  30958. return -12797;
  30959. ret = mp_sqr(a, NULL);
  30960. if (ret != MP_VAL)
  30961. return -12798;
  30962. ret = mp_sqr(NULL, r);
  30963. if (ret != MP_VAL)
  30964. return -12799;
  30965. #endif
  30966. #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
  30967. ret = mp_sqrmod(NULL, NULL, NULL);
  30968. if (ret != MP_VAL)
  30969. return -12800;
  30970. ret = mp_sqrmod(a, NULL, NULL);
  30971. if (ret != MP_VAL)
  30972. return -12801;
  30973. ret = mp_sqrmod(NULL, a, NULL);
  30974. if (ret != MP_VAL)
  30975. return -12802;
  30976. ret = mp_sqrmod(NULL, NULL, a);
  30977. if (ret != MP_VAL)
  30978. return -12803;
  30979. ret = mp_sqrmod(a, b, NULL);
  30980. if (ret != MP_VAL)
  30981. return -12804;
  30982. ret = mp_sqrmod(a, NULL, b);
  30983. if (ret != MP_VAL)
  30984. return -12805;
  30985. ret = mp_sqrmod(NULL, a, b);
  30986. if (ret != MP_VAL)
  30987. return -12806;
  30988. ret = mp_mulmod(NULL, NULL, NULL, NULL);
  30989. if (ret != MP_VAL)
  30990. return -12807;
  30991. ret = mp_mulmod(a, NULL, NULL, NULL);
  30992. if (ret != MP_VAL)
  30993. return -12808;
  30994. ret = mp_mulmod(NULL, a, NULL, NULL);
  30995. if (ret != MP_VAL)
  30996. return -12809;
  30997. ret = mp_mulmod(NULL, NULL, a, NULL);
  30998. if (ret != MP_VAL)
  30999. return -12810;
  31000. ret = mp_mulmod(NULL, NULL, NULL, a);
  31001. if (ret != MP_VAL)
  31002. return -12811;
  31003. ret = mp_mulmod(a, b, b, NULL);
  31004. if (ret != MP_VAL)
  31005. return -12812;
  31006. ret = mp_mulmod(a, b, NULL, a);
  31007. if (ret != MP_VAL)
  31008. return -12813;
  31009. ret = mp_mulmod(a, NULL, b, a);
  31010. if (ret != MP_VAL)
  31011. return -12814;
  31012. ret = mp_mulmod(NULL, b, b, a);
  31013. if (ret != MP_VAL)
  31014. return -12815;
  31015. #endif
  31016. #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
  31017. !defined(NO_RSA) || !defined(NO_DSA)
  31018. ret = mp_add_d(NULL, 1, NULL);
  31019. if (ret != MP_VAL)
  31020. return -12816;
  31021. ret = mp_add_d(a, 1, NULL);
  31022. if (ret != MP_VAL)
  31023. return -12817;
  31024. ret = mp_add_d(NULL, 1, b);
  31025. if (ret != MP_VAL)
  31026. return -12818;
  31027. #endif
  31028. #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  31029. !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
  31030. ret = mp_sub_d(NULL, 1, NULL);
  31031. if (ret != MP_VAL)
  31032. return -12819;
  31033. ret = mp_sub_d(a, 1, NULL);
  31034. if (ret != MP_VAL)
  31035. return -12820;
  31036. ret = mp_sub_d(NULL, 1, b);
  31037. if (ret != MP_VAL)
  31038. return -12821;
  31039. #endif
  31040. #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  31041. defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  31042. ret = mp_div_d(NULL, 0, NULL, NULL);
  31043. if (ret != MP_VAL)
  31044. return -12822;
  31045. ret = mp_div_d(a, 0, NULL, NULL);
  31046. if (ret != MP_VAL)
  31047. return -12823;
  31048. ret = mp_div_d(NULL, 1, NULL, NULL);
  31049. if (ret != MP_VAL)
  31050. return -12824;
  31051. #endif
  31052. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  31053. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  31054. ret = mp_mod_d(NULL, 0, NULL);
  31055. if (ret != MP_VAL)
  31056. return -12825;
  31057. ret = mp_mod_d(a, 0, NULL);
  31058. if (ret != MP_VAL)
  31059. return -12826;
  31060. ret = mp_mod_d(NULL, 0, &rd);
  31061. if (ret != MP_VAL)
  31062. return -12827;
  31063. #endif
  31064. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  31065. ret = mp_gcd(NULL, NULL, NULL);
  31066. if (ret != MP_VAL)
  31067. return -12828;
  31068. ret = mp_gcd(a, NULL, NULL);
  31069. if (ret != MP_VAL)
  31070. return -12829;
  31071. ret = mp_gcd(NULL, a, NULL);
  31072. if (ret != MP_VAL)
  31073. return -12830;
  31074. ret = mp_gcd(NULL, NULL, a);
  31075. if (ret != MP_VAL)
  31076. return -12831;
  31077. ret = mp_gcd(a, b, NULL);
  31078. if (ret != MP_VAL)
  31079. return -12832;
  31080. ret = mp_gcd(a, NULL, b);
  31081. if (ret != MP_VAL)
  31082. return -12833;
  31083. ret = mp_gcd(NULL, a, b);
  31084. if (ret != MP_VAL)
  31085. return -12834;
  31086. #endif
  31087. #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
  31088. ret = mp_div_2_mod_ct(NULL, NULL, NULL);
  31089. if (ret != MP_VAL)
  31090. return -12835;
  31091. ret = mp_div_2_mod_ct(a, NULL, NULL);
  31092. if (ret != MP_VAL)
  31093. return -12836;
  31094. ret = mp_div_2_mod_ct(NULL, b, NULL);
  31095. if (ret != MP_VAL)
  31096. return -12837;
  31097. ret = mp_div_2_mod_ct(NULL, NULL, a);
  31098. if (ret != MP_VAL)
  31099. return -12838;
  31100. ret = mp_div_2_mod_ct(a, b, NULL);
  31101. if (ret != MP_VAL)
  31102. return -12839;
  31103. ret = mp_div_2_mod_ct(a, b, NULL);
  31104. if (ret != MP_VAL)
  31105. return -12840;
  31106. ret = mp_div_2_mod_ct(NULL, b, a);
  31107. if (ret != MP_VAL)
  31108. return -12841;
  31109. ret = mp_div_2(NULL, NULL);
  31110. if (ret != MP_VAL)
  31111. return -12842;
  31112. ret = mp_div_2(a, NULL);
  31113. if (ret != MP_VAL)
  31114. return -12843;
  31115. ret = mp_div_2(NULL, a);
  31116. if (ret != MP_VAL)
  31117. return -12844;
  31118. #endif
  31119. #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  31120. defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
  31121. ret = mp_invmod(NULL, NULL, NULL);
  31122. if (ret != MP_VAL)
  31123. return -12845;
  31124. ret = mp_invmod(a, NULL, NULL);
  31125. if (ret != MP_VAL)
  31126. return -12846;
  31127. ret = mp_invmod(NULL, b, NULL);
  31128. if (ret != MP_VAL)
  31129. return -12847;
  31130. ret = mp_invmod(NULL, NULL, a);
  31131. if (ret != MP_VAL)
  31132. return -12848;
  31133. ret = mp_invmod(a, b, NULL);
  31134. if (ret != MP_VAL)
  31135. return -12849;
  31136. ret = mp_invmod(a, NULL, a);
  31137. if (ret != MP_VAL)
  31138. return -12850;
  31139. ret = mp_invmod(NULL, b, a);
  31140. if (ret != MP_VAL)
  31141. return -12851;
  31142. #endif
  31143. #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
  31144. ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
  31145. if (ret != MP_VAL)
  31146. return -12852;
  31147. ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
  31148. if (ret != MP_VAL)
  31149. return -12853;
  31150. ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
  31151. if (ret != MP_VAL)
  31152. return -12854;
  31153. ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
  31154. if (ret != MP_VAL)
  31155. return -12855;
  31156. ret = mp_invmod_mont_ct(a, b, NULL, 1);
  31157. if (ret != MP_VAL)
  31158. return -12856;
  31159. ret = mp_invmod_mont_ct(a, NULL, a, 1);
  31160. if (ret != MP_VAL)
  31161. return -12857;
  31162. ret = mp_invmod_mont_ct(NULL, b, a, 1);
  31163. if (ret != MP_VAL)
  31164. return -12858;
  31165. #endif
  31166. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
  31167. ret = mp_lcm(NULL, NULL, NULL);
  31168. if (ret != MP_VAL)
  31169. return -12859;
  31170. ret = mp_lcm(a, NULL, NULL);
  31171. if (ret != MP_VAL)
  31172. return -12860;
  31173. ret = mp_lcm(NULL, b, NULL);
  31174. if (ret != MP_VAL)
  31175. return -12861;
  31176. ret = mp_lcm(NULL, NULL, a);
  31177. if (ret != MP_VAL)
  31178. return -12862;
  31179. ret = mp_lcm(a, b, NULL);
  31180. if (ret != MP_VAL)
  31181. return -12863;
  31182. ret = mp_lcm(a, NULL, a);
  31183. if (ret != MP_VAL)
  31184. return -12864;
  31185. ret = mp_lcm(NULL, b, a);
  31186. if (ret != MP_VAL)
  31187. return -12865;
  31188. #endif
  31189. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  31190. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
  31191. if (ret != MP_VAL)
  31192. return -12866;
  31193. ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
  31194. if (ret != MP_VAL)
  31195. return -12867;
  31196. ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
  31197. if (ret != MP_VAL)
  31198. return -12868;
  31199. ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
  31200. if (ret != MP_VAL)
  31201. return -12869;
  31202. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
  31203. if (ret != MP_VAL)
  31204. return -12870;
  31205. ret = mp_exptmod_ex(a, b, 1, b, NULL);
  31206. if (ret != MP_VAL)
  31207. return -12871;
  31208. ret = mp_exptmod_ex(a, b, 1, NULL, a);
  31209. if (ret != MP_VAL)
  31210. return -12872;
  31211. ret = mp_exptmod_ex(a, NULL, 1, b, a);
  31212. if (ret != MP_VAL)
  31213. return -12873;
  31214. ret = mp_exptmod_ex(NULL, b, 1, b, a);
  31215. if (ret != MP_VAL)
  31216. return -12874;
  31217. ret = mp_exptmod(NULL, NULL, NULL, NULL);
  31218. if (ret != MP_VAL)
  31219. return -12875;
  31220. ret = mp_exptmod(a, NULL, NULL, NULL);
  31221. if (ret != MP_VAL)
  31222. return -12876;
  31223. ret = mp_exptmod(NULL, b, NULL, NULL);
  31224. if (ret != MP_VAL)
  31225. return -12877;
  31226. ret = mp_exptmod(NULL, NULL, b, NULL);
  31227. if (ret != MP_VAL)
  31228. return -12878;
  31229. ret = mp_exptmod(NULL, NULL, NULL, a);
  31230. if (ret != MP_VAL)
  31231. return -12879;
  31232. ret = mp_exptmod(a, b, b, NULL);
  31233. if (ret != MP_VAL)
  31234. return -12880;
  31235. ret = mp_exptmod(a, b, NULL, a);
  31236. if (ret != MP_VAL)
  31237. return -12881;
  31238. ret = mp_exptmod(a, NULL, b, a);
  31239. if (ret != MP_VAL)
  31240. return -12882;
  31241. ret = mp_exptmod(NULL, b, b, a);
  31242. if (ret != MP_VAL)
  31243. return -12883;
  31244. ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
  31245. if (ret != MP_VAL)
  31246. return -12884;
  31247. ret = mp_exptmod_nct(a, NULL, NULL, NULL);
  31248. if (ret != MP_VAL)
  31249. return -12885;
  31250. ret = mp_exptmod_nct(NULL, b, NULL, NULL);
  31251. if (ret != MP_VAL)
  31252. return -12886;
  31253. ret = mp_exptmod_nct(NULL, NULL, b, NULL);
  31254. if (ret != MP_VAL)
  31255. return -12887;
  31256. ret = mp_exptmod_nct(NULL, NULL, NULL, a);
  31257. if (ret != MP_VAL)
  31258. return -12888;
  31259. ret = mp_exptmod_nct(a, b, b, NULL);
  31260. if (ret != MP_VAL)
  31261. return -12889;
  31262. ret = mp_exptmod_nct(a, b, NULL, a);
  31263. if (ret != MP_VAL)
  31264. return -12890;
  31265. ret = mp_exptmod_nct(a, NULL, b, a);
  31266. if (ret != MP_VAL)
  31267. return -12891;
  31268. ret = mp_exptmod_nct(NULL, b, b, a);
  31269. if (ret != MP_VAL)
  31270. return -12892;
  31271. #endif
  31272. #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
  31273. ret = mp_cnt_lsb(NULL);
  31274. if (ret != 0)
  31275. return -12893;
  31276. #endif
  31277. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  31278. ret = mp_prime_is_prime(NULL, 1, NULL);
  31279. if (ret != MP_VAL)
  31280. return -12894;
  31281. ret = mp_prime_is_prime(a, 1, NULL);
  31282. if (ret != MP_VAL)
  31283. return -12895;
  31284. ret = mp_prime_is_prime(NULL, 1, &result);
  31285. if (ret != MP_VAL)
  31286. return -12896;
  31287. ret = mp_prime_is_prime(a, 0, &result);
  31288. if (ret != MP_VAL)
  31289. return -12897;
  31290. ret = mp_prime_is_prime(a, 1024, &result);
  31291. if (ret != MP_VAL)
  31292. return -12898;
  31293. ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
  31294. if (ret != MP_VAL)
  31295. return -12899;
  31296. ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
  31297. if (ret != MP_VAL)
  31298. return -12900;
  31299. ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
  31300. if (ret != MP_VAL)
  31301. return -12901;
  31302. ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
  31303. if (ret != MP_VAL)
  31304. return -12902;
  31305. ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
  31306. if (ret != MP_VAL)
  31307. return -12903;
  31308. ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
  31309. if (ret != MP_VAL)
  31310. return -12904;
  31311. ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
  31312. if (ret != MP_VAL)
  31313. return -12905;
  31314. #endif
  31315. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
  31316. ret = mp_exch(NULL, NULL);
  31317. if (ret != MP_VAL)
  31318. return -12906;
  31319. ret = mp_exch(a, NULL);
  31320. if (ret != MP_VAL)
  31321. return -12907;
  31322. ret = mp_exch(NULL, b);
  31323. if (ret != MP_VAL)
  31324. return -12908;
  31325. #endif
  31326. #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
  31327. defined(WOLFSSL_SP_MATH_ALL)
  31328. ret = mp_mul_d(NULL, 1, NULL);
  31329. if (ret != MP_VAL)
  31330. return -12909;
  31331. ret = mp_mul_d(a, 1, NULL);
  31332. if (ret != MP_VAL)
  31333. return -12910;
  31334. ret = mp_mul_d(NULL, 1, b);
  31335. if (ret != MP_VAL)
  31336. return -12911;
  31337. #endif
  31338. #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
  31339. ret = mp_add(NULL, NULL, NULL);
  31340. if (ret != MP_VAL)
  31341. return -12912;
  31342. ret = mp_add(a, NULL, NULL);
  31343. if (ret != MP_VAL)
  31344. return -12913;
  31345. ret = mp_add(NULL, b, NULL);
  31346. if (ret != MP_VAL)
  31347. return -12914;
  31348. ret = mp_add(NULL, NULL, r);
  31349. if (ret != MP_VAL)
  31350. return -12915;
  31351. ret = mp_add(a, b, NULL);
  31352. if (ret != MP_VAL)
  31353. return -12916;
  31354. ret = mp_add(a, NULL, r);
  31355. if (ret != MP_VAL)
  31356. return -12917;
  31357. ret = mp_add(NULL, b, r);
  31358. if (ret != MP_VAL)
  31359. return -12918;
  31360. #endif
  31361. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
  31362. (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  31363. ret = mp_sub(NULL, NULL, NULL);
  31364. if (ret != MP_VAL)
  31365. return -12919;
  31366. ret = mp_sub(a, NULL, NULL);
  31367. if (ret != MP_VAL)
  31368. return -12920;
  31369. ret = mp_sub(NULL, b, NULL);
  31370. if (ret != MP_VAL)
  31371. return -12921;
  31372. ret = mp_sub(NULL, NULL, r);
  31373. if (ret != MP_VAL)
  31374. return -12922;
  31375. ret = mp_sub(a, b, NULL);
  31376. if (ret != MP_VAL)
  31377. return -12923;
  31378. ret = mp_sub(a, NULL, r);
  31379. if (ret != MP_VAL)
  31380. return -12924;
  31381. ret = mp_sub(NULL, b, r);
  31382. if (ret != MP_VAL)
  31383. return -12925;
  31384. #endif
  31385. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
  31386. defined(WOLFSSL_CUSTOM_CURVES))
  31387. ret = mp_addmod(NULL, NULL, NULL, NULL);
  31388. if (ret != MP_VAL)
  31389. return -12926;
  31390. ret = mp_addmod(a, NULL, NULL, NULL);
  31391. if (ret != MP_VAL)
  31392. return -12927;
  31393. ret = mp_addmod(NULL, b, NULL, NULL);
  31394. if (ret != MP_VAL)
  31395. return -12928;
  31396. ret = mp_addmod(NULL, NULL, b, NULL);
  31397. if (ret != MP_VAL)
  31398. return -12929;
  31399. ret = mp_addmod(NULL, NULL, NULL, a);
  31400. if (ret != MP_VAL)
  31401. return -12930;
  31402. ret = mp_addmod(a, b, b, NULL);
  31403. if (ret != MP_VAL)
  31404. return -12931;
  31405. ret = mp_addmod(a, b, NULL, a);
  31406. if (ret != MP_VAL)
  31407. return -12932;
  31408. ret = mp_addmod(a, NULL, b, a);
  31409. if (ret != MP_VAL)
  31410. return -12933;
  31411. ret = mp_addmod(NULL, b, b, a);
  31412. if (ret != MP_VAL)
  31413. return -12934;
  31414. #endif
  31415. #ifdef WOLFSSL_SP_MATH_ALL
  31416. ret = mp_submod(NULL, NULL, NULL, NULL);
  31417. if (ret != MP_VAL)
  31418. return -12935;
  31419. ret = mp_submod(a, NULL, NULL, NULL);
  31420. if (ret != MP_VAL)
  31421. return -12936;
  31422. ret = mp_submod(NULL, b, NULL, NULL);
  31423. if (ret != MP_VAL)
  31424. return -12937;
  31425. ret = mp_submod(NULL, NULL, b, NULL);
  31426. if (ret != MP_VAL)
  31427. return -12938;
  31428. ret = mp_submod(NULL, NULL, NULL, a);
  31429. if (ret != MP_VAL)
  31430. return -12939;
  31431. ret = mp_submod(a, b, b, NULL);
  31432. if (ret != MP_VAL)
  31433. return -12940;
  31434. ret = mp_submod(a, b, NULL, a);
  31435. if (ret != MP_VAL)
  31436. return -12941;
  31437. ret = mp_submod(a, NULL, b, a);
  31438. if (ret != MP_VAL)
  31439. return -12942;
  31440. ret = mp_submod(NULL, b, b, a);
  31441. if (ret != MP_VAL)
  31442. return -12943;
  31443. #endif
  31444. #ifdef WOLFSSL_SP_MATH_ALL
  31445. ret = mp_div_2d(NULL, 1, a, b);
  31446. if (ret != MP_VAL)
  31447. return -12944;
  31448. ret = mp_mod_2d(NULL, 1, NULL);
  31449. if (ret != MP_VAL)
  31450. return -12945;
  31451. ret = mp_mod_2d(a, 1, NULL);
  31452. if (ret != MP_VAL)
  31453. return -12946;
  31454. ret = mp_mod_2d(NULL, 1, b);
  31455. if (ret != MP_VAL)
  31456. return -12947;
  31457. ret = mp_mul_2d(NULL, 1, NULL);
  31458. if (ret != MP_VAL)
  31459. return -12948;
  31460. ret = mp_mul_2d(a, 1, NULL);
  31461. if (ret != MP_VAL)
  31462. return -12949;
  31463. ret = mp_mul_2d(NULL, 1, b);
  31464. if (ret != MP_VAL)
  31465. return -12950;
  31466. #endif
  31467. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  31468. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  31469. ret = mp_montgomery_reduce(NULL, NULL, 1);
  31470. if (ret != MP_VAL)
  31471. return -12951;
  31472. ret = mp_montgomery_reduce(a, NULL, 1);
  31473. if (ret != MP_VAL)
  31474. return -12952;
  31475. ret = mp_montgomery_reduce(NULL, b, 1);
  31476. if (ret != MP_VAL)
  31477. return -12953;
  31478. mp_zero(b);
  31479. ret = mp_montgomery_reduce(a, b, 1);
  31480. if (ret != MP_VAL)
  31481. return -12954;
  31482. #endif
  31483. #ifdef WOLFSSL_SP_MATH_ALL
  31484. ret = mp_montgomery_setup(NULL, NULL);
  31485. if (ret != MP_VAL)
  31486. return -12955;
  31487. ret = mp_montgomery_setup(a, NULL);
  31488. if (ret != MP_VAL)
  31489. return -12956;
  31490. ret = mp_montgomery_setup(NULL, &rho);
  31491. if (ret != MP_VAL)
  31492. return -12957;
  31493. ret = mp_montgomery_calc_normalization(NULL, NULL);
  31494. if (ret != MP_VAL)
  31495. return -12958;
  31496. ret = mp_montgomery_calc_normalization(a, NULL);
  31497. if (ret != MP_VAL)
  31498. return -12959;
  31499. ret = mp_montgomery_calc_normalization(NULL, b);
  31500. if (ret != MP_VAL)
  31501. return -12960;
  31502. #endif
  31503. ret = mp_unsigned_bin_size(NULL);
  31504. if (ret != 0)
  31505. return -12961;
  31506. #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
  31507. ret = mp_tohex(NULL, NULL);
  31508. if (ret != MP_VAL)
  31509. return -12962;
  31510. ret = mp_tohex(a, NULL);
  31511. if (ret != MP_VAL)
  31512. return -12963;
  31513. ret = mp_tohex(NULL, hexStr);
  31514. if (ret != MP_VAL)
  31515. return -12964;
  31516. #endif
  31517. #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  31518. ret = mp_todecimal(NULL, NULL);
  31519. if (ret != MP_VAL)
  31520. return -12965;
  31521. ret = mp_todecimal(a, NULL);
  31522. if (ret != MP_VAL)
  31523. return -12966;
  31524. ret = mp_todecimal(NULL, decStr);
  31525. if (ret != MP_VAL)
  31526. return -12967;
  31527. #endif
  31528. #ifdef WOLFSSL_SP_MATH_ALL
  31529. ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
  31530. if (ret != MP_VAL)
  31531. return -12968;
  31532. ret = mp_toradix(a, NULL, MP_RADIX_HEX);
  31533. if (ret != MP_VAL)
  31534. return -12969;
  31535. ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
  31536. if (ret != MP_VAL)
  31537. return -12970;
  31538. ret = mp_toradix(a, hexStr, 3);
  31539. if (ret != MP_VAL)
  31540. return -12971;
  31541. ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
  31542. if (ret != MP_VAL)
  31543. return -12972;
  31544. ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
  31545. if (ret != MP_VAL)
  31546. return -12973;
  31547. ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
  31548. if (ret != MP_VAL)
  31549. return -12974;
  31550. ret = mp_radix_size(a, 3, &size);
  31551. if (ret != MP_VAL)
  31552. return -12975;
  31553. #endif
  31554. return 0;
  31555. }
  31556. #endif
  31557. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  31558. static int mp_test_set_is_bit(mp_int* a)
  31559. {
  31560. int i, j;
  31561. mp_zero(a);
  31562. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  31563. if (mp_is_bit_set(a, i))
  31564. return -12980;
  31565. for (j = 0; j < i; j++) {
  31566. if (!mp_is_bit_set(a, j))
  31567. return -12981;
  31568. }
  31569. if (mp_set_bit(a, i) != 0)
  31570. return -12982;
  31571. if (!mp_is_bit_set(a, i))
  31572. return -12983;
  31573. }
  31574. mp_zero(a);
  31575. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  31576. if (mp_is_bit_set(a, i))
  31577. return -12984;
  31578. }
  31579. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  31580. mp_zero(a);
  31581. if (mp_set_bit(a, i) != 0)
  31582. return -12985;
  31583. for (j = 0; j < i; j++) {
  31584. if (mp_is_bit_set(a, j))
  31585. return -12986;
  31586. }
  31587. if (!mp_is_bit_set(a, i))
  31588. return -12987;
  31589. }
  31590. #ifdef WOLFSSL_KEY_GEN
  31591. for (i = 0; i < DIGIT_BIT * 2; i++) {
  31592. mp_set(a, 1);
  31593. if (mp_2expt(a, i) != 0)
  31594. return -12988;
  31595. for (j = 0; j < i; j++) {
  31596. if (mp_is_bit_set(a, j))
  31597. return -12989;
  31598. }
  31599. if (!mp_is_bit_set(a, i))
  31600. return -12990;
  31601. }
  31602. #endif
  31603. #ifdef WOLFSSL_SP_MATH
  31604. mp_zero(a);
  31605. for (j = 1; j <= 3; j++) {
  31606. i = SP_INT_MAX_BITS - j;
  31607. if (mp_is_bit_set(a, i))
  31608. return -12991;
  31609. if (mp_set_bit(a, i) != 0)
  31610. return -12992;
  31611. if (!mp_is_bit_set(a, i))
  31612. return -12993;
  31613. #ifdef WOLFSSL_KEY_GEN
  31614. if (mp_2expt(a, i) != 0)
  31615. return -12994;
  31616. if (!mp_is_bit_set(a, i))
  31617. return -12995;
  31618. #endif
  31619. }
  31620. mp_zero(a);
  31621. for (j = 0; j <= 3; j++) {
  31622. i = SP_INT_MAX_BITS + j;
  31623. if (mp_is_bit_set(a, i))
  31624. return -12996;
  31625. if (mp_set_bit(a, i) != MP_VAL)
  31626. return -12997;
  31627. #ifdef WOLFSSL_KEY_GEN
  31628. if (mp_2expt(a, i) != MP_VAL)
  31629. return -12998;
  31630. #endif
  31631. }
  31632. #endif
  31633. return 0;
  31634. }
  31635. #endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
  31636. static int mp_test_cmp(mp_int* a, mp_int* b)
  31637. {
  31638. int ret;
  31639. mp_zero(a);
  31640. mp_zero(b);
  31641. ret = mp_cmp_d(a, 0);
  31642. if (ret != MP_EQ)
  31643. return -13000;
  31644. ret = mp_cmp_d(a, 1);
  31645. if (ret != MP_LT)
  31646. return -13001;
  31647. ret = mp_cmp(a, b);
  31648. if (ret != MP_EQ)
  31649. return -13002;
  31650. mp_set(a, 1);
  31651. ret = mp_cmp_d(a, 0);
  31652. if (ret != MP_GT)
  31653. return -13003;
  31654. ret = mp_cmp_d(a, 1);
  31655. if (ret != MP_EQ)
  31656. return -13004;
  31657. ret = mp_cmp_d(a, 2);
  31658. if (ret != MP_LT)
  31659. return -13005;
  31660. ret = mp_cmp(a, b);
  31661. if (ret != MP_GT)
  31662. return -13006;
  31663. mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
  31664. ret = mp_cmp_d(b, -1);
  31665. if (ret != MP_GT)
  31666. return -13007;
  31667. ret = mp_cmp(a, b);
  31668. if (ret != MP_LT)
  31669. return -13008;
  31670. ret = mp_cmp(b, a);
  31671. if (ret != MP_GT)
  31672. return -13009;
  31673. ret = mp_cmp(b, b);
  31674. if (ret != MP_EQ)
  31675. return -13010;
  31676. #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
  31677. defined(WOLFSSL_SP_INT_NEGATIVE)
  31678. mp_read_radix(a, "-1", MP_RADIX_HEX);
  31679. mp_read_radix(a, "1", MP_RADIX_HEX);
  31680. ret = mp_cmp(a, b);
  31681. if (ret != MP_LT)
  31682. return -13011;
  31683. ret = mp_cmp(b, a);
  31684. if (ret != MP_GT)
  31685. return -13012;
  31686. mp_read_radix(b, "-2", MP_RADIX_HEX);
  31687. ret = mp_cmp(a, b);
  31688. if (ret != MP_GT)
  31689. return -13013;
  31690. ret = mp_cmp(b, a);
  31691. if (ret != MP_LT)
  31692. return -13014;
  31693. mp_read_radix(a, "-2", MP_RADIX_HEX);
  31694. ret = mp_cmp(a, b);
  31695. if (ret != MP_EQ)
  31696. return -13015;
  31697. #endif
  31698. return 0;
  31699. }
  31700. #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
  31701. static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
  31702. {
  31703. int ret;
  31704. int i, j, k;
  31705. #ifndef WOLFSSL_SP_MATH
  31706. for (i = 0; i < 10; i++) {
  31707. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
  31708. ret = randNum(a, j, rng, NULL);
  31709. if (ret != MP_OKAY)
  31710. return -13020;
  31711. mp_copy(a, b);
  31712. for (k = 0; k <= DIGIT_BIT * 2; k++) {
  31713. ret = mp_mul_2d(a, k, a);
  31714. if (ret != MP_OKAY)
  31715. return -13021;
  31716. mp_rshb(a, k);
  31717. if (mp_cmp(a, b) != MP_EQ)
  31718. return -13022;
  31719. }
  31720. }
  31721. }
  31722. #endif
  31723. for (i = 0; i < 10; i++) {
  31724. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
  31725. ret = randNum(a, j, rng, NULL);
  31726. if (ret != MP_OKAY)
  31727. return -13023;
  31728. mp_copy(a, b);
  31729. for (k = 0; k < 10; k++) {
  31730. ret = mp_lshd(a, k);
  31731. if (ret != MP_OKAY)
  31732. return -13024;
  31733. mp_rshd(a, k);
  31734. if (mp_cmp(a, b) != MP_EQ)
  31735. return -13025;
  31736. }
  31737. }
  31738. }
  31739. mp_zero(a);
  31740. mp_rshd(a, 1);
  31741. if (!mp_iszero(a))
  31742. return -13026;
  31743. mp_set(a, 1);
  31744. mp_rshd(a, 1);
  31745. if (!mp_iszero(a))
  31746. return -13027;
  31747. mp_set(a, 1);
  31748. mp_rshd(a, 2);
  31749. if (!mp_iszero(a))
  31750. return -13028;
  31751. return 0;
  31752. }
  31753. #endif
  31754. #ifndef WOLFSSL_SP_MATH
  31755. static int mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
  31756. WC_RNG* rng)
  31757. {
  31758. int ret;
  31759. int i, j, k;
  31760. mp_zero(a);
  31761. mp_zero(d);
  31762. ret = mp_div(a, d, r, rem);
  31763. if (ret != MP_VAL)
  31764. return -13030;
  31765. mp_set(d, 1);
  31766. ret = mp_div(a, d, r, rem);
  31767. if (ret != MP_OKAY)
  31768. return -13031;
  31769. if (!mp_iszero(r))
  31770. return -13032;
  31771. if (!mp_iszero(rem))
  31772. return -13033;
  31773. mp_set(a, 1);
  31774. ret = mp_div(a, d, r, rem);
  31775. if (ret != MP_OKAY)
  31776. return -13034;
  31777. if (!mp_isone(r))
  31778. return -13035;
  31779. if (!mp_iszero(rem))
  31780. return -13036;
  31781. for (i = 0; i < 100; i++) {
  31782. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) {
  31783. ret = randNum(d, j, rng, NULL);
  31784. if (ret != MP_OKAY)
  31785. return -13037;
  31786. for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) {
  31787. ret = randNum(a, k, rng, NULL);
  31788. if (ret != MP_OKAY)
  31789. return -13038;
  31790. ret = mp_div(a, d, NULL, rem);
  31791. if (ret != MP_OKAY)
  31792. return -13039;
  31793. ret = mp_div(a, d, r, NULL);
  31794. if (ret != MP_OKAY)
  31795. return -13040;
  31796. ret = mp_div(a, d, r, rem);
  31797. if (ret != MP_OKAY)
  31798. return -13041;
  31799. mp_mul(r, d, r);
  31800. mp_add(r, rem, r);
  31801. if (mp_cmp(r, a) != MP_EQ)
  31802. return -13042;
  31803. }
  31804. }
  31805. }
  31806. ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL);
  31807. if (ret != MP_OKAY)
  31808. return -13043;
  31809. mp_add(d, d, a);
  31810. mp_set(rem, 1);
  31811. mp_div(a, d, NULL, rem);
  31812. if (ret != MP_OKAY)
  31813. return -13044;
  31814. if (!mp_iszero(rem))
  31815. return -13045;
  31816. mp_set(r, 1);
  31817. mp_div(a, d, r, NULL);
  31818. if (ret != MP_OKAY)
  31819. return -13046;
  31820. if (mp_cmp_d(r, 2) != MP_EQ)
  31821. return -13047;
  31822. mp_set(r, 1);
  31823. mp_set(rem, 1);
  31824. mp_div(a, d, r, rem);
  31825. if (ret != MP_OKAY)
  31826. return -13048;
  31827. if (mp_cmp_d(r, 2) != MP_EQ)
  31828. return -13049;
  31829. if (!mp_iszero(rem))
  31830. return -13050;
  31831. mp_set(a, 0xfe);
  31832. mp_lshd(a, 3);
  31833. mp_add_d(a, 0xff, a);
  31834. mp_set(d, 0xfe);
  31835. mp_lshd(d, 2);
  31836. ret = mp_div(a, d, r, rem);
  31837. if (ret != MP_OKAY)
  31838. return -13051;
  31839. mp_mul(r, d, d);
  31840. mp_add(rem, d, d);
  31841. if (mp_cmp(a, d) != MP_EQ)
  31842. return -13052;
  31843. /* Force (hi | lo) / d to be (d | 0) / d which will would not fit in
  31844. * a digit. So mp_div must detect and handle.
  31845. * For example: 0x800000 / 0x8001, DIGIT_BIT = 8
  31846. */
  31847. mp_set(a, 1);
  31848. mp_mul_2d(a, DIGIT_BIT * 3 - 1, a);
  31849. mp_set(d, 1);
  31850. mp_mul_2d(d, DIGIT_BIT * 2 - 1, d);
  31851. mp_add_d(d, 1, d);
  31852. ret = mp_div(a, d, r, rem);
  31853. if (ret != MP_OKAY)
  31854. return -13053;
  31855. return 0;
  31856. }
  31857. #endif
  31858. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  31859. !defined(WC_NO_RNG)
  31860. static int mp_test_prime(mp_int* a, WC_RNG* rng)
  31861. {
  31862. int ret;
  31863. int res;
  31864. ret = mp_rand_prime(a, 1, rng, NULL);
  31865. #if defined(WOLFSSL_SP_MATH_ALL)
  31866. if (ret != 0)
  31867. return -13060;
  31868. #else
  31869. if (ret != MP_VAL)
  31870. return -13060;
  31871. #endif
  31872. #ifndef WOLFSSL_SP_MATH
  31873. ret = mp_rand_prime(a, -5, rng, NULL);
  31874. if (ret != 0)
  31875. return -13061;
  31876. #endif
  31877. ret = mp_prime_is_prime(a, 1, &res);
  31878. if (ret != MP_OKAY)
  31879. return -13062;
  31880. #ifndef WOLFSSL_SP_MATH
  31881. if (res != MP_YES)
  31882. return -13063;
  31883. #else
  31884. if (res != MP_NO)
  31885. return -13063;
  31886. #endif
  31887. ret = mp_prime_is_prime(a, 0, &res);
  31888. if (ret != MP_VAL)
  31889. return -13064;
  31890. ret = mp_prime_is_prime(a, -1, &res);
  31891. if (ret != MP_VAL)
  31892. return -13065;
  31893. ret = mp_prime_is_prime(a, 257, &res);
  31894. if (ret != MP_VAL)
  31895. return -13066;
  31896. mp_set(a, 1);
  31897. ret = mp_prime_is_prime(a, 1, &res);
  31898. if (ret != MP_OKAY)
  31899. return -13067;
  31900. if (res != MP_NO)
  31901. return -13068;
  31902. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  31903. if (ret != MP_OKAY)
  31904. return -13069;
  31905. if (res != MP_NO)
  31906. return -13070;
  31907. mp_set(a, 2);
  31908. ret = mp_prime_is_prime(a, 1, &res);
  31909. if (ret != MP_OKAY)
  31910. return -13071;
  31911. if (res != MP_YES)
  31912. return -13072;
  31913. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  31914. if (ret != MP_OKAY)
  31915. return -13073;
  31916. if (res != MP_YES)
  31917. return -13074;
  31918. mp_set(a, 0xfb);
  31919. ret = mp_prime_is_prime(a, 1, &res);
  31920. if (ret != MP_OKAY)
  31921. return -13075;
  31922. if (res != MP_YES)
  31923. return -13076;
  31924. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  31925. if (ret != MP_OKAY)
  31926. return -13077;
  31927. if (res != MP_YES)
  31928. return -13078;
  31929. mp_set(a, 0x6);
  31930. ret = mp_prime_is_prime(a, 1, &res);
  31931. if (ret != MP_OKAY)
  31932. return -13079;
  31933. if (res != MP_NO)
  31934. return -13080;
  31935. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  31936. if (ret != MP_OKAY)
  31937. return -13081;
  31938. if (res != MP_NO)
  31939. return -13082;
  31940. mp_set_int(a, 0x655 * 0x65b);
  31941. ret = mp_prime_is_prime(a, 10, &res);
  31942. if (ret != MP_OKAY)
  31943. return -13083;
  31944. if (res != MP_NO)
  31945. return -13084;
  31946. ret = mp_prime_is_prime_ex(a, 10, &res, rng);
  31947. if (ret != MP_OKAY)
  31948. return -13085;
  31949. if (res != MP_NO)
  31950. return -13086;
  31951. return 0;
  31952. }
  31953. #endif
  31954. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
  31955. static int mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
  31956. WC_RNG* rng)
  31957. {
  31958. int ret;
  31959. int i;
  31960. WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = {
  31961. { 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 },
  31962. { 12, 56, 168 }, { 56, 12, 168 }
  31963. };
  31964. (void)exp;
  31965. mp_set(a, 0);
  31966. mp_set(b, 1);
  31967. ret = mp_lcm(a, a, r);
  31968. if (ret != MP_VAL)
  31969. return -13090;
  31970. ret = mp_lcm(a, b, r);
  31971. if (ret != MP_VAL)
  31972. return -13091;
  31973. ret = mp_lcm(b, a, r);
  31974. if (ret != MP_VAL)
  31975. return -13092;
  31976. for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
  31977. mp_set(a, kat[i][0]);
  31978. mp_set(b, kat[i][1]);
  31979. ret = mp_lcm(a, b, r);
  31980. if (ret != MP_OKAY)
  31981. return -13093;
  31982. mp_set(exp, kat[i][2]);
  31983. if (mp_cmp(r, exp) != MP_EQ)
  31984. return -13094;
  31985. }
  31986. (void)rng;
  31987. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  31988. !defined(WC_NO_RNG)
  31989. if (mp_rand_prime(a, 20, rng, NULL) != MP_OKAY)
  31990. return -13095;
  31991. if (mp_rand_prime(b, 20, rng, NULL) != MP_OKAY)
  31992. return -13096;
  31993. if (mp_mul(a, b, exp) != MP_OKAY)
  31994. return -13097;
  31995. ret = mp_lcm(a, b, r);
  31996. if (ret != MP_OKAY)
  31997. return -13098;
  31998. if (mp_cmp(r, exp) != MP_EQ)
  31999. return -13099;
  32000. ret = mp_lcm(b, a, r);
  32001. if (ret != MP_OKAY)
  32002. return -13100;
  32003. if (mp_cmp(r, exp) != MP_EQ)
  32004. return -13101;
  32005. #endif
  32006. mp_set(a, 11);
  32007. mp_zero(b);
  32008. ret = mp_gcd(a, b, r);
  32009. if (ret != MP_OKAY)
  32010. return -13102;
  32011. if (mp_cmp_d(r, 11) != MP_EQ)
  32012. return -13103;
  32013. ret = mp_gcd(b, a, r);
  32014. if (ret != MP_OKAY)
  32015. return -13104;
  32016. if (mp_cmp_d(r, 11) != MP_EQ)
  32017. return -13105;
  32018. ret = mp_gcd(b, b, r);
  32019. if (ret != MP_VAL)
  32020. return -13106;
  32021. return 0;
  32022. }
  32023. #endif
  32024. #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
  32025. defined(WOLFSSL_SP_MATH_ALL)
  32026. static int mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng)
  32027. {
  32028. int ret;
  32029. int i;
  32030. int j;
  32031. mp_set(a, 10);
  32032. ret = mp_mod_2d(a, 0, r);
  32033. if (ret != MP_OKAY)
  32034. return -13110;
  32035. if (!mp_iszero(r))
  32036. return -13111;
  32037. ret = mp_mod_2d(a, 1, r);
  32038. if (ret != MP_OKAY)
  32039. return -13112;
  32040. if (!mp_iszero(r))
  32041. return -13113;
  32042. ret = mp_mod_2d(a, 2, r);
  32043. if (ret != MP_OKAY)
  32044. return -13114;
  32045. if (mp_cmp_d(r, 2))
  32046. return -13115;
  32047. for (i = 2; i < 20; i++) {
  32048. ret = randNum(a, i, rng, NULL);
  32049. if (ret != 0)
  32050. return -13116;
  32051. for (j = 1; j <= mp_count_bits(a); j++) {
  32052. /* Get top part */
  32053. ret = mp_div_2d(a, j, t, NULL);
  32054. if (ret != 0)
  32055. return -13117;
  32056. ret = mp_mul_2d(t, j, t);
  32057. if (ret != 0)
  32058. return -13118;
  32059. /* Get bottom part */
  32060. ret = mp_mod_2d(a, j, r);
  32061. if (ret != 0)
  32062. return -13119;
  32063. /* Reassemble */
  32064. ret = mp_add(t, r, r);
  32065. if (ret != 0)
  32066. return -13120;
  32067. if (mp_cmp(a, r) != MP_EQ)
  32068. return -13121;
  32069. }
  32070. }
  32071. #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_INT_NEGATIVE)
  32072. /* Test negative value being moded. */
  32073. for (j = 0; j < 20; j++) {
  32074. ret = randNum(a, 2, rng, NULL);
  32075. if (ret != 0)
  32076. return -13122;
  32077. a->sign = MP_NEG;
  32078. for (i = 1; i < DIGIT_BIT * 3 + 1; i++) {
  32079. ret = mp_mod_2d(a, i, r);
  32080. if (ret != 0)
  32081. return -13124;
  32082. mp_zero(t);
  32083. ret = mp_set_bit(t, i);
  32084. if (ret != 0)
  32085. return -13125;
  32086. ret = mp_mod(a, t, t);
  32087. if (ret != 0)
  32088. return -13126;
  32089. if (mp_cmp(r, t) != MP_EQ)
  32090. return -13127;
  32091. }
  32092. }
  32093. #endif
  32094. return 0;
  32095. }
  32096. #endif
  32097. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  32098. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  32099. static int mp_test_mod_d(mp_int* a)
  32100. {
  32101. int ret;
  32102. mp_digit r;
  32103. if (mp_set(a, 1) != MP_OKAY)
  32104. return -13130;
  32105. ret = mp_mod_d(a, 0, &r);
  32106. if (ret != MP_VAL)
  32107. return -13131;
  32108. mp_zero(a);
  32109. ret = mp_mod_d(a, 1, &r);
  32110. if (ret != MP_OKAY)
  32111. return -13132;
  32112. ret = mp_mod_d(a, 3, &r);
  32113. if (ret != MP_OKAY)
  32114. return -13133;
  32115. ret = mp_mod_d(a, 5, &r);
  32116. if (ret != MP_OKAY)
  32117. return -13134;
  32118. return 0;
  32119. }
  32120. #endif
  32121. static int mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
  32122. WC_RNG* rng)
  32123. {
  32124. int ret;
  32125. int i;
  32126. for (i = 1; i < 16; i++) {
  32127. ret = randNum(a, i, rng, NULL);
  32128. if (ret != 0)
  32129. return -13140;
  32130. ret = mp_mul(a, a, r1);
  32131. if (ret != 0)
  32132. return -13141;
  32133. ret = mp_sqr(a, r2);
  32134. if (ret != 0)
  32135. return -13142;
  32136. if (mp_cmp(r1, r2) != MP_EQ)
  32137. return -13143;
  32138. }
  32139. ret = mp_set(b, 0);
  32140. if (ret != MP_OKAY)
  32141. return -13144;
  32142. ret = mp_mul(a, b, r1);
  32143. if (ret != MP_OKAY)
  32144. return -13145;
  32145. if (!mp_iszero(r1))
  32146. return -13146;
  32147. ret = mp_sqr(b, r1);
  32148. if (ret != MP_OKAY)
  32149. return -13147;
  32150. if (!mp_iszero(r1))
  32151. return -13148;
  32152. #ifdef WOLFSSL_SP_MATH_ALL
  32153. ret = mp_set(a, 1);
  32154. if (ret != MP_OKAY)
  32155. return -13149;
  32156. i = (SP_INT_DIGITS / 2) + 1;
  32157. ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a);
  32158. if (ret != MP_OKAY)
  32159. return -13150;
  32160. ret = mp_set(b, 1);
  32161. if (ret != MP_OKAY)
  32162. return -13151;
  32163. ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b);
  32164. if (ret != MP_OKAY)
  32165. return -13152;
  32166. ret = mp_mul(a, b, r1);
  32167. if (ret != MP_OKAY)
  32168. return -13153;
  32169. ret = mp_mul(a, a, r1);
  32170. if (ret == MP_OKAY)
  32171. return -13154;
  32172. ret = mp_sqr(a, r1);
  32173. if (ret == MP_OKAY)
  32174. return -13155;
  32175. ret = mp_sqr(b, r1);
  32176. if (ret != MP_OKAY)
  32177. return -13156;
  32178. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  32179. (defined(HAVE_ECC) && defined(FP_ECC))
  32180. ret = mp_mulmod(a, b, b, r1);
  32181. if (ret != MP_OKAY)
  32182. return -13157;
  32183. ret = mp_mulmod(a, a, b, r1);
  32184. if (ret == MP_OKAY)
  32185. return -13158;
  32186. #if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC))
  32187. ret = mp_sqrmod(a, b, r1);
  32188. if (ret == MP_OKAY)
  32189. return -13159;
  32190. ret = mp_sqrmod(b, a, r1);
  32191. if (ret != MP_OKAY)
  32192. return -13160;
  32193. #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
  32194. #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
  32195. #endif /* WOLFSSL_SP_MATH_ALL */
  32196. return 0;
  32197. }
  32198. #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
  32199. defined(OPENSSL_EXTRA)
  32200. static int mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
  32201. {
  32202. int ret;
  32203. mp_set(a, 0);
  32204. mp_set(m, 1);
  32205. ret = mp_invmod(a, m, r);
  32206. if (ret != MP_VAL)
  32207. return -13170;
  32208. ret = mp_invmod(m, a, r);
  32209. if (ret != MP_VAL)
  32210. return -13171;
  32211. mp_set(a, 2);
  32212. mp_set(m, 4);
  32213. ret = mp_invmod(a, m, r);
  32214. if (ret != MP_VAL)
  32215. return -13172;
  32216. mp_set(a, 1);
  32217. mp_set(m, 4);
  32218. ret = mp_invmod(a, m, r);
  32219. if (ret != MP_OKAY)
  32220. return -13173;
  32221. if (!mp_isone(r))
  32222. return -13174;
  32223. mp_set(a, 3);
  32224. mp_set(m, 4);
  32225. ret = mp_invmod(a, m, r);
  32226. if (ret != MP_OKAY)
  32227. return -13175;
  32228. mp_set(a, 3);
  32229. mp_set(m, 5);
  32230. ret = mp_invmod(a, m, r);
  32231. if (ret != MP_OKAY)
  32232. return -13176;
  32233. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
  32234. mp_read_radix(a, "-3", 16);
  32235. ret = mp_invmod(a, m, r);
  32236. if (ret != MP_OKAY)
  32237. return -13177;
  32238. #endif
  32239. #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
  32240. mp_set(a, 0);
  32241. mp_set(m, 3);
  32242. ret = mp_invmod_mont_ct(a, m, r, 1);
  32243. if (ret != MP_VAL)
  32244. return -13178;
  32245. mp_set(a, 1);
  32246. mp_set(m, 0);
  32247. ret = mp_invmod_mont_ct(a, m, r, 1);
  32248. if (ret != MP_VAL)
  32249. return -13179;
  32250. mp_set(a, 1);
  32251. mp_set(m, 1);
  32252. ret = mp_invmod_mont_ct(a, m, r, 1);
  32253. if (ret != MP_VAL)
  32254. return -13180;
  32255. mp_set(a, 1);
  32256. mp_set(m, 2);
  32257. ret = mp_invmod_mont_ct(a, m, r, 1);
  32258. if (ret != MP_VAL)
  32259. return -13181;
  32260. mp_set(a, 1);
  32261. mp_set(m, 3);
  32262. ret = mp_invmod_mont_ct(a, m, r, 1);
  32263. if (ret != MP_OKAY)
  32264. return -13182;
  32265. #endif
  32266. return 0;
  32267. }
  32268. #endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */
  32269. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  32270. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  32271. static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
  32272. {
  32273. int ret;
  32274. mp_set(b, 0x2);
  32275. mp_set(e, 0x3);
  32276. mp_set(m, 0x0);
  32277. ret = mp_exptmod_ex(b, e, 1, m, r);
  32278. if (ret != MP_VAL)
  32279. return -13190;
  32280. ret = mp_exptmod_nct(b, e, m, r);
  32281. if (ret != MP_VAL)
  32282. return -13191;
  32283. mp_set(b, 0x2);
  32284. mp_set(e, 0x3);
  32285. mp_set(m, 0x1);
  32286. ret = mp_exptmod_ex(b, e, 1, m, r);
  32287. if (ret != MP_OKAY)
  32288. return -13192;
  32289. if (!mp_iszero(r))
  32290. return -13193;
  32291. ret = mp_exptmod_nct(b, e, m, r);
  32292. if (ret != MP_OKAY)
  32293. return -13194;
  32294. if (!mp_iszero(r))
  32295. return -13195;
  32296. mp_set(b, 0x2);
  32297. mp_set(e, 0x0);
  32298. mp_set(m, 0x7);
  32299. ret = mp_exptmod_ex(b, e, 1, m, r);
  32300. if (ret != MP_OKAY)
  32301. return -13196;
  32302. if (!mp_isone(r))
  32303. return -13197;
  32304. ret = mp_exptmod_nct(b, e, m, r);
  32305. if (ret != MP_OKAY)
  32306. return -13198;
  32307. if (!mp_isone(r))
  32308. return -13199;
  32309. mp_set(b, 0x0);
  32310. mp_set(e, 0x3);
  32311. mp_set(m, 0x7);
  32312. ret = mp_exptmod_ex(b, e, 1, m, r);
  32313. if (ret != MP_OKAY)
  32314. return -13200;
  32315. if (!mp_iszero(r))
  32316. return -13201;
  32317. ret = mp_exptmod_nct(b, e, m, r);
  32318. if (ret != MP_OKAY)
  32319. return -13202;
  32320. if (!mp_iszero(r))
  32321. return -13203;
  32322. mp_set(b, 0x10);
  32323. mp_set(e, 0x3);
  32324. mp_set(m, 0x7);
  32325. ret = mp_exptmod_ex(b, e, 1, m, r);
  32326. if (ret != MP_OKAY)
  32327. return -13204;
  32328. ret = mp_exptmod_nct(b, e, m, r);
  32329. if (ret != MP_OKAY)
  32330. return -13205;
  32331. mp_set(b, 0x7);
  32332. mp_set(e, 0x3);
  32333. mp_set(m, 0x7);
  32334. ret = mp_exptmod_ex(b, e, 1, m, r);
  32335. if (ret != MP_OKAY)
  32336. return -13206;
  32337. if (!mp_iszero(r))
  32338. return -13207;
  32339. ret = mp_exptmod_nct(b, e, m, r);
  32340. if (ret != MP_OKAY)
  32341. return -13208;
  32342. if (!mp_iszero(r))
  32343. return -13209;
  32344. #ifndef WOLFSSL_SP_MATH
  32345. mp_set(b, 0x01);
  32346. mp_mul_2d(b, DIGIT_BIT, b);
  32347. mp_add_d(b, 1, b);
  32348. mp_set(e, 0x3);
  32349. mp_copy(b, m);
  32350. ret = mp_exptmod_ex(b, e, 1, m, r);
  32351. if (ret != MP_OKAY)
  32352. return -13210;
  32353. if (!mp_iszero(r))
  32354. return -13211;
  32355. ret = mp_exptmod_nct(b, e, m, r);
  32356. if (ret != MP_OKAY)
  32357. return -13212;
  32358. if (!mp_iszero(r))
  32359. return -13213;
  32360. #endif
  32361. mp_set(b, 0x2);
  32362. mp_set(e, 0x3);
  32363. mp_set(m, 0x7);
  32364. ret = mp_exptmod_ex(b, e, 1, m, r);
  32365. if (ret != MP_OKAY)
  32366. return -13214;
  32367. ret = mp_exptmod_nct(b, e, m, r);
  32368. if (ret != MP_OKAY)
  32369. return -13215;
  32370. #ifdef WOLFSSL_SP_MATH_ALL
  32371. mp_set(b, 0x2);
  32372. mp_set(e, 0x3);
  32373. mp_set(m, 0x01);
  32374. mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
  32375. mp_add_d(m, 0x01, m);
  32376. ret = mp_exptmod_ex(b, e, 1, m, r);
  32377. if (ret != MP_VAL)
  32378. return -13216;
  32379. ret = mp_exptmod_nct(b, e, m, r);
  32380. if (ret != MP_VAL)
  32381. return -13217;
  32382. #endif
  32383. return 0;
  32384. }
  32385. #endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) ||
  32386. * OPENSSL_EXTRA */
  32387. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  32388. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  32389. static int mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng)
  32390. {
  32391. int ret;
  32392. mp_digit mp;
  32393. static int exp[] = { 7, 8, 16, 27, 32, 64,
  32394. 127, 128, 255, 256,
  32395. #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
  32396. 383, 384, 2033, 2048
  32397. #endif
  32398. };
  32399. static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b,
  32400. 0x01, 0x9f, 0x13, 0xbd,
  32401. #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
  32402. 0x1f, 0x13d, 0x45, 0x615
  32403. #endif
  32404. };
  32405. int bits[] = { 256, 384, 2048,
  32406. #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 6144
  32407. 3072
  32408. #endif
  32409. };
  32410. int i;
  32411. int j;
  32412. for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) {
  32413. if (exp[i] >= DIGIT_BIT)
  32414. continue;
  32415. mp_zero(m);
  32416. ret = mp_set_bit(m, exp[i]);
  32417. if (ret != MP_OKAY)
  32418. return -13220;
  32419. ret = mp_sub_d(m, sub[i], m);
  32420. if (ret != MP_OKAY)
  32421. return -13221;
  32422. ret = mp_montgomery_setup(m, &mp);
  32423. if (ret != MP_OKAY)
  32424. return -13222;
  32425. ret = mp_montgomery_calc_normalization(n, m);
  32426. if (ret != MP_OKAY)
  32427. return -13223;
  32428. for (j = 0; j < 10; j++) {
  32429. ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL);
  32430. if (ret != 0)
  32431. return -13224;
  32432. ret = mp_mod(a, m, a);
  32433. if (ret != 0)
  32434. return -13225;
  32435. /* r = a * a */
  32436. ret = mp_sqrmod(a, m, r);
  32437. if (ret != MP_OKAY)
  32438. return -13226;
  32439. /* Convert to Montgomery form = a*n */
  32440. ret = mp_mulmod(a, n, m, a);
  32441. if (ret != MP_OKAY)
  32442. return -13227;
  32443. /* a*a mod m == ((a*n) * (a*n)) / n / n */
  32444. ret = mp_sqr(a, a);
  32445. if (ret != MP_OKAY)
  32446. return -13228;
  32447. ret = mp_montgomery_reduce(a, m, mp);
  32448. if (ret != MP_OKAY)
  32449. return -13229;
  32450. ret = mp_montgomery_reduce(a, m, mp);
  32451. if (ret != MP_OKAY)
  32452. return -13230;
  32453. if (mp_cmp(a, r) != MP_EQ)
  32454. return -13231;
  32455. }
  32456. }
  32457. /* Force carries. */
  32458. for (i = 0; i < (int)(sizeof(bits) / sizeof(*bits)); i++) {
  32459. /* a = 2^(bits*2) - 1 */
  32460. mp_zero(a);
  32461. mp_set_bit(a, bits[i] * 2);
  32462. mp_sub_d(a, 1, a);
  32463. /* m = 2^(bits) - 1 */
  32464. mp_zero(m);
  32465. mp_set_bit(m, bits[i]);
  32466. mp_sub_d(m, 1, m);
  32467. mp = 1;
  32468. /* result = r = 2^(bits) - 1 */
  32469. mp_zero(r);
  32470. mp_set_bit(r, bits[i]);
  32471. mp_sub_d(r, 1, r);
  32472. ret = mp_montgomery_reduce(a, m, mp);
  32473. if (ret != MP_OKAY)
  32474. return -13240;
  32475. /* Result is m or 0 if reduced to range of modulus. */
  32476. if (mp_cmp(a, r) != MP_EQ && mp_iszero(a) != MP_YES)
  32477. return -13241;
  32478. }
  32479. return 0;
  32480. }
  32481. #endif
  32482. WOLFSSL_TEST_SUBROUTINE int mp_test(void)
  32483. {
  32484. WC_RNG rng;
  32485. int ret;
  32486. #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
  32487. int i, j;
  32488. #ifndef WOLFSSL_SP_MATH
  32489. int k;
  32490. #endif
  32491. mp_digit d;
  32492. #endif
  32493. mp_int a, b, r1, r2, p;
  32494. ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL);
  32495. if (ret != 0)
  32496. return -13300;
  32497. #ifdef WOLFSSL_SP_MATH_ALL
  32498. mp_init_copy(&p, &a);
  32499. #else
  32500. ret = mp_init(&p);
  32501. if (ret != 0)
  32502. return -13301;
  32503. #endif
  32504. #ifndef HAVE_FIPS
  32505. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  32506. #else
  32507. ret = wc_InitRng(&rng);
  32508. #endif
  32509. if (ret != 0)
  32510. goto done;
  32511. #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
  32512. mp_set_int(&a, 0);
  32513. if (a.used != 0 || a.dp[0] != 0)
  32514. return -13302;
  32515. for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
  32516. for (i = 0; i < 4 * j; i++) {
  32517. /* New values to use. */
  32518. ret = randNum(&p, j, &rng, NULL);
  32519. if (ret != 0)
  32520. return -13303;
  32521. ret = randNum(&a, j, &rng, NULL);
  32522. if (ret != 0)
  32523. return -13304;
  32524. ret = randNum(&b, j, &rng, NULL);
  32525. if (ret != 0)
  32526. return -13305;
  32527. ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
  32528. if (ret != 0)
  32529. return -13306;
  32530. d &= MP_MASK;
  32531. #if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \
  32532. (defined(ECC_SHAMIR) || defined(FP_ECC)))
  32533. /* Ensure sqrmod produce same result as mulmod. */
  32534. ret = mp_sqrmod(&a, &p, &r1);
  32535. if (ret != 0)
  32536. return -13307;
  32537. ret = mp_mulmod(&a, &a, &p, &r2);
  32538. if (ret != 0)
  32539. return -13308;
  32540. if (mp_cmp(&r1, &r2) != 0)
  32541. return -13309;
  32542. #endif
  32543. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  32544. #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
  32545. !defined(WOLFSSL_SP_INT_NEGATIVE))
  32546. ret = mp_addmod(&a, &b, &p, &r1);
  32547. if (ret != 0)
  32548. return -13310;
  32549. ret = mp_submod(&r1, &b, &p, &r2);
  32550. if (ret != 0)
  32551. return -13311;
  32552. ret = mp_mod(&a, &p, &r1);
  32553. if (ret != 0)
  32554. return -13312;
  32555. if (mp_cmp(&r1, &r2) != MP_EQ)
  32556. return -13313;
  32557. #else
  32558. /* Ensure add with mod produce same result as sub with mod. */
  32559. ret = mp_addmod(&a, &b, &p, &r1);
  32560. if (ret != 0)
  32561. return -13314;
  32562. b.sign ^= 1;
  32563. ret = mp_submod(&a, &b, &p, &r2);
  32564. if (ret != 0)
  32565. return -13315;
  32566. if (mp_cmp(&r1, &r2) != 0)
  32567. return -13316;
  32568. #endif
  32569. #endif
  32570. /* Ensure add digit produce same result as sub digit. */
  32571. ret = mp_add_d(&a, d, &r1);
  32572. if (ret != 0)
  32573. return -13317;
  32574. ret = mp_sub_d(&r1, d, &r2);
  32575. if (ret != 0)
  32576. return -13318;
  32577. if (mp_cmp(&a, &r2) != 0)
  32578. return -13319;
  32579. /* Invert - if p is even it will use the slow impl.
  32580. * - if p and a are even it will fail.
  32581. */
  32582. ret = mp_invmod(&a, &p, &r1);
  32583. if (ret != 0 && ret != MP_VAL)
  32584. return -13320;
  32585. ret = 0;
  32586. #ifndef WOLFSSL_SP_MATH
  32587. /* Shift up and down number all bits in a digit. */
  32588. for (k = 0; k < DIGIT_BIT; k++) {
  32589. mp_mul_2d(&a, k, &r1);
  32590. mp_div_2d(&r1, k, &r2, &p);
  32591. if (mp_cmp(&a, &r2) != 0)
  32592. return -13321;
  32593. if (!mp_iszero(&p))
  32594. return -13322;
  32595. mp_rshb(&r1, k);
  32596. if (mp_cmp(&a, &r1) != 0)
  32597. return -13323;
  32598. }
  32599. #endif
  32600. }
  32601. }
  32602. #if DIGIT_BIT >= 32
  32603. /* Check that setting a 32-bit digit works. */
  32604. d &= 0xffffffffU;
  32605. mp_set_int(&a, d);
  32606. if (a.used != 1 || a.dp[0] != d)
  32607. return -13324;
  32608. #endif
  32609. /* Check setting a bit and testing a bit works. */
  32610. for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
  32611. mp_zero(&a);
  32612. mp_set_bit(&a, i);
  32613. if (!mp_is_bit_set(&a, i))
  32614. return -13325;
  32615. }
  32616. #endif
  32617. #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
  32618. mp_zero(&a);
  32619. i = mp_cnt_lsb(&a);
  32620. if (i != 0)
  32621. return -13326;
  32622. mp_set(&a, 1);
  32623. i = mp_cnt_lsb(&a);
  32624. if (i != 0)
  32625. return -13327;
  32626. #endif
  32627. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  32628. if ((ret = mp_test_param(&a, &b, &r1, &rng)) != 0)
  32629. return ret;
  32630. #endif
  32631. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
  32632. if ((ret = mp_test_div_3(&a, &r1, &rng)) != 0)
  32633. return ret;
  32634. #endif
  32635. #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
  32636. !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  32637. (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
  32638. (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
  32639. if ((ret = mp_test_radix_10(&a, &r1, &rng)) != 0)
  32640. return ret;
  32641. #endif
  32642. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
  32643. defined(HAVE_ECC))
  32644. if ((ret = mp_test_radix_16(&a, &r1, &rng)) != 0)
  32645. return ret;
  32646. #endif
  32647. if ((ret = mp_test_shift(&a, &r1, &rng)) != 0)
  32648. return ret;
  32649. if ((ret = mp_test_add_sub_d(&a, &r1)) != 0)
  32650. return ret;
  32651. if ((ret = mp_test_read_to_bin(&a)) != 0)
  32652. return ret;
  32653. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  32654. if ((ret = mp_test_set_int(&a)) != 0)
  32655. return ret;
  32656. #endif
  32657. if ((ret = mp_test_cmp(&a, &r1)) != 0)
  32658. return ret;
  32659. #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
  32660. if ((ret = mp_test_shbd(&a, &b, &rng)) != 0)
  32661. return ret;
  32662. #endif
  32663. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  32664. if ((ret = mp_test_set_is_bit(&a)) != 0)
  32665. return ret;
  32666. #endif
  32667. #ifdef WOLFSSL_SP_MATH_ALL
  32668. if ((ret = mp_test_div(&a, &b, &r1, &r2, &rng)) != 0)
  32669. return ret;
  32670. #endif
  32671. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  32672. !defined(WC_NO_RNG)
  32673. if ((ret = mp_test_prime(&a, &rng)) != 0)
  32674. return ret;
  32675. #endif
  32676. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
  32677. if ((ret = mp_test_lcm_gcd(&a, &b, &r1, &r2, &rng)) != 0)
  32678. return ret;
  32679. #endif
  32680. #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
  32681. defined(WOLFSSL_SP_MATH_ALL)
  32682. if ((ret = mp_test_mod_2d(&a, &r1, &p, &rng)) != 0)
  32683. return ret;
  32684. #endif
  32685. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  32686. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  32687. if ((ret = mp_test_mod_d(&a)) != 0)
  32688. return ret;
  32689. #endif
  32690. if ((ret = mp_test_mul_sqr(&a, &b, &r1, &r2, &rng)) != 0)
  32691. return ret;
  32692. #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
  32693. defined(OPENSSL_EXTRA)
  32694. if ((ret = mp_test_invmod(&a, &b, &r1)) != 0)
  32695. return ret;
  32696. #endif
  32697. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  32698. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  32699. if ((ret = mp_test_exptmod(&a, &b, &r1, &r2)) != 0)
  32700. return ret;
  32701. #endif
  32702. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  32703. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  32704. if ((ret = mp_test_mont(&a, &b, &r1, &r2, &rng)) != 0)
  32705. return ret;
  32706. #endif
  32707. done:
  32708. mp_clear(&p);
  32709. mp_clear(&r2);
  32710. mp_clear(&r1);
  32711. mp_clear(&b);
  32712. mp_clear(&a);
  32713. wc_FreeRng(&rng);
  32714. return ret;
  32715. }
  32716. #endif
  32717. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  32718. typedef struct pairs_t {
  32719. const unsigned char* coeff;
  32720. int coeffSz;
  32721. int exp;
  32722. } pairs_t;
  32723. /*
  32724. n =p1p2p3, where pi = ki(p1-1)+1 with (k2,k3) = (173,293)
  32725. p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
  32726. + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
  32727. */
  32728. static const unsigned char c192a[] =
  32729. {
  32730. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
  32731. 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
  32732. 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
  32733. };
  32734. static const unsigned char c0a[] =
  32735. {
  32736. 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
  32737. 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
  32738. 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
  32739. };
  32740. static const pairs_t ecPairsA[] =
  32741. {
  32742. {c192a, sizeof(c192a), 192},
  32743. {c0a, sizeof(c0a), 0}
  32744. };
  32745. static const int kA[] = {173, 293};
  32746. static const unsigned char controlPrime[] = {
  32747. 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
  32748. 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
  32749. 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
  32750. 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
  32751. 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
  32752. 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
  32753. 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
  32754. 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
  32755. 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
  32756. 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
  32757. 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
  32758. 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
  32759. 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
  32760. 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
  32761. 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
  32762. 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
  32763. };
  32764. static const unsigned char testOne[] = { 1 };
  32765. static int GenerateNextP(mp_int* p1, mp_int* p2, int k)
  32766. {
  32767. int ret;
  32768. #ifdef WOLFSSL_SMALL_STACK
  32769. mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32770. if (ki == NULL)
  32771. return MEMORY_E;
  32772. #else
  32773. mp_int ki[1];
  32774. #endif
  32775. ret = mp_init(ki);
  32776. if (ret == 0)
  32777. ret = mp_set(ki, k);
  32778. if (ret == 0)
  32779. ret = mp_sub_d(p1, 1, p2);
  32780. if (ret == 0)
  32781. ret = mp_mul(p2, ki, p2);
  32782. if (ret == 0)
  32783. ret = mp_add_d(p2, 1, p2);
  32784. mp_clear(ki);
  32785. #ifdef WOLFSSL_SMALL_STACK
  32786. XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32787. #endif
  32788. return ret;
  32789. }
  32790. static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
  32791. const pairs_t* ecPairs, int ecPairsSz,
  32792. const int* k)
  32793. {
  32794. #ifdef WOLFSSL_SMALL_STACK
  32795. mp_int *x = NULL, *y = NULL;
  32796. #else
  32797. mp_int x[1], y[1];
  32798. #endif
  32799. int ret, i;
  32800. #ifdef WOLFSSL_SMALL_STACK
  32801. if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) ||
  32802. ((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
  32803. ret = MEMORY_E;
  32804. goto out;
  32805. }
  32806. #endif
  32807. ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL);
  32808. if (ret != 0) {
  32809. ret = MP_MEM;
  32810. goto out;
  32811. }
  32812. for (i = 0; ret == 0 && i < ecPairsSz; i++) {
  32813. ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, ecPairs[i].coeffSz);
  32814. /* p1 = 2^exp */
  32815. if (ret == 0)
  32816. ret = mp_2expt(y, ecPairs[i].exp);
  32817. /* p1 = p1 * m */
  32818. if (ret == 0)
  32819. ret = mp_mul(x, y, x);
  32820. /* p1 += */
  32821. if (ret == 0)
  32822. ret = mp_add(p1, x, p1);
  32823. mp_zero(x);
  32824. mp_zero(y);
  32825. }
  32826. if (ret == 0)
  32827. ret = GenerateNextP(p1, p2, k[0]);
  32828. if (ret == 0)
  32829. ret = GenerateNextP(p1, p3, k[1]);
  32830. out:
  32831. #ifdef WOLFSSL_SMALL_STACK
  32832. if (x != NULL) {
  32833. mp_clear(x);
  32834. XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32835. }
  32836. if (y != NULL) {
  32837. mp_clear(y);
  32838. XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32839. }
  32840. #else
  32841. mp_clear(x);
  32842. mp_clear(y);
  32843. #endif
  32844. return ret;
  32845. }
  32846. WOLFSSL_TEST_SUBROUTINE int prime_test(void)
  32847. {
  32848. #ifdef WOLFSSL_SMALL_STACK
  32849. mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  32850. *p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  32851. *p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  32852. *p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32853. #else
  32854. mp_int n[1],
  32855. p1[1],
  32856. p2[1],
  32857. p3[1];
  32858. #endif
  32859. int ret, isPrime = 0;
  32860. WC_RNG rng;
  32861. #ifdef WOLFSSL_SMALL_STACK
  32862. if ((n == NULL) ||
  32863. (p1 == NULL) ||
  32864. (p2 == NULL) ||
  32865. (p3 == NULL))
  32866. ERROR_OUT(MEMORY_E, out);
  32867. #endif
  32868. ret = wc_InitRng(&rng);
  32869. if (ret == 0)
  32870. ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
  32871. if (ret == 0)
  32872. ret = GenerateP(p1, p2, p3,
  32873. ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
  32874. if (ret == 0)
  32875. ret = mp_mul(p1, p2, n);
  32876. if (ret == 0)
  32877. ret = mp_mul(n, p3, n);
  32878. if (ret != 0)
  32879. ERROR_OUT(-13400, out);
  32880. /* Check the old prime test using the number that false positives.
  32881. * This test result should indicate as not prime. */
  32882. ret = mp_prime_is_prime(n, 40, &isPrime);
  32883. if (ret != 0)
  32884. ERROR_OUT(-13401, out);
  32885. if (isPrime)
  32886. ERROR_OUT(-13402, out);
  32887. /* This test result should fail. It should indicate the value as prime. */
  32888. ret = mp_prime_is_prime(n, 8, &isPrime);
  32889. if (ret != 0)
  32890. ERROR_OUT(-13403, out);
  32891. if (!isPrime)
  32892. ERROR_OUT(-13404, out);
  32893. /* This test result should indicate the value as not prime. */
  32894. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  32895. if (ret != 0)
  32896. ERROR_OUT(-13405, out);
  32897. if (isPrime)
  32898. ERROR_OUT(-13406, out);
  32899. ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime));
  32900. if (ret != 0)
  32901. ERROR_OUT(-13407, out);
  32902. /* This test result should indicate the value as prime. */
  32903. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  32904. if (ret != 0)
  32905. ERROR_OUT(-13408, out);
  32906. if (!isPrime)
  32907. ERROR_OUT(-13409, out);
  32908. /* This test result should indicate the value as prime. */
  32909. isPrime = -1;
  32910. ret = mp_prime_is_prime(n, 8, &isPrime);
  32911. if (ret != 0)
  32912. ERROR_OUT(-13410, out);
  32913. if (!isPrime)
  32914. ERROR_OUT(-13411, out);
  32915. ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne));
  32916. if (ret != 0)
  32917. ERROR_OUT(-13412, out);
  32918. /* This test result should indicate the value as not prime. */
  32919. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  32920. if (ret != 0)
  32921. ERROR_OUT(-13413, out);
  32922. if (isPrime)
  32923. ERROR_OUT(-13414, out);
  32924. ret = mp_prime_is_prime(n, 8, &isPrime);
  32925. if (ret != 0)
  32926. ERROR_OUT(-13415, out);
  32927. if (isPrime)
  32928. ERROR_OUT(-13416, out);
  32929. ret = 0;
  32930. out:
  32931. #ifdef WOLFSSL_SMALL_STACK
  32932. if (n != NULL) {
  32933. mp_clear(n);
  32934. XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32935. }
  32936. if (p1 != NULL) {
  32937. mp_clear(p1);
  32938. XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32939. }
  32940. if (p2 != NULL) {
  32941. mp_clear(p2);
  32942. XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32943. }
  32944. if (p3 != NULL) {
  32945. mp_clear(p3);
  32946. XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32947. }
  32948. #else
  32949. mp_clear(p3);
  32950. mp_clear(p2);
  32951. mp_clear(p1);
  32952. mp_clear(n);
  32953. #endif
  32954. wc_FreeRng(&rng);
  32955. return ret;
  32956. }
  32957. #endif /* WOLFSSL_PUBLIC_MP */
  32958. #if defined(ASN_BER_TO_DER) && \
  32959. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  32960. defined(OPENSSL_EXTRA_X509_SMALL))
  32961. /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
  32962. typedef struct berDerTestData {
  32963. const byte *in;
  32964. word32 inSz;
  32965. const byte *out;
  32966. word32 outSz;
  32967. } berDerTestData;
  32968. WOLFSSL_TEST_SUBROUTINE int berder_test(void)
  32969. {
  32970. int ret;
  32971. int i;
  32972. word32 len = 0, l;
  32973. byte out[32];
  32974. WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
  32975. WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
  32976. WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
  32977. WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
  32978. WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
  32979. 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
  32980. };
  32981. WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
  32982. WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
  32983. 0x30, 0x80,
  32984. 0x02, 0x01, 0x01,
  32985. 0x30, 0x80,
  32986. 0x24, 0x80,
  32987. 0x04, 0x01, 0x01,
  32988. 0x04, 0x02, 0x02, 0x03,
  32989. 0x00, 0x00,
  32990. 0x06, 0x01, 0x01,
  32991. 0x00, 0x00,
  32992. 0x31, 0x80,
  32993. 0x06, 0x01, 0x01,
  32994. 0x00, 0x00,
  32995. 0x00, 0x00,
  32996. };
  32997. WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
  32998. 0x30, 0x12,
  32999. 0x02, 0x01, 0x01,
  33000. 0x30, 0x08,
  33001. 0x04, 0x03, 0x01, 0x02, 0x03,
  33002. 0x06, 0x01, 0x01,
  33003. 0x31, 0x03,
  33004. 0x06, 0x01, 0x01
  33005. };
  33006. WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
  33007. berDerTestData testData[] = {
  33008. { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
  33009. { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
  33010. { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
  33011. { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
  33012. { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
  33013. };
  33014. for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
  33015. ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
  33016. if (ret != LENGTH_ONLY_E)
  33017. return -13500 - i;
  33018. if (len != testData[i].outSz)
  33019. return -13510 - i;
  33020. len = testData[i].outSz;
  33021. ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
  33022. if (ret != 0)
  33023. return -13520 - i;
  33024. if (XMEMCMP(out, testData[i].out, len) != 0)
  33025. return -13530 - i;
  33026. for (l = 1; l < testData[i].inSz; l++) {
  33027. ret = wc_BerToDer(testData[i].in, l, NULL, &len);
  33028. if (ret != ASN_PARSE_E)
  33029. return -13540;
  33030. len = testData[i].outSz;
  33031. ret = wc_BerToDer(testData[i].in, l, out, &len);
  33032. if (ret != ASN_PARSE_E)
  33033. return -13541;
  33034. }
  33035. for (l = 0; l < testData[i].outSz-1; l++) {
  33036. ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
  33037. if (ret != BUFFER_E)
  33038. return -13542;
  33039. }
  33040. }
  33041. ret = wc_BerToDer(NULL, 4, NULL, NULL);
  33042. if (ret != BAD_FUNC_ARG)
  33043. return -13543;
  33044. ret = wc_BerToDer(out, 4, NULL, NULL);
  33045. if (ret != BAD_FUNC_ARG)
  33046. return -13544;
  33047. ret = wc_BerToDer(NULL, 4, NULL, &len);
  33048. if (ret != BAD_FUNC_ARG)
  33049. return -13545;
  33050. ret = wc_BerToDer(NULL, 4, out, NULL);
  33051. if (ret != BAD_FUNC_ARG)
  33052. return -13546;
  33053. ret = wc_BerToDer(out, 4, out, NULL);
  33054. if (ret != BAD_FUNC_ARG)
  33055. return -13547;
  33056. ret = wc_BerToDer(NULL, 4, out, &len);
  33057. if (ret != BAD_FUNC_ARG)
  33058. return -13548;
  33059. for (l = 1; l < sizeof(good4_out); l++) {
  33060. len = l;
  33061. ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
  33062. if (ret != BUFFER_E)
  33063. return -13549;
  33064. }
  33065. return 0;
  33066. }
  33067. #endif
  33068. #ifdef DEBUG_WOLFSSL
  33069. static THREAD_LS_T int log_cnt = 0;
  33070. static void my_Logging_cb(const int logLevel, const char *const logMessage)
  33071. {
  33072. (void)logLevel;
  33073. (void)logMessage;
  33074. log_cnt++;
  33075. }
  33076. #endif /* DEBUG_WOLFSSL */
  33077. WOLFSSL_TEST_SUBROUTINE int logging_test(void)
  33078. {
  33079. #ifdef DEBUG_WOLFSSL
  33080. const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
  33081. byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
  33082. byte b[256];
  33083. int i;
  33084. for (i = 0; i < (int)sizeof(b); i++)
  33085. b[i] = i;
  33086. if (wolfSSL_Debugging_ON() != 0)
  33087. return -13600;
  33088. if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0)
  33089. return -13601;
  33090. WOLFSSL_MSG(msg);
  33091. WOLFSSL_BUFFER(a, sizeof(a));
  33092. WOLFSSL_BUFFER(b, sizeof(b));
  33093. WOLFSSL_BUFFER(NULL, 0);
  33094. WOLFSSL_ERROR(MEMORY_E);
  33095. WOLFSSL_ERROR_MSG(msg);
  33096. /* turn off logs */
  33097. wolfSSL_Debugging_OFF();
  33098. /* capture log count */
  33099. i = log_cnt;
  33100. /* validate no logs are output when disabled */
  33101. WOLFSSL_MSG(msg);
  33102. WOLFSSL_BUFFER(a, sizeof(a));
  33103. WOLFSSL_BUFFER(b, sizeof(b));
  33104. WOLFSSL_BUFFER(NULL, 0);
  33105. WOLFSSL_ERROR(MEMORY_E);
  33106. WOLFSSL_ERROR_MSG(msg);
  33107. /* check the logs were disabled */
  33108. if (i != log_cnt)
  33109. return -13602;
  33110. /* restore callback and leave logging enabled */
  33111. wolfSSL_SetLoggingCb(NULL);
  33112. wolfSSL_Debugging_ON();
  33113. /* suppress unused args */
  33114. (void)a;
  33115. (void)b;
  33116. #else
  33117. if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN)
  33118. return -13603;
  33119. wolfSSL_Debugging_OFF();
  33120. if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN)
  33121. return -13604;
  33122. #endif /* DEBUG_WOLFSSL */
  33123. return 0;
  33124. }
  33125. WOLFSSL_TEST_SUBROUTINE int mutex_test(void)
  33126. {
  33127. #ifdef WOLFSSL_PTHREADS
  33128. wolfSSL_Mutex m;
  33129. #endif
  33130. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
  33131. wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
  33132. if (mm == NULL)
  33133. return -13700;
  33134. wc_FreeMutex(mm);
  33135. XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
  33136. #endif
  33137. /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */
  33138. #ifdef WOLFSSL_PTHREADS
  33139. if (wc_InitMutex(&m) != 0)
  33140. return -13701;
  33141. if (wc_LockMutex(&m) != 0)
  33142. return -13702;
  33143. #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
  33144. /* trying to free a locked mutex is not portable behavior with pthread */
  33145. /* Attempting to destroy a locked mutex results in undefined behavior */
  33146. if (wc_FreeMutex(&m) != BAD_MUTEX_E)
  33147. return -13703;
  33148. #endif
  33149. if (wc_UnLockMutex(&m) != 0)
  33150. return -13704;
  33151. if (wc_FreeMutex(&m) != 0)
  33152. return -13705;
  33153. #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
  33154. /* Trying to use a pthread after free'ing is not portable behavior */
  33155. if (wc_LockMutex(&m) != BAD_MUTEX_E)
  33156. return -13706;
  33157. if (wc_UnLockMutex(&m) != BAD_MUTEX_E)
  33158. return -13707;
  33159. #endif
  33160. #endif
  33161. return 0;
  33162. }
  33163. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  33164. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
  33165. static int malloc_cnt = 0;
  33166. static int realloc_cnt = 0;
  33167. static int free_cnt = 0;
  33168. #ifdef WOLFSSL_DEBUG_MEMORY
  33169. static void *my_Malloc_cb(size_t size, const char* func, unsigned int line)
  33170. {
  33171. (void) func;
  33172. (void) line;
  33173. #else
  33174. static void *my_Malloc_cb(size_t size)
  33175. {
  33176. #endif
  33177. malloc_cnt++;
  33178. #ifndef WOLFSSL_NO_MALLOC
  33179. return malloc(size);
  33180. #else
  33181. WOLFSSL_MSG("No malloc available");
  33182. (void)size;
  33183. return NULL;
  33184. #endif
  33185. }
  33186. #ifdef WOLFSSL_DEBUG_MEMORY
  33187. static void my_Free_cb(void *ptr, const char* func, unsigned int line)
  33188. {
  33189. (void) func;
  33190. (void) line;
  33191. #else
  33192. static void my_Free_cb(void *ptr)
  33193. {
  33194. #endif
  33195. free_cnt++;
  33196. #ifndef WOLFSSL_NO_MALLOC
  33197. free(ptr);
  33198. #else
  33199. WOLFSSL_MSG("No free available");
  33200. (void)ptr;
  33201. #endif
  33202. }
  33203. #ifdef WOLFSSL_DEBUG_MEMORY
  33204. static void *my_Realloc_cb(void *ptr, size_t size, const char* func, unsigned int line)
  33205. {
  33206. (void) func;
  33207. (void) line;
  33208. #else
  33209. static void *my_Realloc_cb(void *ptr, size_t size)
  33210. {
  33211. #endif
  33212. realloc_cnt++;
  33213. #ifndef WOLFSSL_NO_MALLOC
  33214. return realloc(ptr, size);
  33215. #else
  33216. WOLFSSL_MSG("No realloc available");
  33217. (void)ptr;
  33218. (void)size;
  33219. return NULL;
  33220. #endif
  33221. }
  33222. #endif /* !WOLFSSL_NO_MALLOC */
  33223. WOLFSSL_TEST_SUBROUTINE int memcb_test(void)
  33224. {
  33225. int ret = 0;
  33226. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
  33227. byte* b = NULL;
  33228. #endif
  33229. wolfSSL_Malloc_cb mc;
  33230. wolfSSL_Free_cb fc;
  33231. wolfSSL_Realloc_cb rc;
  33232. /* Save existing memory callbacks */
  33233. if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0)
  33234. return -13800;
  33235. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
  33236. /* test realloc */
  33237. b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  33238. if (b == NULL) {
  33239. ERROR_OUT(-13801, exit_memcb);
  33240. }
  33241. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  33242. b = NULL;
  33243. /* Use API. */
  33244. if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)my_Malloc_cb,
  33245. (wolfSSL_Free_cb)my_Free_cb,
  33246. (wolfSSL_Realloc_cb)my_Realloc_cb) != 0) {
  33247. ERROR_OUT(-13802, exit_memcb);
  33248. }
  33249. b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  33250. b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  33251. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  33252. #ifndef WOLFSSL_STATIC_MEMORY
  33253. if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
  33254. #else
  33255. if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
  33256. #endif
  33257. ret = -13803;
  33258. #endif /* !WOLFSSL_NO_MALLOC */
  33259. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
  33260. exit_memcb:
  33261. #endif
  33262. /* restore memory callbacks */
  33263. wolfSSL_SetAllocators(mc, fc, rc);
  33264. return ret;
  33265. }
  33266. #endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */
  33267. #ifdef WOLFSSL_IMX6_CAAM_BLOB
  33268. WOLFSSL_TEST_SUBROUTINE int blob_test(void)
  33269. {
  33270. int ret = 0;
  33271. byte out[112];
  33272. byte blob[112];
  33273. word32 outSz;
  33274. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  33275. {
  33276. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  33277. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  33278. };
  33279. WOLFSSL_SMALL_STACK_STATIC const byte text[] =
  33280. {
  33281. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  33282. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  33283. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  33284. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  33285. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  33286. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  33287. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  33288. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  33289. };
  33290. XMEMSET(blob, 0, sizeof(blob));
  33291. XMEMSET(out, 0, sizeof(out));
  33292. outSz = sizeof(blob);
  33293. ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
  33294. if (ret != 0) {
  33295. ERROR_OUT(-13900, exit_blob);
  33296. }
  33297. blob[outSz - 2] += 1;
  33298. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  33299. if (ret == 0) { /* should fail with altered blob */
  33300. ERROR_OUT(-13901, exit_blob);
  33301. }
  33302. XMEMSET(blob, 0, sizeof(blob));
  33303. outSz = sizeof(blob);
  33304. ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
  33305. if (ret != 0) {
  33306. ERROR_OUT(-13902, exit_blob);
  33307. }
  33308. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  33309. if (ret != 0) {
  33310. ERROR_OUT(-13903, exit_blob);
  33311. }
  33312. if (XMEMCMP(out, iv, sizeof(iv))) {
  33313. ERROR_OUT(-13904, exit_blob);
  33314. }
  33315. XMEMSET(blob, 0, sizeof(blob));
  33316. outSz = sizeof(blob);
  33317. ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
  33318. if (ret != 0) {
  33319. ERROR_OUT(-13905, exit_blob);
  33320. }
  33321. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  33322. if (ret != 0) {
  33323. ERROR_OUT(-13906, exit_blob);
  33324. }
  33325. if (XMEMCMP(out, text, sizeof(text))) {
  33326. ERROR_OUT(-13907, exit_blob);
  33327. }
  33328. exit_blob:
  33329. return ret;
  33330. }
  33331. #endif /* WOLFSSL_IMX6_CAAM_BLOB */
  33332. #ifdef WOLF_CRYPTO_CB
  33333. /* Example custom context for crypto callback */
  33334. typedef struct {
  33335. int exampleVar; /* example, not used */
  33336. } myCryptoDevCtx;
  33337. /* Example crypto dev callback function that calls software version */
  33338. static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
  33339. {
  33340. int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
  33341. myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
  33342. if (info == NULL)
  33343. return BAD_FUNC_ARG;
  33344. #ifdef DEBUG_WOLFSSL
  33345. printf("CryptoDevCb: Algo Type %d\n", info->algo_type);
  33346. #endif
  33347. if (info->algo_type == WC_ALGO_TYPE_RNG) {
  33348. #ifndef WC_NO_RNG
  33349. /* set devId to invalid, so software is used */
  33350. info->rng.rng->devId = INVALID_DEVID;
  33351. ret = wc_RNG_GenerateBlock(info->rng.rng,
  33352. info->rng.out, info->rng.sz);
  33353. /* reset devId */
  33354. info->rng.rng->devId = devIdArg;
  33355. #endif
  33356. }
  33357. else if (info->algo_type == WC_ALGO_TYPE_SEED) {
  33358. #ifndef WC_NO_RNG
  33359. ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
  33360. word32* seedWord32 = (word32*)seed;
  33361. word32 len;
  33362. /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
  33363. while (info->seed.sz > 0) {
  33364. len = (word32)sizeof(seed);
  33365. if (info->seed.sz < len)
  33366. len = info->seed.sz;
  33367. XMEMCPY(info->seed.seed, seed, sizeof(seed));
  33368. info->seed.seed += len;
  33369. info->seed.sz -= len;
  33370. (*seedWord32)++;
  33371. }
  33372. ret = 0;
  33373. #endif
  33374. }
  33375. else if (info->algo_type == WC_ALGO_TYPE_PK) {
  33376. #ifdef DEBUG_WOLFSSL
  33377. printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
  33378. #endif
  33379. #ifndef NO_RSA
  33380. if (info->pk.type == WC_PK_TYPE_RSA) {
  33381. /* set devId to invalid, so software is used */
  33382. info->pk.rsa.key->devId = INVALID_DEVID;
  33383. switch (info->pk.rsa.type) {
  33384. case RSA_PUBLIC_ENCRYPT:
  33385. case RSA_PUBLIC_DECRYPT:
  33386. /* perform software based RSA public op */
  33387. ret = wc_RsaFunction(
  33388. info->pk.rsa.in, info->pk.rsa.inLen,
  33389. info->pk.rsa.out, info->pk.rsa.outLen,
  33390. info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
  33391. break;
  33392. case RSA_PRIVATE_ENCRYPT:
  33393. case RSA_PRIVATE_DECRYPT:
  33394. /* perform software based RSA private op */
  33395. ret = wc_RsaFunction(
  33396. info->pk.rsa.in, info->pk.rsa.inLen,
  33397. info->pk.rsa.out, info->pk.rsa.outLen,
  33398. info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
  33399. break;
  33400. }
  33401. /* reset devId */
  33402. info->pk.rsa.key->devId = devIdArg;
  33403. }
  33404. #ifdef WOLFSSL_KEY_GEN
  33405. else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
  33406. info->pk.rsakg.key->devId = INVALID_DEVID;
  33407. #ifdef HAVE_FIPS
  33408. for (;;) {
  33409. #endif
  33410. ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
  33411. info->pk.rsakg.e, info->pk.rsakg.rng);
  33412. #ifdef HAVE_FIPS
  33413. if (ret == PRIME_GEN_E)
  33414. continue;
  33415. break;
  33416. }
  33417. #endif
  33418. /* reset devId */
  33419. info->pk.rsakg.key->devId = devIdArg;
  33420. }
  33421. #endif
  33422. #endif /* !NO_RSA */
  33423. #ifdef HAVE_ECC
  33424. if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
  33425. /* set devId to invalid, so software is used */
  33426. info->pk.eckg.key->devId = INVALID_DEVID;
  33427. ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
  33428. info->pk.eckg.key, info->pk.eckg.curveId);
  33429. /* reset devId */
  33430. info->pk.eckg.key->devId = devIdArg;
  33431. }
  33432. else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
  33433. /* set devId to invalid, so software is used */
  33434. info->pk.eccsign.key->devId = INVALID_DEVID;
  33435. ret = wc_ecc_sign_hash(
  33436. info->pk.eccsign.in, info->pk.eccsign.inlen,
  33437. info->pk.eccsign.out, info->pk.eccsign.outlen,
  33438. info->pk.eccsign.rng, info->pk.eccsign.key);
  33439. /* reset devId */
  33440. info->pk.eccsign.key->devId = devIdArg;
  33441. }
  33442. else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
  33443. /* set devId to invalid, so software is used */
  33444. info->pk.eccverify.key->devId = INVALID_DEVID;
  33445. ret = wc_ecc_verify_hash(
  33446. info->pk.eccverify.sig, info->pk.eccverify.siglen,
  33447. info->pk.eccverify.hash, info->pk.eccverify.hashlen,
  33448. info->pk.eccverify.res, info->pk.eccverify.key);
  33449. /* reset devId */
  33450. info->pk.eccverify.key->devId = devIdArg;
  33451. }
  33452. else if (info->pk.type == WC_PK_TYPE_ECDH) {
  33453. /* set devId to invalid, so software is used */
  33454. info->pk.ecdh.private_key->devId = INVALID_DEVID;
  33455. ret = wc_ecc_shared_secret(
  33456. info->pk.ecdh.private_key, info->pk.ecdh.public_key,
  33457. info->pk.ecdh.out, info->pk.ecdh.outlen);
  33458. /* reset devId */
  33459. info->pk.ecdh.private_key->devId = devIdArg;
  33460. }
  33461. #endif /* HAVE_ECC */
  33462. #ifdef HAVE_CURVE25519
  33463. if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) {
  33464. /* set devId to invalid, so software is used */
  33465. info->pk.curve25519kg.key->devId = INVALID_DEVID;
  33466. ret = wc_curve25519_make_key(info->pk.curve25519kg.rng,
  33467. info->pk.curve25519kg.size, info->pk.curve25519kg.key);
  33468. /* reset devId */
  33469. info->pk.curve25519kg.key->devId = devIdArg;
  33470. }
  33471. else if (info->pk.type == WC_PK_TYPE_CURVE25519) {
  33472. /* set devId to invalid, so software is used */
  33473. info->pk.curve25519.private_key->devId = INVALID_DEVID;
  33474. ret = wc_curve25519_shared_secret_ex(
  33475. info->pk.curve25519.private_key, info->pk.curve25519.public_key,
  33476. info->pk.curve25519.out, info->pk.curve25519.outlen,
  33477. info->pk.curve25519.endian);
  33478. /* reset devId */
  33479. info->pk.curve25519.private_key->devId = devIdArg;
  33480. }
  33481. #endif /* HAVE_CURVE25519 */
  33482. #ifdef HAVE_ED25519
  33483. if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) {
  33484. /* set devId to invalid, so software is used */
  33485. info->pk.ed25519kg.key->devId = INVALID_DEVID;
  33486. ret = wc_ed25519_make_key(info->pk.ed25519kg.rng,
  33487. info->pk.ed25519kg.size, info->pk.ed25519kg.key);
  33488. /* reset devId */
  33489. info->pk.ed25519kg.key->devId = devIdArg;
  33490. }
  33491. #ifdef HAVE_ED25519_SIGN
  33492. else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
  33493. /* set devId to invalid, so software is used */
  33494. info->pk.ed25519sign.key->devId = INVALID_DEVID;
  33495. ret = wc_ed25519_sign_msg_ex(
  33496. info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
  33497. info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
  33498. info->pk.ed25519sign.key, info->pk.ed25519sign.type,
  33499. info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen);
  33500. /* reset devId */
  33501. info->pk.ed25519sign.key->devId = devIdArg;
  33502. }
  33503. #endif
  33504. #ifdef HAVE_ED25519_VERIFY
  33505. else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) {
  33506. /* set devId to invalid, so software is used */
  33507. info->pk.ed25519verify.key->devId = INVALID_DEVID;
  33508. ret = wc_ed25519_verify_msg_ex(
  33509. info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen,
  33510. info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen,
  33511. info->pk.ed25519verify.res, info->pk.ed25519verify.key,
  33512. info->pk.ed25519verify.type, info->pk.ed25519verify.context,
  33513. info->pk.ed25519verify.contextLen);
  33514. /* reset devId */
  33515. info->pk.ed25519verify.key->devId = devIdArg;
  33516. }
  33517. #endif
  33518. #endif /* HAVE_ED25519 */
  33519. }
  33520. else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
  33521. #if !defined(NO_AES) || !defined(NO_DES3)
  33522. #ifdef HAVE_AESGCM
  33523. if (info->cipher.type == WC_CIPHER_AES_GCM) {
  33524. if (info->cipher.enc) {
  33525. /* set devId to invalid, so software is used */
  33526. info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
  33527. ret = wc_AesGcmEncrypt(
  33528. info->cipher.aesgcm_enc.aes,
  33529. info->cipher.aesgcm_enc.out,
  33530. info->cipher.aesgcm_enc.in,
  33531. info->cipher.aesgcm_enc.sz,
  33532. info->cipher.aesgcm_enc.iv,
  33533. info->cipher.aesgcm_enc.ivSz,
  33534. info->cipher.aesgcm_enc.authTag,
  33535. info->cipher.aesgcm_enc.authTagSz,
  33536. info->cipher.aesgcm_enc.authIn,
  33537. info->cipher.aesgcm_enc.authInSz);
  33538. /* reset devId */
  33539. info->cipher.aesgcm_enc.aes->devId = devIdArg;
  33540. }
  33541. else {
  33542. /* set devId to invalid, so software is used */
  33543. info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
  33544. ret = wc_AesGcmDecrypt(
  33545. info->cipher.aesgcm_dec.aes,
  33546. info->cipher.aesgcm_dec.out,
  33547. info->cipher.aesgcm_dec.in,
  33548. info->cipher.aesgcm_dec.sz,
  33549. info->cipher.aesgcm_dec.iv,
  33550. info->cipher.aesgcm_dec.ivSz,
  33551. info->cipher.aesgcm_dec.authTag,
  33552. info->cipher.aesgcm_dec.authTagSz,
  33553. info->cipher.aesgcm_dec.authIn,
  33554. info->cipher.aesgcm_dec.authInSz);
  33555. /* reset devId */
  33556. info->cipher.aesgcm_dec.aes->devId = devIdArg;
  33557. }
  33558. }
  33559. #endif /* HAVE_AESGCM */
  33560. #ifdef HAVE_AES_CBC
  33561. if (info->cipher.type == WC_CIPHER_AES_CBC) {
  33562. if (info->cipher.enc) {
  33563. /* set devId to invalid, so software is used */
  33564. info->cipher.aescbc.aes->devId = INVALID_DEVID;
  33565. ret = wc_AesCbcEncrypt(
  33566. info->cipher.aescbc.aes,
  33567. info->cipher.aescbc.out,
  33568. info->cipher.aescbc.in,
  33569. info->cipher.aescbc.sz);
  33570. /* reset devId */
  33571. info->cipher.aescbc.aes->devId = devIdArg;
  33572. }
  33573. else {
  33574. /* set devId to invalid, so software is used */
  33575. info->cipher.aescbc.aes->devId = INVALID_DEVID;
  33576. ret = wc_AesCbcDecrypt(
  33577. info->cipher.aescbc.aes,
  33578. info->cipher.aescbc.out,
  33579. info->cipher.aescbc.in,
  33580. info->cipher.aescbc.sz);
  33581. /* reset devId */
  33582. info->cipher.aescbc.aes->devId = devIdArg;
  33583. }
  33584. }
  33585. #endif /* HAVE_AES_CBC */
  33586. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  33587. if (info->cipher.type == WC_CIPHER_AES_CCM) {
  33588. if (info->cipher.enc) {
  33589. /* set devId to invalid, so software is used */
  33590. info->cipher.aesccm_enc.aes->devId = INVALID_DEVID;
  33591. ret = wc_AesCcmEncrypt(
  33592. info->cipher.aesccm_enc.aes,
  33593. info->cipher.aesccm_enc.out,
  33594. info->cipher.aesccm_enc.in,
  33595. info->cipher.aesccm_enc.sz,
  33596. info->cipher.aesccm_enc.nonce,
  33597. info->cipher.aesccm_enc.nonceSz,
  33598. info->cipher.aesccm_enc.authTag,
  33599. info->cipher.aesccm_enc.authTagSz,
  33600. info->cipher.aesccm_enc.authIn,
  33601. info->cipher.aesccm_enc.authInSz);
  33602. /* reset devId */
  33603. info->cipher.aesccm_enc.aes->devId = devIdArg;
  33604. }
  33605. else {
  33606. /* set devId to invalid, so software is used */
  33607. info->cipher.aesccm_dec.aes->devId = INVALID_DEVID;
  33608. ret = wc_AesCcmDecrypt(
  33609. info->cipher.aesccm_dec.aes,
  33610. info->cipher.aesccm_dec.out,
  33611. info->cipher.aesccm_dec.in,
  33612. info->cipher.aesccm_dec.sz,
  33613. info->cipher.aesccm_dec.nonce,
  33614. info->cipher.aesccm_dec.nonceSz,
  33615. info->cipher.aesccm_dec.authTag,
  33616. info->cipher.aesccm_dec.authTagSz,
  33617. info->cipher.aesccm_dec.authIn,
  33618. info->cipher.aesccm_dec.authInSz);
  33619. /* reset devId */
  33620. info->cipher.aesccm_dec.aes->devId = devIdArg;
  33621. }
  33622. }
  33623. #endif
  33624. #ifndef NO_DES3
  33625. if (info->cipher.type == WC_CIPHER_DES3) {
  33626. if (info->cipher.enc) {
  33627. /* set devId to invalid, so software is used */
  33628. info->cipher.des3.des->devId = INVALID_DEVID;
  33629. ret = wc_Des3_CbcEncrypt(
  33630. info->cipher.des3.des,
  33631. info->cipher.des3.out,
  33632. info->cipher.des3.in,
  33633. info->cipher.des3.sz);
  33634. /* reset devId */
  33635. info->cipher.des3.des->devId = devIdArg;
  33636. }
  33637. else {
  33638. /* set devId to invalid, so software is used */
  33639. info->cipher.des3.des->devId = INVALID_DEVID;
  33640. ret = wc_Des3_CbcDecrypt(
  33641. info->cipher.des3.des,
  33642. info->cipher.des3.out,
  33643. info->cipher.des3.in,
  33644. info->cipher.des3.sz);
  33645. /* reset devId */
  33646. info->cipher.des3.des->devId = devIdArg;
  33647. }
  33648. }
  33649. #endif /* !NO_DES3 */
  33650. #endif /* !NO_AES || !NO_DES3 */
  33651. }
  33652. #if !defined(NO_SHA) || !defined(NO_SHA256) || \
  33653. defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
  33654. else if (info->algo_type == WC_ALGO_TYPE_HASH) {
  33655. #if !defined(NO_SHA)
  33656. if (info->hash.type == WC_HASH_TYPE_SHA) {
  33657. if (info->hash.sha1 == NULL)
  33658. return NOT_COMPILED_IN;
  33659. /* set devId to invalid, so software is used */
  33660. info->hash.sha1->devId = INVALID_DEVID;
  33661. if (info->hash.in != NULL) {
  33662. ret = wc_ShaUpdate(
  33663. info->hash.sha1,
  33664. info->hash.in,
  33665. info->hash.inSz);
  33666. }
  33667. if (info->hash.digest != NULL) {
  33668. ret = wc_ShaFinal(
  33669. info->hash.sha1,
  33670. info->hash.digest);
  33671. }
  33672. /* reset devId */
  33673. info->hash.sha1->devId = devIdArg;
  33674. }
  33675. else
  33676. #endif
  33677. #if !defined(NO_SHA256)
  33678. if (info->hash.type == WC_HASH_TYPE_SHA256) {
  33679. if (info->hash.sha256 == NULL)
  33680. return NOT_COMPILED_IN;
  33681. /* set devId to invalid, so software is used */
  33682. info->hash.sha256->devId = INVALID_DEVID;
  33683. if (info->hash.in != NULL) {
  33684. ret = wc_Sha256Update(
  33685. info->hash.sha256,
  33686. info->hash.in,
  33687. info->hash.inSz);
  33688. }
  33689. if (info->hash.digest != NULL) {
  33690. ret = wc_Sha256Final(
  33691. info->hash.sha256,
  33692. info->hash.digest);
  33693. }
  33694. /* reset devId */
  33695. info->hash.sha256->devId = devIdArg;
  33696. }
  33697. else
  33698. #endif
  33699. #ifdef WOLFSSL_SHA384
  33700. if (info->hash.type == WC_HASH_TYPE_SHA384) {
  33701. if (info->hash.sha384 == NULL)
  33702. return NOT_COMPILED_IN;
  33703. #ifndef NO_SHA2_CRYPTO_CB
  33704. /* set devId to invalid, so software is used */
  33705. info->hash.sha384->devId = INVALID_DEVID;
  33706. #endif
  33707. if (info->hash.in != NULL) {
  33708. ret = wc_Sha384Update(
  33709. info->hash.sha384,
  33710. info->hash.in,
  33711. info->hash.inSz);
  33712. }
  33713. if (info->hash.digest != NULL) {
  33714. ret = wc_Sha384Final(
  33715. info->hash.sha384,
  33716. info->hash.digest);
  33717. }
  33718. #ifndef NO_SHA2_CRYPTO_CB
  33719. /* reset devId */
  33720. info->hash.sha384->devId = devIdArg;
  33721. #endif
  33722. }
  33723. else
  33724. #endif
  33725. #ifdef WOLFSSL_SHA512
  33726. if (info->hash.type == WC_HASH_TYPE_SHA512) {
  33727. if (info->hash.sha512 == NULL)
  33728. return NOT_COMPILED_IN;
  33729. #ifndef NO_SHA2_CRYPTO_CB
  33730. /* set devId to invalid, so software is used */
  33731. info->hash.sha512->devId = INVALID_DEVID;
  33732. #endif
  33733. if (info->hash.in != NULL) {
  33734. ret = wc_Sha512Update(
  33735. info->hash.sha512,
  33736. info->hash.in,
  33737. info->hash.inSz);
  33738. }
  33739. if (info->hash.digest != NULL) {
  33740. ret = wc_Sha512Final(
  33741. info->hash.sha512,
  33742. info->hash.digest);
  33743. }
  33744. #ifndef NO_SHA2_CRYPTO_CB
  33745. /* reset devId */
  33746. info->hash.sha512->devId = devIdArg;
  33747. #endif
  33748. }
  33749. else
  33750. #endif
  33751. {
  33752. }
  33753. }
  33754. #endif /* !NO_SHA || !NO_SHA256 */
  33755. #ifndef NO_HMAC
  33756. else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
  33757. if (info->hmac.hmac == NULL)
  33758. return NOT_COMPILED_IN;
  33759. /* set devId to invalid, so software is used */
  33760. info->hmac.hmac->devId = INVALID_DEVID;
  33761. if (info->hash.in != NULL) {
  33762. ret = wc_HmacUpdate(
  33763. info->hmac.hmac,
  33764. info->hmac.in,
  33765. info->hmac.inSz);
  33766. }
  33767. else if (info->hash.digest != NULL) {
  33768. ret = wc_HmacFinal(
  33769. info->hmac.hmac,
  33770. info->hmac.digest);
  33771. }
  33772. /* reset devId */
  33773. info->hmac.hmac->devId = devIdArg;
  33774. }
  33775. #endif
  33776. (void)devIdArg;
  33777. (void)myCtx;
  33778. return ret;
  33779. }
  33780. WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
  33781. {
  33782. int ret = 0;
  33783. myCryptoDevCtx myCtx;
  33784. /* example data for callback */
  33785. myCtx.exampleVar = 1;
  33786. /* set devId to something other than INVALID_DEVID */
  33787. devId = 1;
  33788. ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
  33789. #ifndef WC_NO_RNG
  33790. if (ret == 0)
  33791. ret = random_test();
  33792. #endif /* WC_NO_RNG */
  33793. #ifndef NO_RSA
  33794. PRIVATE_KEY_UNLOCK();
  33795. if (ret == 0)
  33796. ret = rsa_test();
  33797. PRIVATE_KEY_LOCK();
  33798. #endif
  33799. #ifdef HAVE_ECC
  33800. PRIVATE_KEY_UNLOCK();
  33801. if (ret == 0)
  33802. ret = ecc_test();
  33803. PRIVATE_KEY_LOCK();
  33804. #endif
  33805. #ifdef HAVE_ED25519
  33806. if (ret == 0)
  33807. ret = ed25519_test();
  33808. #endif
  33809. #ifdef HAVE_CURVE25519
  33810. if (ret == 0)
  33811. ret = curve25519_test();
  33812. #endif
  33813. #ifndef NO_AES
  33814. #ifdef HAVE_AESGCM
  33815. if (ret == 0)
  33816. ret = aesgcm_test();
  33817. #endif
  33818. #ifdef HAVE_AES_CBC
  33819. if (ret == 0)
  33820. ret = aes_test();
  33821. #endif
  33822. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  33823. if (ret == 0)
  33824. ret = aesccm_test();
  33825. #endif
  33826. #endif /* !NO_AES */
  33827. #ifndef NO_DES3
  33828. if (ret == 0)
  33829. ret = des3_test();
  33830. #endif /* !NO_DES3 */
  33831. #ifndef NO_SHA
  33832. if (ret == 0)
  33833. ret = sha_test();
  33834. #endif
  33835. #ifndef NO_SHA256
  33836. if (ret == 0)
  33837. ret = sha256_test();
  33838. #endif
  33839. #ifdef WOLFSSL_SHA384
  33840. if (ret == 0)
  33841. ret = sha384_test();
  33842. #endif
  33843. #ifdef WOLFSSL_SHA512
  33844. if (ret == 0)
  33845. ret = sha512_test();
  33846. #endif
  33847. #ifndef NO_HMAC
  33848. #ifndef NO_SHA
  33849. if (ret == 0)
  33850. ret = hmac_sha_test();
  33851. #endif
  33852. #ifndef NO_SHA256
  33853. if (ret == 0)
  33854. ret = hmac_sha256_test();
  33855. #endif
  33856. #endif
  33857. #ifndef NO_PWDBASED
  33858. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
  33859. if (ret == 0)
  33860. ret = pbkdf2_test();
  33861. #endif
  33862. #endif
  33863. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  33864. if (ret == 0)
  33865. ret = cmac_test();
  33866. #endif
  33867. /* reset devId */
  33868. devId = INVALID_DEVID;
  33869. return ret;
  33870. }
  33871. #endif /* WOLF_CRYPTO_CB */
  33872. #ifdef WOLFSSL_CERT_PIV
  33873. WOLFSSL_TEST_SUBROUTINE int certpiv_test(void)
  33874. {
  33875. int ret;
  33876. wc_CertPIV piv;
  33877. /* Template for Identiv PIV cert, nonce and signature */
  33878. WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
  33879. 0x0A, 0x0B,
  33880. 0x53, 0x09, /* NIST PIV Cert */
  33881. 0x70, 0x02, /* Certificate */
  33882. 0x30, 0x00,
  33883. 0x71, 0x01, 0x05, /* Cert Info */
  33884. 0xFE, 0x00, /* Error Detection */
  33885. 0x0B, 0x01, 0x00, /* Nonce */
  33886. 0x0C, 0x01, 0x00, /* Signed Nonce */
  33887. };
  33888. /* PIV certificate data including certificate, info and error dectection. */
  33889. WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
  33890. 0x53, 0x09, /* NIST PIV Cert */
  33891. 0x70, 0x02, /* Certificate */
  33892. 0x30, 0x00,
  33893. 0x71, 0x01, 0x04, /* Cert Info */
  33894. 0xFE, 0x00, /* Error Detection */
  33895. };
  33896. XMEMSET(&piv, 0, sizeof(piv));
  33897. /* Test with Identiv 0x0A, 0x0B and 0x0C markers */
  33898. ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
  33899. if (ret != 0) {
  33900. return -14000;
  33901. }
  33902. if (!piv.isIdentiv) {
  33903. return -14001;
  33904. }
  33905. if ((piv.cert == NULL) || (piv.certSz != 2)) {
  33906. return -14002;
  33907. }
  33908. if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
  33909. return -14003;
  33910. }
  33911. if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
  33912. return -14004;
  33913. }
  33914. if (!piv.isX509) {
  33915. return -14005;
  33916. }
  33917. if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
  33918. return -14006;
  33919. }
  33920. if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
  33921. return -14007;
  33922. }
  33923. XMEMSET(&piv, 0, sizeof(piv));
  33924. /* Test with NIST PIV format */
  33925. ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
  33926. if (ret != 0) {
  33927. return -14010;
  33928. }
  33929. if (piv.isIdentiv) {
  33930. return -14011;
  33931. }
  33932. if ((piv.cert == NULL) || (piv.certSz != 2)) {
  33933. return -14012;
  33934. }
  33935. if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
  33936. return -14013;
  33937. }
  33938. if ((piv.compression != 0)) {
  33939. return -14014;
  33940. }
  33941. if (!piv.isX509) {
  33942. return -14015;
  33943. }
  33944. return ret;
  33945. }
  33946. #endif /* WOLFSSL_CERT_PIV */
  33947. #undef ERROR_OUT
  33948. #else
  33949. #ifndef NO_MAIN_DRIVER
  33950. int main() { return 0; }
  33951. #endif
  33952. #endif /* NO_CRYPT_TEST */